The Communication Audit to Run Before You Expand


The communication tools a business uses at five employees rarely scale cleanly to twenty-five, and the ones that work at twenty-five almost never work at one hundred. The transition points get missed because most owners are focused on hiring, sales and product, and the communication infrastructure is treated as a problem that will solve itself. The result is that growing businesses often discover their communication stack is broken precisely at the moment they need it most, when the team is doubling and the institutional knowledge is no longer concentrated in the founder’s head. A formal communication audit, done before the next round of hiring rather than after, can save the company a meaningful amount of pain and lost productivity over the following year.

Key Takeaways

  • Conduct a communication audit before your next hiring round to identify gaps, reduce friction, and improve productivity as your business grows.
  • Review your communication channels, access permissions, and historical records to eliminate overlaps, security risks, and lost institutional knowledge.
  • Strengthen access governance by matching communication channels and sensitive information with the right employee roles and permissions.
  • Treat your communication infrastructure as an ongoing business discipline to support future growth, smoother onboarding, and better decision-making.

What a communication audit actually looks at

The audit is not about reviewing the tools the company subscribes to. It is about reviewing what channels are actually being used for which kinds of conversations, who has access to which historical records, and where the gaps and overlaps create friction or risk. The audit usually surfaces several common patterns that the leadership team did not realize were happening. Decisions getting made in informal Slack DMs that nobody else can find later. Client conversations happening on the personal phones of sales staff. Project context buried in email threads that new hires cannot search. Compliance-sensitive conversations happening on consumer messaging apps that the company has no record of.

Communication audit checklist to run before you expand

The communication channels that get overused

Most growing businesses have one or two communication channels that are doing significantly more work than they were designed for. Slack is the most common example, with companies routing internal chat, project management, document sharing, decision logs, customer support and external partner communication through the same tool. The channel becomes a single point of failure, much like the patterns described in coverage of how fast-growing companies build high-performing teams, and the institutional knowledge it contains becomes inaccessible to anyone who joined after a given date because the search experience does not scale well across years of dense threads.

The opposite pattern shows up just as often. Companies that have invested in too many specialized tools end up with so much channel fragmentation that nobody knows where to find anything. The marketing team uses one tool, the sales team uses another, the product team uses a third, and cross-functional conversations end up happening in the channel that the most senior person prefers. The fragmentation produces the same effect as the overuse pattern, just from the opposite direction.

The security and privacy comparison that matters most

When growing businesses evaluate which messaging channels to formalize, they usually compare the consumer apps employees are already using. LeapXpert, a vendor that works extensively with companies on communication governance, has published a detailed comparison of signal vs whatsapp security as compared by Leapxpert that covers the encryption protocols, metadata handling, and business-use considerations that matter for the kind of conversations a growing team needs to protect. The comparison is worth reading before the company commits to a default channel, because the technical differences between the two apps produce meaningfully different compliance postures.

What growing teams typically get wrong about access

Access governance is the part of the communication stack that most growing businesses underinvest in. The default at five employees is that everyone has access to everything, because the team is small enough that the assumption works. The default at twenty-five employees should be different, but it usually is not, because nobody made a deliberate decision to change it. The result is that confidential conversations, financial information, and sensitive customer data are accessible to staff who do not need access, creating risks of the kind that Electronic Frontier Foundation guidance on workplace surveillance and access has flagged for years as invisible until something forces it into the open.

The audit step that addresses this is straightforward. Each channel and each historical archive gets categorized by sensitivity. Each role gets mapped to a set of access permissions. The current state gets compared to the intended state, and the gap gets closed. The work is not technically complex. It just requires somebody to do it, and the somebody usually does not exist on the org chart of a growing business until the audit creates the role.

The handoff documentation problem

Growing businesses also tend to have inadequate documentation around handoffs. When a sales rep leaves, the conversations with their accounts go with them. When a project manager moves teams, the project context is lost. When the founder stops being the bottleneck for every decision, the institutional knowledge they accumulated is not transferred systematically to the next layer of leadership, raising the kinds of questions Citizen Lab research on communications security routinely surfaces around custody of sensitive records. The communication audit forces this issue by asking, for each role, what would need to happen for the conversations and decisions that role generates to be accessible to a successor.

