When to Audit - A Risk Issue

January 1994

WHEN TO AUDIT
A Risk Issue

The question was asked, "Is there anyone using a risk model to determine how often to audit their agencies?" Good question. We didn't know anyone, so we started asking. No risk models were uncovered, but definite opinions on when to audit were.

"If anyone would be using a risk model to determine exposure and when to audit, it would be my boss," one recovery professional said. "He's always doing measurements and modeling with recovery. But, we're not." "I don't think anyone is," was a common conjecture.

In a subsequent informal telephone survey of larger credit grantors, no detailed, statistical risk modeling formula was found, but definite opinions and ideas were stated regarding the risk of auditing and the appropriate time frame.

Some of those responses are listed below:

Our auditing decision is influenced less by risk and more by staffing, cutbacks and priorities. We do a blanket plan with monthly audits for our instate agencies and every other month for our out-of-state agencies. A risk model would be great. Please let me know more about it.
Well, we've discovered that once a year is not enough; quarterly is too much. I strive for three at different times of the year. It allows for two good audits and one follow up. There is risk with the amount of dollars, but less risk with a strong manager and a good management process. The when to audit question depends on how you manage, how often you talk to the agencies and the total process.
We believe it is important to be on-site at the agencies every month, whether we need it or not, no matter what the recovery numbers look like.
Our company audits on a predetermined schedule both on-site and off-site. We look at trends for specific areas of interest. For example, we look for heavy NSF activity. There are a lot of factors in the decision of when to audit.
We've gotten a new portfolio. We're auditing monthly to check activity until we can develop the appropriate liquidation curve. Once that is developed, we'll audit as necessary, probably quarterly, but more often as needed, particularly if the liquidation is not at expectations.
Monthly.
Not as often as we probably should.

In a recent survey of creditors, (Comprehensive Agency Usage Study by Resource Management Services, Inc.), 64.8% of respondents indicated that they audit their agencies. Most often this audit is conducted by.the collection or recovery manager (57.2%), but it is conducted by the internal auditor at 20% of the companies that audit.

The most common response, 29.9% of the respondents, indicated annual audits. Twenty-four percent indicated that they audit "As the Need Arises". Twenty-one percent of the respondents audit quarterly. Monthly audits are conducted by 6.9% of the overall respondents. The frequency of the audits also varies greatly by industry. Bankers were most likely to perform quarterly audits (31.6%). Retailers were most likely to audit annually (50.0%). Telecommunications companies are most likely to audit annually, with 37.5% of the respondents listing that option. Commercial and manufacturing companies list both annually (37.5%) and as need arises (37.5%) more often than other time periods.

Whether it is a direct reflection of risk or other factors is undeterminable, but creditors who place less than $1,000,000 per year audit less often than others. In fact, only 25.8% of respondents placing less than $1,000,000 per year indicated that they audit their agencies. In the annual placement range from $1,000,001 to $10,000,000, 78.2% of creditors indicate they audit agencies; 34.9% annually, 18.6% quarterly; 2.3% monthly, and 34.9% as the need arises. In the $10,000,001 to $50,000,000 range, 82.7% of creditors indicate that they audit agencies; 34.0% annually, 20.5% quarterly and 20.5% as the need arises, 13.6% semiannually, 6.8% a combination, and 2.3% monthly and other.

Eighty-nine percent of creditors placing over $50,000,000 per year audit their agencies. Their most common time period, 32.4%, is quarterly. The next highest response was annually, with 17.6% of the respondents.

When reviewing the responses based on number of accounts placed and audit frequency, the trends are similar. Twenty-five percent of creditors placing more than 50,000 accounts per year audit annually. Twenty-two percent of the creditors placing more than 50,000 accounts per year audit quarterly. Twenty percent of creditors placing more than 50,000 accounts per year indicate that they audit as the need arises. Fourteen percent of creditors placing over 50,000 accounts per year indicate a combination of audit timing. Monthly and semiannually were the least common responses for creditors placing over 50,000 accounts per year, with 8.6% each.

