The 30-day operations audit: how to find your biggest leak in a month
If you can't articulate where operational time and money are leaking inside your business, you can't fix it. Here's the structured 30-day audit we run on every engagement — the version you can do yourself.
Most operational fixes don’t fail at the implementation stage. They fail at the diagnosis stage — when leadership commits to fixing the wrong problem because the right one wasn’t visible.
The pattern looks like this: a CFO notices the monthly close is slow, blames the finance team, hires a new controller, and discovers six months later that the close is slow because three operational systems can’t talk to each other. The controller hire was the wrong fix because the problem was misdiagnosed.
Every Baxter & Third engagement starts with a structured 30-day audit before we recommend anything. The audit is the most leveraged work we do — it’s where we tell clients what to fix, not just how. This article is the version you can do yourself.
What the audit is for
The output of a proper 30-day audit is three things:
- A ranked list of operational leaks — what’s bleeding time, money, or trust, ranked by leverage.
- A clear “fix first” recommendation — usually one bottleneck, occasionally two, never five.
- A scoped proposal for the first build increment — including effort estimate, the team involved, and what success looks like.
Notably absent: a roadmap covering the next two years. Roadmaps that long are theatre. Pick the highest-leverage fix, execute it cleanly, and let the wins inform what to do next.
The four phases of the audit
Phase 1 (days 1–5): map the operating reality
Most companies have a polished version of “how it works” that lives in the COO’s head, the org chart, and the SOP wiki. Then there’s the reality, which lives in spreadsheets, WhatsApp groups, and the institutional knowledge of two veterans nobody can promote.
The first week is about getting the real picture, not the polished one.
What to do:
- Interview 5–8 people across functions. Finance, ops, sales, customer service, tech. Not just leaders — also the people who actually push the buttons. Ask: “Walk me through what you did yesterday, hour by hour.” That question gets you closer to reality than “describe your process.”
- Trace the cash: for a representative transaction (one customer order, one payroll cycle, one supplier payment), document every system, person, and handoff involved from initiation to settlement. Most companies are stunned by what this exposes.
- Inventory the tools. Every SaaS subscription, every spreadsheet that something depends on, every “Mary’s database.” If you can’t enumerate them, you don’t know what you have.
By end of week 1, you should have a list of every system in active use, a map of the top 3–5 cross-functional workflows, and a rough sense of where each workflow stalls.
Phase 2 (days 6–14): quantify the leaks
Mapping shows you where things happen. Phase 2 puts numbers on what each of them costs.
For every workflow you mapped, measure:
| Metric | How to capture it |
|---|---|
| Cycle time | Hours/days from initiation to completion. The variability matters as much as the average — a process that takes “3 to 9 days” is broken differently than one that takes “consistently 5 days.” |
| Rework rate | What percentage of outputs come back, get rejected, or get manually corrected? Anything above 5% on a routine workflow is a leak. |
| Handoff count | How many human handoffs between systems or people? Each handoff is a future error. |
| Manual data movement | How many times is data copied/retyped between systems? Total minutes per week. |
| People bottlenecks | Which single person, if they took two weeks off, would the workflow stop? |
Don’t try to be precise. Approximations from interviews are fine. You’re ranking leaks, not building a financial model.
Phase 3 (days 15–22): convert leaks to money
Numbers without business consequence don’t drive decisions. Convert each leak to an annual cost or risk.
For a leak that’s “3 hours of manual reconciliation, twice a month, by an accountant earning ₦4M/year”:
Effort: 6 hours/month × 12 = 72 hours/year
Hourly: ₦4,000,000 / 1,800 working hours ≈ ₦2,200
Direct: 72 × ₦2,200 ≈ ₦160,000/yearThat’s the direct cost. The hidden cost is usually 3–5× larger:
- Opportunity cost: what would that accountant produce if she weren’t reconciling?
- Risk-adjusted cost: what’s the probability and impact of an error escaping into financial statements?
- Talent cost: how does this work affect retention? Senior accountants don’t stay long in roles that are 70% data entry.
For each leak, write the total cost as a range: direct cost × 3 to 5. By the end of phase 3 you have a list that looks like:
| Leak | Annual cost | Confidence |
|---|---|---|
| Monthly close reconciliation | ₦8–12M | High |
| CRM/ERP data sync (manual) | ₦15–25M | Medium |
| Customer service ticket triage | ₦4–7M | Low |
| KYC re-verification rework | ₦20–35M | Medium |
This list is the audit’s most valuable artifact. It’s what makes the case for action concrete.
Phase 4 (days 23–30): rank by leverage, not cost
The biggest-cost leak isn’t always the right one to fix first. Three factors determine leverage:
1. Cost of the leak — already quantified. 2. Effort to fix it — straightforward (existing platform configuration), moderate (custom build), or hard (cross-functional change management). 3. Strategic prerequisite value — does fixing this unlock other fixes downstream?
Score each leak on these three axes and the leverage often inverts the cost ranking. A ₦8M/year leak that can be fixed in two weeks and unblocks three downstream fixes is usually higher leverage than a ₦30M leak that takes 9 months and depends on a vendor selection process.
By day 30, you should be able to write a single page that says:
We have identified [N] operational leaks totaling roughly ₦[X]M/year in direct and opportunity cost. We recommend fixing [bottleneck] first because it costs ₦[Y]M/year, can be cleanly resolved in [duration], and is a prerequisite for [downstream fix]. The proposed scope is [N] weeks of work involving [team]. Success looks like [measurable change]. Investment: ₦[Z]M.
That single paragraph is what gets the next phase funded.
What the audit deliberately doesn’t do
A few patterns we explicitly avoid, because they make audits worse:
No “everything is critical” lists. If your audit produces 14 priority recommendations, you didn’t audit — you collected complaints. Pick one or two.
No technology recommendations in week 1. “We should implement [vendor]” is not a finding. It’s a hypothesis to test in phase 4 after the leaks are quantified.
No interviews-only conclusions. What people say happens and what actually happens diverge predictably. Validate by tracing real transactions, not by aggregating interview impressions.
No external benchmarks as the primary driver. “Industry average monthly close is 5 days” is interesting but rarely actionable for your business. Internal trend (your last 6 months) plus internal cost (what the slow close actually costs you) is what drives decisions.
When to bring someone in
You can run a useful audit yourself if you have:
- A leader with cross-functional credibility who can interview without political fallout
- Enough seniority to actually act on the findings
- The discipline to stop at one recommendation, not five
- 30–50 hours of focused time over a month
The reasons companies bring us in are usually:
- Political neutrality — internal audits get diplomatic. External ones can name the actual problem.
- Pattern recognition — we’ve seen the same leaks repeat across solar, logistics, fintech, real estate. The signature is recognizable.
- Sized to act, not just diagnose — our audits feed directly into Fix & Optimize engagements where the same team that diagnosed executes the fix, eliminating the usual diagnostic-to-action handoff cost.
Either way, the output should be the same shape. If your audit doesn’t produce a ranked leak list with money attached and a single fix-first recommendation, it isn’t done yet.
If you’re considering an audit and want help structuring it — or want us to run it — start a conversation. The first 30 minutes is free and we can usually tell within that time whether your situation needs an audit, a build, or honestly neither.
And if you’re not ready to commit, the five signs your business has outgrown spreadsheets is the lighter version of what a phase-1 audit usually surfaces — worth reading first.