Innovative Approaches to Fraud Risk Management

The Javelin Strategy & Research Identity Theft Report 2013 states that 5.16% of US customers suffered from identity theft amounting to US$20.9 billion. Moreover, Tablet users had the highest probability of fraud at 9.6%. Victims of data breach had a 22.5% likelihood to becoming fraud victims. Hence, it is clear that while organizations are deploying more processes, technology and resources to prevent fraud, the fraudsters are having a ball. One thing fraudsters do, is to think outside the box. So we have to take a leaf out of their book and be innovative in our approach to prevent and detect fraud. Below are some ideas on the same. Share with me your thoughts on what you think about them.

 1)    Voice Print Analysis

Presently, in most of the banks, a call center agent asks a set of questions to verify the identity of customer for telephone banking. Internal employees, external fraudsters and organized crime groups can easily steal information about date of birth, place of birth, address, secret questions, and card number.

Now voice-printing software is available for authentication of voice. The system automatically verifies the caller voice with the customer’s sample voice to identify fraudulent callers and protect the account.

Secondly, maintain voice records of earlier fraudsters. When system detects a fraudulent caller, it automatically checks against the previous fraudulent call records. Hence, the system will flag if a fraudster has previously conducted a telephone banking fraud. With this, it will be easy to nab the fraudster, if the police had caught him/her in a previous case.

A new voice identity technology is available  that captures the tone of the voice and the type of communication. The software can monitor quality of calls and customer satisfaction from call center agents’ conversations with customers. This will cut manual quality control checks significantly and result in savings in quality control department costs.

2)    Track through Photographs and Location Mapping

Besides having voice-printing software, use a system similar to WhatsApp to identify of customers. WhatsApp sends text messages, images, video recordings, audio recordings, and the location. If banks invest in a similar application and allow customers to download the application on their mobile phones and tablets, the number of telephone and internet frauds will reduce.

If a fraudulent caller is flagged, then the call center agent can request the customer to send a selfie or video. If it is the wrong person, usually the caller will cut the conversation and drop the attempt to commit a fraud.

If the caller is able to circumvent this control, the application will also track the location. Applications track the frequent places a customer visits or calls from. If the caller is from an unusual place, then s/he can be tracked immediately. For example, if a British customer is tracked to a place in India, the call centre agent can ask the caller to verify their location.

3. Track Spending Behavior

Sometimes high value fraudulent payments are processed resulting in huge losses. A study done by Vivek K. Singh*, Laura Freeman*, Bruno Lepri, Alex (Sandy) Pentland for “Classifying Spending Behaviour using Socio-Mobile Data” determined the spending behavior of customers from the social interaction patterns on mobile phones. For example, it showed that more social couple and couples with diverse business interests tend to spend more.

Using big data, insights on spending behavior of customers can be analysed based on personality traits. Tracking social patterns and payment patterns can flag out anomalies when the payment is not in line with the spending pattern. Moreover, a location map can identify the location of beneficiaries of previous payments . Hence, fraudulent payments can be identified at the time of processing itself.

Another advantage from this technology can be for processing retail loan applications. If prospective customers are willing to give the data of mobile phone transactions, then at the time of processing the application itself, the bank can identify which customers are likely to overspend and default in future. The bank can ask for additional securities and guarantees.

Moreover, if the application is installed in the loan customer’s mobile after loan disbursement, the moment s/he is about to overspend which might result in default of EMI, the bank can send the customer an alert to pay the EMI first.

 4. Fraud Risk Conversations

According to psychological studies on emotional intelligence, Negative Emotional Attractor’s activate defense systems and build resistance to change. On the other hand, Positive Emotional Attractors (PEA) activates parasympathetic nervous system and makes a person more conducive to listen and change behavior. An effective team has a 3:1 ratio of PEA:NEA. Another study shows that improving peer-to-peer conversation increases productivity of the team by 30 to 40%.

However, risk management reports are mainly critical hence activate NEA. Moreover, the communication, training material, and code of conduct are all geared towards creating fear and guilt. Hence, it is not surprising that attempts to educate business teams on fraud risks fail.

Fraud risk managers can build a positive interaction model using technology platform. A study conducted by Erez Shmueli_, Vivek Kumar Singh_, Bruno Lepri and Alex ”Sandy” Pentland on “Sensing, Understanding, and Shaping Social Behavior” enables tracking of human behavior through big data analytics. The analytic helps in understanding the behavior, the tone of the conversation and the trust relationships between people.

Using this technology, an organization can use a social networking platform to communicate fraud risks through blogs, videos, and stories. The write-ups and stories should be from the business teams. From the comments section, the application can identify the key influencers and trust holders to bring about change. Thus, change the conversation to change the behavior.

 Closing Thoughts

 The days of holding a gun to rob a bank are nearly over. Fraudsters use social engineering to obtain sensitive information to conduct account takeover frauds remotely. Hence, organizations need to use socio-physics, social networks, and technology to beat the fraudsters in their own game. Being a leader in adopting the latest technology to prevent and detect frauds has an additional advantage, the fraudsters have not discovered the antidote to it. Hence, fraud risk managers have the right weapons to fight. The right tools can make a hell of a difference.


  1.  Javelin Strategy & Research Identity Theft Report 2013
  2. Classifying Spending Behavior using Socio-Mobile Data – Vivek K. Singh*, Laura Freeman*, Bruno Lepri, Alex (Sandy) Pentland
  3.  Sensing, Understanding, and Shaping Social Behaviour – Erez Shmueli_, Vivek Kumar Singh_, Bruno Lepri and Alex ”Sandy” Pentland



Risk Assessment of Marketing Function

The global economy is facing turbulent times with US in recession, Europe in economic crises and emerging markets growth slowing down. Frequently organizations panic on hearing forecasts of looming recession. They cut down marketing budgets, innovation of products and capital investments. The reaction further adds to the woes, and accelerates the downward trend in sales. Risk managers normally do not focus on marketing department activities and generally are not called upon to share their views on marketing strategies. A look on these areas may prevent the company from going in red and thrive in chaotic times. Here are a few suggestions for risk managers.

1. Bench-mark Marketing Function

The complexities of business world are escalating marketing risks. For survival and growth organizations need resilient marketing and sales functions. They have to identify strategic inflection points in the market and adapt accordingly. In recession customers interest, values and budgets change. With new competition and changing regulations, organizations need to reinvent business models. Hence, as a first step risk managers  need to bench-mark the organization’s marketing function.

Philip Kotler and Johan A. Caslione in their book “Chaotics – The business of managing and marketing in the age of turbulence” have presented a table on marketing function attributes. Out of the 14 attributes, below are 5 critical ones distinguishing between poor, good  and great marketing functions.

Srl    Poor                                        Good                                              Great

1. Product driven                    Market driven                                    Market driving

2. Product offer                       Augmented product offer                 Customer solutions offer

3. Price driven                        Quality driven                                     Value driven

4. Reacting to competitors    Bench-marking competitors             Leapfrogging competitors

5. Function oriented               Process oriented                                Outcome oriented

McDonalds marketing strategies reflect these attributes. In India, McDonalds is opening a purely vegetarian restaurant near Vaishu Devi ( a renowned Hindu temple) and Golden Temple (Sikh’s foremost gurdwara). It is catering to the Indian sentiments; in most religions Indians do not eat non-vegetarian food in a place of worship. Near the temples, generally local vegetarian eating joints thrive and there are no global food chains. The huge number of devotees provide a large market.

