I was reading this interview with an Ernst & Young Director responsible for risk management and revenue assurance, and I did not know whether to laugh or cry. Maybe the journalist mixed everything up. Maybe some quotes are out of context. But it sounds strangely like the same mix of good and bad advice that the Big 4 has offered for years. To put it plainly, I think it is shameful to see a Big 4 representative confusing the distinct topics of accounting integrity and business profitability. But when the Big 4 starts talking about corporate governance and revenue assurance in the same sentence, that is what routinely happens.
Now, we all know that revenue assurance has something to do with revenues. The clue is in the name. For the most part, it is about employing people to do things that increase revenues. So far, so uncontroversial. You may also have read about, heard about, or know someone responsible for accounting scandals. Most scandals are to do with exaggerating revenues. Pretty straightforward. Which is why I struggle to see why the Big 4 are so keen to link revenue assurance to corporate governance via the fear of accounting scandals. Because you do not need to be an accounting sophisticate to see that services sold on the promise of increasing revenues may be ill-suited to stopping the dishonest exaggeration of those revenues. But the Big 4 turns a blind eye to this contradiction. They do so to either to increase their sales as business advisers, or to mitigate some of the risk they bear as auditors by putting extra, but ineffective, burdens on their clients. Either way, they have lost objectivity.
The article begins by referring to recent accounting scandals. In this case, the context is Malaysian and the businesses are Transmile Group Bhd and Megan Media Holdings Bhd
. As is the norm for these scandals, both businesses employed dishonest individuals who falsified and mispresented transactions in order to boost revenue numbers. Our E&Y Director observes that businesses need to manage risk and try to prevent fraud, and he will get no argument from me on either score. He then goes on to say:
“As part of good governance, executives must be able to say they have full control over revenue figures and are not leaking revenue all over the place…
Having a framework for risk management and revenue assurance not only plugs revenue leakage and maximises revenue, but also protects your brand.”
Where do I begin in pulling this apart? Let us start with one important word: revenue. The word revenue has a different meaning when you are talking to different people. Accountants have a precise definition of the word, the rest of the world a rather less precise definition. Put simply, for an accountant to recognize revenue from a sale, there has to be reasonable confidence that the business will eventually get the cash owed to them. So in accounting scandals, dishonest people pretend that some cash will be coming, even though they know full well it is not. They may intend to leave the company before the irregularity is discovered. If some unexpected extra cash does turn up, they may get away with the crime by pushing a few numbers around and hoping nobody notices anything odd. However, if that cash does not turn up, you end up with a scandal, the restatement of accounts and quite possibly an insolvency. But most people use the word “revenue” in a much less precise way. They just mean “good stuff that we like”. So when people talk about “revenue leakage” they mean “bad stuff we do not like”. It is perfectly possible to accurately report the revenues in the accounts whilst also suffering very large “revenue leakages”. Revenues are apples and revenue leakages are pears. Linking the accuracy of reporting revenues with the challenge of reducing revenue leakages is bogus. You might as well argue I cannot accurately report how many apples I have if I do not know how many pears I am losing.
In the phrase “revenue leakage” we are talking about what might be called “could have been revenue” or “should have been revenue” or “might have been revenue”. For the accountant, it is only revenue when you can be confident it will eventually turn into cash. Confidence is important. Accountants are prudent. If they are worried that the cash will not come in, then they cannot count the revenue. So fixing a revenue leakage may never lead to revenues. Take a simple example. Imagine some sales data gets lost underneath the billing system or down the back of the sofa. The revenue assurance man looks around and finds it a year later. Hoorah! A leakage spotted and a pat on the back for him. Now all we need to do is to raise a backbill. Surely we can be sure we will get the money and hence claim the increase in revenues immediately? No. Perhaps we discovered the customer was a fraudster and we have no way of sending them a bill, never mind any hope of having it paid. Or the sales refer to lines that the customer did not know they had because the telco failed to keep and communicate proper inventory records, and the customer has since ordered and paid for alternate lines. That customer cannot be expected to pay twice because the telco’s goof caused it to effectively supply the same service twice. There are 101 reasons why fixing the “revenue leakage” may not lead to extra revenues.