The documentation work that comes out of this is usually significant, but the cost of not doing it is higher. Companies that handle handoffs well tend to scale through transitions smoothly. Companies that handle them badly tend to discover, six months after a key departure, that they have lost institutional knowledge that they did not realize was concentrated in one person until that person was gone.

leadership development plan

When to do the audit relative to hiring decisions

The audit should happen before the next significant hiring round, not after. The reason is that the hiring round is the event that exposes the gaps in the current communication infrastructure. New hires need to be able to find information, get up to speed, and integrate into the team’s conversations. If the infrastructure cannot support that for the existing team, it cannot support it for the new hires either. The companies that do the audit ahead of hiring tend to integrate new staff faster and with less friction. The companies that do the audit after hiring tend to discover that the new staff struggled for their first three months because the infrastructure was not ready for them.

The audit itself does not need to take long. A two-week effort with clear scope is usually enough to surface the major issues and produce a remediation plan. The remediation work takes longer, but the assessment is fast.

Why the audit pays off long after the immediate findings are addressed

The most useful effect of the communication audit is not the immediate fixes it produces. It is the cultural shift toward treating communication infrastructure as something the company actively manages rather than something it lets happen by default. The companies that internalize this shift tend to make better decisions about new tools, new policies, and new hires going forward. The companies that treat the audit as a one-time exercise tend to drift back into the same patterns within six months. The audit is useful as a snapshot, but it is most useful as the start of an ongoing discipline that the leadership team commits to maintaining as the business grows.

Want to learn the proven strategies top businesses use? Try searching ‘small business consulting‘ to connect with an expert in your area!

Frequently Asked Questions

What is a communication audit for a growing business?

A communication audit reviews how your business actually communicates, including which channels are used, who has access to information, where important conversations are stored, and where communication gaps or inefficiencies exist. Its goal is to improve collaboration, security, and operational efficiency before growth creates larger problems.

When should a business conduct a communication audit?

The best time to conduct a communication audit is before a major hiring phase. Reviewing your communication systems ahead of growth helps new employees access information more easily, reduces onboarding friction, and prevents communication bottlenecks as the team expands.

Why is communication governance important for growing businesses?

Communication governance helps businesses protect sensitive information, control access to communication channels, improve documentation, and preserve institutional knowledge. As companies grow, clear governance reduces security risks and makes team collaboration more consistent and scalable.

Business performance scorecard questionnaire for business coaching leads and clients



Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


Insurance premiums go up and then they go up some more. The amounts can be substantial. This is particularly true for businesses that offer insurance to employees or that insure more types of risks.

And many business owners note that while they pay substantial insurance premiums, the insurance companies often do not have high payouts. This is because there be very few or even no claims submitted.

This is where captive insurance comes in. It is an arrangement where by a business or businesses get into the insurance business for their own risks. To oversimplify, they basically form entities and operate their own insurance companies.

This can make business sense. It can also result in a large tax deduction. That is where the IRS comes in. The IRS has a history of challenging captive insurance arrangements. In these cases the fundamental question is often whether the arrangement truly involves the essential insurance characteristics of risk-shifting and risk-distribution or is it just a tax play?

Given the size of the tax deductions at issue, the court decisions in the tax cases for captives have defined the industry. This brings us to the Swift v. Commissioner, No. 24-60270 (5th Cir. July 2025), case, which gets into whether a captive insurance arrangement has adequate risk distribution.

Facts & Procedural History

The taxpayer was the founder and sole proprietor of an urgent care center. It had 18 locations. He also owned two smaller medical entities that focused on sports rehabilitation and dermatology.

In 2004, the taxpayer explored creating captive insurance companies. He worked with a tax lawyer who specialized in forming and maintaining such entities.

The issue in this case involved the tax years 2012 through 2015. During this period, the taxpayer operated two captives incorporated in the Federation of Saint Christopher and Nevis. Each captive was owned by a trust benefiting one of the taxpayer’s children. The taxpayer and spouse served as trustees. During these four years, the medical practice paid $5.98 million in premiums to the captives. The taxpayer claimed these payments as business expense deductions.

The captives issued two main types of coverage. First, they provided medical malpractice “tail” policies. These policies covered claims related to professional services rendered before the policy period but reported afterward. The policies covered the practice’s physicians back to their start dates. Physicians acknowledged coverage annually and bore responsibility for deductibles and losses exceeding policy limits. Second, the captives issued various nonmedical coverage policies for administrative actions, business income, employment practices, litigation expenses, terrorism, and political violence.