A few years back, McDonalds customized its menu according to Indian tastes and introduced vegetarian burgers. The McAloo Tikki (a potato burger) contributes to 25% of the total sales.  It may shock the Americans, but no beef burgers are served in India.

2. Evaluate Cost-cutting Measures

The attitude frequently is to cut costs across board. For instance, if marketing budget is XXX dollars, the total budget will be reduced by 25% without assessing the details and profitable products. Here risk managers need to assess the soundness of decisions taken to reduce costs. Below are a few examples to look for:

a) Advertising : Is the total advertising budget reduced? This would be a wrong move. During recession, the core products that contribute to revenue need aggressive advertisement. The advertising budget spent non-core products and loss making products can be dropped. Moreover, explore cheaper advertising models – social media, internet etc. and reduce budgets on paper and television media.

b) Discounts : Another option adopted to increase sales is to discount all products by a certain percentage. This is a self-destructive strategy as discounts on core premium products would damage the revenue stream in the long-run. If customers require cheaper products, cut the frills in the premium products and introduce a bare minimum model. This will maintain the brand and revenue.

3. Assess Strategy and Systems

Risk managers must assess the marketing strategy and systems to ensure that the risks are systematically identified in a timely manner. Here are a few examples of the same:

a) Core products: Does the strategy focus on core products? Are there systems in place to show the winners and losers? If the systems are inadequate profitability, market spend and customer behavior cannot be captured accurately. Hence, the organization will be unable to adapt strategy to the changing marketing trends and customer behavior. Moreover, companies cannot  reduce costs without identifying inefficient spending.

b) New products : Has the organization delayed the launch of new products during recession? The customers require cheaper products during hard times. Hence, the strategy should be to delay expensive products but focus on products that cater to the new customer requirements and changes in behavior.

Closing thoughts

With economies slowing down, the marketing functions are facing many challenges. Customers are better informed through social media and internet, competitors copy products faster, and price of the product is a driving factor. Risk managers can contribute by conducting risk assessments of the marketing function and helping the teams in identifying the upside and downside risks to their strategies. This is a good place to add to  profitability.


  1. Chaotics – The business of managing and marketing in the age of turbulence – Philip Kotler and Johan A. Caslione
  2. Beefy McDonald’s to Open Veg-Only Outlet in Katra – Economic Times

Program Change Management Risks

Organizations invest huge amounts in running numerous programs to improve operations, culture and profitability of the company. For instance, programs cover technology implementation, building social networks, improving employee engagement and corporate social responsibility initiatives. Some programs give good return on investment while others dwindle without much success.  The success and failure of a program appreciably depends on effective change management.

Even for information technology programs, various survey reports show success-failure ratio as 50-50 percentage. Failure results in cost overruns and delay in project schedule besides low employee morale. A few reports indicate just around 20% of the programs are successful in the first effort in all respects. The differentiating factor, with technology and implementation capability being the same, is change management skills. Lack of focus on change management risks results in program failure.

Before discussing some key aspects of program change management risks, let us understand the reason for the same. Change causes insecurities to surface, hence sows the seeds of conflict and discord. On start of a program, people do not understand the reason for change. They are unable to assess what is at stake and what success looks like. Moreover, people respond differently to change. Idea of change gets supporting, skeptical and scornful reactions. If not handled carefully, different groups within the organization prepare battle plans to sabotage the program.

Hence, change management strategy is an essential component of program implementation. Given below are some of the risks on the same.

1.   Senior Management Involvement

For approval of the program, the program manager shakes hands with all the senior managers to get their buy-in.  Managers assume that the senior management commitment will continue after approval. However, this is rarely the case. With time, commitment will wane if senior managers do not understand the direction of the program and/ or start giving priority to other programs. Hence, program managers need to monthly/ fortnightly update the senior managers through review meetings and reports on the status and plans of the program.

Additionally, users and employees need to see senior managers demonstrate commitment to the program i.e. walk the talk. Program managers need to leverage opportunities to show senior management support for the program. Develop a leadership plan to ensure senior managers become champions of the program.

2.   User/ Employee Adoption

The program managers gear most of the programs activities towards adoption by the users. For example, in building a risk culture, adoption of risk assessment template is a milestone. The point is change agents view program activities in isolation for pre-go-live stage without considering the overall impact on the organization. Programs influence strategy, process, technology, and people. Without synchronizing the four aspects, even with user acceptance, the program will be unsuccessful in the long run.

Second aspect to consider is the handholding and support after the go live stage. After implementation of a program, the users may still face some challenges or new problems and risks may arise. For continued success of the program a team is required to support it, else it will fizzle out.

3.    Multiple Communication Channels

A program requires a good communication plan and failure in communication jeopardizes the program. Communication messages must be clear, straightforward and from the heart. The corporate jargon and meaningless mantras does not get buy in from senior management or users. For example, do not have a mission statement for an ethics program that sounds like this:

The company’s mission is to be the most ethical organization in the world by adopting best practices, making it a great place to work and rewarding meritocracy

Employees will roll their eyes on the above statement and consider it as management hyperbole. There is nothing actionable or measurable in the statement. Neither are the steps linked to ethics.

Another risk is failure of communication from senior management. Program managers assume that employees understand senior management commitment from strategy and other generic documents. However, adopters need to hear from senior management, their views and aspirations regularly.

Moreover, when programs run into problems, the initial reaction is to hide the bad news from the adopters. Clear concise communication on challenges being faced by program managers and support required, gets the program back on track. Communicate more often when program is running into trouble.

More importantly, change agents sometimes fail to listen to the adopters. Adopters’ feedback is critical for the success of the program. Understand their angry reactions, criticism and challenges. Develop plans to address them and not ignore them.

 4.    Training Plans

 Standard training material is the bane of most programs. Change agents believe that once the training is imparted, their job is done. Some pieces are overlooked in training plans and I have mentioned these before in a post. These are:

  • People have different learning patterns.
  • People are at different stages of learning – beginner, learner, manager, and expert.
  • People do not remember the training for long unless they start using the information in practical work.
  • Old habits are hard to break; hence, people revert to old patterns of working if not monitored.

Last but the not least, is the content of the training. For example, fraud awareness training is a double-edged sword. The users, who didn’t know a word about fraud, now have some idea on how frauds are conducted. The information can be misused. Moreover, an overload of information may create panic reactions in users. Hence, when to deliver training and what information to give are critical decisions for successful program implementation.

 5.     Reward & Recognition System

For a program to be successful, set up a clear system about reward and accountability for the adopters. Failure to establish a system will result in rewarding mediocrity rather than meritocracy. Further, without implementing a penalty criterion, there is no downside for wrongdoing. Hence, maintain a balance between reward and punishment.

For instance, in an ethics program, build a system of bonus points at time of appraisal for meeting business objectives in an ethical way. If a manager had the option of choosing an unethical means to achieve an objective faster but selected an ethical way though had to work harder, award him/her bonus points. On the other hand, award penalty points to a manager who chose unethical means.

6.    Dealing with Failure

Sometimes, despite best efforts the program team stares at the face of failure. People adopt inflexible approach and refuse to acknowledge the logical benefits of the program. They foresee their personal and political agendas negatively impacted, hence refuse to contribute to the shared purpose of the organization. The situation reminds me of an old joke.