The important point here is prudence. When people say they lose 2%, 5%, 20%, 50% of their revenues in leakage, they are doing no such thing. They are losing exactly 0.0% of their revenues. You cannot lose something you never had in the first place. What they are losing is “could have been/should have been/might have been revenues”, which is quite different. A revenue leakage is no different to a salesman who is rude to a customer and so loses a potential sale. If they had been a bit nicer they would have got the sale and the revenues would have been higher. But that is a big “if”. Truth is, they were not nice and so they did not get the sale. Similarly with revenue leakages, if you had fixed some bug in some system you might have raised a bigger bill. But if the telco did not fix the bug, it did not raise a bigger bill and it did not get the revenue. Meanwhile, in the accounting world, the revenue figure reported is perfectly accurate irrespective of leakage, because it is supposed to exclude all those could have beens, maybes or ifs. So it is a confusion to suggest you need to fix revenue leakages to get accurate revenue reporting. Fixing revenue leakages is just about running a business well, in the same way that training staff not to be rude to customers is about running a business well. Calling it a “governance” issue gives it a mystique, but it is no more a governance issue than offering good customer service or motivating employees.
The next, more serious observation about the quote above is that the emphasis is all wrong. Risk management is supposed to be driven by risk. The clue is in the name again. Risk has a direction, because people are inclined to do naughty things one way, but not the other. An employee stealing company property is a risk. An employee making a charitable donation to the company is not a risk. Accurate financial reporting is about telling the shareholders how much revenue has been earned. The risk is that the revenues are exaggerated because execs, managers and employees may get rewarded for good results and fired for bad results (I can think of situations where execs might want to understate revenues, but they are the exception to the rule). So good risk management will focus on controls to prevent overstatement of revenues. However, in the quote we get an explicit reference to maximisation of revenue. How odd is this? In less than a few sentences we have done a complete u-turn. Taking the example of businesses with inadequate controls to prevent overstatement of revenues, we end up with an argument for spending time and effort on activities to increase revenues. Admittedly, these are sometimes one and the same, but often they are not. From a governance perspective, shareholders want the revenues reported in the accounts to be no more maximised than they want them minimised. What they want first and foremost is accuracy and reliability. The risks of inaccurate financial reporting are distinct from operational risks related to poor data integrity. One is about the deliberate intention to deceive. The other is about data processing errors that nobody is aware of or responsible for correcting. Safeguards to prevent dishonesty have little to do with safeguards over processing.
Imagine you are an exec (or if you are an exec, just read on). What is the risk if you understate revenues? You wake up one morning and discover that because of some screw-up the company has more cash in the bank than expected. You quickly work out where all the extra cash came from, or at least dream up a plausible story. You tell the shareholders and they seem very happy. The sun shines on the nice new car you buy to celebrate.
What is the risk if you overstate revenues? You wake up one morning and discover you are Bernie Ebbers. You can ask for parole in 2028, when you will be 85 years old. The sun shines through the bars of your prison cell.
Being lousy at running a business is not a crime. Lying to the owners of the business by making up numbers that make the business look healthier is a crime. Revenue assurance helps execs run businesses better. Corporate governance scandals are about a failure of honesty. Linking the two by saying there is a simple win-win relationship betweeen revenue assurance and corporate governance is wrong. The Big 4 sometimes do not draw a line between being accountants and being business advisers. As accountants they should be mindful of their responsibility to shareholders, whose goal is accurate reporting so they make informed investment decisions. As business advisers they market their services to executives, whose goal is to enhance business performance. These interests are not harmonious. That is why we have financial audits, and hence why we have the Big 4 accounting firms. Excessive attention on increasing apparent shareholder returns and insufficient concern for controls over reporting leads to dishonesty. Trying too hard to devise solutions to improve performance and increase control at the same time will put one or both of those goals in jeopardy.
