Skip Navigation Links.
Collapse IRMI OnlineIRMI Online
Expand How To Use IRMI OnlineHow To Use IRMI Online
My Paid Publications
Expand What's NewWhat's New
Expand DashboardsDashboards
Expand Commercial Liability InformationCommercial Liability Information
Expand Commercial Property InformationCommercial Property Information
Expand Commercial Auto InformationCommercial Auto Information
Expand D&O, PL, E&O, EPLI InformationD&O, PL, E&O, EPLI Information
Expand Workers Compensation InformationWorkers Compensation Information
Classifications and Cross-References
Collapse Risk Mgt. and Multiline InformationRisk Mgt. and Multiline Information
Expand Risk Management -- Why and HowRisk Management -- Why and How
Collapse Free Expert CommentaryFree Expert Commentary
Expand Brand Equity and Product RecallBrand Equity and Product Recall
Expand Catastrophe Risk ManagementCatastrophe Risk Management
Expand Claims ManagementClaims Management
Expand Construction Case StudiesConstruction Case Studies
Expand Construction QualityConstruction Quality
Expand Construction SafetyConstruction Safety
Expand Corporate AviationCorporate Aviation
Expand Corporate Fraud PreventionCorporate Fraud Prevention
Expand Courts and CoverageCourts and Coverage
Expand Cyber InsuranceCyber Insurance
Expand Drafting and Interpreting Insurance PoliciesDrafting and Interpreting Insurance Policies
Expand Enterprise Risk ManagementEnterprise Risk Management
Expand Environmental Risk ManagementEnvironmental Risk Management
Expand EthicsEthics
Expand Global ImpactGlobal Impact
Expand Insurance ArchaeologyInsurance Archaeology
Collapse InternalControlInternalControl
Internal Control Disaster: Fiasco at Heathrow (April 2008)
Efficient Samples for Control and Audit (January 2008)
The Startling Economics of Controls Documentation Review (November 2007)
How To Test Fewer Key Controls in a Sarbanes-Oxley Section 404 Project (July 2007)
Clear Thinking and "Risk Appetite" (April 2007)
The Psychology of Devising Internal Controls (January 2007)
COSO's New Guidance for Smaller Organizations (November 2006)
Promoting Good Management of Risk and Uncertainty (August 2006)
Practical Word Choices for Risk Managers (April 2006)
Seven Frontiers of Internal Control and Risk Management (January 2006)
Controls Design for Efficient Compliance with Sarbanes-Oxley's Section 404 (October 2005)
Time To Put Numbers on Internal Controls (August 2005)
Why the COSO Frameworks Need Improvement (April 2005)
How To Cut Sarbanes-Oxley Compliance Costs (January 2005)
Internal Control and Leaking Profits (October 2004)
Risk Management versus Internal Control (June 2004)
Embedded Risk Management: The Auditors' Contribution (January 2004)
Innovating in the Face of Internal Control Regulations (January 2004)
Embedding Risk Management: Easier, Faster, Better (October 2003)
Auditors and Risk Management (July 2003)
Expand Litigation ManagementLitigation Management
Expand MaritimeLawMaritimeLaw
Expand MediationMediation
Expand Political RiskPolitical Risk
Expand Privacy IssuesPrivacy Issues
Expand ReinsuranceReinsurance
Expand Risk Management TechnologyRisk Management Technology
Expand SecuritySecurity
Expand Terrorism Risk Management & InsuranceTerrorism Risk Management & Insurance
Expand IRMI InsightsIRMI Insights
Expand IRMI Update Newsletter ArchivesIRMI Update Newsletter Archives
Expand Risk Finance InformationRisk Finance Information
Expand Construction InformationConstruction Information
Expand Personal Lines InformationPersonal Lines Information
Expand Insurance IndustryInsurance Industry
Expand Glossary of Insurance & Risk Management TermsGlossary of Insurance & Risk Management Terms
Expand SearchSearch
Terms of Use
Privacy Statement
System Requirements
Support

Internal Control and Leaking Profits

October 2004

Lost money is lost profit. Finding leaks takes diligence, but is worth the effort when employees, vendors, and customers know you're perpetually on the lookout for disappearing funds, no matter how small.

by Matthew Leitch

Internal controls against fraud and big accounting problems are important, but there's another side to internal control that can raise revenues, cut costs, and boost profits month after month. I first came across this in the telecommunication industry, where it has given rise to the euphemistic buzz phrase, "revenue assurance."