A man bought a parrot as a pet. To his dismay, the parrot had a bad attitude and spoke foul language. The man tried to teach the parrot to behave but the parrot refused to change. One day in a fit of anger the man put the parrot in the freezer. He heard the parrot screaming and abusing for a couple of minutes, then there was silence. The man opened the door of the freezer, the parrot trotted out and said – “I beg your forgiveness for speaking rudely. I promise to behave properly.” The man was amazed at the transformation. Then the parrot said – “May I ask, what did the chicken do?”

To avert sudden failure periodically conduct organization surveys to understand the acceptability of the program and organization readiness for the next stage. Measure the behavior and sentiment change due to the program. Do not rush to the next stage without ensuring that adopters connect with the program in the existing stage.

 7.    Awareness of Retaliation

Situations can get out of hand when people start retaliating against the program manager and his/her team. Some programs are launched for appearances sake. For example, senior management may approve a program for business ethics, diversity or employee participation. However, when the change agents sincerely attempt to run the program to bring about a cultural change in the organization, they get mobbed by the employees. In this case, the junior employees start complaining that the change agents are pressurizing, bullying and forcing them to change. This impacts the heart of the program and the change agents spend most of the time defending their actions. The senior management doesn’t really want change, hence looks the other way or gives tacit approval to derail the program and mob the change agents.

In such cases, the change agents have to pay a high price, but the seeds of change are sown. People recognize that there is a better way of doing things, and gradually move towards light.

Closing Thoughts

 Change is difficult. We ourselves find it difficult to change, so getting others to change is an obstacle race. As Mahatma Gandhi said on leading the non-violent Indian independence movement – “First they ignore you, then they laugh at you, then they fight you and then you win.” Being a change agent is a test of stamina, perseverance, discipline and sacrifice. There are no low hanging fruits to pluck, no short-term rewards, no personal glory, however, in the end organization benefits.


Innovative Assurance and Advisory Services

The business teams mental picture of an auditor is of a guy focused on nitpicking financial accounts. The excessive focus from regulators on internal controls in finance processes has stereotyped auditors. However, in these dynamic economic conditions senior management expects internal auditors to break out of this image and become business partners. The question is – how can they do so? Let me share with you my story first.

My journey as an internal auditor changed in mid-nineties when I was an audit manager in an auditing firm. One day, I had a meeting with the client’s CAE to discuss the scope of work for the year. The client had in-house internal audit team and outsourced some areas of work. The CAE had mostly worked in UK and US, so was highly exposed to the international environment in comparison to the regular Indian CAEs at that time.

On starting the meeting, the CAE said – “Sonia, I think for the first quarter I would like you to cover marketing and customer service department.” I swallowed and nodded agreement.

He then continued – “Next quarter you can cover production”. I squeaked – “Production?” He replied – “Yes, shop floor audit would be interesting.” I tried to keep my expression under control and not show my shock, and again nodded in agreement.

He further added -“Last two quarters of the year, you can cover purchase department and inventory function”. I knew something about these two areas, so I tried to breathe. As the meeting closed, I started thinking how I am going to execute this scope of work. You see, there was a small hitch. I generally did service industry audit and this client manufactured cranes and forklifts. What does one audit in marketing of cranes? How are cranes produced? I was absolutely clueless.

As I drove back I wondered whether my boss had intentionally skipped the meeting. He knew if he had accepted this scope of work, I would have had reasons to crib. Now as I had accepted the scope of work, I couldn’t crib. If I did, he would say – “Sonia, you should have negotiated better.” So I took a small diversion and stop, before reaching my office. My boss was eagerly waiting and from his expression I knew he had already spoken to the CAE. It was a setup! I presented him the scope of work letter, my bookstore bill and the five books I had purchased on marketing function on the way back. He smiled gleefully.

I knew I was in trouble. In those days there was no internet and google in India. I tried to figure out how I  could convince my team that I knew more about marketing cranes than spell it.

Later on I realized that these assignments were the turning points in my career. They shook me out of my comfort zone and taught me a lot. While I could earlier rattle off the financial numbers of my clients, I really didn’t understand their business. What did they do? How did they make money? What challenges do they face in the market place? Without understanding the business, one could hardly do any value add.

So the relevant question is how can auditors become business consultants? Primarily internal auditors are driven in scoping their work according to materiality in financial statements. If we change the focus from financial to business, the scope of work automatically changes. I am sharing with you some of my ideas.

Of course as you read some of the suggestions the question will come up, does it fit into the third line of defense (internal audit), second line of defense (risk management) or the first line of defense (business teams). My view is that first an organization should decide, is this what they require? If yes, then they need to find an appropriate fit in their structure. Though some of these services do not fit the traditional sense of audit, they add a lot of business value. Moreover, the skill set required to perform these services is the same as an auditor or risk manager. The mindset has to be different.

The argument against it is that these are management responsibilities as some of these either appear to be focused on preventive or detective controls, and moreover do not focus on financial processes. The question to ask is – is management fulfilling these responsibilities in other functions? Additionally, if business risks and controls are not addressed, doesn’t it impact financial processes and income? Maybe, senior management needs to come out of the SOX mindset and think differently. Read on and share your views with me.

1.  Job Work Review

I am sure you must be wondering here – what is she referring to? As a corporate citizen you must have heard of management saying that with so many resources the work is still not done. On the other hand employees lament that they are over worked due to insufficient bandwidth. One wonders, are they talking about the same organization? Let me explain in detail as to what we can focus on here.

I had a banking client where the management and employees were in this tussle. Since it was an Indian nationalized bank, the tussle was fast becoming a labor union issue. Management appointed our company to identify the real work issues at a sample branch to resolve the problems. The branch had 50 odd employees and as a first step we asked them to fill a detailed form listing out their activities on a daily, weekly and monthly basis along with the time. We also gave time sheets for the bank employees to fill for a fortnight to record actual work done with time spent.

Meanwhile we analysed job descriptions, processes, MIS and business applications to assess the real activities performed by various departments within the branch. Finally, we conducted interviews with the employees to discuss our observations relating to their job roles and work done. We were able to identify duplicate work done, opportunities for minimizing manual work by using technology, improving processes, reducing time spent on non-value add work, restructuring department functioning and changing job roles. This improved the efficiency of the branch operations besides resolving the management problems.

In another similar assignment for a law office, we analysed billable and non-billable time spent by attorneys. By transferring the non-billable activities to other job roles, the attorneys were able to increase their billable time, hence directly improve revenues.

Point is, all managers are told to prioritize work. Ever wondered, what percentage of managers to do it successfully. Additionally, what is the impact on revenues because of failure to do so? Isn’t it worth checking out. Shouldn’t organizations focus on employee risks? Employee risks are turning big and are mostly un-addressed.

2. Build Risk Assessment Tools

The business teams are primarily responsible for managing risks, however are not trained on risk management. The internal auditors and risk managers have vast knowledge of business risks. Then isn’t it worthwhile to bridge this gap. Here I will give you an example of what we did for a software development company.

The program managers were running million dollar software projects. As you know, the project risks impact cost, quality and time of the project. The software development teams focus more of running the project than doing project risk management. Hence, we developed an excel tool for them. The spreadsheet contained over 600 risks on various stages of a software development project. The project manager just had to assess whether a risk was applicable to the project and select a listed risk mitigation plan. S/he had to input the name of the person responsible for managing the risk and time schedule. In rare cases only, project teams identified a new risk, that we incorporated in the next version of the tool. An activity which took the project teams days of discussion could be completed within a day and project manager could review the risk status within an hour on a weekly basis. An overall organization count was available on risks occurrence, success/ failure of mitigation plans and risk losses.

