Working In Uncertainty
Internal control and leaking profits: Cut costs and lost revenue with internal controls
First appeared on www.irmi.com in October 2004.
Internal controls against fraud and big accounting problems are important, but there's another side to internal control that can raise revenues, cut costs, and boost profits month after month. I first came across this in the telecoms industry, where it has given rise to the euphemistic buzz phrase, ‘revenue assurance.’
Several years ago the telecoms industry began to realise that, typically, 2 – 5% of revenue was not even billed due to a combination of system problems and mistakes. Sometimes the loss was over 10% of revenues. This money is lost profit. You can imagine the reaction.
Initial disbelief turned to acceptance as people realised the many ways in which occasional errors combined and accumulated to big money.
Very soon telcos, their consultants, and software vendors were talking about revenue ‘leakage’, specialist teams were formed, conferences were arranged, and software tools began to appear. Today almost every telco has some kind of revenue assurance function and many have done impressive work that more than repays the investment.
More recently telcos have been finding similar problems on the cost side, where they have been paying too much for telecoms services received.
Is telecoms special?
There are some reasons for thinking that this profit leakage is particularly great in telecoms. The industry is fast moving, the technology complex, and the data volumes staggering. But telecoms is not unique. Far from it.
How to cut profit leakage
Most of what I know about defeating leakage I learned in telecoms, but looking at cases in other industries the commonalities are striking.
The first barrier is a chicken and egg problem. Searching for leaks is hard work and usually involves extracting data from computer systems and analysing it. However, searches may well find nothing worthwhile. How do you justify an investigation when you have no evidence of leakage, and how do you get evidence of leakage without an investigation?
Looking in the right haystacks
Leakage is not evenly spread, so carve up billing, or purchasing, into smaller areas with their own characteristics. Consider the risk factors that apply to the processing in each area. For example, complex contracts, poor computer support, a history of management neglect, people telling you there are problems, high data volumes.
Quantify your view based on the evidence so far, but don't just pick a percentage leakage rate. Consider the probability distribution of leakage rates. For example, what do you think the probability is that the loss is greater than 1%? How about greater than 0.1%? How about greater than 0.01%? It's easier to do this if you have some figures from other work as a starting point but don't give up if you haven't.
Multiply the leakage rates with the value of the bills involved and you have an idea of how much money is involved.
Sometimes it's obvious where you should look first and the justification is clear. However, you may find that no area has a clear cut justification for a full project. Each area has a chance of containing big leakage, but it is more likely that it doesn't and that a full project would be a waste of money.
Don't give up. Think of the areas you are analysing as a portfolio of opportunities to make money and approach each one in stages, each designed to give you more information. Begin by asking more questions about risk factors and existing evidence of leakage. Have a look at customer complaints. Look at correcting journals to see what is coming up. Talk to people who do the work and ask them what they think. If the chance of finding worthwhile leakage is still reasonable try extracting and analysing a sample of data, perhaps just some of the easier items to analyse. If the evidence still looks promising move on to a more comprehensive analysis.
If at any stage for a given area the evidence doesn't justify the next incremental step then stop.
Incremental investigation will flush out opportunities that would be uneconomic if you just rushed to a full project.
One of the best ways to get evidence about leakage is to improve internal controls, which is part of integrating recovery with other control/system/process improvement work.
Integrating with other improvement projects
The weaknesses that lead to leakage tend to go along with others that result in customer dissatisfaction, wasted time, accounting concerns, and so on. That means a lot of people are interested in the same areas but for different reasons.
Try to set up an integrated project that has multiple objectives (i.e. customer satisfaction, reduced leakage, recovery, controls assurance, lower cost of operation) and brings together the skills and tools of people with different interests.
Clearly it makes sense to improve things so that leakage doesn't happen again, so process/system/control improvements tend to follow recovery projects. However, it also helps recovery efforts to begin improving controls before the recovery project starts.
Why? Most controls are checks on data or processing, so when you add new ones you have more opportunities to record information about errors and likely leakage. Besides, if an improvement is obviously needed, why wait for the recovery project?
The hard parts
Once you are looking in the right places, doing analysis (usually by computer) to find suspected errors turns out to be the easy bit. The hard parts are (1) investigating suspected errors to find out if they really are errors, and (2) getting money from other parties.
No matter how clear cut the errors seem to be when you look at what the computer has extracted you should expect the majority of these ‘errors’ to be false alarms on further investigation. Later, when you have checked the errors and got down to a smaller number of cases you are fairly sure are real errors you will present your case to a customer or supplier and find that a significant proportion of items never result in recovered money, even when you are in the right. Customers leave you rather than pay the money they owe. (Don't worry about lost business; they were only with you because they were getting free service.) Suppliers waste time hoping you will give up.
Expect the huge sums initially under suspicion to be whittled down to a much smaller amount actually recovered.
A key part of success is having a well organised and documented approach to investigating suspected items. You need to know what your investigation has established and what is still unknown. At some point you will have to approach customers or suppliers and ask for money so it is worth being clear about how you could still be wrong.
Don't write a detailed procedure imagining it will apply to all items because in practice the items will be too varied. Do make every effort to break down the items into sub-groups, prioritise them, and look for ways to use computer power to speed up the investigation of each sub-group.
Recovery projects tend to be a bit messy because the data is, and so it is difficult to judge how much work is still needed and what the financial results will be. The work involves learning a lot as you go along.
It makes sense to take some suspect items through to cash recovery as soon as possible, and keep doing that with sets of successively less valuable, more complex items. Do not try to get all items through each stage before moving on to the next stage of processing.
Software tools are important, but not just for extraction and reconciliation of data. An ideal tool would help with monitoring the evidence and estimates for multiple potential areas, extracting and comparing data, managing data as you investigate and seek recovery, and reporting on progress and results.
Don't act as if you know exactly what will be recovered. Be intelligent about uncertainty concerning the amount of leakage and prospects for recovery.
Prefer an integrated project that achieves improvements and recoveries.
Proceed incrementally, reviewing evidence and prospects frequently, and taking items through to cash as early as possible to maximise learning.
Use computer tools fully. Make sure people with IT skills work closely with others.
Be realistic about recovery prospects. Most suspected errors turn out to be false alarms and many of the rest are never paid.
Do not give up. Your systems and processes probably aren't as good as you think they are and there is good money to be made from improvements and recoveries.
Hundreds of people receive notification of new publications every month. They include company directors, heads of finance, of internal audit, of risk management, and of internal control, professors, and other influential authors and researchers.
Made in England
Words © 2004 Matthew Leitch. First published October 2004.