The $34 Million Lesson: Why Approval Workflows Are the Most Underrated Control in Finance Ops

A practitioner's guide to building approval architecture that actually catches fraud, and why the Koss Corporation scandal is the case study every CFO should be teaching their team.

TL;DR

In 2009, a $34 million fraud at Koss Corporation was discovered not by any internal control or auditor, but by American Express noticing something strange. The fraud ran undetected for twelve years because of six structural failures in approval workflow design: broken segregation of duties, no dual authorization on outbound payments, no vendor master integrity controls, no manual journal entry review, concentrated executive authority, and over-reliance on the external auditor. This piece breaks down each failure and lays out the three-level approval architecture (procedural, structural, intelligent) that modern finance operations need to prevent insider fraud at scale.

The Fraud That Should Never Have Happened

In December 2009, American Express made a phone call to a Milwaukee-based headphone manufacturer called Koss Corporation.

The question was simple: Why is your company bank account paying off an employee's personal credit card?

That phone call ended a fraud that had been running, undetected, for twelve years.

The employee was Sue Sachdeva, Vice President of Finance and Principal Accounting Officer. The amount stolen was approximately $34 million, staggering for a company with only $40-45 million in annual revenue. The luxury haul recovered from her storage units included 461 pieces of jewelry, hundreds of designer handbags, furs, statues, and racks of clothing still in their original packaging with tags attached.

Sachdeva pleaded guilty in 2010 and received an 11-year federal prison sentence. Koss Corporation restated years of financial statements. The CEO, Michael Koss, was forced to claw back his own bonuses under Sarbanes-Oxley Section 304, even though he was never accused of fraud. The external auditor, Grant Thornton, faced lawsuits and a settlement.

But the most damning fact in the entire post-mortem was this: the fraud was not caught by any internal control. It was not caught by any auditor. It was caught by a credit card company that noticed something strange.

If you are a CFO, Controller, or AP Manager reading this, the Koss case is not a curiosity. It is a mirror.

How a $34 Million Fraud Looks From the Inside

The Koss scheme was almost embarrassingly simple. There was no exotic financial engineering, no offshore vehicles, no complex SPEs. Sachdeva used three mechanisms, repeatedly, for over a decade:

Mechanism 1: Direct wire transfers from company accounts to American Express to pay her personal credit card balance. The company's bank accepted her sole authorization. There was no dual approval. There was no system asking "is American Express a vendor?"

Mechanism 2: Cashier's checks drawn on Koss bank accounts made payable to Neiman Marcus, jewelry stores, and other luxury retailers, none of which had any conceivable business relationship with a headphone manufacturer.

Mechanism 3: Manual journal entries to bury the cash outflows in cost of goods sold, freight, and other expense accounts that wouldn't trigger scrutiny.

A subordinate, Julie Mulvaney, helped process and conceal the transactions. The two of them, between them, controlled the entire cash disbursement and reconciliation process.

That is the entire scheme. There is no clever trick to it. There is only the absence of approval workflow controls that should have existed.

The Anatomy of a Control Environment Failure

When you read the SEC complaints and the subsequent litigation, what emerges is not a story of a brilliant fraudster. It is a story of an internal controls environment with structural gaps so wide that any moderately determined insider could have driven a truck through them.

Let me walk through the failures one by one, because each of them is a lesson in how AP fraud prevention actually works.

Failure 1: Total Breakdown of Segregation of Duties

Sachdeva could initiate wire transfers. She could sign cashier's checks. She could post journal entries. She could reconcile the bank statements. She could review her own work.

This is the single most fundamental rule of accounting controls, and it was completely violated. The COSO internal controls framework, the AICPA's audit standards, every textbook on segregation of duties best practices written in the last fifty years says the same thing: the person who initiates a transaction must not be the same person who records it, approves it, or reconciles it.

Koss had a finance team small enough that this principle was structurally impossible to enforce. And nobody, not the CEO, not the audit committee, not the external auditor, flagged this as the existential risk it was.

