Tinkering the Pragmatic Way

Hans Lodder took in the previous Results2Match community blog a rather philosophical look at how far organization should go in checking and insuring themselves for the unforeseen. I want to add another angle: The burden of overlaid governance and compliance procedures.

As a response to the well know business disasters due to "over enthusiastic" employees and management, a whole new industry has emerged to provide companies with dedicated governance, risk and compliance tools. Not only are these solutions in itself expensive, it forces to create new departments to maintain and manage yet another company layer. Of course, one needs to find a nice balance between trust and check, and also politics and government need their hobbyhorses but I think organizations are missing a big point here: premium/risk analysis.

My thoughts:

  • No solution will completely safeguard an organization from fraud.
  • The cost of fraud detection and prevention should at maximum equal the value of the fraud.
  • Investing in systems on top of what you have will never survive the above equation.
  • Invest in integration of fraud detection and prevention in your basic operational systems, the required process alignment will improve the quality of your business operation as a bonus.
  • The awareness that detection systems are in place and that fraud is punished straight away is a better investment than the ultimate technical solution.
  • Go for an 80/20 approach: 80% of the fraud value can be mitigated with 20% of the investment you could apply according to what the market offers.

One could argue that I'm advocating the supermarket-syndrome to fraud: "We know that we lose 7% due to theft and fraud, so we just raise the price by 7%." This is not what I'm looking for. Yes, invest in sharp solutions like safe controlled operational processes via automation, duplication, rule-based controls, pattern analyzers, and what have you. But implement it in a pragmatic way according to my thoughts expressed above.

In advising my customers on this topic, I used the following rule: Anything which does not improve or even hampers the output of a process is a no; Anything which government or accountants can enforce should be implemented with a no-cost attitude in mind.

Utopia? I've seen some pretty good examples implemented. Let me know your comments and ideas and we could discuss some.

This blog is part of a series around tinkering:

Contact Hans van Nes at Results2Match.com.

Back to top