“Life is not under our control, and risk is ever-present. Fortunately, many risks can be reduced by acting with basic common sense; and many can be insured against,” says Kevin Phillips, MD of idu Software.
For example, the biggest physical risk most of us face every day is getting into our cars. But if you obey traffic rules and drive defensively, you can dramatically reduce your risk of being injured or killed in a motor vehicle accident. For the freak outside chance – of which there are many, many fewer than most people think – there is vehicle insurance, health insurance and life insurance to shield you and your family from the worst financial consequences.
In business, the major risks are financial: Bad debts, fraud, natural disasters, new competitors, changing tastes that reduce demand for your product. Most of these risks can be reduced by following sound business practices – think of it as defensive driving for your business.
Managing to reduce risk doesn’t mean employing more people to monitor and check what is going on. Rather, it means having processes and tools in place that will alert you quickly when a red flag is raised. The more quickly you identify a non-paying client or a pattern of suspicious invoices, the more quickly you can shut the problem down and the less exposure you will face.
So proper risk management, as so much else in management, comes down to delivering the right information, to the right people, at the right time.
Fortunately, this isn’t rocket science: Most of the time, it’s a simple matter of plugging in the right system. But it wasn’t always this way, and after many years of struggling to extract financial information and make it available, most of us are conditioned to tragically low expectations.
For example, an astonishing number of organisations appear resigned to the fact that they can only really examine May 1st’s expense figures sometime in the middle of June, when the books for May are closed and the monthly report comes before the board meeting. That means a clever fraudster, to take a worst-cases scenario, has seven or eight weeks to cover their tracks before someone will even be able to see the information that might raise suspicion.
There are still plenty of companies, typically with older legacy systems, where the accounts payable system talks to the general ledger only once a month. That’s the first time it’s possible for anyone to compare what was spent with what was budgeted – and a lot of damage can happen in the meantime.
If that describes you, it’s time to raise your expectations. It’s quite possible, given any number of tools currently on the market, to review today’s figures tomorrow. Knowing what’s happening in your business now, not eight weeks ago, is becoming an absolute necessity for survival.
Traditional accounting controls on their own, while essential and important, are not enough. A clever fraud will account for everything entirely according to the rules – it’s only by keeping a regular eye on the big picture that you can see patterns that ought not to be there. Applying an old adage “many hands make light work”, or in this case the more pairs of eyes looking at the numbers the more difficult it is to hide anomalies from everyone. In so many ways transparency is one of the strongest internal controls that an organisation can have and also the easiest to implement.
Fraud will happen, in short, no matter what. But you can reduce your risk of major losses by making sure your financial information is timely, accurate and widely distributed. It’s the best defence.