Skip to Main Content

Times of uncertainty often reveal where a business is most exposed—making exit planning an important time to address gaps with intention. By using assessments, risk profiling, and benchmarking, owners can prioritize the highest-impact issues and strengthen the metrics and controls needed for faster, better decisions that support business valuation.

With uncertainty from shifting economic conditions, market volatility, and evolving tax policy, now may be a good time to use trust, gift, and estate strategies to transfer privately held business interests. Discounts for lack of control and marketability discounts may stretch exemptions.

With continued uncertainty in the business environment—shifting economic conditions, market volatility, and evolving tax policy—trust, gift, and estate strategies may help transfer privately held business interests. Noncontrolling interests may be discounted for lack of marketability when transferability is limited. 

Uncertainty can create planning opportunities. Learn how discounts for lack of control and discounts for lack of marketability work—and why applying them correctly (multiplicative, not additive) can help transfer more ownership while preserving gift and estate tax exemptions. 

When a company is operating successfully and seeking liquidity—whether to fund growth or return value to shareholders—two primary pathways or “tracks” exist: the public market (IPO), and the private market (a sales transaction). 

The end of 4Q 2024 marks the start of a new year. In the Valuation Group, the end of the calendar year brings us to one of our busiest times of year: “ESOP season.” During the first few months of the year, we perform annual valuations for 30+ ESOP clients.

The market approach is one of three different ways to estimate the value of a company. In its simplest form, the market approach is fairly straightforward. Below is a very basic model for how a valuation could be applied:

The election created a sense of anxiety and uncertainty among many people for a variety of reasons. One such concern was around how the election would affect business value.

How should a business owner, management team, or investor estimate the value of its company? There are a variety of methods available in the world of business valuation. Let’s discuss the pros and cons of using a common financial metric in the assessment of a business’s value: Earnings Before Interest, Taxes, Depreciation, and Amortization (EBITDA).

Although summertime is a generally slower time for the valuation team, we’ve seen a notable increase in M&A activity. Transactional activity often follows interest rate trends. We’ve seen activity pick up significantly in the last nine months under the current stable interest rate environment. As rates drop, more deals are sure to follow.

Who this article applies to: CFOs, controllers, and internal audit professionals at financial institutions

Occupational fraud remains a persistent and costly risk for financial services organizations. In its 2026 Report to the Nations, the Association of Certified Fraud Examiners studied 2,402 fraud cases globally totaling more than $3.4 billion in losses across industries, including financial services. The report estimates that organizations lose about 5% of annual revenue to fraud, underscoring that no institution is immune. Equally important, many organizations never fully recover those losses, with over half of victims recovering nothing, highlighting the need for a proactive fraud risk management approach rather than post-event remediation.

Risk profile for banks and investment firms 

The report includes targeted insights for the banking and financial services sector: 

  • Median loss per case: $100,000 
  • Average loss per case: $1,535,000 
  • Median duration: 8 months  

These figures are consistent with overall global trends, but the financial sector’s exposure to high-value transactions, complex systems, and regulatory scrutiny increases both the potential impact and reputational risk associated with fraud events.

Fraud types most relevant to financial institutions 

The report identifies three primary fraud categories: 

  • Asset misappropriation: 90% of cases; lower median loss 
  • Corruption: 45% of cases—includes conflicts of interest and kickbacks; moderate loss 
  • Financial statement fraud: 6% of cases; highest losses at $1 million median

Within financial services, asset misappropriation-related schemes are most prevalent. However, although financial statement fraud is less frequent, it presents the greatest dollar exposure. 

Fraud detection and why whistleblower programs matter 

Because fraud losses escalate over time, improving detection is one of the most effective ways to limit impact. Key insights include: 

  • 43% of fraud cases were detected through tips, over half of which came from employees. 
  • Email and web-based reporting channels are now more commonly used than hotlines. 

Institutions with strong whistleblower frameworks and accessible reporting channels are significantly better positioned to detect fraud early and minimize losses. The most effective frameworks are comprehensive, independent, and trusted by employees.

Higher roles, higher fraud exposure 

Fraud risk is closely tied to access and authority, requiring strong governance and oversight. Employees and managers commit most fraud, but executives cause the largest losses, with risk increasing alongside authority, tenure, and collusion.

Behavioral red flags 

Most perpetrators exhibit warning signs, such as financial pressure or unusual relationships. Behavioral monitoring can enhance fraud detection, particularly for high-risk roles. Always consider the components of the fraud triangle: incentive, opportunity, and rationalization. 

