Fri, May 22, 2020

Keeping Growing Pains Under Control: Expanding the Business — But Not the Risk of Fraud

Download the Report

Expanding the Business — But Not the Risk of Fraud

Companies in growth mode need to ensure that their financial and operational controls keep pace.

Reaching a strategic milestone in corporate growth—such as securing a major private equity investment, adding a business unit through acquisition or expanding operations into new regions—is cause for celebration. Too often, however, such events quietly sow the seeds of future crises by significantly increasing the company’s vulnerability to fraud, theft and other types of misappropriation. High-growth companies frequently neglect to scale their financial and operational controls to keep up with their expanding complexity. In most cases, there will be no outward sign that the controls no longer align with the size of the company and the volume of its transactions. The deficiencies often become apparent only in hindsight.

Consider an enterprise that has secured a private equity investment to roll up a number of smaller competitors. Each of those competitors will have its own methods for handling financial reporting, accounting, treasury and internal audit. After the acquisitions, management may first push to standardize certain functions across the organization that are necessary for strategic planning, such as financial reporting. Other functions, such as internal audit, may end up waiting for assessment and necessary upgrades while acquirer and target focus on the long, difficult process of integrating management teams and business operations. As these inconsistencies continue, eventually the controls of each division will vary in effectiveness; this variation makes it difficult for the corporate headquarters to maintain clear financial oversight and thus increases the risk of fraud, theft or inappropriate financial reporting.


Frequently there will be no outward sign that the controls no longer align with the size of the company. The deficiencies often become apparent only in hindsight.


The control weaknesses that follow acquisitions tend to multiply when those acquisitions occur in foreign jurisdictions. Because those jurisdictions will have different accounting and reporting standards and regulations, a recently acquired subsidiary could conform to local practices but fail to comply with corporate standards that have been established to protect the company’s assets in jurisdictions with a higher incidence of bribery, corruption, and money laundering. Ideally, companies should adopt policies tailored to the specific risks and threats of each jurisdiction. This can be costly and challenging, however. The most practical solution is to implement a single set of financial policies and procedures throughout the entire organization.

While the problem of keeping controls in line with growth can be magnified after acquisitions, the problem can occur due to organic expansion as well. Any quickly growing company needs to be aware of this issue.

In addition to processes and controls, the capabilities of the internal finance and accounting team and external advisors must keep pace with the organization’s trajectory. As the enterprise expands, the chief financial officer and other senior members of the financial function must be familiar with more sophisticated practices—such as the Committee of Sponsoring Organizations’ risk-based frameworks—and have greater experience in identifying and mitigating problems in their early stages. The senior financial team must go beyond acting as accountants-in-chief, working instead to establish the desired culture of transparency and accountability, hire and develop the right people, and ensure that robust controls continue to grow with the organization.

Enterprises can take these five steps to ensure that growth does not increase the risk of fraud, theft and other forms of misappropriation:

  1. Make the Assessment of Controls an Integral Part of M&A Due Diligence
    The state of a target’s financial and operational controls should be as much a part of due diligence as its financial statements. Merely meeting accounting standards and regulatory requirements may not be sufficient. Rather, examine the target’s current financial and operational controls against the target’s risks and threats as well as the acquiring company’s existing practices, and develop a plan and budget for making the necessary changes. 
  2. Incorporate Control Quality Into Performance Benchmarks
    Performance benchmarks are designed to direct management’s focus. These benchmarks usually stress factors such as revenue or product development goals; they tend to push down the importance of everything else, including the maintenance of adequate financial and operational controls. Including control quality in corporate performance benchmarks keeps the issue of controls on management’s agenda. And private equity investors, who typically make their continued involvement in the company contingent on its hitting financial targets, will find that incorporating controls into their evaluations materially protects their investment. 
  3. Establish a Culture of Transparency and Accountability
    Rapid growth will test the strength of an enterprise’s culture, particularly with the influx of many new hires who have no history with the organization. The CEO and top management need to send a consistent message that transparency and accountability are integral to performance and that managers will be held responsible on this score.
  4. Assume These Crimes Will Happen and Prepare Accordingly
    Companies that have never experienced fraud, theft or other forms of misappropriation naturally assume that their luck will hold. But organizational growth increases financial complexity and thus the opportunities for malfeasance. The company’s financial leadership needs the knowledge and experience to stay ahead of burgeoning threats by continually monitoring and upgrading controls.
  5. Actively Promote and Enforce Compliance With Corporate Standards
    Standards don’t enforce themselves. Indeed, left to their own devices, offices and divisions will develop their own processes and workarounds; these improvisations weaken the overall control structure. At the same time, corporate leaders can’t simply impose a set of standards; all of the organization’s functions need to buy into the changes and take ownership of upholding the new expectations. This will require the ongoing education of employees, reinforcement of procedures, and diligent oversight.

Including control quality in corporate performance benchmarks keeps the issue of controls on management’s agenda while materially protecting investors.  

Making financial and operational controls an ongoing priority is a challenge for most business leaders, who are usually judged on revenue, profit margin and similar factors reflecting bottom-line performance. Maintaining a focus on controls is even tougher when the company is in growth mode, working to secure investments and perform against revenue benchmarks. Yet investing the effort to ensure that controls keep pace with the business is a modest price to pay for protecting the company’s expanding assets.

Return to Global Fraud and Risk Report 2019/20

Expert Services

Independent expert analysis, testimony, advice and investigations for complex disputes and projects.