Internal Control and Leaking Profits

October 2004

Lost money is lost profit. Finding leaks takes diligence, but is worth the effort when employees, vendors, and customers know you're perpetually on the lookout for disappearing funds, no matter how small.

by Matthew Leitch

Internal controls against fraud and big accounting problems are important, but there's another side to internal control that can raise revenues, cut costs, and boost profits month after month. I first came across this in the telecommunication industry, where it has given rise to the euphemistic buzz phrase, "revenue assurance."

Several years ago, the telecom industry began to realize that, typically, 2-5 percent of revenue was not even billed due to a combination of system problems and mistakes. Sometimes the loss was over 10 percent of revenues. This money is lost profit. You can imagine the reaction. Initial disbelief turned to acceptance as people realized the many ways in which occasional errors combined and accumulated to big money.

Very soon telecoms, their consultants, and software vendors were talking about revenue "leakage," specialist teams were formed, conferences were arranged, and software tools began to appear. Today almost every telecom has some kind of revenue assurance function and many have done impressive work that more than repays the investment. More recently, telecoms have been finding similar problems on the cost side, where they have been paying too much for services received.

Are Telecoms Special?

There are some reasons for thinking that this profit leakage is particularly great in telecoms. The industry is fast moving, the technology complex, and the data volumes staggering. But telecoms are not unique—far from it.

How many times have you noticed that a hotel or restaurant has missed something from your bill? Not often? It doesn't have to be to hit their profits badly. When you look at the conditions under which people work and the need to get the bill assembled before the customer leaves, it's obvious that significant leakage will occur unless there is a reliable, comprehensive computer system to capture all billable items and produce the bill.
Trac Ops, a company that specializes in tackling overpayment problems, estimates that the overall rate of overpayment across all industries is usually between 0.05 and 0.1 percent of total payments. Of this, roughly 60 percent of overpayments are due to difficulties complying with complex purchasing contracts. This affects retailers particularly. (Not surprisingly, telecoms suffer from complex contracts on the billing side, especially when they negotiate contracts with customers for which they have inadequate computer support.)
Insurance and reinsurance companies can lose money from errors and can recover money by analysis and recovery projects. For example, they may identify previously missed or unbilled reinsurance loss recoverables and third-party deductibles.
E-business sites have many of the same characteristics as telecoms, so we can expect similar problems, despite computerization. Early audit work on nonfinancial metrics to be published by Internet companies showed that virtually all had to be adjusted for various types of error.
Delivering products to customers at home is another problematic area. A large firm I once worked for decided to mark the new millennium by sending a bottle of champagne to every employee in the United Kingdom. Somehow, between the company that managed it and the company that did the delivery, nearly 13 percent of the champagne was never delivered. That's a truckload.

How To Cut Profit Leakage

Most of what I know about defeating leakage I learned in telecoms, but looking at cases in other industries, the commonalities are striking. The first barrier is a chicken and egg problem. Searching for leaks is hard work and usually involves extracting data from computer systems and analyzing it. However, searches may well find nothing worthwhile. How do you justify an investigation when you have no evidence of leakage, and how do you get evidence of leakage without an investigation?

Looking in the Right Haystacks

Leakage is not evenly spread, so carve up billing or purchasing into smaller areas with their own characteristics. Consider the risk factors that apply to the processing in each area, such as complex contracts, poor computer support, a history of management neglect, people telling you there are problems, and high data volumes.

Quantify your view based on the evidence so far, but don't just pick a percentage leakage rate. Consider the probability distribution of leakage rates. For example, what do you think the probability is that the loss is greater than 1 percent? How about greater than 0.1 percent? How about greater than 0.01 percent? It's easier to do this if you have some figures from other work as a starting point but don't give up if you haven't. Multiply the leakage rates with the value of the bills involved and you have an idea of how much money is involved.

Sometimes it's obvious where you should look first, and the justification is clear. However, you may find that no area has a clear cut justification for a full project. Each area has a chance of containing big leakage, but it is more likely that it doesn't and that a full project would be a waste of money.

Don't give up. Think of the areas you are analyzing as a portfolio of opportunities to make money, and approach each one in stages, each designed to give you more information. Begin by asking more questions about risk factors and existing evidence of leakage. Have a look at customer complaints. Examine correcting journals to see what is coming up. Talk to people who do the work, and ask them what they think. If the chance of finding worthwhile leakage is still reasonable, try extracting and analyzing a sample of data, perhaps just some of the easier items to analyze. If the evidence still looks promising, move on to a more comprehensive analysis.