Internal control failure   

Approximately 70% of fraud cases involve control failures rather than absence of controls. For regulated institutions, this highlights the need for effective execution and monitoring of controls, not just design.  

Core controls include management review, data monitoring, and surprise audits. Fraud awareness training and regular reassessment of risk frameworks are also essential, as many organizations still respond to fraud reactively rather than proactively.

Aligning fraud risk management with strategic decision-making 

Fraud risk extends beyond operations to compliance, governance, and reputation. Organizations that emphasize active monitoring, strong controls, and a culture of accountability are best positioned to reduce losses and strengthen risk management. In our complimentary whitepaper on preventing financial institution fraud, we take a deeper look at how to successfully implement a strong anti-fraud plan. Commit to enhancing fraud prevention to build trust with your board, employees, customers, and the broader public—an investment that delivers strong value for any financial institution. 

Key takeaways

  • Recognize persistent fraud risk, with organizations losing an estimated 5% of annual revenue to fraud and many recovering none of those losses. 
  • Improve detection by strengthening whistleblower programs and digital reporting channels, especially for employees. 
  • Address high-impact fraud by focusing on asset misappropriation while monitoring high-cost financial statement fraud. 
  • Increase oversight of senior roles, where fraud risk and losses are greater. 
  • Check internal controls with monitoring, management review, and ongoing risk assessment. 

BerryDunn can help 

Our risk management team helps clients develop and implement effective risk management programs tailored to each organization’s size, risk level, and resources. Learn more about our team and services.

Article
Financial services fraud: Why proactive detection matters

Who this article applies to: Executives at financial institutions

Generative AI (GenAI) is rapidly moving from experimentation to operational reality across banking—powering loan analysis, automating reconciliations, summarizing regulatory updates, and supporting customer interactions. While the upside is clear, the risks are equally significant: hallucinated outputs, data leakage, model drift, and opaque decision-making can undermine financial reporting, compliance, and customer trust if not properly governed. 

The COSO framework—long the backbone of internal control over financial reporting (ICFR) for financial institutions—remains fully applicable. The difference is not whether banks need new frameworks, but how they apply existing control principles in a GenAI environment. 

This article highlights the most practical actions bank executives can take to implement GenAI with confidence, inspired by COSO’s recent Achieving Effective Internal Control over Generative AI white paper. We’ve distilled the white paper into our 10 biggest takeaways. 

1. Start with a capability-based view of AI (not tools) 

One of COSO’s most actionable insights is to shift focus from vendors or tools to what the AI actually does. GenAI capabilities fall into eight categories: ingestion, transformation, transaction processing, orchestration, judgment/forecasting, monitoring, knowledge retrieval, and human interaction.  

Why this matters for banks: 

  • Risk is different at each stage 
    • Data ingestion → data quality, personally identifiable information (PII) leakage 
    • Transaction automation → financial misstatement risk 
    • Forecasting → credit and liquidity risk 
  • Controls should be placed where risk originates, not generically across “AI” 

Practical takeaway: 

Inventory every AI use case and tag it by capability type. This becomes the foundation for: 

  • Risk assessments 
  • Control design 
  • Audit scoping

2. Treat GenAI outputs as “claims,” not facts 

GenAI is probabilistic and can be confidently wrong. For financial institutions, this is a critical mindset shift:

Practical controls: 

  • Require human validation for material outputs (e.g., financial reporting, credit memos) 
  • Implement: 
    • Confidence thresholds 
    • Source citation requirements 
    • Exception routing workflows 
  • Separate AI assistance from final decision authority 

Executive implication: 

If management or auditors are relying on AI outputs, those outputs must meet ICFR-level evidence standards (documentation of prompts, data sources, versioning, etc.). Furthermore, developing built-in confidence thresholds will help to identify those results that are potentially less accurate and thus need additional human validation. Those outputs that meet or exceed confidence thresholds may require less human intervention.

3. Build governance before scaling use cases 

A recurring risk is “shadow AI”—teams deploying tools outside formal governance. Thus, it is important to establish a formal governance structure and policies so employees know what acceptable use looks like at your institution. This should be the first step in any AI tool deployment and, if done with an institution-wide focus, can serve as the foundation for assessing and deploying any AI tool throughout the institution. 

