The Core Issue Highlighted by the “GA Control” Deficiency News
News reports indicate that the Financial Supervisory Service is considering disciplinary action against an insurance company for deficiencies in evaluating its “GA control.” Simultaneously, the Financial Services Agency has released a revised draft of the Corporate Governance Code, moving to clarify and strengthen the role of the board of directors, particularly its oversight function for growth investments.
At first glance, this might sound like an issue for “large corporations” such as listed companies or financial institutions. However, these two concurrent developments hold extremely important implications for SME managers. They point to a fundamental challenge: how to design and manage “invisible risks.”
“GA control” refers to internal controls over General and Administrative Expenses. It evaluates whether costs that indirectly support business activities—such as advertising, personnel expenses, and office rent—are being managed appropriately. Deficiencies here raise doubts about management soundness and efficiency, making the company a target for regulatory scrutiny.
The “GA Control” Pitfall Facing SMEs
It is premature to think, “We’re not listed and aren’t inspected by the FSS, so this doesn’t concern us.” The essence of the problem lies not in the formal existence of “GA control,” but in “the state where indirect department costs and risks disappear from the manager’s view.”
In many SMEs I have supported, while direct costs like cost of goods sold receive attention, the costs and potential risks associated with indirect department activities (e.g., general affairs, accounting, HR)—such as mismanagement of critical contracts, security holes in employee data, or delayed responses to legal changes—often become invisible.
This is a natural “disconnect” that occurs as an organization grows. The manager focuses on sales and profit, while support functions are left entirely to operate as “behind-the-scenes” roles. Eventually, these administrative tasks become complex, and the manager loses sight of what is happening there and what risks are embedded. This is the true nature of “invisible risk.”
The FSA’s move to strengthen “board oversight of growth investment” in the CG Code revision likely stems from a similar concern. If the investment decision-making process itself is “invisible” or merely formalistic, healthy growth cannot be expected.
Three Moments When “Invisible Risk” Materializes
This risk suddenly surfaces as a business-shaking problem at times like these:
1. Growth/Expansion Phase: During new business investment, overseas expansion, or M&A, the existing management framework fails to cope, leading to unexpected costs or legal risks erupting.
2. Changes in Human Resources: A key person who has long handled administrative tasks retires. Inadequate handover results in the loss of critical processes and risk information.
3. External Verification: When external scrutiny arises—during IPO preparation, loan screening by a financial institution, starting transactions with a large company, or regulatory warnings like in this news—management deficiencies are exposed.
Leaving this “invisible risk” unattended is akin to continuously cracking the foundation of your business without knowing it.
Practical 3-Step Process to Visualize “Invisible Risk”
So, what should SME managers do? You don’t need to create thick internal control manuals like large corporations. The key is not to “eliminate all risk” but to design “a mechanism to continuously understand the location and magnitude of risks.” Below are concrete steps you can start today.
Step 1: Create an “Indirect Cost Map” (Visualization)
First, visualize where and why GA (General and Administrative Expenses) occur, linking them to “business activities.”
Instead of a simple list of expenses by account, summarize on one diagram: “Which department is conducting what activity, at what cost, to support which business?” For example: “Customer support activity for Business A (Customer Service Dept.) → Inquiry system fee (monthly $XXX), Support staff personnel costs (monthly $XXX).”
Through this exercise, managers can understand for the first time “what revenue-generating activities the administrative costs are supporting.” This is the first step toward thinking about optimal cost allocation, not just cost reduction.
Step 2: Evaluate “Process Dependency” (Prioritization)
Next, for each visualized activity, evaluate “how much the task depends on a specific individual or tacit knowledge.” This is an identification of “human risk.”
A simple three-tier evaluation is sufficient:
- High Dependency: Task continuity heavily relies on a specific individual’s knowledge/skills. If that person leaves, the task stops or quality significantly declines.
- Medium Dependency: Somewhat manualized, but judgment and coordination rely on individual experience.
- Low Dependency: Process is documented and executable by anyone to a certain standard.
Activities rated “High Dependency” are potential risk points for business continuity. Focus management resources (time and money) here to implement measures to reduce dependency (manualization, systematization, decentralization).
Step 3: Set and Monitor “Risk Tolerance” (Continuation)
Finally, for the risks identified in Steps 1 and 2, decide “how much is acceptable” and create a simple mechanism to monitor the situation regularly.
For example, for the “risk of task stoppage due to key person dependency,” set a specific tolerance line like: “Maintain a state where service quality to key customers does not decline by more than 20% even if the relevant staff is absent for over two weeks.” Then, establish a forum—even a brief one each quarter with the administrative department head—to check “Are we maintaining that line?” and “Are we approaching the line?”
This “setting and monitoring of tolerance” is the core task that liberates risk from the terror of “0 or 100” and transforms it into a “manageable subject on a scale of 1 to 99.”
The Future for SMEs Indicated by the Governance Code Revision
The FSA’s CG Code revision draft emphasizes “board oversight of growth investment,” sending a message that governance (high-level design) of the investment decision-making process itself is crucial.
Translating this for SMEs means adding just a bit of “visualization” and a “process of listing options” to investment decisions that were previously made by “the president’s word.” For instance, when deciding on new equipment investment, simply keeping a record comparing the following three options dramatically improves governance quality:
- Option A (New Purchase): High initial cost, low flexibility, moderate tax benefits.
- Option B (Lease): Low initial cost, ongoing cash flow burden, off-balance sheet.
- Option C (Used Purchase + In-house Modification): Medium cost, delivery lead time risk, opaque maintenance costs.
Keeping this record allows you to later review “why that decision was made,” and even if the outcome is unfavorable, use it as a lesson for the next decision. This is the practical form of “growth investment oversight” for SMEs.
Shifting Thinking from “Defense” to “Design”
Both the FSS’s warning and the CG Code revision debate pose the same question to us: “How are you designing and managing the risks in the ‘invisible parts’ of your company?”
Answering this does not require building a perfect internal control system. First, visualize your company’s “GA”—the activities and costs of indirect departments—evaluate the dependency of the dormant risks there, and set and monitor tolerance lines. Take action on this simple three-step process.
Governance is not a restrictive “defensive” rule that binds the business, but the “design of the foundation” to ensure the business moves forward reliably. The step you take today will build a solid foundation that mitigates future major management risks in advance and enables bolder growth investments.
Comments