If at any stage for a given area the evidence doesn't justify the next incremental step, then stop. Incremental investigation will flush out opportunities that would be uneconomic if you just rushed to a full project. One of the best ways to get evidence about leakage is to improve internal controls, which is part of integrating recovery with other control/system/process improvement work.

Integrating with Other Improvement Projects

The weaknesses that leads to leakage tends to go along with others that result in customer dissatisfaction, wasted time, accounting concerns, and so on. That means a lot of people are interested in the same areas but for different reasons. Try to set up an integrated project that has multiple objectives (i.e., customer satisfaction, reduced leakage, recovery, controls assurance, lower cost of operation) and brings together the skills and tools of people with different interests.

Clearly it makes sense to improve things so that leakage doesn't happen again, so process/system/control improvements tend to follow recovery projects. However, it also helps recovery efforts to begin improving controls before the recovery project starts. Why? Most controls are checks on data or processing, so when you add new ones, you have more opportunities to record information about errors and likely leakage. Besides, if an improvement is obviously needed, why wait for the recovery project?

The Hard Parts

Once you are looking in the right places, doing analysis (usually by computer) to find suspected errors turns out to be the easy bit. The hard parts are (1) investigating suspected errors to find out if they really are errors, and (2) getting money from other parties.

No matter how clear cut the errors seem to be when you look at what the computer has extracted, you should expect the majority of these "errors" to be false alarms on further investigation. Later, when you have checked the errors and got down to a smaller number of cases you are fairly sure are real errors, you will present your case to a customer or supplier and find that a significant proportion of items never result in recovered money, even when you are in the right. Customers leave you rather than pay the money they owe. (Don't worry about lost business; they were only with you because they were getting free service.) Suppliers waste time hoping you will give up. Expect the huge sums initially under suspicion to be whittled down to a much smaller amount actually recovered.

Organized Evidence

A key part of success is having a well organized and documented approach to investigating suspected items. You need to know what your investigation has established and what is still unknown. At some point, you will have to approach customers or suppliers and ask for money, so it is worth being clear about how you could still be wrong.

Don't write a detailed procedure imagining it will apply to all items because in practice the items will be too varied. Do make every effort to break down the items into sub-groups, prioritize them, and look for ways to use computer power to speed up the investigation of each sub-group.

Incremental Steps

Recovery projects tend to be a bit messy because the data is, and so it is difficult to judge how much work is still needed and what the financial results will be. The work involves learning a lot as you go along. It makes sense to take some suspect items through to cash recovery as soon as possible, and keep doing that with sets of successively less valuable, more complex items. Do not try to get all items through each stage before moving on to the next stage of processing.

Software Tools

Software tools are important, but not just for extraction and reconciliation of data. An ideal tool would help with monitoring the evidence and estimates for multiple potential areas, extracting and comparing data, managing data as you investigate and seek recovery, and reporting on progress and results.

When Looking for Internal Leaks:

Don't act as if you know exactly what will be recovered. Be intelligent about uncertainty concerning the amount of leakage and prospects for recovery.

Prefer an integrated project that achieves improvements and recoveries.

Proceed incrementally, reviewing evidence and prospects frequently, and taking items through to cash as early as possible to maximize learning.

Use computer tools fully. Make sure people with IT skills work closely with others.

Be realistic about recovery prospects. Most suspected errors turn out to be false alarms and many of the rest are never paid.

Do not give up. Your systems and processes probably aren't as good as you think they are, and there is good money to be made from improvements and recoveries.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

More Risk Management Information from IRMI
Books, Manuals, Newsletters	IRMI Online	SilverPlume Sage
Practical Risk Management
The Risk Report
Construction Risk Management
Contractual Risk Transfer
Risk Financing
Exposure Survey Questionnaire
Guidelines for Insurance Specifications
How To Draft and Interpret Insurance Policies
IRMI Insurance Checklists
RMIS Review
Free Risk Management Articles in IRMI.com
25 Risk-Conquering Ideas
Risk Management
Effective Contractual Risk Transfer in Construction
Risk Management - Why and How
Insurance Continuing Education Courses from IRMI
Litigation Management (CE)
Contractual Risk Transfer in Construction (CRIS CE)