Practical governance model: 

Establish a cross-functional AI governance committee: 

  • Risk and compliance 
  • IT/security 
  • Finance 
  • Business leadership 

Responsibilities: 

  • Approve high-risk use cases 
  • Set acceptable use policies 
  • Monitor incidents and Key Risk Indicators (KRI)

Key policy areas: 

  • Prohibited data (e.g., customer PII in public tools) 
  • High-risk use cases (e.g., lending decisions) 
  • Model and vendor approval standards 

In addition to the departments mentioned above, consider having individuals that will be using these tools daily on the committee. Furthermore, when identifying those individuals, try to find someone that is passionate about AI. These individuals will naturally keep the committee apprised of AI trends and, when it comes time to deploy AI tools, will be champions at your institution, driving change throughout the organization.

4. Define clear “reliance boundaries” upfront 

One of the most important—and often overlooked—steps in implementing GenAI is deciding where the bank will (and will not) rely on AI outputs. 

The COSO white paper introduces a critical concept: Reliance occurs when management depends on AI outputs as evidence supporting a control or decision. 

Why this matters for banks: 

Once you rely on AI outputs, you are effectively: 

  • Bringing the process into ICFR scope 
  • Triggering audit evidence requirements 
  • Increasing regulatory exposure 

Practical implementation: 

  • Classify each use case by reliance 
    • Non-reliance (low risk):  
      • AI drafts, summarizes, or assists 
      • Human fully re-performs or validates 
    • Reliance (high risk):  
      • AI outputs are used directly in decision-making or control execution. 
    • Align with key banking processes: 
      • Financial reporting → High likelihood of reliance 
      • Credit decisions → High likelihood of reliance 
      • Back-office productivity tools → Typically non-reliance 

Executive implication: 

Do not treat all GenAI use cases equally. Instead, draw a clear line between “assistive AI” and “decision-driving AI.” 

That single distinction will: 

  • Simplify governance 
  • Focus control investment 
  • Avoid unnecessary audit complexity 
  • Reduce regulatory risk 

5. Expand risk assessment to new AI-specific threats 

Traditional risk frameworks are not enough. GenAI introduces new risk categories: 

High-priority risks for banks: 

  • Hallucinations (incorrect but plausible outputs) 
  • Prompt injection attacks (malicious inputs manipulating models) 
  • Model drift (performance degradation over time) 
  • Third-party/vendor risk (limited visibility into models) 
  • Bias/fair lending implications  

Practical approach: 

  • Maintain a living risk register that is frequently reviewed and updated 
  • Include “What if?” scenario analysis: 
    • What if a vendor updates the model without notice? 
    • What if training data changes? 
  • Link risks to key reporting initiatives (e.g., accuracy thresholds, exception rates)

6. Elevate “configuration” to a controlled asset 

In GenAI, controls are not just around systems—but around: 

  • Prompts 
  • Retrieval data 
  • Model settings 

These are effectively new financial reporting control points. 

Practical controls: 

  • Version control for prompts and configurations 
  • Formal approval workflows for changes 
  • Logging of: 
    • Inputs 
    • Outputs 
    • Model versions 

Executive implication: 

Treat GenAI configurations like core banking system configurations—subject to the same change management rigor. Specific to prompting, develop a prompt library with widely used prompts. Encourage employees to visit this prompt library prior to developing their own prompt. Establishing this protocol will assist in creating consistent outputs for similar tasks.

7. Design controls that scale with automation 

GenAI can amplify both efficiency and errors. 

Leading practices: 

  • Human-in-the-loop review for high-risk decisions 
  • Multi-model validation for critical outputs 
  • Automated monitoring for anomalies and drift 
  • Segregation of duties (separate model configuration from approval) 

Example

Auto-reconciliation: 

  • Auto-post only above validated confidence threshold. 
  • Route exceptions with full audit trail. 
  • Require approval for threshold changes. 

For instance, incoming invoices are routed through an AI tool that attempts to categorize and record the journal entry associated with the invoice. The tool has been trained that if it is not confident in the journal entry, it will suggest one, but it will not be posted until a manual review occurs. 

8. Strengthen data provenance and traceability 

Banks must be able to answer: 

  • Where did this output come from? 
  • What data was used? 
  • Which model generated it? 

Practical requirements: 

Capture and retain: 

  • Prompts and inputs 
  • Source data references 
  • Output versions 
  • Confidence scores  

Why this matters: 

  • Auditability 
  • Regulatory defensibility 
  • Root cause analysis

9. Monitor continuously—not periodically 

GenAI environments change rapidly (model updates, data shifts, usage patterns). As mentioned earlier, this is why it is important to maintain a living risk register. 

