Is your risk manager helping you maximize revenue?

Studies show that companies lose between 2% to 5% of profits due to revenue not billed or accounted for. This is shocking since the company has already incurred costs and provided the product/service to the customer. 

Given the regulatory pressure and increased compliance requirements the focus of risk management teams and internal audit functions has shifted from this area as they feel that this is something that would be high on all business owners radars since revenue targets have the most weight-age.


However, the incentive plans alone are not a foolproof mechanism to ensure all revenue is accounted for. The article on Internal control and leaking profits identifies a number of areas where companies can lose revenue and the cause of this can be both human and information technology.


Take a bank for example, one of their revenue sources are transaction fees. However, there are numerous people in the transaction chain who have authority to waive it for the customer; i.e. the teller at the branch or the relation manager or the back office data entry person. A waiver of a Rs.50 fee on one transaction may not be alarming but if the same is waived for thousands of transactions every month suddenly it is a loss of Rs. 600,000 (or USD 10,000) from only one type of fee.


Other examples could be:-
– hotels/hospitals not billing for services rendered
– websites not billing for all advertisements placed on the site
– back offices providing additional services which are not billed

So do risk identification processes or audit processes specifically target these kinds of losses? No they don’t all the time and external auditors are only concerned with a “True and Fair” representation of the financials. So as long as the company reports the revenue that has been recorded and its not in excess the PWCs, EYs or KPMGs don’t have a problem. Risk managers and internal auditors are happy if the process is working as per laid out process documents, compliance requirements are met and no one trying to take money from the ‘Till’ or diverting money from the ‘Till’.

So what about the money which is not identified to go in the ‘Till’?? i.e. fee waived or service provided free of cost or freebie approved but never sent to the customer!!! 


Catching revenue leakage requires a special focus and in-depth understanding of end to end processes of a company. 

If one has to go beyond just identifying potential avenues of revenue loss (which can be dismissed as a hypothetical exercise) and actually pin point instances of revenue loss one need to use data analysis tools to analyse all transactions and link the transnational flow through multiple systems used by an organisation. 

This is especially true in the financial services industry where different areas of the bank use different IT systems to complete part of the same transaction. For example in a bank, the customer loan application comes through multiple channels and approval or denial is updated in the loans application. The fee for loan processing is to be debited in the core banking application for retail accounts and the accounting for the fee is in a different accounting application. In most internal audits the auditor only looks at one part of the process i.e. either loan approval, or loan accounting or GL accounting. However, there is potential of the fee not being recorded at any stage and you can only know the total fee not charged when you compare the total loan applications received with the total loan processing fee. Only this will highlight true magnitude of the problem and force management action.

Analysis like this can only be done by someone who can spend the time to understand the system linkages and know how to link the data coming from all these different sources in a meaningfully way. 

This may sound like something not worth the trouble given the cost benefit, however what people don’t realize is that a company needs to only builds this analysis once and the benefits will keep coming as the monitoring can be automated and build into the testing programs on the risk management and audit functions.

If you would like to know more about this topic do leave a comment or email me on ankit.manglik@gmail.com


Related posts

Leave a Comment