Risk Management
Establishing internal controls brings you face-to-face with a related issue: risk management. The most obvious examples here involve problems that you already know happen. Take cash losses. According to the University of Florida’s National Retail Security Study, cash losses at most retail locations averaged about 1% of sales. Of this amount, almost half involved checks, while the bulk of the rest concerned cash, refund fraud and credit card losses.
In my experience, almost all cash losses (except armed robbery) can be virtually eliminated. I have some ideas in the next section on how to do that.
Similarly, consider inventory shrink. The Florida study says the average shrink for retailers is about 1.5% of sales. Interestingly, 43% of this shrink was caused by employee theft and 36% by customer theft. With internal controls, a “normal” inventory shrink should be about 0.5% of sales or less. Anything over this amount would be excessive and would indicate there should be an inventory control action plan. To fight back, see some of the ideas above.
While cash losses and shrinkage are obvious examples of risks you should manage with internal controls, don’t stop there. Think about the bad things that don’t normally happen at your facility but could conceivably occur.
For instance, consider the massive oil spill in the Gulf of Mexico, where BP is facing a potential huge liability. While the event is unprecedented, to me it seems odd that a disaster like this wasn’t anticipated by the internal control team. After all, BP is in the business of drilling for oil, which would seem to be rather flammable. It would seem that there should have been some procedure to cap an active well should the rig explode.
It is easy to identify a risk after the event has occurred. It is more complicated for an internal management team to identify a risk before the problem surfaces and losses are incurred. Nevertheless, this is one of the responsibilities of the internal control area. In our industry, an example of higher-level controls would be the safeguarding of our locations, either physically (fencing, cameras and check-points), procedurally (no smoking in a lumber yard) or with disaster recovery planning (such as a procedure to respond to a system crash, natural or other disaster). It all comes down to acting now to avoid future problems, both obvious and unexpected.
Paul Bumblauskas, the president of PFC Services Inc., is a certified public accountant, holds a Certificate in Management Accounting, and has substantial sales and sales management experience in our industry. Contact Paul at pdb79@comcast.net, 678.560.6725, or www.pfc123.com.