Failure 2: No Dual Authorization on Outbound Payments

Sachdeva's signature alone was sufficient to wire millions of dollars out of the company. There was no second signatory required. There was no banking-level dual authorization control for transfers above a threshold. There was no system-level approval workflow requiring a second human to look at the recipient and ask "does this make sense?"

Every modern bank offers dual authorization controls. Every modern ERP can enforce approval thresholds in finance workflows. Koss had implemented neither in any way that meaningfully constrained Sachdeva's authority.

Failure 3: No Vendor Master Discipline

This is the failure that should make every Controller wince.

The recipients of Koss corporate funds included American Express, Neiman Marcus, jewelry stores, fur retailers, and other luxury merchants. None of these were vendors. None of them had ever supplied Koss with components, services, or anything else relevant to manufacturing headphones.

Basic vendor master integrity controls, the kind that require every disbursement recipient to exist in an approved vendor master file with documented business justification, would have stopped the fraud on day one. Instead, Koss's disbursement process treated the recipient field as essentially free-text. Whoever Sachdeva named, the bank paid. Modern procure-to-pay fraud prevention starts here, with vendor master discipline as the first line of defense.

Failure 4: No Journal Entry Anomaly Detection

To hide the cash impact, Sachdeva posted manual journal entries that buried the disbursements in operating expense accounts. Over twelve years, this produced thousands of unusual journal entries, all posted by the same person, all without independent review, all with patterns that any modern manual journal entry review system would have flagged within weeks.

But Koss had no such system. Manual JE review was either not performed or was performed by someone who had no reason to question what the VP of Finance was posting.

Failure 5: Concentrated Executive Authority

Michael Koss held both the CEO and CFO titles simultaneously. There was no independent CFO whose job was specifically to challenge the VP of Finance. The audit committee was thin. The board was family-influenced.

When the only person who could realistically challenge Sachdeva's authority was also the person who hired her, trusted her, and had no time to second-guess her, the fraud was structurally invisible to the top of the organization.

Failure 6: Auditor Failure

Grant Thornton was Koss's external auditor for the entire fraud period. They issued clean opinions year after year. They did not detect material misstatements totaling tens of millions of dollars. They did not catch cashier's checks payable to luxury retailers showing up in disbursement registers. They did not test bank confirmations rigorously enough to catch outflows to non-vendor recipients.

The subsequent litigation against Grant Thornton was settled, but the lesson is broader than one auditor's failure: external audits are a backstop, not a primary control. Auditors sample. Auditors rely on management representations. Auditors do not perform forensic investigations unless something specific triggers one. If your control environment depends on the external auditor catching fraud, your control environment is already broken.

What This Means for Modern Finance Operations

Here is the part of the conversation that matters for everyone reading this in 2026.

The Koss fraud is not a relic of a less sophisticated era. The same structural failures exist today, in thousands of mid-market companies, in slightly different forms. I have seen them in client engagements. I have seen them in due diligence. I have seen them in companies with ERPs ten times more sophisticated than what Koss had.

The pattern is always the same:

• A trusted long-tenured employee with broad authority
• A finance team too small to enforce real segregation of duties
• An ERP configured for speed, not for control
• Approval workflows that exist on paper but are rubber-stamped in practice
• No real-time anomaly detection on disbursements or journal entries
• An audit committee that meets four times a year and reviews summary numbers
• An external auditor doing a sampling-based annual review

In this environment, approval workflow internal controls are not a procedural nicety. They are the most important fraud prevention architecture you have.

And most companies have them backwards.

The Three Levels of Approval Architecture

Let me lay out how I think approval workflows should be designed, drawing on what we have built into the agentic Intake-to-Pay layer at Blackbee AI and what I have observed across hundreds of finance operations.

Level 1: Procedural Approval

This is what most companies have. A purchase order requires manager approval above $5,000. An invoice requires controller sign-off above $25,000. A wire transfer requires two signatures.

Procedural approval is necessary but radically insufficient. The problem is that it relies entirely on the human approver to actually look at the transaction, understand it, and challenge it. In practice, approvers see hundreds of transactions per week. They click approve. They are pattern-matching to "looks normal" rather than performing real analysis.

