The Model Works — But Can You Trust It?

Raef Lawson, Executive Director of the Profitability Analytics Center of Excellence, recently posted what looked like an auditor's joke and turned out to be a diagnosis. The title: "Frauds That Passed Every Spreadsheet Test." Below it, six names: Enron, WorldCom, Satyam Computer Services, Allied Irish Banks, the City of Dixon (Illinois), and the Aldie Volunteer Fire Department.

What did they have in common? The numbers added up. Every one of those models passed the technical tests a controller would run today: consistent sums, clean reconciliations, structural validations with zero errors. And every one of them was completely wrong.

Here is the detail almost no one catches — and the one that sharpens the message rather than weakening it. Five of the six are not profitability-model frauds. They are financial-reporting frauds or embezzlements: Enron with its SPEs and mark-to-market, WorldCom capitalizing opex, Satyam with fictitious cash, Dixon with municipal embezzlement, Aldie with a treasurer who drained the account. Only Allied Irish/Allfirst is a market-risk control failure. None is, strictly speaking, a fraud of the profitability model itself.

That does not break the argument. It focuses it. The calculation was never the point of failure. What failed was the chain of trust around the model. And in Profitability Analytics that chain is more fragile than in financial reporting, because models of allocations, drivers, cost-to-serve, customer/product profitability, and transfer pricing live outside the audited perimeter of GAAP. No one audits an allocation Rule Set the way the balance sheet gets audited. That is where the gap sits.

Three questions organize the rest of this article:

1. Why can a model that passes every technical test still produce the wrong decisions?
2. How do you build trust in a model that no regulator audits?
3. What should a CFO do this week to close that gap?

1. Why the Perfect Model Lies

The starting error is believing the risk is "calculation risk." It isn't. A well-built profitability model can sum perfectly and still hand you the wrong decision signal. The real risk is distributed across four places, ordered by where they bleed in an EPCM/PCM environment:

The knot tying all four together is the reconciliation trap. A profitability model can reconcile 100% against the GL and, at the same time, emit false decision signals. Reconciliation validates that it sums. It does not validate that the causality is correct. Two different questions — and most committees treat them as one.

I saw this with painful clarity at a LATAM bottler competing with PepsiCo — I can't name them — during a live review of their Profitability and Cost Management model. A serious model: two stages, 88 activities, 17 dimensions, Rule Sets RS00 through RS06, with twelve months of batch runs and no incidents. The structural validation report came back empty. Zero errors. Coherent architecture.

"The model passed every test. What else is there to review?" — the CFO, with the calm of someone who believes the problem is already solved.

That question — asked in good faith — is the Interpretation risk in its purest form.

The bridge to the solution is this: if the technical tests can't detect the risk, then the control can't be technical. It has to be governance.

2. How to Build Trust Outside the GAAP Perimeter

Banking solved this problem fifteen years ago and gave it a name: Model Risk Management. The Federal Reserve's SR 11-7 letter treats a model not as a spreadsheet to verify but as an asset to govern. Its logic transfers cleanly into the EPCM world, regardless of the local regulator — CNBV in Mexico, SIB in Guatemala, SBP in Panama, SB-RD in the Dominican Republic. Three layers, three questions:

Four frameworks reinforce the structure. SR 11-7 supplies the three-layer architecture. BCBS 239 — already mandatory for regional banking — demands data lineage and traceability: a model is only as good as the data feeding it. And for the layer that's coming, NIST AI RMF (Govern / Map / Measure / Manage) and the EU AI Act already warn that AI risk can't be managed with technical controls alone.

The differentiating piece is substance, not form. Lawson's PACE Framework and the Decision-to-Value™ method we apply at Asher say the same thing through two different doors: both are built on economic causality, not accounting convenience. PACE holds the methodological seal — vendor-neutral, IMA-backed; Asher holds the implementation on Oracle EPCM. It's an alliance, not a competition. And the convergence matters, because it means the answer to the reconciliation trap isn't one consultant's opinion: it's a consensus that spans the methodological standard and field practice alike.

Back to the bottler, because that's where the theory turned into evidence. The review the CFO thought was unnecessary surfaced three findings the native validation was never going to see:

The second finding is the heart of the matter, and precision is essential here: it was not fraud. It was honest documentation drift. The description said one thing; the active logic did another. No one lied. But the mechanism — trust placed in a number whose methodology is not the one the reader believes — is identical to Enron's. Same mechanism, different intent. And that distinction doesn't weaken the argument: it widens it. Governance is not only anti-fraud. It's anti-silent-error. The latter is far more common than the former, and for that reason far more dangerous.

How do you prove the calculation is valid without touching the client's real data? With three invariants. Conservation: the cost entering each stage must equal the cost leaving it. Take a synthetic scenario — 100 units of cost flowing through three allocation steps. After each stage, debit and credit must both still total 100. A single cent of drift fails the invariant, and you've caught it before it ever touched real data. Traceability: every output amount is traced back to its origin through the driver and recomputed by hand. Determinism: same inputs, same outputs, on every run. Eight synthetic cases with known answers and an independent Excel oracle — which is, literally, Layer 2 — close out the assurance.

The final bridge: once we know what controls trust, the operational question is where to start on Monday.

3. What to Do This Week

The actions aren't ordered by difficulty. They're ordered by trust ROI — by where a unit of effort buys the most certainty:

1. Profitability Model Inventory. Every active model with owner, criticality tier, last validation, and regulatory scope. Without an inventory there's no governance; there's folklore.
2. Signed Assumption Register. Every key driver with its source, its causal logic, and a business owner who signs it. The signature turns the assumption into accountability.
3. End-to-end Data Lineage. From source system to final POV. BCBS 239 already requires it in banking; every other industry is just running late.
4. Segregation of duties in the Rule Sets. Whoever builds does not approve. This one, alone, kills the silent override.
5. Champion vs. Challenger on one client. Run the causal model against the status quo and show the delta. It's the most sellable proof of value there is: the number that changes is the argument.
6. Explainability layer. Before every decision: "this number comes from this driver, under this assumption." If you can't say that sentence, you shouldn't be deciding.

If I had to pick one to start on Monday, it would be the first. The Model Inventory is trivial to begin — one sheet, one owner per model — and it immediately exposes how many critical models run without a clear owner. That figure, in most organizations, is uncomfortable. Which is exactly why it works.

And there's a layer that multiplies all of the above: AI Model Governance. With GenAI entering the decision flow, the risk goes up, not down. A model can be 95% accurate and still be biased, out of context, or unexplainable. The discipline is the same as before — an AI model register beside the profitability inventory, an audit trail that lets any output be reproduced and challenged, and a review cycle that tests for bias and explainability, not just accuracy. StrategicFinance.ai™'s anti-hallucination architecture with audit trail isn't a feature: it's Model Governance applied to AI. Whoever governs their profitability models today is building the foundation that AI regulation will demand of them in twelve to twenty-four months — the EU AI Act has already set the direction.

Locate your organization on this maturity scale:

Most FP&A functions in the region live between levels 1 and 2 and believe they're at level 3 because their models reconcile. The distance between "it reconciles" and "it can be trusted" is exactly the work that remains.

A perfect model is not a trustworthy model. Enron wasn't a failure of Excel; it was a failure of governance. Good governance doesn't prove a model works — it proves the model can be trusted. For a regulated CFO, that is the only definition of "valid model" that survives a wrong decision.

The model runs. That is not the same as the model being trustworthy.

And that difference, today, is the CFO's job.