Several years ago, the telecom industry began to realize that, typically, 2-5 percent of revenue was not even billed due to a combination of system problems and mistakes. Sometimes the loss was over 10 percent of revenues. This money is lost profit. You can imagine the reaction. Initial disbelief turned to acceptance as people realized the many ways in which occasional errors combined and accumulated to big money.

Very soon telecoms, their consultants, and software vendors were talking about revenue "leakage," specialist teams were formed, conferences were arranged, and software tools began to appear. Today almost every telecom has some kind of revenue assurance function and many have done impressive work that more than repays the investment. More recently, telecoms have been finding similar problems on the cost side, where they have been paying too much for services received.

Are Telecoms Special?

There are some reasons for thinking that this profit leakage is particularly great in telecoms. The industry is fast moving, the technology complex, and the data volumes staggering. But telecoms are not unique—far from it.

  • How many times have you noticed that a hotel or restaurant has missed something from your bill? Not often? It doesn't have to be to hit their profits badly. When you look at the conditions under which people work and the need to get the bill assembled before the customer leaves, it's obvious that significant leakage will occur unless there is a reliable, comprehensive computer system to capture all billable items and produce the bill.

  • Trac Ops, a company that specializes in tackling overpayment problems, estimates that the overall rate of overpayment across all industries is usually between 0.05 and 0.1 percent of total payments. Of this, roughly 60 percent of overpayments are due to difficulties complying with complex purchasing contracts. This affects retailers particularly. (Not surprisingly, telecoms suffer from complex contracts on the billing side, especially when they negotiate contracts with customers for which they have inadequate computer support.)

  • Insurance and reinsurance companies can lose money from errors and can recover money by analysis and recovery projects. For example, they may identify previously missed or unbilled reinsurance loss recoverables and third-party deductibles.

  • E-business sites have many of the same characteristics as telecoms, so we can expect similar problems, despite computerization. Early audit work on nonfinancial metrics to be published by Internet companies showed that virtually all had to be adjusted for various types of error.

  • Delivering products to customers at home is another problematic area. A large firm I once worked for decided to mark the new millennium by sending a bottle of champagne to every employee in the United Kingdom. Somehow, between the company that managed it and the company that did the delivery, nearly 13 percent of the champagne was never delivered. That's a truckload.

How To Cut Profit Leakage

Most of what I know about defeating leakage I learned in telecoms, but looking at cases in other industries, the commonalities are striking. The first barrier is a chicken and egg problem. Searching for leaks is hard work and usually involves extracting data from computer systems and analyzing it. However, searches may well find nothing worthwhile. How do you justify an investigation when you have no evidence of leakage, and how do you get evidence of leakage without an investigation?

Looking in the Right Haystacks

Leakage is not evenly spread, so carve up billing or purchasing into smaller areas with their own characteristics. Consider the risk factors that apply to the processing in each area, such as complex contracts, poor computer support, a history of management neglect, people telling you there are problems, and high data volumes.

Quantify your view based on the evidence so far, but don't just pick a percentage leakage rate. Consider the probability distribution of leakage rates. For example, what do you think the probability is that the loss is greater than 1 percent? How about greater than 0.1 percent? How about greater than 0.01 percent? It's easier to do this if you have some figures from other work as a starting point but don't give up if you haven't. Multiply the leakage rates with the value of the bills involved and you have an idea of how much money is involved.

Sometimes it's obvious where you should look first, and the justification is clear. However, you may find that no area has a clear cut justification for a full project. Each area has a chance of containing big leakage, but it is more likely that it doesn't and that a full project would be a waste of money.

Don't give up. Think of the areas you are analyzing as a portfolio of opportunities to make money, and approach each one in stages, each designed to give you more information. Begin by asking more questions about risk factors and existing evidence of leakage. Have a look at customer complaints. Examine correcting journals to see what is coming up. Talk to people who do the work, and ask them what they think. If the chance of finding worthwhile leakage is still reasonable, try extracting and analyzing a sample of data, perhaps just some of the easier items to analyze. If the evidence still looks promising, move on to a more comprehensive analysis.

If at any stage for a given area the evidence doesn't justify the next incremental step, then stop. Incremental investigation will flush out opportunities that would be uneconomic if you just rushed to a full project. One of the best ways to get evidence about leakage is to improve internal controls, which is part of integrating recovery with other control/system/process improvement work.