Creditors appear to audit differently, and for a variety of reasons, each reflecting various degrees of risk and risk aversion. Risk concerns can be classified in four categories:

Agencies That Don't Collect Maximum Dollars - Creaming
Agencies That Don't Remit All Dollars Collected - Cheating
Agencies That Are Not Financially Stable And Don't Remit - Bankrupt / Out of Business
FDCPA Violations; Harassment of Debtors; State Violations & Possible Creditor Liability

Many creditors who audit regularly acknowledge that part of their collection results are from their consistent vigilance and they believe in the "squeaky wheel gets the grease" theory. Their on-site attendance and verification of activity serves many purposes:

provides an opportunity to check that work standards are being adhered to;
it allows for hearing how the collectors talk to the debtors and verify that FDCPA requirements are being met;
allows for a review of mail opening, accounting procedures and checks and balances; and,
provides for interaction and communication with the agency regarding any relevant issues.

On-site visits won't automatically ensure that agencies aren't cheating and that they will remain financially stable. There are additional audit efforts that can help to provide a comfort level in these areas. One way would be to send debtor verification letters to debtors requesting they verify the amounts paid to the agency. Another method is to place dummy accounts and send payments to the agency and watch to see when the account is remitted to the client. Historically, financial stability of an agency was often assumed, since agencies work on commission. Unfortunately, this does not guarantee that the agency is profitable, or runs an efficient organization. Even large agencies have gone bankrupt, or out of business. Size won't guarantee financial stability either. An audit should include steps to verify financial stability in addition to work efforts.

Two likely quantitative measures for determining when to audit might be the number of accounts placed, or dollars at risk. Or, another measure could be based on a calculation of expected liquidation percentage multiplied by dollars placed. However, recovery and dollars placed statistics are not the only factors involved in the audit timing decision by creditors. Other factors certainly enter the picture. When assessing risk, the recovery professional also needs to ascertain his or her company's degree of risk aversion. Efforts can be made to minimize the maximum risk, or maximize the potential gain. Degree of management involvement, additional auditing efforts, number of agencies and even choice of agencies can all be based on a company's risk attitude, or degree of risk aversion. This is one step in determining an appropriate risk model.

Decision tables can be developed which consider several possible scenarios with given probabilities of occurrence. Or, decision tables can be developed examining uncertain situations, where several outcomes are possible for each course of action and the decision maker does not know the probability of the occurrence of various scenarios. Decision tables can also be developed where the decision maker can assess the degree of risk that he or she is taking and assign an appropriate probability factor.

At the present time, decision theory does not provide a single best criterion for selecting an alternative under conditions of uncertainty. Instead, there are a number of different criteria, each with its own justifications and limitations. The choice depends on the attitude of the decision maker and organizational policy. Ideally, decision making under uncertainty should be avoided and enough current information should be acquired so that more informed decisions can be made.

The recovery professional may recognize that the placement of accounts at an agency, the right number of accounts, type of accounts, right agency, etc. can all be factors. The next question would be, "If additional information is available, what would be the added value of that information?" This would involve looking for the expected payoff with "perfect information". The question of "should the additional information be required, and at what cost?" arises. Using a recovery example, could the recovery manager make a better decision regarding where to place accounts based on additional information provided by auditing? If so, what level of auditing would be appropriate? These are not easy answers. Since they rely on organizational policy and risk attitude, these answers won't be identical for all companies, or industries.

Some non-quantifiable ways recovery managers can lessen risk include:

Detailed, Appropriate Initial Selection Criteria & Process
Solid Agency Contractual Relationship
Strong Recovery Management Team and Agency Follow Up
On-site Agency Presence & Auditing
Internally Generated Recovery Statistics & Batch Tracking
Diversification (More Than One Vendor)

Reducing risk will have increased costs associated with it. Determining that level of profitable activity that minimizes risk and results in maximum recovery is just one facet of the recovery manager's challenge and opportunity.

For more articles like this visit: www.resourcemanagement.com/examiner.html