Internal Controls Design website by Matthew Leitch (tutor, researcher, author, & consultant)
New website, new perspective: - Related articles - All articles - The author - Services

Leakage Graphic

Internal control and leaking profits
Cut costs and lost revenue with internal controls

by Matthew Leitch; first appeared on in October 2004

Internal controls against fraud and big accounting problems are important, but thereís another side to internal control that can raise revenues, cut costs, and boost profits month after month. I first came across this in the telecoms industry, where it has given rise to the euphemistic buzz phrase, ďrevenue assurance.Ē

Several years ago the telecoms industry began to realise that, typically, 2 - 5% of revenue was not even billed due to a combination of system problems and mistakes. Sometimes the loss was over 10% of revenues. This money is lost profit. You can imagine the reaction.

Initial disbelief turned to acceptance as people realised the many ways in which occasional errors combined and accumulated to big money.

Very soon telcos, their consultants, and software vendors were talking about revenue ďleakageĒ, specialist teams were formed, conferences were arranged, and software tools began to appear. Today almost every telco has some kind of revenue assurance function and many have done impressive work that more than repays the investment.

More recently telcos have been finding similar problems on the cost side, where they have been paying too much for telecoms services received.

Is telecoms special?

There are some reasons for thinking that this profit leakage is particularly great in telecoms. The industry is fast moving, the technology complex, and the data volumes staggering. But telecoms is not unique. Far from it.

How to cut profit leakage

Most of what I know about defeating leakage I learned in telecoms, but looking at cases in other industries the commonalities are striking.

The first barrier is a chicken and egg problem. Searching for leaks is hard work and usually involves extracting data from computer systems and analysing it. However, searches may well find nothing worthwhile. How do you justify an investigation when you have no evidence of leakage, and how do you get evidence of leakage without an investigation?

Looking in the right haystacks

Leakage is not evenly spread, so carve up billing, or purchasing, into smaller areas with their own characteristics. Consider the risk factors that apply to the processing in each area. For example, complex contracts, poor computer support, a history of management neglect, people telling you there are problems, high data volumes.

Quantify your view based on the evidence so far, but donít just pick a percentage leakage rate. Consider the probability distribution of leakage rates. For example, what do you think the probability is that the loss is greater than 1%? How about greater than 0.1%? How about greater than 0.01%? Itís easier to do this if you have some figures from other work as a starting point but donít give up if you havenít.

Multiply the leakage rates with the value of the bills involved and you have an idea of how much money is involved.

Sometimes itís obvious where you should look first and the justification is clear. However, you may find that no area has a clear cut justification for a full project. Each area has a chance of containing big leakage, but it is more likely that it doesnít and that a full project would be a waste of money.

Donít give up. Think of the areas you are analysing as a portfolio of opportunities to make money and approach each one in stages, each designed to give you more information. Begin by asking more questions about risk factors and existing evidence of leakage. Have a look at customer complaints. Look at correcting journals to see what is coming up. Talk to people who do the work and ask them what they think. If the chance of finding worthwhile leakage is still reasonable try extracting and analysing a sample of data, perhaps just some of the easier items to analyse. If the evidence still looks promising move on to a more comprehensive analysis.

If at any stage for a given area the evidence doesnít justify the next incremental step then stop.

Incremental investigation will flush out opportunities that would be uneconomic if you just rushed to a full project.

One of the best ways to get evidence about leakage is to improve internal controls, which is part of integrating recovery with other control/system/process improvement work.

Integrating with other improvement projects

The weaknesses that lead to leakage tend to go along with others that result in customer dissatisfaction, wasted time, accounting concerns, and so on. That means a lot of people are interested in the same areas but for different reasons.

Try to set up an integrated project that has multiple objectives (i.e. customer satisfaction, reduced leakage, recovery, controls assurance, lower cost of operation) and brings together the skills and tools of people with different interests.

