We are rightly afraid of losing money. A diverted grant, a fraudulent invoice, a payment that cannot be accounted for: each one can end a program, damage a reputation, and betray the trust of the people who funded the work and the people who depended on it. So we build controls. Approval layers, verification steps, segregation of duties, audit trails. Each one is sensible. Each one exists because something, somewhere, once went wrong. And stacked together, they produce a system that is very good at preventing the wrong payment and strangely indifferent to the slow one.
This is the imbalance worth naming. We have measured the cost of loss with great care and never put a price on the cost of delay. So one risk gets a defense budget and the other does not even appear on the ledger.
The risk we count and the risk we ignore
A misspent dollar is visible. It surfaces in an audit, it has a number, it can be traced to a decision and a person. Everyone in the chain knows that being associated with it carries a cost. A delayed dollar is invisible by comparison. A payment that takes many weeks instead of a few does not appear in any report as harm. The family that waited those extra weeks does not show up in the financial statements. So we defend hard against the risk that has a name and we tolerate, almost without noticing, the risk that does not.
The result is an organization shaped like its fears. Every new control is justified on its own, and no one ever has to justify the cumulative wait it creates. We add the sign-off, the second review, the extra documentation, and each is defensible. What no one owns is the total time the money now takes to move, or the quality lost when a team spends its hours proving compliance instead of doing the work.
We can name the person attached to a misspent dollar. We never name anyone attached to the delayed one, so only one of those risks gets defended.
This is not an argument against controls, and it is important to say that clearly. Controls protect the work and protect the people we serve, and a sector that lost its rigor would deserve to lose its funding. The argument is narrower. We have optimized against one failure mode so thoroughly that we have stopped seeing the other, and the people we serve pay for both kinds of failure, not just the one we audit.
Why speed and safety stopped being allies
We tend to treat control and speed as opposites, as if every safeguard we remove makes us faster and more reckless, and every one we add makes us slower and safer. But the slowest processes we run are often not the most rigorous. They are the most diffuse. Responsibility is spread so thin across so many sign-offs that no one can act and no one is accountable for the wait. A control that is well placed and clearly owned can be both fast and safe. A control that exists mainly so that no individual ever carries a decision alone is just delay with a procedural alibi.
Designing for both risks at once
The fix is to put delay on the ledger beside loss, and to build controls that defend against both. This is work funders and implementers share, because the funder who demands a control and the implementer who operates it both have an interest in money that is safe and money that moves.
Give every payment of consequence a visible clock alongside its approval chain, so the question becomes not only who signed it but how long the signing took. What gets measured gets managed, and right now we measure only one half of the trade.
Right-size the control to the risk rather than applying the heaviest process to every transaction. A small, routine, low-risk payment does not need the same gauntlet as a large or unusual one. Pre-authorize the routine so scrutiny is saved for where it actually protects something.
Name an owner for the speed of the system, not only for its integrity. When loss has a named guardian and delay has none, the organization will keep getting slower in the name of being safe. Make timely delivery someone’s explicit responsibility and the balance shifts.
And review the controls themselves on a rhythm, asking of each one whether the loss it prevents is still larger than the delay it imposes. A safeguard added after an old failure may be quietly costing more than the failure ever did, and no one will know unless we look.
None of this asks us to be careless with money we hold in trust. It asks us to be as serious about the cost of waiting as we already are about the cost of losing. For the person at the other end, a payment that arrives too late to help was, in practice, a payment that never arrived at all. That is a loss too. It is time we put it on the books.