The taxpayer’s attorney advised that the captives needed risk distribution. To achieve this, the captives participated in reinsurance pools. These pools consisted of approximately 100 captive insurance companies. The pools were designed to ensure that at least 30% of each captive’s premiums came from unrelated business through quota-share reinsurance arrangements.

As with most of the articles on our site, the problem started with an IRS audit. The IRS issued notices of deficiency that proposed to disallow the premium payment deductions and imposed 20% accuracy-related penalties. The deficiencies totaled over $2.4 million across the four tax years.

The taxpayer petitioned the U.S. Tax Court. The court sustained both the deficiencies and penalties. The case then went up on appeal, which is the subject of the court opinion we are covering here.

What Constitutes Insurance for Tax Purposes?

The starting point for considering this issue is, what exactly is insurance for tax purposes? It sounds simple, but it is not.

The tax code does not define “insurance.” So, when there is a question, the courts have to determine when premium payments are for “insurance” and qualify for business expense deductions under Section 162(a).

The U.S. Supreme Court established that insurance involves two fundamental elements. These elements are risk-shifting and risk-distribution. Risk-shifting occurs when the insured transfers the financial consequences of potential losses to the insurer. Risk-shifting analysis focuses on whether the insured has genuinely transferred the economic burden of potential losses to another party. This element is usually satisfied in captive insurance arrangements. The captive assumes contractual responsibility for covered claims.

The more challenging requirement typically involves risk-distribution. Risk-distribution spreads those transferred risks across a sufficiently large pool of independent risks. With this requirement, the IRS has consistently emphasized that these requirements must be met in substance–not merely in form. This is the nature of the IRS’s position when litigating these cases.

Why Risk Distribution Matters in Insurance

Risk distribution is the foundation of insurance economics. It distinguishes true insurance from mere self-insurance or family arrangements.

This concept relies on the statistical principle known as the law of large numbers. The law demonstrates something important. When a sufficiently large number of independent risks each have an annual loss probability of X percent, there’s an extraordinarily small likelihood that the actual loss percentage will deviate significantly from X percent.

I am a lawyer, not a mathematician, but I happened across an article by a mathematician explains this concept to laymen using a simple coin-flipping example. It goes like this. If you flip a coin ten times, you might get seven heads and three tails. This represents a significant deviation from the expected 50-50 outcome. However, if you flip that same coin one million times, the percentage of heads will almost certainly approximate 50 percent. Insurance operates on this same principle.

When an insurer covers thousands of independent risks, it can accurately predict total losses for the group. Individual losses remain unpredictable. This predictability allows the insurer to set appropriate premiums. The insurer can maintain adequate reserves and operate profitably while providing meaningful coverage to policyholders.

So back to risk distribution. Without sufficient risk distribution, an insurer faces a problem. A single catastrophic claim could exceed all collected premiums and reserves. This is because the law of large numbers only functions effectively when the underlying risks are truly independent. Risks that are correlated or concentrated in related entities create problems. A single event could trigger multiple claims simultaneously. This defeats the statistical predictability that makes insurance economically viable.

How Many Risks Are Enough for Distribution?

So that is the economics of it. But what does that mean from a practical standpoint? How many risks are enough?

The courts have struggled to establish an exact numerical threshold for adequate risk distribution. Instead, courts analyze each case based on its particular facts and circumstances. However, examination of successful captive insurance cases reveals patterns. These patterns show the scale necessary for meaningful risk distribution and the captive insurance industry has picked up on this.

For example, the U.S. Tax Court found adequate risk distribution in the Rent-A-Center, Inc. v. Commissioner case. In that case, the captive provided workers’ compensation, automobile, and general liability insurance for 14,000 to 19,000 employees. The captive also covered 7,000 to 8,000 vehicles and 2,000 to 3,000 stores. Similarly, in Securitas Holdings, Inc. v. Commissioner, the court accepted risk distribution where the captive covered 25 to 45 entities across more than 20 countries. That captive insured more than 200,000 employees and 2,000 vehicles.

These cases show that courts typically require exposure units numbering in the thousands or tens of thousands, not hundreds. The vast scale reflects the statistical reality. Meaningful risk distribution requires substantial numbers of independent risks. This achieves the predictive accuracy that characterizes genuine insurance.