Practical monitoring strategy: 

Combine: 

  • Real-time dashboards (accuracy, exceptions, drift) 
  • Periodic deep reviews (model validation, bias testing) 

Key metrics: 

  • Accuracy / precision / recall 
  • Hallucination rate 
  • Data leakage incidents 
  • Forecast variance 

Action triggers: 

  • Retrain models 
  • Roll back changes 
  • Escalate to governance committees 

Example

Forecasting: 

An AI tool is used to forecast credit losses, which is then used as an input in a financial institution’s current expected credit loss model. This forecast is temporarily compared to actual results and, if forecast variances exceed a certain threshold for consecutive comparisons, the tool is retrained. 

10. Follow a simple, repeatable implementation roadmap 

COSO outlines a practical six-step cycle: 

  1. Establish governance 
  2. Inventory use cases 
  3. Assess risks 
  4. Design controls 
  5. Implement and train 
  6. Monitor and adapt  

Executive takeaway: 

This is not a one-time project—it is a continuous control cycle, similar to ICFR. 

Bottom line for bank executives 

GenAI is not simply a technology initiative—it is a control environment transformation. 

Banks that succeed will: 

  • Integrate GenAI into existing control frameworks. 
  • Treat AI outputs as risk-bearing assertions. 
  • Build governance before scaling. 
  • Design controls that evolve with the technology. 

Banks that do not succeed may be subject to: 

  • Financial reporting errors 
  • Regulatory findings 
  • Reputational damage 

Strong internal controls do more than reduce risk—they help institutions align GenAI initiatives to enterprise strategy, scale adoption responsibly, and improve value realization by making AI-enabled processes more reliable, repeatable, and trusted. 

Done well, GenAI becomes not just efficient—but auditable, reliable, and strategically differentiating. That matters at the enterprise level because strong controls give leadership the confidence to move beyond isolated pilots and embed AI into broader transformation priorities. In that way, governance and control disciplines are not barriers to innovation—they are enablers of sustainable adoption, measurable business impact, and long-term value realization.

BerryDunn can help 

If you have any questions about GenAI and internal controls at your bank, please reach out. Learn more about our team and services. 

Article
10 steps for bank execs to turn GenAI into a controlled advantage

Who this article applies to: Healthcare compliance officers, administrators, clinical leaders, information officers, clinicians, and quality and risk managers at hospitals, health systems, ambulatory care facilities, and medical practices.

AI-based medical scribes have rapidly progressed from novel ambient listening tools used by tech-savvy clinicians to formally integrated applications in both ambulatory and hospital practice settings. Designed to listen to clinician‑patient conversations and generate draft clinical notes for review before they become part of the medical record, these tools promise to relieve clinician burnout by reducing the documentation burden and after‑hours charting. For healthcare organizations facing clinical workforce shortages and rising administrative pressure, the appeal is obvious.

How AI scribes work—and why it matters for compliance 

Most AI medical scribe platforms combine speech recognition, natural language processing, and generative AI to produce the clinical encounter note. Often integrated with the clinician’s electronic health record platform, audio recordings or transcripts are temporarily stored outside the electronic health record before the finalized note is returned for clinician review and sign‑off. The underlying technology may handle Protected Health Information (PHI) at multiple points along the informational data path.

This information architecture is important from a compliance perspective. Audio recordings and transcripts are electronic PHI, even if retained briefly. As a result, AI scribe vendors are considered business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), requiring AI scribe vendor compliance with the HIPAA Privacy, Security, and Breach Notification Rules. There is no such thing as a “HIPAA‑certified” AI product—compliance depends on how the tool is deployed, governed, and monitored by the healthcare organization. 

Privacy, consent, and risk for AI scribe use 

A key risk area for AI scribes is patient consent. Because these tools record live patient-clinician conversations to generate clinical notes, in addition to HIPAA compliance obligations, their use may be governed by individual state audio‑recording and all‑party consent laws. Some states have one-party consent laws, while others (such as Connecticut) have two-party consent requirements, which require every participant in the conversation to give consent before recording begins.  

Consent cannot be assumed, implied, or retroactively documented by AI‑generated notes alone. Recent legal actions against healthcare organizations in multiple two-party consent states have alleged deployment of ambient listening tools without adequately notifying patients or obtaining valid consent for recording and downstream data use. Regulators and plaintiffs alike are scrutinizing whether patients were meaningfully informed that conversations were being recorded, how long recordings were retained, where data was stored, and whether patients had a genuine opportunity to opt out. Transparency and documentation around consent are rapidly becoming baseline expectations. 

