A friend recently got me involved in watching Breaking Bad (the TV Series) which for those who haven’t seen it, it is a captivating TV series and a guilty pleasure.   I had managed to avoid watching it for years, but once I got started, it was not able to turn it off.   As I watched it, it got me thinking.

What leads someone to go from being a good guy to go bad guy?  The main character, Walter White is a high school chemistry teacher.  A beloved figure, much like some of our favorites.   He has a love of his subject and a real passion for it.    He is a family man leading a life along the straight and narrow, seemingly a happy family man who while living a modest life is content.

Then suddenly he discovers that he has lung cancer and is facing a near-term death (less than a year to live).   What happens next is played out extraordinarily well.   We see our well-loved good guy break bad.  Over the course of 5 seasons, the series gets widespread acclaim, and Bryan Cranston wins awards for his performance as Walter.  As the story develops we get to peer into Walter’s thinking as he thinks through his choices and justifies his actions.

Breaking Bad like lots of crime dramas takes us inside the commission of a crime and the mystery that goes with it.   For most of the series Walter manages to remain unknown and undiscovered even as he is amongst the investigators.   He appears invisible in plain sight.  As we watch, we keep wondering whether he will revert to the good guy or whether he will be trapped.

Okay, Ed, I get it…it’s a great Series, but what does that have to do with Internal Controls and why should I care? Those are the right questions: Hang on, I am getting to it.

Let’s get a quick refresher on Internal Controls.    Internal Control is a general description used within business and organizations (in general) that consist of the financial/business systems and processes that are designed and implemented to protect our institutions from a variety of risks including Theft, Fraud, Reputational Risk and even our ability to continue.

As it turns out, the TV Series provides us a window into the human behavior and some circumstances that Internal Controls are intended to understand, guard and overcome.

Before starting Financial Management Consulting (www.iNeedaCFO.com), I have spent my career as an Auditor, Ethics Investigator, Sarbanes Consultant, Controller, and CFO at various organizations large and small.  In these roles, I had performed within the respective Internal Control system, been a witness to circumstances when things went wrong and worked to improve organizational Internal Controls.  This article is intended to remind us to consider our Internal Controls environment, the Risks we face, and tools in our toolbox.

Let’s face it: Breaking bad in business often occurs when good folks (not just bad guys) do bad things.  Fraud and theft (they aren’t necessarily the same) can and do happen in many cases when good folks make bad decisions or bad choices.   Situations of robbery and Fraud can directly impact an organizations ability to survive and in some instances, can cause the organization to collapse.

Anyone that has been a party to a Financial Audit knows that Management and not the Auditors are responsible for the Financials, the Results, and the Audit environment.  The Auditor expressly excludes the responsibility for detection and prevention of Theft, Fraud or Misrepresentation and places it back on the Management and indirectly on the Board of Directors (if there is one).

Let’s take a look at what happened with Walter:

He realized he didn’t have the means to care for his family after his death.  So, his thinking turned to Money and how would he (as High School teacher with limited means) provide for his family’s financial future.   Now under pressure, he started searching for Opportunities to help with his predicament.  Through his Brother-In-Law (a leading DEA agent) he was exposed to growing demand and activity around Methamphetamine, and as a Chemist, he had access to the tools and the Knowledge to produce it.   Then we have the rationalization.   Walter perceived this type of crime as a Victimless Crime.  Other people were making it, and he was only going to be putting bad guys out of business by providing a superior product.    What about his risk?  He didn’t perceive a significant risk and was confident his crime would be Undetected.  After all, no one was watching him, and no one would suspect him.  Additionally, he had unique insights into the investigations (or controls), so he could strategize on how to avoid detection.  He was highly respected, and his history of good deeds meant he was Trusted.  So, while there is a risk, the perceived threat is either low, relative to the need opportunity.    Of course, we quickly realize there is a Slippery Slope.  Once started, the crime begins to take on a life of its own, as is the likelihood of getting deeper while the opportunity to stop or reverse direction becomes increasingly difficult.

I would add to these factors, Intelligence and Ego.   In many cases, it takes an astute person to see the control weaknesses that allow for the crime.   In the case of Walter White, the ability to out-think his rivals, and his crime-fighting opponents fed his ego leading and pushing him forward.

So, we now know that criminal behavior can occur when good folks, driven by a personal need can turn to a crime of opportunity.  An opportunity is where the perceived risk of getting caught is low, and they have unique knowledge and access to an Internal Control weakness(es).   So, our job is to reduce the opportunities (i.e., increase prevention) and to increase the likelihood of being caught (i.e., increase detection).

What are the types of crimes?

Fraud might not necessarily translate into direct personal enrichment, while theft typically does.  Both are serious problems with significant potential negative consequences.

For example, Fraud might involve violating a contract for the benefit of your company.  Even though it doesn’t directly enrich those involved in the Fraud, it does present a serious risk to one’s ability to do business with governments or other clients.   Of course, there are substantial and serious penalties.

Theft might involve taking kickbacks on purchasing or stealing funds by making undetected disbursements to oneself.

These crimes can ruin an organizations reputation and put one out of business.

What is the Internal Control Environment?

We should think of the Internal Control environment as having many facets and layers.

The Control environment is a layered approach to reducing the Risk.  It is not possible or economically feasible to eliminate all risks; there are steps to reduce your risk.

The answer is lots of things.  Often the Internal Control environment can be thought of as layers of defense or Risk Management.   I am going to lay out some of the critical components and approaches to Internal Controls.

  1. Tone at the Top – This is where the leadership or ownership provide the proper behavior examples.
  2. Policies & Procedures – Clearly defined processes with associated responsibilities
  3. Good hiring practices – Proper vetting and hiring the right level of staff with the prerequisite skills
  4. Adequate Oversight – Proper levels of authority,
  5. Segregation of Duties – Separation of approvals from disbursement authority, separation of cash collection and record keeping

I have identified ten additional critical components and approaches.   If this issue resonates with you and you are interested in getting the others, please reach me directly either by phone or via the Contact page.  When registering on my website, please let me know if you want to be on my mailing list for future Thought Pieces.

What are the Lessons learned?

  1. Good people go bad
  2. You (the Leadership/Management) are responsible for your Internal Controls/Risk Management
  3. Bad can mean a variety of things
    1. Contract Fraud
    2. Purchasing Kick-backs
    3. Theft – misuse of funds or misdirected payments.
  4. The consequences can be severe
    1. Including financial loss
    2. Reputational loss
    3. Potential organizational failure

We also learned that awareness of the Risk and attention to your control environment could reduce your chances of having your own Breaking Bad situation.   As you can see, there are many elements to address and the effort to protect yourself takes time, your commitment and in some cases an investment.  As the adage goes, an ounce of prevention is worth a pound of cure.

I hope you found this article thought-provoking.

If you would like assistance addressing these needs, please contact me at EdMusmon@IneedaCFO.com or (617) 515-3942 or visit me at www.iNeedaCFO.com.