Can Reinsurance Pools Create Risk Distribution?

The question then becomes, what constitutes the appropriate “exposure unit”? If you can define the unit narrowly, then maybe you can get higher numbers and satisfy the risk distribution requirement. Different measurement approaches can yield dramatically different risk counts.

So businesses may not have sufficient direct business to achieve risk distribution. When this happens, they may remedy this through participation in reinsurance pools. These arrangements allow multiple businesses to transfer portions of their risks to a common pool. The business formats its captive and the captives simultaneously assume quota-share responsibility for the pool’s blended liability.

Conceptually, reinsurance can transform a captive’s limited, related risks. It can create participation in a much larger, diversified risk pool. If properly structured, a captive that insures only its parent company’s risks might achieve meaningful risk distribution. This happens by trading those concentrated exposures for a proportional share of the pool’s diverse, unrelated risks.

However, the success of this depends entirely on something specific. The reinsurance transactions must constitute genuine insurance arrangements. They cannot be circular movements of funds designed primarily to create favorable tax characterization. These are the cases that the IRS pushes to litigation. And the courts then examine the structures with particular scrutiny as the cases they see, now, are usually only the ones that are closer calls. The courts analyze whether the structures involve real risk transfer and arm’s-length transactions.

This brings us to the Harper Group v. Commissioner case. In that case, the court established important precedent that the captive insurance industry uses. It found adequate risk distribution where 29 to 33 percent of the captive’s business involved insuring unrelated entities. This created an informal “30 percent rule.” Many practitioners have adopted this as a target threshold for risk distribution for captive insurance arrangements.

What Made This Reinsurance Pool Arrangement Fail?

This brings us back to this case. In this case, the appeals court analyzed the reinsurance pools and concluded that they did not achieve meaningful risk distribution. The court examined multiple factors in determining whether the pools constituted genuine insurance arrangements or merely paper transactions designed to create favorable tax treatment.

The court focused on the circular flow of funds between the captives and the reinsurance pools. The court noted that the captives paid premiums to the pools for reinsurance coverage, but the captives simultaneously received nearly identical amounts back as premiums for their quota-share participation in the pools’ blended risks. The amounts received ranged from 94.98% to 99.59% of the amounts paid across the four tax years. The court noted this as circular arrangement.

The court also considered the pools’ capitalization. They did not have the financial ability to function as genuine insurers as they were underfunded. The court noted that the pools appeared “thinly capitalized.” The court concluded that the pools would struggle to pay meaningful claims. This led the court to question whether any reasonable business would enter such contracts absent tax motivations.

The court also questioned the premium-setting methodology. The parties did not use actuarial analysis to determine appropriate pricing based on covered risks. Instead, the evidence showed that the advisor and actuary “were simply manipulating numbers to design a system where 30% of total premiums would be allocated to reinsurance before being retroceded back.” The pools charged uniform percentages to all participating captives regardless of their individual risk profiles. The pools also allowed captives to choose their own reinsurance percentages for certain coverage types to achieve desired overall allocation targets.

The court noted that the arrangements also included various features designed to discourage actual use of the reinsurance coverage. These features included requiring captives to pay substantial retained limits before making claims. The pools also had authority to exclude members who submitted excessive claims. The court said that these provisions suggested that the arrangements were not intended to function as genuine insurance.

Ultimately, the appeals court sustained the tax court’s opinion. The result was a loss of the business deduction for the insurance premiums.

The Takeaway

This case shows that captive insurance arrangements have to have to be insurance. Participation in reinsurance pools does not always mean there is risk distribution. This is particularly true when the pools operate as circular fund flows rather than genuine insurance arrangements.

Businesses with or considering captive insurance structures need to consider the scale of operations for achieving adequate risk distribution and assess whether their risk profiles involve sufficient independent exposures to support genuine insurance economics. They also need genuine risk transfer rather than circular transactions, adequately capitalized pools, and they should charge actuarially appropriate premiums and operate with meaningful independence from participants.

This is an area where tax planning is needed to try to avoid the type of result in this case.

Watch Our Free On-Demand Webinar

In 40 minutes, we’ll teach you how to survive an IRS audit.

We’ll explain how the IRS conducts audits and how to manage and close the audit.  



Source link