Oversight and regulation are evolving 

At the federal level, most AI scribe tools are not currently regulated as medical devices. However, regulators are paying close attention to how AI influences clinical workflows and documentation. Recent FDA guidance on AI‑enabled health technologies emphasizes life-cycle governance, transparency, cybersecurity, and post‑market monitoring. AI systems have the same obligations that apply when humans access PHI—including minimum necessary standards, access controls, audit logs, and risk analysis.  

For healthcare organizations, this means enforcement risk is not theoretical. HIPAA applies fully to AI systems today, and state attorneys general and private litigants are increasingly willing to test the boundaries of consent, disclosure, and data governance in court. 

Practical guidance for AI medical scribe adoption and use 

When introduced within a strong governance framework, AI medical scribes can deliver demonstrable clinical and operational value. Organizations adopting these tools can reduce compliance risks by focusing on a few core principles: 

  • Organizational self-audit: Know what tools may already be in use and restrict ad-hoc clinician use without organizational vetting and oversight. 
  • Develop organizational governance policies for AI tool adoption and use:
    • Tool evaluation, selection, and approval
    • Data retention and deletion
    • Explicit clinician responsibility for review and sign-off of AI-generated notes 
  • Vendor due diligence and contracting: Confirm how data is captured, stored, retained, and deleted. Require the vendor to provide evidence supporting compliance with applicable HIPAA provisions and execute a Business Associate Agreement (BAA). 
  • Transparent patient communication: Clearly explain when AI documentation is used, what is recorded, and what choices patients have.
  • Affirmative consent workflows: Build consent processes and documentation that stand on their own, separate from AI-generated statements. 
  • Clinician accountability: Reinforce clinician responsibility for reviewing, correcting, and approving all AI‑generated documentation. 
  • Oversight: Perform ongoing monitoring, audits, and periodic reassessment of AI-based scribe tools.

Ensuring responsible use of AI medical scribes 

AI medical scribes can improve efficiency, reduce burnout, and support high‑quality documentation. When deployed carelessly, these tools can erode patient trust and expose organizations to regulatory, legal, and reputational risk. 

Compliance, privacy, and operations leaders play a critical role in ensuring that innovation enhances care delivery without compromising the standards that patients and regulators expect and demand. 

Key takeaways

  • Understand that AI medical scribes may handle PHI at multiple points along the informational data path. 
  • Recognize that audio recordings and transcripts are electronic PHI, even if retained briefly. 
  • Confirm that AI scribe vendors function as business associates under HIPAA and execute a Business Associate Agreement. 
  • Build consent processes and documentation that stand on their own, separate from AI-generated statements. 
  • Reinforce clinician responsibility for reviewing, correcting, and approving all AI-generated documentation. 

BerryDunn can help 

Our healthcare compliance team can help. We incorporate deep, hands-on knowledge with industry best practices to help your organization manage compliance and revenue integrity risks. Learn more about our healthcare compliance consulting team and services.    

Article
AI medical scribes: Eavesdropping, recording, and risk

Read this if you are a business owner or an advisor to business owners.

In times of uncertainty, exit planning can be a strong reason to focus on the opportunity in front of you. Instead of waiting for conditions to improve, business owners are often best served by staying active, involved, and focusing their efforts on improving their business. Consider what opportunities you can take advantage of and be ready to succeed when the climate improves.

Assessing risks and strengthening operations

In periods of uncertainty, the landscape shifts—revealing weaknesses, threats, and hidden hazards. How these challenges are navigated can shape long-term outcomes. Will this moment be used to identify, assess, and address these risks? 

It is important to view challenging times in the context of a larger, long-term perspective. It presents the perfect opportunity to focus on building resiliency, redundancy, and strength. Unsettled times allow business owners to discover and understand: 

  • What broke first and why? 
  • How can you shore it up for better operations in the days ahead?
  • What weak spots you didn’t know about are now apparent?
  • How can you address those weaknesses?
  • How can you leverage existing resources differently to chart a path forward?

Models of priority: The progress of a business

There are various stages or hierarchies of priority in thinking about the progress of a business. Each priority model features bases and pinnacles. The pinnacles of each model are realized in a long-term setting, after the remaining bases have been solidified. While continued development of a clear vision for your business is paramount, dynamic shifts in the landscape call for reassessment of the bases. In the long-term, self-fulfillment manifests from properly executed strategy, but in the near- and mid-term, these various frameworks force strategic planning back to assess and address the base components.  