Empowering the business teams with appropriate tools to conduct risk management is far more beneficial than a post facto audit. A reduction in risk loss directly improves profitability.

3.  Process Design Review

Internal audit and risk management functions generally are not involved in the process review at the designing and re-engineering stage. They audit the process after it is functioning and then identify control gaps and give recommendations for improvement. Doesn’t this sound like attempting to catch an elephant by its tail. I will share with you my ideas on this area.

When an organization is establishing its back offices, usually the processes are migrated with the same controls as were existing before. However, the risks and control requirement change considerably on process migration. If an auditor reviews the process and standard operating procedures at the process migration stage, not only business risks will be addressed it will save a lot of time in doing a subsequent audit. Additionally, management will be able to identify whether the process is high, medium or low risk and budget risk loss accordingly in the cost-benefit model.

The same applies when management is re-engineering processes according to six-sigma or lean or any other model. Sometimes on re-engineering processes, the existing control steps are removed to reduce work time and improve efficiency. However, no other compensating controls are put. This increases the risk of the process without management’s knowledge.

Reviewing processes proactively for controls and risks reduces probability of subsequent damage due to control failure. It significantly mitigates fraud risk also. Moreover, it reduces the audit time significantly.

4. Software Implementation Review

Again I see here that auditors review application controls at the time of SOX or financial audit. An assurance  needs to be given on the technology controls. However, the cost of changing an application program after implementation is 3-4 times the cost at the time of development. Hence, doesn’t it make sense to review the software program at the time of implementation, whether it is an ERP or customized application.

To demonstrate the value of the work, I am narrating my experience of doing an assignment for a government tax department in India. The department was implementing technology for the first time to improve tax collection. According to its estimates because of the manual systems and delay in collecting information, it was losing revenue in millions due to tax evasion. They had appointed a hardware vendor and software vendor, and then my organization for auditing. We worked with the department to review the technology implementation strategy, user and functional specifications for controls, network diagram for information security and conducted application controls testing. This saved the department from various problems that would have occurred after implementation.

Proactively addressing technology controls saves the organization subsequent cost of changing them and mitigates the risks occurring from control lapses. Conducting an ongoing review of implementation of critical business applications is beneficial.

 5. Policy Decisions Review

Now this is something that most auditors and risk managers do not go near as policy making is management responsibility. However, I am going to narrate an incident here, and let you decide whether it makes sense to re-look the policies.

I was conducting a financial statements audit of a consumer goods trading company. While checking the discounts given on a product, I realized that the total discount given was eroding the profit margin. The company had various discount categories, for instance – special discounts, festival discounts, dealer discounts etc.. However, it was not calculating the total of these discounts for each product. Hence, didn’t realize that though the sales were increasing the discount policies were faulty and eating away the profit margin. I did a marginal costing analysis, and assessed that if they continued with this policy the company will lose its “going concern” status in three years. Management was horrified on seeing my report and realizing that various discount policies cumulatively could have such an impact.

Look at it from another angle. If you see the banking sub-prime crises, maybe a review of the policies to give loans to financially weak or unstable income borrowers would have reduced the risk. If the banks had just disbursed loans to this category to a small percentage of the total retail lending, this situation may not have occurred. Conducting an audit after loan disbursement and commenting on the quality of loans hardly helps.

My suggestion here is that when policies are issued, they need to be reviewed for financial and risk impact. Issuing single policies doesn’t sound like a big deal, however when sum total impact of a group of policies in a specific area is analysed, the picture is quite different.

6. Fraud Risk Assessment

In a speech given by Governor, Reserve Bank of India to Institute of Chartered Accountants of India in December 2011, he said – “The profession has shied away from the responsibility for prevention and early detection of fraud.” This is a valid allegation, although fraud risk is increasing at a tremendous rate, most organizations lack focus. Banks have fraud risk functions, however they are more focused on investigations. The thrust on fraud prevention can be improved.

Let me give you an example here. In India either banks are shifting back office operations or outsourcing it to vendors. Now these back offices have multiple processes, mostly run by people who are service delivery experts. The teams sometimes lack banking industry knowledge and are clueless on fraud risks of the process. At the time of process migration, training is provided to detect transaction level fraud. However, if you ask the process owners whether the processes they are running are – high, medium or low fraud risk, they will be unable to answer that.

I had once with my team developed a fraud risk assessment tool for banking back office operations. A weight was given to each data item that could result in fraud. For example, an employee having access to customer information can conduct account takeover fraud in a call center. The information normally required is name of the customer, account number, address, date of birth and debit/credit card number. If this data is available, the probability of fraud increases. Hence, the tool captured the data availability for each process and calculated the level of fraud risk for the process. Management and process owners knew the high fraud risk processes and could allocate more resources to fraud prevention to these processes. Incorporating controls in these processes reduced the overall fraud risk of the organization.

As mentioned in an earlier post, Kroll Fraud Report of 2011 states that globally organizations reported on an average 2.1% of earnings loss due to fraud and nearly 1/5 of the organizations had 4% earnings loss. In case of senior management involvement, for instance – Satyam, Enron, WorldCom, – organizations are nearly wiped out. Fraud risk additionally impacts financial, reputation and legal risks. Hence, organizations definitely need to focus on it.

 7. Review of Management Programs

Management initiates various programs, namely for – innovation, research, quality improvement, leadership development, etc. There is a lot of time and money spent on these programs as these enable the organizations to gain a competitive advantage. Risk managers talk about competitive advantage risks, however these programs do not come under the review radar of either internal auditors or risk managers. They check that the cost of programs is booked correctly, and are unconcerned about the success of the program and/or reasons for failure. Reason being, no obvious risk is seen.

My view is that if a program is developed to gain competitive advantage, then obviously its failure results in increasing competitive disadvantage. That increases business risks. These risks might not be immediately quantifiable, but have long-term impact. However, the reasons for program failure are not obvious and results in sunk costs for the program.

For instance, in a company I had run an organization survey to get feedback on implementation of a quality framework. Normally, negative feedback identifies the following problems – lack of senior management support, insufficient training, lack of implementation support, no hand-holding done in first project etc. In the feedback given, the respondents stated that these issues were addressed well and they had no complaints on these fronts. However, they were not motivated to use the framework because their was no reward or recognition system in place for doing well in this area. After implementing an employee bonus scheme for adopting the framework and using it well, participants commitment levels for the program improved.

As I had mentioned in an earlier post “Creativity@Risk“, organizations innovation programs may not be effective because creativity is not valued. I had given steps to audit creativity levels in the organization. Think of it, if innovation and research is failing, don’t the competitive advantage risks increase. How are organizations calculating and addressing these risks?

8. Brand Building Programs Review

Organizations are investing heavily in building brand names to gain competitive advantage and customer loyalty. They run advertising, social media and corporate social responsibility programs geared towards it. However, some are succeeding in their efforts, while others are reaching nowhere, specially Indian companies. For example, the global Brand Keys Customer Loyalty Leader report of 2011 in the top 100 brand names doesn’t even mention one Indian company. Hence, the question is where are all the advertising and brand building budgets going?

A review of the effectiveness of these programs helps to build better customer relationships. For example, some banks to get Gen Y customers have launched games on their website. If a customer logs in and does some transaction or activity on the website, s/he gathers points. After accumulating certain number of points, the customer is given a small gift. It is targeted towards building customer retention and loyalty. The cost of the program is low, impact is high.

Another aspect now facing organizations is social media risks. Any negative information that goes viral can damage the company reputation. Hence, the probability of reputation risks has increased. To ensure that these are properly mitigated and the programs are effective, these programs can be periodically reviewed.