Sachdeva's transactions, if they had passed through a procedural invoice approval workflow, would have been approved every single time. She was the approver.

Level 2: Structural Approval

This is where most finance operations need to get to, and where many fall short. Structural approval means the approval workflow itself is designed to make fraud structurally difficult, not just procedurally inconvenient.

Structural approval includes:

• Mandatory segregation of duties enforced by the system: the person who creates the vendor cannot approve the invoice, cannot release the payment, and cannot reconcile the account. Not by policy. By system enforcement.
• Vendor master integrity controls: every disbursement recipient must exist in an approved vendor master, with documented business justification, supporting documentation, and an audit trail of who approved adding the vendor.
• Threshold-based dual approval: wire transfers and check disbursements above defined thresholds require two independent human approvers, with banking-level enforcement.
• Three-way matching at scale: PO, goods receipt, and invoice must reconcile automatically before payment, with exceptions routed for review rather than rubber-stamped.
• Manual journal entry review: every manual JE above a threshold gets reviewed by an independent party, with explicit sign-off required before posting.

Structural approval would have stopped Koss in year one. Sachdeva could not have added Neiman Marcus to the vendor master without an independent approver asking what Neiman Marcus had to do with headphones.

Level 3: Intelligent Approval

This is the layer that did not exist in 2009 and barely existed five years ago, but is now table stakes for any serious finance operation. Intelligent approval is where agentic AI in finance controls moves from buzzword to operational reality.

Intelligent approval means the approval workflow is augmented by continuous, real-time analysis of every transaction, every vendor, every payment pattern, and every journal entry. Not sampling. Not periodic review. Continuous.

Intelligent approval asks questions that humans cannot ask at scale:

• Is this vendor's bank account the same as an employee's? (Common in payroll fraud and ghost vendor schemes.)
• Is this payment recipient unusual relative to the historical pattern of this expense category?
• Is this manual journal entry being posted at an unusual time, by an unusual user, with unusual coding?
• Is this approval being processed faster than the median for this transaction type, suggesting rubber-stamping?
• Is there a pattern of just-under-threshold transactions designed to avoid dual approval?

These questions are exactly the kind of thing that an agentic finance operations layer is designed to answer continuously, in production, at the moment of decision, not in a forensic review six months after the money is gone.

The Uncomfortable Truth About Trust

Every fraud case I have studied (Koss, Crundwell at Dixon Illinois, Patel at the Waltham tech company, dozens of smaller cases that never made the news) has one thing in common.

The fraudster was trusted.

Not just trusted in a casual sense. Deeply trusted. Long-tenured. Liked. The person nobody questioned because nobody had ever needed to question them.

This is not a coincidence. This is the structure of insider fraud. The frauds that get caught quickly are the ones run by people who had the opportunity for only a short time. The frauds that run for a decade or more are run by the most trusted people in the organization, because trust is what creates the runway.

If you take only one operational lesson from this entire piece, take this one:

Trust is not a control. Trust is the absence of a control.

Every approval workflow, every segregation of duty, every reconciliation review, these exist precisely because trust is not enough. The point of a control is to be redundant with trust, so that when trust fails, the control catches what trust missed.

Building a finance operation that depends on individual trust is not running a tight ship. It is running a Koss Corporation in slow motion.

What to Do Monday Morning

If you are a CFO or Controller and you have read this far, here is the practical AP fraud prevention checklist I would run through this week:

1. Map every cash outflow path in your organization. Wires, ACH, checks, virtual cards, employee reimbursements, petty cash. For each one, identify who can initiate, who must approve, who reconciles, and who reviews.

2. Find the segregation gaps. Where is the same person doing two of those four roles? Those are your highest-risk paths.

3. Audit your vendor master. Pull the list. Ask whether every vendor in it has documented business justification. Look specifically for vendors added by the same person who approves their invoices.

4. Review manual journal entries for the last twelve months. Filter by who posted them, when, and to which accounts. Anomalies will jump out.

5. Test your approval thresholds. Are they enforced by the system, or are they policy that gets routinely overridden? Run a query on transactions just under each threshold, patterns there are diagnostic.