Integrating with Other Improvement Projects

The weaknesses that leads to leakage tends to go along with others that result in customer dissatisfaction, wasted time, accounting concerns, and so on. That means a lot of people are interested in the same areas but for different reasons. Try to set up an integrated project that has multiple objectives (i.e., customer satisfaction, reduced leakage, recovery, controls assurance, lower cost of operation) and brings together the skills and tools of people with different interests.

Clearly it makes sense to improve things so that leakage doesn't happen again, so process/system/control improvements tend to follow recovery projects. However, it also helps recovery efforts to begin improving controls before the recovery project starts. Why? Most controls are checks on data or processing, so when you add new ones, you have more opportunities to record information about errors and likely leakage. Besides, if an improvement is obviously needed, why wait for the recovery project?

The Hard Parts

Once you are looking in the right places, doing analysis (usually by computer) to find suspected errors turns out to be the easy bit. The hard parts are (1) investigating suspected errors to find out if they really are errors, and (2) getting money from other parties.

No matter how clear cut the errors seem to be when you look at what the computer has extracted, you should expect the majority of these "errors" to be false alarms on further investigation. Later, when you have checked the errors and got down to a smaller number of cases you are fairly sure are real errors, you will present your case to a customer or supplier and find that a significant proportion of items never result in recovered money, even when you are in the right. Customers leave you rather than pay the money they owe. (Don't worry about lost business; they were only with you because they were getting free service.) Suppliers waste time hoping you will give up. Expect the huge sums initially under suspicion to be whittled down to a much smaller amount actually recovered.

Organized Evidence

A key part of success is having a well organized and documented approach to investigating suspected items. You need to know what your investigation has established and what is still unknown. At some point, you will have to approach customers or suppliers and ask for money, so it is worth being clear about how you could still be wrong.

Don't write a detailed procedure imagining it will apply to all items because in practice the items will be too varied. Do make every effort to break down the items into sub-groups, prioritize them, and look for ways to use computer power to speed up the investigation of each sub-group.

Incremental Steps

Recovery projects tend to be a bit messy because the data is, and so it is difficult to judge how much work is still needed and what the financial results will be. The work involves learning a lot as you go along. It makes sense to take some suspect items through to cash recovery as soon as possible, and keep doing that with sets of successively less valuable, more complex items. Do not try to get all items through each stage before moving on to the next stage of processing.

Software Tools

Software tools are important, but not just for extraction and reconciliation of data. An ideal tool would help with monitoring the evidence and estimates for multiple potential areas, extracting and comparing data, managing data as you investigate and seek recovery, and reporting on progress and results.


When Looking for Internal Leaks:

Don't act as if you know exactly what will be recovered. Be intelligent about uncertainty concerning the amount of leakage and prospects for recovery.

Prefer an integrated project that achieves improvements and recoveries.

Proceed incrementally, reviewing evidence and prospects frequently, and taking items through to cash as early as possible to maximize learning.

Use computer tools fully. Make sure people with IT skills work closely with others.

Be realistic about recovery prospects. Most suspected errors turn out to be false alarms and many of the rest are never paid.

Do not give up. Your systems and processes probably aren't as good as you think they are, and there is good money to be made from improvements and recoveries.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

More Risk Management Information from IRMI
Books, Manuals, Newsletters IRMI
Online 		SilverPlume
Sage
Practical Risk Management IRMI Online SilverPlume Sage
The Risk Report IRMI Online SilverPlume Sage
Construction Risk Management IRMI Online SilverPlume Sage
Contractual Risk Transfer IRMI Online SilverPlume Sage
Risk Financing IRMI Online SilverPlume Sage
Exposure Survey Questionnaire IRMI Online SilverPlume Sage
Guidelines for Insurance Specifications IRMI Online SilverPlume Sage
How To Draft and Interpret Insurance Policies
IRMI Insurance Checklists IRMI Online SilverPlume Sage
RMIS Review IRMI Online
Free Risk Management Articles in IRMI.com
25 Risk-Conquering Ideas
Risk Management
Effective Contractual Risk Transfer in Construction
Risk Management - Why and How
Insurance Continuing Education Courses from IRMI
Litigation Management (CE)
Contractual Risk Transfer in Construction (CRIS CE)
Check It Out
Save 36% with the IRMI Professional Library
© 2000-2009 International Risk Management Institute, Inc. (IRMI). All rights reserved.