9. Strategy Review

In an earlier post I had mentioned a point from a McKinsey report. It states that just 8% of the respondents said that their organizations review strategies on an ongoing basis. In 42% cases, the organizations were not conducting annual reviews of strategy. Now without reviewing the strategy, how do organizations really know where they are heading.

In another recent report of Economist Intelligence Unit  titled “The Long View” the key observation was that – “The time horizons for strategy and risk are often misaligned. Some companies are making longterm strategic plans without a proper consideration of the associated risks.” The main reason is that risk management is considered an operational activity rather than a strategic function. This is highlighted by the fact that just 24% organizations think that risk analysis is vital for strategy development.

To illustrate the need for strategy review, I am narrating an incident. I was pitching for work to a CEO. He handed me his strategy documents for building 100 collection centers. I analysed the numbers, and realized that though the revenue numbers and assumptions were correct, the costing was not so. I visited a few collection centers, developed an operational plan and costing analysis and submitted the revised numbers. When the CEO saw the numbers, he asked me for my recommendation. I said in a straight forward manner – “If I was in your position I wouldn’t implement this project. Though revenue numbers are good, the break even point is at 75%. There are no quick earnings and failure probability is high.” The CEO agreed to my observation and project was not undertaken.

As I persistently continue to make this point, strategy review is essential for success. A lot of funds are wasted on wrong strategies. Start with focusing on the strategy formation process and reviewing business strategies to move up the value chain.

10. Business Continuity Plan Review

Most organization dependent on information technology have disaster recovery plans and/or IT recovery strategies. Few have developed and implemented full-fledged business continuity plans envisaging various  natural and man-made disasters. Although, with the increasing frequencies of floods, earthquakes, hurricanes and terrorist attacks this would be an obvious move. Last year the earthquake in Japan and floods in Thailand caused problems for companies worldwide whose vendors were located in these countries. The supply chain broke down.

Conducting a business impact analysis requires breaking each activity in the business process as critical, necessary and optional in case of a disaster. These activities might be required in normal business functioning but not in a disaster scenario. For example, for a bank having credit card operations running 24/7 is critical, however a loan application approval process can be delayed without a big problem for a couple of days. A solution is required for all critical activities. For instance, in 9/11 attacks in US, the Amex center in Delhi acted as the back up center for US offices. It was one of the few companies whose customers didn’t feel any impact on customer service due to the incident. Hence, ensuring that all critical activities have a backup facility with trained resources operable in a short time span is critical for business continuity.

A review of the plan and testing documents ensures that there are no gaps and all possible disaster scenarios are covered. A periodical review is required as sometimes processes and business change, while the business continuity plan is not updated.

Closing Thoughts

To provide value add to business, auditors and risk managers need to focus on these services. Big 4 earn most of their revenues providing these services to clients as few companies have developed in-house capability.  Though some organizations have shown progressive thinking and renamed internal audit departments as business assurance and advisory function. One arm of the department focuses on regulatory requirements of internal audit and the other arm focuses on providing assurance and advisory services to various stakeholders within the enterprise. The cost of setting up the function is low, the rewards are high.  Senior managers just have to re-imagine audit and risk management functions. It will be worthwhile.


  1. The long view – Getting new perspective on strategic risk by Economist Intelligence Unit
  2. Brand Keys Customer Loyalty Leaders 2011
  3. Challenges to the Accounting Profession Some Reflections – Speech of  Dr. Duvvuri Subbarao, Governor of Reserve Bank of India on 16 December

Strategy to Execution – A Risky Path

Some companies fail and some succeed spectacularly in the same market conditions. The question for successful companies is – what did they do differently? On the other hand, failure is attributed to either poor strategy or pathetic operations.  A popular notion among managers is that if company is not achieving targets, then review the strategy, something must be wrong with it. If the strategy is found reliable, review the operations and focus on it to be successful.  Is the explanation for failure that simple?

In my view failures occur because complexities of the situation are either ignored or misunderstood. The third-fourth-fifth dimensions are normally missed and must be looked into. The overall strategy might be right, the execution flawless, and  the company may still be staring in the face of failure. According to me the path from strategy to execution is very risky. Below are my views on the same, do you agree with them?

1. The Human Dimension

Let me give you an example, that most employees are familiar with:

Objective of the company : Make the organization a “Great place to work”.

Strategy to achieve the objective : Focus on diversity, work-life balance and good leadership pipeline.

Execution plans :  Hire 25% women, promote 10% women to senior levels, issue policy of work life balance , introduce 360 degree feedback and balance score card system.

All the execution plans were implemented, however employees are still cribbing and consider the organization one of the worst places to work. So what went wrong?

Now let me give you a few situations that occurred in the organization :

a) A gorgeous looking woman was placed in a senior management position who was rumored to be having an affair with a CXO. Employees down the line didn’t like her personally as she did not have a reputation of high professional caliber or ethics.

b) A few employees in the 360 degree feedback, gave honest negative feedback about their bosses. In less than a quarter the bosses with help of human resource department terminated or demoted the employees.

c) Bosses allowed the employees to leave office premises by 6 pm. However, they asked employees to work at home and deliver reports the next morning at 9 am.

The missing component – the human dimension – was overlooked. The culture of the organization didn’t change with the strategies and plans. The messages that employees received were –  “One gets promoted if one sucks up to the boss, merit doesn’t count, honesty has a huge downside and bosses will harass.  Nothing has changed.” The tone at the top remained the same and no one was seen walking the talk. Hence, though everything looked good on paper, and all execution deliverables were achieved, the execution team met the key performance indicators, the objective wasn’t accomplished. People make the difference, hence analyzing culture, messages and in some situations even the grapevine is helpful.

2. The Organization History

The often ignored impediment in failure of strategy is the organization history. History – good and bad – makes a difference in success and failure of strategy as it directly impacts commitment levels. If the organization has had bad incidents or history, a host of issues become undiscussable. These undiscussable issues make communication superficial, hide negatives in the wood work and portray a picture that management wants to hear. In a globally connected world, even a small incident can become a historical landmark. To bring clarity to my point, I am narrating an incident that I experienced.

I was working in an organization in which one of the core values was “respect for everyone’s time”. The offices were open plan, with no difference between a CEO desk and an admin desk. All meetings were conducted in various conference rooms and room bookings were done through an intranet application. The cultural guideline was – do not overstay in a room as it may be booked by another group/individual. There were no reserved conference rooms for senior managers.

One day a new employee with his group saw that the people in the conference room he had booked for a meeting continued in the room after their meeting time elapsed. He knocked on the room, and asked the team inside to leave. The other employees outside were horrified. After 5 minutes, when he saw no action, he again knocked. The team inside walked out and all employees were red-faced. The poor chap had just evicted the Global CEO and his executive team out from the conference room.

News traveled globally within a few hours of the incident. The mathematical geniuses developed statistical models on probability of the new employee being asked to leave. Others like me, indulged in simple betting. Within a week the CEO sent a global message appreciating the employee for adhering to the organization values. He said that he felt good that induction training was effective, HR was doing a good job in recruitment & selection, and employees were fearless in confronting seniors on core organization values. All employees were absolutely jubilant on losing their bets. The incident became part of organization history and employees were inspired by the leadership. Commitment to a strategy comes from the heart and not by the numbers given in a Powerpoint presentation. In some situations analyzing the past history of the organization and failure rate of strategies might be helpful.

