The illusion of control

Many of the processes operated by companies are put in place to act as controls to manage risks.

For example, when a customer is asked to submit receipts to support an insurance claim, this is a control against the risk of customer fraud.

When a supervisor is required to authorise a payment to a customer over a certain amount, this is a control against the risk of employee fraud.

When you begin to study your company’s processes, you will quickly come across such “risk control” processes, and when you find them there are 6 questions you should ask:

1. What is the risk that this process is seeking to control?

2. Can I quantify the cost of the risk (likelihood of it happening x cost if it does)?

3. How much does it cost to operate the control and is the cost proportionate?

4. How effective is the control? Has it ever been challenged?

5. Could the risk be controlled in a more effective way at lower cost?

6. Who owns the risk and is able to make the decision about the control?

A sledgehammer to crack a nut?

Common challenges we come across are where the purpose of the control becomes the elimination of the risk, rather than a proportionate control. So, for example, if your risk appetite means you want “zero fraud” you will operate far tighter and costlier controls than a competitor who has assessed the risk and decided to focus controls on customers meeting a certain criteria. Making every customer jump through the same hoops, irrespective of the risk they represent, can be costly to you and annoying to customers.

For example, supermarkets carry out random trolley checks at self-scan tills. If they were to check every trolley every time, this would probably eliminate the risk of shoplifting, but annoy the majority of honest customers. The controls have to be proportionate.

It is also common to find processes that offer merely the “illusion of control.” For example, many companies still insist on “wet signatures” for documents rather than electronic signatures, presumably in the belief that wet signatures cannot be forged. Or will only accept documents by post, not email attachments, because documents sent by post are clearly more likely to be genuine.

Case study

It’s quite common to hear stories in a company of a fraud or a loss that once happened many years ago, but which still informs the way in which the risk is assessed and controlled. Yet over the years, the cost of preventing a recurrence has been many times greater than if the loss had happened a dozen more times.

We worked with an insurer whose Life Claims team dealt with Claims on a funeral expenses policy, where the policy paid out once, upon the death of the customer, for a fixed sum of typically £3-4k. The main (and arguably only) risk here was that somebody would claim the money when the customer was not in fact dead - this had once happened a few years earlier - and elaborate processes were put in place to ensure very clear proof was provided to support the claim the customer had died, with death certificates and supporting paperwork requested by the company. One of the issues this caused was there could often be a delay in obtaining the death certificate, meaning the family did not have the funds in time to pay for the funeral - the whole purpose of the policy.

We helped the insurer to quantify the risks involved and concluded that, as everybody dies eventually and would therefore get the money one day, the actual risk was the loss of premiums (typically £5-10 per month) between the date of the early claim and the date of actual death. Even if 1% of claims were like this, the loss to the company was negligible compared to how much it was spending checking every claim, and the poor service that resulted.

The company decided that this risk could be managed effectively by retrospectively cross checking details of claims made against the National Deaths Register and investigating any claims where the death wasn’t registered within a few months of the claim. (Funnily enough, they didn’t find any fraudulent claims had been made)

We also upskilled the frontline teams handling the initial calls notifying the claims, to allow them to identify claims that required further investigation and those that could be settled quickly.

As a result, over half the claims notified by phone were able to be settled immediately, delivering a big improvement in customer satisfaction, and reducing the volume of work going to the back office by 50%.

If you’d like to find out more about how much the illusion of control could be costing your company, then don’t hesitate to get in touch!