The bases of each model should serve as safe havens for reversion. When facing uncertainty and failure, have you made your base strong enough to redirect your efforts into an actionable plan for the long-term? 

Action Planning Pyramid and Value Maturity Index

Action Planning
Five Stages of Value Maturity

The Value Maturity Index, broken into five stages, is a stepwise assessment of active exit and business strategy. Inherent in the value acceleration framework are the concepts of resiliency, redundancy, disaster recovery, and actionable planning. 

While we may have been fully entrenched in the build phase, setbacks due to dynamic changes in the landscape force us back to protect mode—the assessment and methodical shoring up of weaker points of the operation to protect against future downside risks.

Though this stepwise progression is linear in nature, flexibility and adaptability are paramount in changing course to address the needs of your current state. 

When we look at action planning, parallels can be drawn to the various models. Certainly, we are focused on continuing sales, marketing, and customer relationships, but it becomes a question of reversion to meeting the basic needs and serving a client’s pain points rather than beginning ground-breaking efforts.  

An uncertain climate forces us to the base, where the focus is on solidifying any exposed areas that have emerged, and likely compounded, by the current challenges. Concerns related to management, metrics, core values, and priorities are the bases in need of coverage. 

Maslow’s Hierarchy of Needs
 

Maslow's Hierarchy of Needs

Maslow’s Hierarchy of Needs1 is a well-known motivational theory in psychology that comprises a five-tiered model of human needs, whereby each successive tier must be fulfilled (beginning at the base) before rising to the next tier. It can be used to view similar information from a psychological perspective.

Value acceleration and creating successful outcomes are largely tied to a clear long-term vision. We typically reside in the self-actualization level of the hierarchy of needs when undertaking the high-level view of the framework.

In periods of uncertainty, the emphasis is on adaptability, so there will be less concern with the top levels. Those levels remain available but are not the pressing issue of the moment. If we think about shoring up bases (the protect stage) when viewing this psychological model, our focus is on the “basic needs” level. That is, keeping people (i.e., self, family, and employees) safe and remaining connected for immediate continuity.

McKinsey & Company Event Horizons

McKinsey & Company Event Horizons

Many others in related fields view uncertain times in similar terms. In the McKinsey & Company Events Horizon view2:

  • Resolve addresses those immediate hurdles and challenges a business is currently facing.
  • Resilience focuses on near-term items to be addressed once the initial base is covered. 
  • Return views the mid-term horizon in understanding how to return to scale by focusing on understanding metrics and increasing the frequency of measurements for informed decision-making. 
  • Reimagination and reform typically go hand in hand, but without covering bases of needs, crafting a dynamic shift in operations to incorporate new environments may be counterproductive. 

Once these bases have been clearly assessed and addressed, the path forward may appear dramatically different. This is when creative solutions to enhance opportunity should begin to take shape. Examples may include newly emerged revenue streams and opportunities, fully integrated systems and dashboards to capture timely decision-making data points, or strategic pivots in your business model to improve navigation in changing environments. 

Discover and control in uncertain times

Consider what the period of uncertainty has revealed and ask yourself: 

  • What existing challenges became more apparent?  
  • How can these areas be addressed? 
  • Is this the time to make large investments in the company or the right investments? 

Taking stock of your company’s future through the incorporation of lessons learned will bolster value in the long-term by de-risking and developing new opportunities, methods, work, shifts in productivity, and shifts in mentality. That approach also brings lots of questions: 

  • If there are no early warning signs, why not?  
  • What should your indicators be?  
  • What metrics are crucial in identifying the pulse of your current situation?  
  • What is your business reliant on?  
  • How can you build information and indicators for rapid shifts in decision-making?  
  • How strong are your current controls and how integrated are your management and information systems? 

To answer these questions, you need to quantify and develop metrics that will aid in the early identification of future challenges, thus increasing your responsiveness with data-driven decision mechanisms. Having your fingers on the pulse of your company and understanding the impact of each input on your strategy will focus your attention on the information that matters most. This allows you to understand, position, and adapt to changes in your business and community environment in a proactive and agile manner. Measurements, forecasts, and dashboards should provide you with regular, valid, and relevant information you can use to take informed action in decision-making. 

The importance of look-backs

Historical look-backs during various points of time will allow you to key in on pivotal data indicators and inflection points. When looking at this from an operational view, industry and economic factors impacting your company can serve as corroborating pieces of evidence to further support data metrics analyzed.