3. Reliance on Performance Management Systems

Norman Marks in his post“The inter-relationships of risk, objectives, strategy and performance rightly said that “performance management without considering risk is flying blind.” I agree with this statement. However, my question is – are organizations really measuring the right stuff ? If not, are organizations deluding themselves into believing that they are monitoring and as all performance indicators show green status, everything is great.

Let me narrate here my pet peeve on risk management performance indicators. Tell me, how many of us have filled a balance score card or prepared an annual plan stating the number of risk management reports issued during the year. Additionally, recall numerous times assurance has been given to senior management based on the reports issued and their findings.

According to me, these performance indicators for a risk management department make limited sense. Better indicators would be :

a) To calculate the amount of loss averted from timely risk mitigation. Or,

b) Counting the number of days organization risk was higher than the established risk appetite of the company.

However, only a few companies keep these performance parameters because these are difficult to calculate and require robust management systems. So we rely on parameters that are actually not telling us anything more than the fact that some work is being done. Therefore, my contention is that even if a the risk of not issuing 12 risk management reports (a performance measure) during the year would be available, it may be irrelevant risk identification. A good idea when doing management by objectives, is to check what the company is measuring.

4. The Organization Structure & Systems

The focus is not developing the strategy and operation plans, however the point that is missed is – whether the organization structure and systems are conducive towards accomplishing the envisaged operations efficiency.

The prime example of this is establishing backoffice operations in emerging markets or outsourcing processes. Most organizations initially off shored to save on costs. The cost-benefit analysis was done considering the explicit cost of labor and other costs in mind. However, the implicit cost of managing the operations remotely, variance in customer service quality, breakdown of services and increased risk of fraud were not considered. Quite frequently, the same process was outsourced without much re-engineering for outsourcing the process. This resulted in cumbersome and long processes, higher management time and more risks. In rare cases only the organization structure was aligned to outsourcing activities and managing the complex relationships.

In this case, the strategy was fine, effort was put in setting up back office operations properly. However, the interlinked impact on various functions and activities was ignored. Basically the problems arose due to structure and systems, as these were not considered at the strategy formation stage.

5. Strategic Risk Management

Finally, the concept of strategic risk management is gaining popularity, though it still has a long way to go. Problems sometimes arise in implementing a strategy, because at the time of formulation the strategic risks were not identified and assessed. Hence, the organization has a rosy picture of the strategy.

The additional challenge is when strategic risks are identified though not properly. Some hold the opinion that strategic risks are best identified by the top management or chief risk manager. The frontline operations teams do not have a role to play. My view is that while strategy may be developed at the top, the risks need to be captured at all levels and rolled up to the strategy development team.

To illustrate, let me share with you the venture of international fast food joints in India. KFC, McDonalds etc. made losses in the Indian market initially. The reason for entering the Indian market was clear – a huge educated middle class provided a good customer base. They replicated their operations model in India. However, they really didn’t understand Indian tastes. Indians preferred spicy food and didn’t appreciate the American bland taste. Secondly, Indians initially took these meals as snacks and not for lunch or dinner. Hence, were willing to spend much less than they would in an Indian restaurant.  It took the companies 3-4 years to understand the difference in customer tastes and expenditure patterns, and change the menu accordingly. Customer risk was local whereas the strategy was formed globally. Strategy failed due to lack of understanding of local market.

Hence, in my view strategic risk management is not a simple exercise undertaken at the top of the company pyramid. A robust enterprise risk management system aligning objectives, strategies and risks is definitely beneficial. If an organization is not meeting its key performance indicators, even when their are no obvious problems with operations, a through analysis of risks at all levels sheds light on quite a few issues.

6. Impact of Systemic Risks

Another aspect that is least understood in organizations is systemic risks. Organizations adopting enterprise risk management assume that since the key risk indicators are showing low risk, everything is running smoothly. However, as seen in the financial crises, the impact of systemic risks is huge. Underestimating it or ignoring it can nearly wipe out the organization.

Turner report highlighted the impact of systemic risks in the banking sector with the following lines:

Five key features of this new model played a crucial role in increasing systemic risks, contributing to the credit boom in the upswing and exacerbating the self-reinforcing nature of the subsequent downswing:
(i) The growing size of the financial sector.
(ii) Increasing leverage – in many forms.
(iii) Changing forms of maturity transformation.
(iv) A misplaced reliance on sophisticated maths.
(v) Hard-wired procyclicality.”

Although, in the blame game the investment bankers are being labeled as culprits for playing in the CDO market, the interconnections between retail and investment banking  resulted in the crises. The retail bankers gave home loans to individuals with doubtful repayment capacity to leverage the boom in real estate market. Simple explanation is that the collapse of real estate market negatively impacted recovery of loans which resulted in making the CDOs worthless. The key lesson to learn here is that strategies can fail majorly if they are not protected against the impact of systemic risks.

7. Leadership Quality

The quality of leaders makes the largest difference to an organization’s success. Can one imagine GE’s tremendous success without Jack Welch? He accomplished a lot as a leader, though he portrays himself modestly in his book “Straight From The Gut” . He narrates –

“I came to the job without any external CEO skills. I had rarely dealt with anyone in Washington, even though the government was more into business than ever. I had little experience dealing with the media. My only press conference was scripted session with Reg on the day GE announced I would the the next chairman. I had only one or two brief outings before the Wall Street analysts who followed GE. And out 500,000-plus shareholders had no idea who Jack Welch was and whether he would be able to fill the shoes of the most admired businessman in America.”

Jim Collins in his book “Good to Great” analysed the impact on companies that had level 5 leaders. Organizations with level 5 leaders showed consistent performance and a far better share holder return than their industry counterparts. Hence, if either strategy or operations are failing, the quality of leadership should be looked into.

8. Assessment of  Strategy Formation Process

Last but not the least is a discussion on strategy itself. Two thoughts come into mind – how should a strategy be assessed for effectiveness and when should the strategy be modified or changed? The quality of strategy itself is in doubt sometimes.

The key reasons for adopting a wrong or misguided strategy relate to some of the points I had mentioned in my earlier posts on strategic risk management :

a) Very few organizations have a proper process for strategy formation. For most it is an end of the year data accumulation practice from different business units. An organization level strategy considering all interconnected aspects of business may not have been devised.

b) Board and CXOs generally do not negate a strategy given by the CEO or fellow colleague. The political repercussions of challenging a CEO/CXOs strategy can be huge, hence most keep their opposing opinions to themselves.

c) If the organization culture is not focused on creativity, ideas and learning, new strategies will not be presented for fear of being mocked or run over. Hence, contrary to popular perceptions the strategy pipeline is quite dry.

d) Moreover, the choices of strategy selection with CEO/CXO are limited. They receive ideas which people down the line have collectively agreed to. These might not be the best ideas as the popular ones generally do not shake people out of their comfort zones.

Understanding these circumstances for assessing the quality of strategy can be difficult. Senior management in such situations has to start from scratch to develop a strategy formation process. If the formation process is full of loopholes or ineffective, the probability of having a good strategy is low.

Closing Thoughts

In nutshell, getting the strategy and operations right is critical for organization success. However, these two components itself do not guarantee success, they are just the building blocks. Other management and organization parts need to be aligned properly to the objectives and strategy of the organization. A holistic picture is required to accomplish objectives. In case of failure in achieving objectives, a review of strategy and operations is definitely beneficial. However, aspects underlining these should be delved into deeply to do a proper root cause analysis. Looking beyond the obvious helps.