6. Have an honest conversation with your audit committee. Not about whether you have controls. About whether the controls would actually catch a determined insider with broad authority.

Closing: The Real Cost of a Missing Control

Sue Sachdeva is in the past. The Koss case is in the case studies. Eleven years in federal prison. Restated financials. Clawed-back bonuses. Lawsuits settled.

But the lessons are not in the past. The same structural failures that allowed a $34 million fraud to run for twelve years are present, today, in the majority of mid-market finance operations I encounter.

The cost of a missing approval control is not the cost of the fraud when it happens. The cost is the cost of running an organization where trust has to do the work that controls should be doing.

That is a cost paid every day, in every transaction, until something (a credit card company calling, an anonymous tip, an audit anomaly, a whistleblower) finally breaks the pattern.

The good news is that the technology to build a structurally fraud-resistant finance operation now exists. Agentic AI in finance operations is not about replacing accountants. It is about making it structurally impossible for any single human to defeat the controls, because the system itself is watching every transaction, every vendor, every journal entry, every approval, in real time.

That is what control should mean in 2026. And that is what we are building.

Frequently Asked Questions

What is segregation of duties in finance?

Segregation of duties is an internal control principle that requires different people to handle different parts of a financial transaction. The person who initiates a transaction must not be the same person who approves it, records it, or reconciles it. In AP, this typically means separating vendor setup, invoice approval, payment release, and bank reconciliation across at least three different individuals. Strong segregation of duties is the single most effective structural defense against insider fraud.

How do approval workflows prevent AP fraud?

Approval workflows prevent AP fraud by enforcing structural checkpoints that no single individual can bypass. A well-designed invoice approval workflow validates that the recipient exists in an approved vendor master, that the transaction amount falls within authorized limits, that supporting documentation is attached, and that the approver is independent of the requester. When approval workflows are enforced by the system rather than by policy, they make fraud structurally difficult instead of merely procedurally inconvenient.

What is three-way matching and why does it matter?

Three-way matching is the process of reconciling a purchase order, a goods receipt, and a vendor invoice before authorizing payment. It matters because it prevents three of the most common AP fraud patterns: paying for goods that were never ordered, paying for goods that were never received, and paying inflated amounts that exceed the original purchase order. Without three-way matching, an AP team is essentially trusting that whoever submitted the invoice is telling the truth.

What is the COSO internal controls framework?

The COSO internal controls framework, published by the Committee of Sponsoring Organizations of the Treadway Commission, is the most widely adopted framework for designing and evaluating internal controls. It defines five components: control environment, risk assessment, control activities, information and communication, and monitoring. Most public company internal control attestations under Sarbanes-Oxley Section 404 are evaluated against COSO, and the framework is also the standard reference for private company audit committees.

How can agentic AI improve approval workflows?

Agentic AI improves approval workflows by adding continuous, real-time analysis on top of structural controls. Rather than waiting for periodic audits or sampling-based reviews, agentic AI systems can evaluate every transaction at the moment of decision, looking for patterns that humans cannot detect at scale: unusual vendor banking changes, just-under-threshold transactions, rubber-stamped approvals, journal entry anomalies, and recipient patterns that fall outside the historical norm. The combination of structural approval controls plus intelligent approval analysis is what makes a finance operation genuinely fraud-resistant.

What size company is most at risk for insider AP fraud?

Mid-market companies, those with roughly $50 million to $500 million in annual revenue, are statistically the most exposed to insider AP fraud. They typically have transaction volumes large enough to hide significant theft, finance teams small enough that segregation of duties is structurally difficult, and trust-based cultures that haven't yet been replaced with system-enforced controls. The Association of Certified Fraud Examiners' Report to the Nations consistently shows mid-market companies experiencing the highest median losses per fraud incident.

If approval architecture is on your roadmap, book a 20-minute conversation with our team.

Anand Murugan is the Co-Founder and CEO of Blackbee AI, an agentic Intake-to-Pay platform that gives finance teams continuous control over every transaction, vendor, and approval. If the questions raised in this post are ones you are thinking about in your own finance operation, I would welcome the conversation.

Connect on LinkedIn or visit blackbeeai.com.