#takeaways Risk webinar 1: How Internal Audit identifies, validates and recovers revenue leakage

13 May 2024
Main takeaways
  • Identify, assess and recover leakages by executing a high-impact revenue leakage internal audit.
  • Prevent revenue leakages going forward by strengthening the internal controls and automize its monitoring through the implementation of continuous control monitoring dashboards.

As the world becomes more fast-paced, risks continue to evolve, and the demand for resilience grows. The functions of internal audit, internal control, and risk management must be more proactive than ever. They must keep up with emerging risks, navigate shifting regulatory landscapes, and leverage new technologies that offer greater insight into risk through advanced analytics.

To assist organizations in addressing these challenges and requirements, TriFinance is organizing a series of webinars on related topics to share meaningful insights and best practices.

The first webinar, 'How internal audit identifies, validates and recovers revenue leakages,' featured insights from TriFinance experts Annemie Pelgrims and Steve van der Steen, who shared their knowledge with participants from various companies. They discussed trends, best practices and the role of companies in the preparation and execution of high-impact revenue leakage internal audits. Vicky Posthumus, Expert at TriFinance, hosted the session.

Revenue leakage occurs in every organization

Revenue leakage isn't limited to specific organizations, it can occur in any company. Despite their activities or fields, profits can seep away, prompting organizations to seek innovative ways to optimize their bottom-line results with additional cash savings.

Leakages can manifest in over 300 touchpoints across different business processes, often underestimated or downplayed by many companies. Examples of these touchpoints include:

  • Errors within complex global Source-to-Pay (S2P) and Order-to-Cash (O2C) processes;
  • Inaccurate or incomplete master data;
  • Overcharges and errors embedded within complex contracts;
  • Procuring the same or similar goods at varying costs across different cost centers;
  • Limited visibility into true item-level margin and profitability;
  • Unidentified risks and compliance issues throughout the supply chain.

Role of the internal auditor in revenue leakage

The Institute of Internal Auditors (IIA) states in their Risk in Focus 2024 report that financial liquidity is amongst the top 5 risks on which Internal Audit spends most time and effort. We are confident that conducting a high-impact internal audit focused on revenue leakage can effectively mitigate this risk. Such an internal audit creates a positive cash flow outcome, by identifying and recovering these leakages.

Incorporating a revenue leakage internal audit into our high-impact internal audit initiatives is paramount. Through such audits, the internal audit function can transition from being perceived solely as a policing entity to becoming a genuine business partner. By delivering fresh insights to C-level executives and the audit committee, this revenue leakage audit has the potential to significantly impact company performance, with potential EBITDA improvements of up to 5%.

Internal auditors serve as transformative agents, unlocking hidden value within organizations by redefining the implementation of internal controls from mere costs to strategic investments with the potential for substantial returns.

Annemie Pelgrims

Revenue leakage risks

During our revenue leakage audits, we've observed that companies with extensive transactional activity, segmented departments, limited access to historical data, disparate and unconnected systems, and poor interdepartmental communication tend to exhibit the highest incidence of revenue leakage. These factors collectively contribute to increased risk and susceptibility to revenue loss.

How to audit revenue leakage

To begin with, the internal audit aims to evaluate the effectiveness of internal controls in the accounts payable process, including identifying, validating, and recovering supplier overpayments while offering recommendations to strengthen control weaknesses. However, its scope can extend beyond the accounts payable process to encompass the entire procure-to-pay, order-to-cash, master data and contract management process. 

It's essential to emphasize that the internal control effectiveness review directly drives the design review. Hereby, we leverage the insights from data analytics to guide interviews with various process owners and stakeholders. This approach encompasses the following key elements in the accounts payable control effectiveness review:

  • Transactional accounting review: Identify, validate and recover duplicate and erroneous payments to suppliers, accounting errors, missed credits, incorrect VAT and unallocated cash.
  • Contract compliance review: Assess correctness and completeness of the incoming-and outgoing payments and the operational effectiveness of the internal controls related to the accounts payable process.
  • Statement review: Identify, validate and recover unprocessed credit notes and erroneous payments to suppliers.

Through this approach we identify the revenue leakage root causes and missing or insufficient internal controls.

Some best practices

In these internal audits, we frequently find that the following internal controls need strengthening due to deficiencies such as incompleteness, outdated information, or inaccuracies:

  • Governance controls
    • Segregation of duties
    • Authority matrix
    • Documented policies and procedures
    • Recordkeeping
    • Contract Management
    • Roles and responsibilities
  • Financial controls
    • Periodic reconciliation
  • IT Controls
    • Automated processes
    • Master Data Management

We also consider the implementation of advanced analytics as a best practice. We begin by prioritizing impactful analytics, particularly regarding pricing, and strongly recommend continuous control monitoring to identify potential anomalies proactively, preventing cash outflow from the organization.

Key practices include:

  • Pricing optimization: Enhance goods and services pricing strategies to maximize revenue.
  • Contract and document reviews: Evaluate contract terms and agreements to ensure compliance with pricing, discounting, and revenue recognition policies.
  • Data and process mining: Collect and organize necessary data for exception reports, including accounts payable data, vendor master data, vendor terms, and invoices.
  • Continuous Control Monitoring: Develop and implement a Key Performance Indicators (KPIs) framework to detect and recover value leakages continuously.

Turning revenue leakage into revenue assurance is like upgrading from finding weaknesses to securing strengths, ensuring long-term financial stability and organizational strength.

Steve van der Steen

Key takeaways

During our webinar, we emphasized several key takeaways:

  • Conducting high-impact Internal Audits: Leveraging internal audits uncovers current leaks, predicts future vulnerabilities, and prioritizes them based on financial impact.
  • Preventing revenue leakages: By implementing continuous monitoring processes and robust internal controls, organizations can minimize revenue leaks in the long term.
  • Enhancing the internal control framework: Establishing a mature internal control framework ensures effective oversight.
  • Automating controls: Designing and deploying automated controls and processes minimizes manual intervention and errors.
  • Simplifying the IT infrastructure: Streamlining the IT landscape by consolidating systems centralizes data management.
  • Incorporating emerging trends: Integrating emerging trends in revenue realization strategies keeps organizations ahead.

In conclusion, we highlighted the misconception that internal controls are solely costs, underscoring their potential to generate additional cash for organizations. By offering deeper insights, internal audits can act as catalysts for change. A revenue leakage internal audit is not just about identifying and assessing leaks; it's a value-driven exercise. We provide actionable recommendations to fortify internal controls, mitigating leakage risks and enhancing organizational resilience.

Would you like to know more about our approach on Risk?

Discover more