  1. Turner report – A regulatory response to global financial crises – Financial Serivices Authority, UK
  2. Straight from the gut- Jack Welch with Johm A. Byrne
  3. Good to Great – Jim Collins
  4. Norman Marks Blog
The Business Enterprise Magazine published this post in February 2012 issue.

Risks in Budgeting and Forecasting Process

When I go shopping more often than not I blow my budget. You see, in the shopping mall my requirements far exceed the forecast. My three finance qualifications come to naught in this simple expenditure planning. So I understand why budgets of organizations go wrong. But the risks associated with an organization’s inaccurate budgeting and forecasting process are far higher.

For instance, the CAG report on Air India states that airplanes were purchased based on an estimated huge market growth and share. The government airlines is now nearly bankrupt. More recent is the case of Kingfisher Airlines. The company is facing a huge liquidity crunch and may go bust if banks do not bail it out. Though I haven’t analyzed the financial statements, the question does come up – didn’t they see this coming? What kind of cash flow forecasting was the finance team doing? The airlines grew quite fast, where there any checks kept on expenditure and how was it linked back to revenues?

These are basic questions, and show the impact on the organization when proper techniques are not used for budgeting and forecasting. In the next quarter, Indian organizations will commence their budgeting process for the financial year 2011-2012. I thought it is a good time to study the best practices of budgeting and forecasting, and share with you my understanding of the risks associated with it. I delved into the SAP CFO forum research papers and here are some interesting points.

1. Business Drivers for Budgeting and Forecasting

According to Aberdeen and SAP report the top three drivers for budgeting and forecasting in 2011 were to help organizations deal with market volatility, aligning strategy and doing cost control. As these three have been major drivers for the past three years, one can safely assume considering the global economy that in 2012 also, these three will prevail.

 Moreover, Indian economy year-end scenario is turning bleak. As per recent reports GDP is expected to show just around 7.25-7.75% growth in 2011, instead of the initial 9% growth forecast. Sensex has fallen one fifth in the year and presently India is among the worst performing stock markets in the world. Organizations have cut down on capital expenditure to maintain profitability. Hence, in the coming financial year, Indian organizations will face all the five pressures mentioned in the graph above. Therefore, it has become more critical to do accurate budgeting and forecasting.

2.   Risk Adjusted Forecasting

In another SAP white paper titled “Increasing Competitiveness through Closed Loop Performance Management” I came across an interesting point. It emphasized on implementing integrated financial performance management processes that “comprise strategy planning, budgeting and operational planning, forecasting, management reporting, profitability and cost management, and risk management.” It further added that in most organizations the “various performance management systems remain disconnected specially risk management.”

Now the question that begs an answer is – are risk managers having a look at the budgeting process to ensure all management systems are linked together? Secondly, are they reviewing the budgets, facilitating the business teams in identifying risks and adjusting the budgets accordingly?

In my view if risk managers are taking a hands off approach during the budgeting process, then they are doing the organization a major disfavor. They should proactively participate in the process, identify the problem areas and discrepancies, highlight the risks and inaccuracies, and facilitate management in preparing flexible budgets.

The benefits of this approach can be seen in the Infosys case. The company was recently in the news for asking its employees to sacrifice two Saturdays in this quarter to meet the budgets. Though I have different views on the action taken by Infosys to call employees on weekends, it does show that they are proactive in managing their forecasts. The management assessed the risk of failure of forecast and took action. Hence, there is a lesson to be learned here for all organizations. Organizations should build in internal and external events triggers for internal and external  events to adjust forecasts timely.

3. Flexible Forecasting

A new report of SAP with CFO Research Services highlights the risks of having fixed budgets based on historical data. It states that due to the changing business environment forecast numbers are “continually measured against real-world results and recalibrated to meet new threats and take hold of new opportunities as they arise. “ Further on it adds that “The time-honored tradition of beating the budget by surpassing revenue targets is no longer a reason for celebration; it’s one sign that the budgeting process took so long that the assumptions underlying it grew stale.”

The CFOs interviewed in the report state that building flexibility into planning assumptions and processes is of paramount importance. With Mobiles and Tablets, realtime information on sales, expenses etc. is available. Hence, now forecasts require regular examination of the underlying assumptions. The market dynamics ensure that one has to go back to the drawing board periodically to study the movement and re-strategize. Annual fixed budgets are becoming a thing of the past and CFOs are in favor of rolling budgets.

In light of this aspect, the points I mentioned in my earlier post that risk managers need to actively participate in strategic risk management holds true. In this scenario, risk managers must review the budgets assumptions and risks on a monthly/ quarterly basis to ensure smooth sailing. A once in a year periodic review doesn’t hold much water. They must make sure that organization’s strategy, operations plans, and budgets are continuously aligned.

Closing Thoughts

Budgets are no longer just the domain of finance department. In the present environment budgets must be developed with a combination of top down and bottoms up approach. While the strategy is developed at senior management level, the execution plans are developed down the lines. They have the real information on market dynamics, numbers and risks. The views of various departments -sales, human resources, purchases etc. need to be incorporated to form realistic assumptions and understand associated risks. Hence, risk managers have a significant role to play in this process.

Share your opinion here. Do you think Indian organizations have robust budgeting and forecasting processes?


  1. Economy in Distress as Factory Output Slumps : Economic Times 13 Dec 2011
  2. Financial Planning, Budgeting & Forecasting in the New Economy : Aberdeen Group with SAP
  3. Increasing Competitiveness through Closed Loop Performance Management – SAP
  4. Accelerating the Speed of Intelligence for Fast and Flexible Forecasting – SAP with CFO Research Services

You can find the reports at

This article was published in The Business Enterprise Magazine January 2012 issue.

Reducing Recruitment Costs

I checked out Seth’s Blog global Alexa traffic analysis and it states – “Visitors to the site spend approximately two minutes per visit to the site and 84 seconds per page view.” I checked out my blog’s analysis and it states- Visitors to the site spend roughly two minutes per visit to the site and two minutes per page view.” My readers spend more time per site visit (2 minutes) than Seth Godin’s (84 seconds) do. Yippee!Obviously I am ignoring the traffic ranking, as there is a few hundred thousand difference.  Now you must be wondering how this data relates to reducing recruitment costs. Read on.

I further analyzed the ranking of Tata Consultancy Services, Infosys and Wipro Technologies; the three technology and business process outsourcing  giants of India. Now look at the table below:

Company Website Global Rank Audience Age Total time on site Time per page view 12,405 Mostly under 25 6 minutes 44 seconds 17,672 Mostly under 25 5 minutes 41 seconds 12,706 Mostly under 25 6 minutes 46 seconds

What am I getting at? Most of the site visitors are young males looking for a job. Each site has a career section that allows candidates to register and submit their resume. Look at the table from a recruitment cost lens. If the organization focuses on career webpage, it can reduce recruitment costs.

The Business Case

Overall, recruitment costs include job advertising costs, recruitment company fees, employee referral, interview travel expenses, relocation expenses and human resource recruitment department operating costs.

Let me take the example of IT and BPO sector recruitment costs. According to the NASSCOM Strategic Review 20011 report, the IT and BPO sector will employ 2.5 million employees in 2011. In comparison to 2010, the total employee strength will increase by 240,000 employees. Secondly, the attrition rate is ranging from 20-40% in the sector. This means that approximately one-third of the employees will change jobs. Back of the envelope calculations show that BPO and IT sector organizations will hire roughly one million employees in 2011.

