| BLOG · 9 min read Why Your QoE Won’t Catch a Shrink Problem — And What Will The specific gap between financial due diligence and operational Loss Prevention assessment, and why it costs PE firms money |
By Mitchell Hamm | Founder & Principal Advisor, Ironside Risk Advisors | Dallas, TX
There is a moment that happens in roughly half of the post-acquisition operating reviews I have seen described by PE professionals. It goes something like this: the fund closes on a retail business. The QoE comes back clean. The legal review finds nothing material. The commercial diligence confirms the market thesis. Twelve to eighteen months after close, the first full physical inventory count under new ownership reveals a shrink rate that is two to three times what was reported in the seller’s financials.
The fund’s operating partner asks the obvious question: how did we miss this? The honest answer is: you did not miss it. You never looked for it. The tools you used were not designed to find it.
What QoE Is Actually Doing
A quality of earnings analysis is a financial exercise. Its job is to assess the quality, sustainability, and accuracy of reported earnings — to identify adjustments that make EBITDA either better or worse than the reported number, and to surface accounting practices that might make historical results look different from what the buyer will actually experience.
QoE is excellent at what it does. It reads the books. It analyzes the accounting. It identifies one-time items, normalizes earnings, and scrutinizes revenue recognition. A good QoE team will find a lot of things.
It will not tell you whether the receiving dock has a blind-receiving procedure. It will not tell you whether POS exception reporting exists or has been reviewed in the past twelve months. It will not tell you whether the shrink rate the seller is reporting is based on a rigorous monthly cycle count program or a single annual physical count conducted by the same people whose compensation depends on a clean result.
Those things do not live in the financial statements. They live in the operational infrastructure — or, more precisely, in its absence.
| QoE reads the books. It cannot tell you that the shrink rate was measured by the same people whose bonus depended on a clean result. |
Three Loss Prevention Gaps That Do Not Show Up in the Books
1. Receiving Controls — Or the Absence of Them
The most common source of undetected inventory loss in retail and distribution businesses is the receiving dock. When a business does not practice blind receiving — when receiving staff have access to purchase order quantities before they count the product — the conditions for systematic receiving fraud are present. An employee who knows the PO says 100 units does not need to count carefully. A vendor who knows the receiver will accept the manifest count has an incentive to ship 92.
A QoE will see the inventory write-offs. It will not see that they are caused by a receiving procedure that has never been formally designed or enforced. By the time those losses surface as a pattern, you have already paid for the business.
2. POS Exception Reporting — Whether It Exists at All
Point-of-sale exception reporting is the primary tool for identifying cashier-level theft, refund fraud, and void manipulation at the register. Systems like Agilence, Auror, or native POS exception modules flag statistical anomalies in transaction behavior — a cashier with a void rate three times the store average, or a refund pattern that clusters at end-of-shift.
The majority of PE-backed retail businesses at the lower middle market level either do not have a POS exception reporting system or have one that was configured at implementation and has never been reviewed. The losses are happening. They are just not visible to anyone.
A QoE will see the margin line. It will not see the cashier in location 7 who has been running $600 in fraudulent refunds per week for eighteen months.
3. Shrink Measurement Methodology
This is the most consequential gap. Shrink as reported in a seller’s financials can mean a lot of different things depending on how it is measured. A business that conducts annual physical inventory counts is measuring shrink once a year. Everything that accumulates between counts — receiving discrepancies, internal theft, process errors, vendor fraud — is invisible until that annual reckoning.
The reported shrink rate is therefore not a real-time measure of inventory integrity. It is a point-in-time snapshot, taken once a year, often by the same operational team that manages the business day-to-day. The incentives are not neutral.
A business running a monthly cycle count program with documented root cause investigation for every variance is producing a fundamentally different quality of shrink data than one running an annual count. Both might report the same headline shrink number. Only one of them actually knows where the losses are coming from.
What Operational Loss Prevention Diligence Actually Looks At
An Ironside pre-acquisition operational risk assessment evaluates the target business across eight dimensions that QoE does not touch. The findings are translated into dollar terms — estimated annual EBITDA exposure per category — and presented in a format that a deal team can take directly to an investment committee.
- Loss Prevention infrastructure and staffing: Does the business have dedicated Loss Prevention personnel? What is the coverage ratio? Is there a case management system? When was it last used?
- SOP framework: Do written loss prevention standard operating procedures exist? Are they current? Are they enforced? When were they last reviewed?
- Receiving controls: Is blind receiving practiced? Is there a discrepancy reporting procedure? What is the vendor short-shipment dispute process?
- POS exception reporting: Is a system in place? Who reviews the reports? What action is taken on findings?
- Shrink measurement methodology: How often is inventory counted? Who conducts the count? What is the root cause investigation process for variance?
- Physical security: CCTV coverage, EAS compliance, access controls, alarm system integrity.
- Supply chain and cargo security: Seal programs, carrier vetting, in-transit loss tracking.
- Compliance and legal: OSHA posture, licensing, Loss Prevention-related employment litigation.
What to Do With the Findings
The output of an operational Loss Prevention assessment is not just a risk register. It is a deal structuring tool. When the assessment identifies a material Loss Prevention infrastructure gap — no cycle count program, no POS exception reporting, no receiving procedure — that finding has a dollar value. On a $100 million revenue retailer with industry-average shrink of 1.5%, closing the gap to 0.5% is worth $1,000,000 per year in recovered EBITDA. At a 6x multiple, that is $6,000,000 in exit value.
That finding can support a purchase price adjustment, a seller representation on the accuracy of reported shrink, an escrow holdback covering the first post-close inventory cycle, or simply an informed post-close remediation plan that you execute in the first 90 days rather than discovering the problem eighteen months in.
The QoE is not wrong. It is incomplete. The operational Loss Prevention assessment fills the gap that financial diligence was never designed to cover.
| BOTTOM LINE | If you are acquiring a retail or distribution business and your diligence stack does not include an operational Loss Prevention assessment, you are pricing the deal without knowing what the inventory is actually worth. |
| About Ironside Risk Advisors Ironside Risk Advisors provides fractional loss prevention and cargo security advisory to private equity firms with retail and supply chain portfolio companies. Founded by Mitchell Hamm — 10+ years across a PE-backed multi-site retail operator and corporate security — the firm specializes in pre-acquisition risk assessment, post-close Loss Prevention buildout, and ongoing fractional Loss Prevention leadership. mitch@ironsideriskadvisors.com · (502) 608-7389 · ironsideriskadvisors.com · Dallas, TX |