  • It's best practice to regularly study and update development, pipeline, and reliance metrics for feedback and information discovery with data integrated throughout your operations. This helps avoid lag time in reporting on stale information towards real-time actionable data points.  
  • Each metric is specific to your business and can be directly mapped back to increases in shareholder value. Understanding these business value drivers will focus your attention and intention on improving in the right areas, while avoiding distracting and less impactful pain points. 
  • Instead of focusing on precision, build in flexibility and adaptability with scenario- and sensitivity-based criteria to understand changes, implications, and reliance of each input. Understanding these relationships in a broader scheme aids you in quick, impactful decision-making, guiding you toward enhanced value. 

Remaining resilient in challenging times 

This approach allows an opportunity to fully assess the known and unknown problem areas, weaknesses, perils, and hazards your business may be facing. From that base, you can begin to address these issues to scale effectively with lower overall risk when activity picks up. 

Management metrics, core values, and priorities drive resilience for long-term continuity by shoring up the foundation to build for the future. Assembling evidence in troubled times provides an opportunity to capitalize on and fulfill core values. Documenting these decisions and improvements memorializes your decision-making and impact on value enhancement, and serves as a playbook for future events. 

What you make of difficult periods through identification, assessment, and addressing newly emerged risk areas provides the opportunity to increase success as the climate rebounds.

Key takeaways

  • Stay active during uncertainty: Improve the business now rather than waiting for conditions to recover. 
  • Identify and mitigate newly exposed risks: Examine what broke first, what weak spots surfaced, and how to shore up operations. 
  • Reinforce the “base” of the business: Prioritize management practices, core values, metrics, controls, and near-term continuity. 
  • Measure what matters more often: Build timely dashboards, forecasts, and early-warning indicators to support faster, data-driven decisions. 
  • Document lessons learned and improvements: Create a repeatable playbook that reduces future downside risk and supports long-term value. 

BerryDunn can help 

Our credentialed business valuation specialists bring clarity to the complexities of valuation while adhering to strict development and reporting standards. Through our assessments, risk profiling, and benchmarking analyses, we help business owners discover the largest gaps across the company, prioritize the most impactful problem areas to address, and implement changes to enhance business value through continuous improvement. We render an independent, objective opinion of your company’s value in a reporting format tailored to meet your needs. If you have questions about your unique situation, or would like more information, please contact the business valuation consulting team.

1Maslow’s Hierarchy of Needs, Saul McLeod, updated March 20, 2020. SimplyPsychology. www.simplypsychology.org/maslow.html.
2Beyond coronavirus: The path to the next normal, Kevin Sneader and Shubham Singhal, McKinsey & Company, March 23, 2020.  www.mckinsey.com/industries/healthcare-systems-and-services/our-insights/beyond-coronavirus-the-path-to-the-next-normal. COVID-19: Briefing note, March 30, 2020, Our latest perspectives on the coronavirus pandemic. Matt Craven, Mihir Mysore, Shubham Singhal, Sven Smit, and Matt Wilson. McKinsey & Company. www.mckinsey.com/business-functions/risk/our-insights/covid-19-implications-for-business.

Article
Value acceleration in times of uncertainty

When most people think about water parks, they think about slides, lazy rivers, and summer crowds. What they do not always see is a highly complex operation that blends revenue generation, community service, workforce development, and long-term planning in a way that many public sector organizations can learn from.

Water World, operated by the Hyland Hills Park and Recreation District, is a standout example. With more than 70 acres, 50 attractions, and roughly 500,000 visitors over an 85-day season, it operates at a scale that rivals private-sector attractions. But the more interesting story is not just its size. It is how that scale supports a broader mission.

Listen to the Let's Talk Parks podcast with guests from Hyland Hills Park and Recreation District. 

A different model for funding public services

At its core, Water World exists because of a funding challenge. In the late 1970s, the district needed a way to support programs that were not self-sustaining without raising taxes. The solution was to build a revenue-generating amenity that could subsidize the rest of the system. That model still holds today. Revenue from Water World and other enterprise operations helps fund community offerings like youth sports, parks, and senior programs, while keeping the local tax burden low.

This is a useful reframing for many public organizations. Instead of viewing amenities solely as cost centers, there is an opportunity to think about how select offerings can generate revenue that sustains the broader mission. Not every agency can or should build a large water park, but the mindset applies broadly. Strategic investments that attract regional audiences can create funding streams that benefit local residents.

