All companies have controls of one sort or another. Whether they are PCI or SOX controls of larger Tier 1 merchants or snack control of a one-person endeavor, there are things to protect. Companies enact controls to ensure that ‘something’ does or does not happen. Controls are often tied to programmatic dashboard reporting or manual review and signature processes; either way, someone looks at a provided dataset and makes a decision as to the correctness of the represented process. What is interesting about most of these checkpoints is that they are fallible judgements against manipulated data. Financial reconciliations, however, are not.
An accounting approach to controlling processes includes organizing data from separate sources and comparing them to each other. Matching and discarding elements which are the same and researching then repairing or accounting for differences, these reconciliations are a strong method of identifying variances in the source processes. This approach is both quantifiable and almost judgment free – It is also avoided like the plague.
It is an interesting anomaly that higher management levels are trusted with dashboard/system reporting reviews and related actions or signature authority on a form presented to them by staff. By the same token, reconciliations are assigned to the lower level clerical groups and, while diligently performed, are often ignored as a control or variances are written off to ‘timing’ or ‘FX’ differences. There are very distinct advantages to reconciliations over other control methods yet they are downgraded in management’s mind as being a necessary evil.
Let’s look at the sources. Dashboards or system reports show processes defined as numeric values, but not all data is presented. It’s ‘big’ data so by definition, you can only show an analysis of selected segments of this data. Are you looking at the right ratios, though? Are they calculated correctly? Should they be viewed in conjunction with other data to make them more meaningful? The data here is scrubbed, calculated, judged, and interpreted before management gets to see it for the first time. Yes, it is a good control point but it is not the only control you need to ensure your systems are functioning properly. Let me ask one more question. Can these dashboards show you the processes which occur outside your systems? Or inside your systems but controlled by others?
Please remember that just because you run the payment processing programs at your company, doesn’t mean that the functions designed and installed by others may not affect your payment systems. With a shout out to all the non-engineering teams, the oddest updates by others can actually shift the paradigm of your payment strategy. Since you didn’t request that change, however, you may not have built reporting to define both the success of the new program or its effects on other processes you monitor.
Now add a helpful vendor. That’s more like it! They can automatically process items for you, but will that processing negate proper controls in your own systems? Would the easy-to-use nature of that vendor console provide leakage for your processes? Can your natural system reporting provide all the necessary information about the impacts to your processes sourced by these externally created items?
Even something as simple as a patch to your systems can alter the basics of your process flows but not your reports. The easiest way to miss your mark is to patch a payment processing system without recognizing that the innocent action can change the data you are reading. The location and style of the patch (or more often, the workaround that makes the patch useful) can negate many of your best ideas by pre-empting the timing of other processes and therefore the reliability of your controls.
To continue the logic but shift the focus, reconciliations display the final, unalterable deposits into your bank account as a result of your payment processing activities. These are done/finished/the end. There is no further alteration or impact to contend with when you review the data. Now reconciling this data with your internal processing engines shows you both before and after. You can use those informative system dashboards as the ‘before’ position and then the bank deposits as the ‘after’ position and see many things. Reconciling away the payment types that work perfectly – i.e., the intended items and the reviewed processes exactly match the final deposit within a difference of the vendor reported fees and you know a few things:
1. The system that runs that payment type is completing exactly the same transactions it is reporting to you.
2. No downstream processes, vendor, or external factors are affecting your intended payment processing.
Take the other side of the reconciliation. Your deposit for that payment type is twice what it was supposed to be…Did your system or vendor process a duplicate file? Is your dashboard under-reporting your sales? Is the deposit smaller than it should be? If so, is there a governmental force at work wreaking havoc with your reconciliation? Are you writing off money to exchange rates when it is actually a vendor overcharging your fees? Bank statement reconciliation is one of the strongest controls you can utilize and it can be leveraged to reconcile both your payment processes and your other control reporting. Image: a control used to test all other controls, that’s a true reconciliation.
Stop avoiding that spreadsheet. Make each outage a Key Performance Indicator for your payment processing system. Assign cross-functional resolution for the unidentified outages. The reconciliation is your baseline, your touchstone. Reach out to it and hold on tight because money talks. Be sure you are listening.
Payment Operations Group is a consultancy of Payment Professionals who ran away from home to join the circus. But seriously, if you would like to pursue a Strategy for your processing future or any payment engagement at all, contact information is provided below.
Payment Operations Group, LLC
Payments…Navigating, Educating, Strengthening.