Clearly it makes sense to improve things so that leakage doesnít happen again, so process/system/control improvements tend to follow recovery projects. However, it also helps recovery efforts to begin improving controls before the recovery project starts.

Why? Most controls are checks on data or processing, so when you add new ones you have more opportunities to record information about errors and likely leakage. Besides, if an improvement is obviously needed, why wait for the recovery project?

The hard parts

Once you are looking in the right places, doing analysis (usually by computer) to find suspected errors turns out to be the easy bit. The hard parts are (1) investigating suspected errors to find out if they really are errors, and (2) getting money from other parties.

No matter how clear cut the errors seem to be when you look at what the computer has extracted you should expect the majority of these ďerrorsĒ to be false alarms on further investigation. Later, when you have checked the errors and got down to a smaller number of cases you are fairly sure are real errors you will present your case to a customer or supplier and find that a significant proportion of items never result in recovered money, even when you are in the right. Customers leave you rather than pay the money they owe. (Donít worry about lost business; they were only with you because they were getting free service.) Suppliers waste time hoping you will give up.

Expect the huge sums initially under suspicion to be whittled down to a much smaller amount actually recovered.

Organised evidence

A key part of success is having a well organised and documented approach to investigating suspected items. You need to know what your investigation has established and what is still unknown. At some point you will have to approach customers or suppliers and ask for money so it is worth being clear about how you could still be wrong.

Donít write a detailed procedure imagining it will apply to all items because in practice the items will be too varied. Do make every effort to break down the items into sub-groups, prioritise them, and look for ways to use computer power to speed up the investigation of each sub-group.


Recovery projects tend to be a bit messy because the data is, and so it is difficult to judge how much work is still needed and what the financial results will be. The work involves learning a lot as you go along.

It makes sense to take some suspect items through to cash recovery as soon as possible, and keep doing that with sets of successively less valuable, more complex items. Do not try to get all items through each stage before moving on to the next stage of processing.

Software tools

Software tools are important, but not just for extraction and reconciliation of data. An ideal tool would help with monitoring the evidence and estimates for multiple potential areas, extracting and comparing data, managing data as you investigate and seek recovery, and reporting on progress and results.

The summary

Donít act as if you know exactly what will be recovered. Be intelligent about uncertainty concerning the amount of leakage and prospects for recovery.

Prefer an integrated project that achieves improvements and recoveries.

Proceed incrementally, reviewing evidence and prospects frequently, and taking items through to cash as early as possible to maximise learning.

Use computer tools fully. Make sure people with IT skills work closely with others.

Be realistic about recovery prospects. Most suspected errors turn out to be false alarms and many of the rest are never paid.

Do not give up. Your systems and processes probably arenít as good as you think they are and there is good money to be made from improvements and recoveries.

New website, new perspective: - Related articles - All articles - The author - Services

If you found any of these points relevant to you or your organisation please feel free to contact me to talk about them, pass links or extracts on to colleagues, or just let me know what you think. I can sometimes respond immediately, but usually respond within a few days. Contact details

Matthew Leitch - Author

About the author: Matthew Leitch is a tutor, researcher, author, and independent consultant who helps people to a better understanding and use of integral management of risk within core management activities, such as planning and design. He is also the author of the new website,, and has written two breakthrough books. Intelligent internal control and risk management is a powerful and original approach including 60 controls that most organizations should use more. A pocket guide to risk mathematics: Key concepts every auditor should know is the first to provide a strong conceptual understanding of mathematics to auditors who are not mathematicians, without the need to wade through mathematical symbols. Matthew is a Chartered Accountant with a degree in psychology whose past career includes software development, marketing, auditing, accounting, and consulting. He spent 7 years as a controls specialist with PricewaterhouseCoopers, where he pioneered new methods for designing internal control systems for large scale business and financial processes, through projects for internationally known clients. Today he is well known as an expert in uncertainty and how to deal with it, and an increasingly sought after tutor (i.e. one-to-one teacher). more

Please share:            Share on Tumblr