Scale changes operations, but not fundamentals

Running a facility like Water World requires significant operational complexity. Behind the scenes, there are teams managing water quality, maintenance, safety protocols, and guest flow across dozens of attractions.

And yet, one of the most important takeaways is that the core challenges are the same as those faced by smaller facilities. Water quality, safety, staffing, and maintenance are universal. The difference is scale. In some ways, scale provides advantages. Larger operations can support specialized staff and dedicated teams. Smaller facilities often rely on fewer individuals wearing multiple hats.

For leaders in smaller communities, this is an important reminder. While your resources may be different, the fundamentals are not. Clear processes, strong training, and consistent attention to the guest experience matter just as much at a single pool as they do at a 70-acre park.

Staffing is a strategy, not just a seasonal task

Hiring nearly 1,000 seasonal employees each year, including around 300 lifeguards, is no small task. Water World begins planning in the fall, opens applications around February, and relies heavily on returning staff and word of mouth to fill roles quickly.

What stands out is the emphasis on employee experience. Many staff members are in their first jobs, and leadership treats that responsibility seriously. Investments in compensation, engagement programs, and leadership development have led to stronger retention and better performance.

This is a shift many organizations are still making. Instead of viewing seasonal or entry-level roles as transactional, successful organizations are treating them as foundational experiences. When employees feel supported and engaged, they stay longer, perform better, and contribute to a stronger overall experience.

Marketing works best when the experience delivers

Water World markets year-round, even though it operates for just a few months each year. Strategies include digital campaigns, media relations, email marketing, and local partnerships. But one of the most effective tactics is also one of the simplest: capturing authentic guest experiences. Interns are often sent into the park to create organic social content that reflects real guest reactions.

This aligns with a broader truth. Marketing can drive awareness, but it cannot compensate for a weak experience. As one leader noted, if the product does not deliver, people will not come back. For organizations with limited marketing budgets, this is encouraging. Authentic, experience-driven content is often more effective than polished campaigns. The key is to create something worth talking about.

Continuous reinvestment keeps experiences relevant

One of the more difficult aspects of managing a long-standing attraction is deciding when to update or replace existing features. Water World refers to this process as “reimagination.” Decisions are based on a combination of guest feedback, usage patterns, maintenance needs, and overall experience quality. Even when an attraction has strong sentimental value, it may no longer meet current expectations.

These decisions are not easy. Leaders recognize the emotional connection guests have with legacy attractions, and they often provide opportunities for closure, such as farewell events or final visits. The lesson here is that maintaining relevance requires ongoing investment. Whether it is updating a facility, refining a program, or improving an experience, organizations need to balance nostalgia with evolving expectations.

Safety and preparedness cannot be static

Safety has always been a priority in aquatics, but expectations have evolved. Water World has expanded its approach to include comprehensive emergency action planning, cross-agency collaboration, and large-scale drills involving multiple jurisdictions. This level of preparation reflects a broader shift. Public-facing organizations must be ready for a wide range of scenarios, many of which were not top of mind a decade ago.

For smaller agencies, the takeaway is not to replicate large-scale drills, but to build relationships. Engaging local law enforcement and first responders, sharing facility knowledge, and developing clear protocols can significantly improve readiness.

The real impact is human, not operational

It is easy to focus on metrics such as attendance, revenue, or staffing. But the most meaningful outcomes are harder to quantify. Water World is the largest youth employer in its county, giving thousands of young people their first job experience. Former employees return with their own families. Longtime guests maintain decades-long relationships with the park.

These connections are what turn a facility into a community asset. They are also what justify the effort, investment, and complexity required to operate at this scale. 

At its best, parks and recreation work is about creating places where people connect, grow, and create memories. Water World shows what that can look like when those goals are paired with strong strategy and execution.

Key takeaways

Not every organization will operate a water park. But many can apply the underlying principles:

  • Think strategically about revenue-generating services that support your mission

  • Focus on fundamentals, regardless of scale

  • Treat staffing as a long-term investment

  • Let the customer experience drive your marketing

  • Continuously reinvest in relevance

  • Build strong safety and community partnerships

Innovative strategies for parks, recreation, and libraries

BerryDunn's consultants work with you to improve operations, drive innovation, identify improvements to services based on community need, and elevate your brand and image―all from the perspective of our team’s combined 100 years of hands-on experience. We provide practical park solutions, recreation expertise, and library consulting. Learn more about our team and services.

Article
What water parks can teach us about running sustainable, high-impact community services