Most of the demand is for employees with 1-3 years of experience. Their monthly salary ranges between Rs. 20,000 – Rs. 50,000 and the recruitment companies’ fees range between 1-2 months of employee monthly salary costs.

Hence, if I take 10% of annual salary cost to company as recruitment fee and Rs 300,000 as annual salary, nearly Rs. 30 billion will be spent on recruitment fee alone by the sector. Definitely, a line item worth looking at for reducing organization recruitment costs. Especially in case of BPO and IT sector as the profit margins are decreasing with the recession in US and Europe economy.

The Solution

Simply put the organizations need to drive traffic to their websites to ensure prospective candidates submit their resumes on the website. Any percentage increase of hire through website will decrease agency recruitment fee costs.

As in the case of BPO and IT sector the audience age is less than 25. The Gen Y is technologically savvy and looks for the same in websites. Hence, some of things that organizations can look into are:

> Post a video message from CEO or other CXOs explaining the vision and mission of the organization.  Gen Y prefers flat structures, access to senior management and enjoys watching videos. This will increase their enthusiasm to submit their resumes.

> Aptitude tests – IT and BPO sector generally request recruitment agencies to do preliminary screening by giving candidates written aptitude tests. The tests can be web-enabled on the career page to enable candidates to complete it while submitting their resumes.

> Voice and language tests – BPO sector in call center business conducts voice and language tests. The organizations can provide a facility for prospective candidates to upload audio and video recordings for voice tests. Secondly, administer written language tests through web.

> Pre-employment background verification – Provide a facility to candidates for uploading relevant certificates required for background screening. In India, roughly 25% of the resumes are fake or inaccurate. The background screening costs are high if done after appointment. Hence, organizations can conduct a preliminary verification before interview by reviewing the scanned certificates.

> Application processing system – Organizations can provide an application  tracking mechanism to the candidates, either to update them through automated emails or showing the application status on the website.

I was amazed that technologically advanced companies that provide technology and business consulting services have not focused aggressively on developing the career page and attracting candidates through them. Maybe the technology costs are higher, though to me it does not seem so. Maybe the thinking is that putting boots on the ground will reduce the recruitment pressure on the human resource teams. In my opinion, since in BPO and IT sector the recruitment numbers and costs are high, the human resource teams should have all technological advantages to do their jobs better. What is your opinion?


NASSCOM: The IT+ BPO Sector in India – A Strategic Review 2011

Cutting Costs in a Positive Way

Ryanair CEO Michael O’Leary grabbed headlines recently by making a statement in a magazine interview- “Why does every plane have two pilots? Really, you only need one pilot. Let’s take out the second pilot. Let the bloody computer fly it”. When asked what would be done in an emergency he replied specially trained flight attendants could assist.

According to him a flight attendant can do a pilot’s job. It saves costs, as a flight attendant’s salary is lesser than a pilot’s. In his viewpoint this is a good way to cut costs and reduce air ticket price for the low fare airlines. I think my sentiments are shared by the general public. Passengers to save a few dollars would not like to lose their peace of mind while flying.

Unfortunately, while making efforts to cut costs and increase profits, extreme measures are taken without viewing the cultural, social, environment and security impact. The biggest line item in a Profit & Loss statement is employee benefits. Most organizations focus on cutting jobs and freezing/ reducing salary and perks. A survey published in 2009 by Challenger, Gray & Christmas, Inc regarding various methods adopted for cost cutting during recession showed the following three top initiatives:

  1. 67% respondents focused on reducing travel expenses
  2. 58%  respondents initiated hiring freezes and reductions
  3. 56% respondents did permanent workforce reductions.

When layoffs are done it has a lot of impact on the organization culture and future profitability. The employees who were working before were doing something. So what part of the work is not required during the recession? Companies fail to bifurcate the job description into critical, necessary and optional activities.  Focus is on reducing the headcount. Instead focus on reducing the optional activities and improving the functioning of the critical and necessary activities. One must remember there are no easy quick fix solutions to cost cutting.

Approach cost reduction exercise after detailed analysis of costs. Study each line item and its components including the loss contributing factors.  Focus on understanding aspects which are reducing productivity, resulting in stock losses, increasing insurance costs etc.  

To show how each element of cost should be studied I am giving some unorthodox examples out here of improving productive work time of employees while reducing costs of the organization. These should be adopted only after undertaking a detailed analysis of the organization culture, requirement and dollar impact.

Restrict/ Disconnect Internet:

This might sound like a backword move on technology but it is worth exploring. IDC study conducted in 2008 shows an employee spends 2.09 hours excluding lunch for non-work related internet activities, 30 to 40% of Internet usage in the workplace is not work-related, while 75% of all Internet porn traffic is done during the nine-to-five Although, human resources department build in one hour of work-time in the salary cost for non-productive usage of Internet, the actual time is double of it.

A good way to start is to assess whether employees need the Internet connections at work or can access be restricted by filtering sites. Secondly, if they are not allowed Internet connection on their desk, will their morale reduce? In Internet is discontinued, an alternative cyber café can be made available to employees to use in their free time. Employees would also be free to use web on personal cell phones. To keep morale high, consider whether any alternative fun activities can be provided which are less time consuming and cheaper.  

Evaluating this option will increase the number of hours the employee is focused on official work. Simultaneously, it will reduce the technology infrastructure costs of providing free net access to employees, reduce information security threats and minimize the risk of employees contravening intellectual property rights of another organization.

Prohibit Smoking:

I am not being high handed out here because I personally do not smoke. You might be wondering how it is linked to productivity and cost reduction.  Some organizations are prohibiting smoking in office and a special area is allocated as a smoking zone. A smoker depending on the smoking habits takes periodic breaks to visit the smoking area in the office. For smoking each cigarette he/she spends around 10 minutes. So a person smoking five to six cigarettes during office hours wastes at least an hour of work time more than a non-smoking employee.

Health insurance costs for smokers are 10-40% higher than non-smokers. As per 2004 study smoker health cost are higher by $17,500 during their lifetime in comparison to non-smokers. A person who quits smoking saves $ 9500 during their lifetime.

Here the suggestion is to prohibit smoking completely in office or if possible do not hire smokers. This will increase productivity, reduce health insurance costs and decrease absenteeism from office for sick leaves.

Keep Paper Towels in Washrooms:

This might be sounding like a completely bizarre idea. Most organizations now install hand dryers in the washrooms to save costs on paper towels while considering the environmental aspects.

A person using a hand dryer takes 4-5 minutes for drying his/her hands, in comparison to less than a minute with a paper towel. An employee visits the washroom around 4-5 times during the day, so ends up spending an extra twenty minutes drying hands.  Hand hygiene study shows that some people go without washing hands for 38 hours at a stretch. You can say yuck again but it is the truth. So if it is going to take more time and effort, the chances of washing hands are less. Lastly, 80% of the diseases are transferable through touch.  

This one simple act, adds to the productive time in office, reduces health risks and consecutively decreases health insurance costs. Ever thought, a simple thing like paper towels could be so critical in office hygiene and productivity.

If the above mentioned measures are adopted by an organization productive work time increases. On a rough average the additional productive work time for a non-smoker is 1 hour and 30 minutes, and for a smoker is 2 hours 30 minutes. Multiply this with the number of employees and average hourly salary cost, the cost savings will be considerable.

The point I am attempting to make is that cost cutting should be an ongoing exercise in any organization. There are unique perspectives from which costs can be viewed. Wear different hats and brainstorm on the various ideas before implementing.

What do you say, does this make sense?