Poor old Bernie Ebbers. During his trial, the lawyers for the former Worldcom boss deployed an “aw shucks” defence. They argued that Bernie was an old-fashioned cowboy. They said he did not understand accounts and numbers and stuff like that. Well, he has a lot of time to learn about them now, because that argument did not impress anyone. But if there is any risk that CEOs really are so daft, you would think the Big 4 should try to avoid giving daft advice to them. But that is exactly what they do.
Of course, I could criticise all those revenue assurance vendors who claim that implementing their software enhances corporate governance. I could, but I will not. The people they employ to sell their products are not qualified accountants. It must be very tempting to simply repeat what they hear elsewhere. No, the criticism belongs with the Big 4 and accountants who are the source for these claims. They are responsible for creating spurious connections where none exist. Or at least, they are guilty of not correcting the basic mistakes in understanding that take place in their presence.
To be fair, the article also talks about overcharging. Which is rather the point. So why talk about maximising revenues whilst also admitting that you need to implement revenue assurance controls to prevent overcharging? Fixing overcharging could just as well be described as minimising revenues. Why set a biased expectation that revenue integrity will lead to increased revenues when there is an acknowledged possibility that revenues may fall as a result of correcting overcharging errors previously missed by both the business and its customers? The article also discusses the prevention of fraud. But again, the frauds described have nothing to do with financial reporting scandals. The examples given did not involve the accounts; they are all revenue neutral. They all involve crimes where no additional revenue had been recognised by the business and where the fraudsters would never have intended to pay for the services acquired anyhow.
There are three kinds of lies: lies, damned lies, and statistics said Disraeli.
90% of statistics are made up goes an old joke. In the article, our director describes estimates of telco revenue leakage between 2% and 10% as “research”. Ahem. What were we talking about, again? Risk, bias, misreporting and that kind of thing. So what is this research he refers to? Surveys of estimates made by people who get paid to fix revenue loss. No risk of bias there then ;) Better still we find out that
a good risk management and revenue assurance framework could cut those leakages by half [my emphasis]. :D Hilarious. I had a good laugh about that. I mean, where does that stat come from? And why only by half? Why not more? Is that half of 2% or half of 10%? This director’s dictionary must omit the word “irony”. It is perverse to make up phony business statistics in an interview seemingly about accurate reporting and good corporate governance.
This interview was with a director from E&Y, but I do not mean to pick on E&Y. You could level these criticisms at most of what the Big 4 says about the link between revenue assurance and corporate governance. I was browsing the web a short while back and I stumbled across KPMG’s micro-site for “Margin Enhancement” (which is code for “revenue assurance but even better!”). It does not look like it has been updated for a while, but has some interesting content (one article described itself as an “advertorial” – is that like “infotainment”?) One download in particular grabbed my eye, because it was the slides for a presentation I had attended back in 2005. It was a panel discussion of the linkages between revenue assurance and Sarbanes-Oxley, hosted by KPMG and including a panel of three leading personalities from telco revenue assurance. After a half hour of listening to KPMG spiel on how well the two complemented each other, with not a mention of the possible conflicts between the two, you can imagine how keen I was to throw a spanner in the works. Luckily I got my chance when I asked the panel to answer, in a word, whether complying with SOX now meant they had eliminated all material revenue leakages. To their credit, all three telco panelists – Lionel Dawson of O2, Patrick Halbach of Qwest and Moly McMillan of ntl, answered the question frankly with a resolute “no!” Which only begged the question of how much advantage there really is in trying to link the objectives of revenue assurance to those of good corporate governance. The most useful synergy is in marketing for the Big 4 – if they cannot sell their services by promising it will deliver compliance with obligations, they sell it by promising extra revenues.
The scandal here is that a business can decide to invest in enhancing profits or in better governance, but they cannot have two for the price of one. The Big 4’s pretension to offer both at the same time is a folly. There are as many conflicts as synergies. Motivating people to increase revenues is good for business, but the essential problem is that some people also become motivated to cheat. Programs to install safeguards over accurate reporting cannot start out on the pretext that higher revenues will follow as a natural consequence. And programs to increase revenues will not eliminate the worst kinds of misreporting. Shame on the Big 4 for not saying that.