IN­TER­NAL AU­DIT & FRAUD CON­TROL IN HO­TELS

Hospitality 9ja - - Content -

In­ter­nal Au­dit­ing is an in­de­pen­dent, ob­jec­tive as­sur­ance and con­sult­ing ac­tiv­ity de­signed to add value and im­prove an or­ga­ni­za­tion's op­er­a­tions to ac­com­plish its ob­jec­tives by bring­ing a sys­tem­atic, dis­ci­plined ap­proach to eval­u­ate and im­prove the ef­fec­tive­ness of risk man­age­ment, con­trol and gov­er­nance pro­cesses.

The Chal­lenges

The di­ver­sity of the com­plex is­sues in the ho­tel in­dus­try – right from rate con­tract­ing to en­gi­neer­ing to mar­ket­ing to ser­vice de­liv­ery which would take time to grasp for new­comer; The com­plex­ity of the in­for­ma­tion sys­tems. Dif­fer­ent sys­tems are used for var­i­ous pro­cesses/de­part­ment: Opera for PMS, Mi­cros/sym­phony for F&B. MC/ADACO for Stores/pur­chas­ing, SUN/SAP for nan­cials, etc. In the ab­sence of one ERP, au­dit­ing var­i­ous sys­tems can be com­plex. Un­cer­tain­ties of risk pro­fil­ing – Due to the un­pre­dictabil­ity of the in­dus­try per­for­mance, it is difcult to plan what risks to au­dit around be­cause com­pletely new risks may emerge while at it that may af­fect work; In­ad­e­quacy of suf­fi­ciently qual­i­fied au­di­tors – get­ting key staff who would work with­out su­per­vi­sion while grasp­ing the com­plex is­sues is a chal­lenge. It is just not enough to have a de­gree or ACA, ACCA, CPA, CIA, etc.; Changes in pro­cesses within the var­i­ous ser­vices of­fered to guests may mean change in pro­cesses com­pli­cat­ing au­dit­ing around these. They may not be com­mu­ni­cated on time to all, in­clud­ing au­di­tors; Ab­sence of Board Risk & Au­dit Com­mit­tees in the case of non – reg­u­lated com­pa­nies.

Fraud Con­trol:

"So how are we do­ing in the restau­rant this week?" or "It seemed to be pretty empty this week­end, how did that new pro­mo­tion work out?" are only two of many ques­tions that ho­tel op­er­a­tions man­age­ment teams may be ask­ing, but need to know on a reg­u­lar ba­sis. The an­swers to these ques­tions, and other sim­i­lar ones, should be read­ily avail­able from the ac­count­ing and nance group. The re­sults be­ing re­ported need to be ac­cu­rate so that the op­er­a­tions man­age­ment team can make in­formed de­ci­sions about the busi­ness. The key ques­tions that in­ter­nal au­di­tors need to ask them­selves are: "Does the nan­cial in­for­ma­tion make sense?" and "Are we pro­tected from fraud?" Strong nan­cial con­trols help in­ter­nal au­dit­ing and the op­er­a­tions team have condence in the num­bers be­ing re­ported to man­age­ment and help pro­tect the or­ga­ni­za­tion's as­sets. As in any area of op­er­a­tions, whether it be rooms, food and bev­er­age, or other rev­enues, the nan­cial con­trols need to be doc­u­mented, as­sessed, re­vised, and strength­ened where nec­es­sary and tested reg­u­larly. Due to the cur­rent trou­bled eco­nomic en­vi­ron­ment, the like­li­hood that fraud will oc­cur has in­creased signicantly. The pres­sures on em­ploy­ees and cus­tomers have in­creased through lower or lost wages, spouses be­ing out of work, and lack of med­i­cal in­surance. These tough times also have al­lowed po­ten­tial fraud­sters to eas­ily ra­tio­nal­ize the fraud that they are con­tem­plat­ing. Many fraud per­pe­tra­tors say they are "just bor­row­ing the money to pay my kid's school fees" or "us­ing the money to help out un­til their spouse gets a job." Other com­mon ra­tio­nal­iza­tions in­clude: "They will never miss 5000 Naira a day with all the money they make," "They don't pay me enough any­way." Op­er­a­tions has lit­tle con­trol over most of those pres­sures and ra­tio­nal­iza­tions but it does have con­trol over the op­por­tu­nity. By eval­u­at­ing and strength­en­ing the nan­cial in­ter­nal con­trols of the op­er­a­tion, in­ter­nal au­di­tors can greatly re­duce the op­por­tu­nity com­po­nent.

Strength­en­ing Fi­nan­cial Con­trols

When assess­ing the cur­rent state of an or­ga­ni­za­tion's nan­cial con­trols, be­gin by de­ter­min­ing which nan­cial pro­cesses pose the most risk. One way in­ter­nal au­di­tors can as­sess nan­cial con­trols is by look­ing at all of the func­tions and pro­cesses in ac­count­ing and nance and ask­ing if a process were "bro­ken" and ac­tiv­i­ties were not get­ting done cor­rectly, how much trou­ble would that cause the or­ga­ni­za­tion? For ex­am­ple, if for some rea­son checks were not cut or the ac­counts payable sys­tem did not func­tion and sup­pli­ers were not paid, goods and ser­vices would no longer be com­ing in and things would get dicey. In this ex­am­ple, the cash dis­burse­ments process would be an area where in­ter­nal au­di­tors would want strong nan­cial con­trols in place. Ad­di­tion­ally, within the cash dis­burse­ments pro­cesses, em­ploy­ees could set up fake ven­dors, cut fraud­u­lent checks, or make deals with sup­pli­ers to de­fraud the ho­tel. An­other ex­am­ple of an area where strong con­trols are ab­so­lutely es­sen­tial would be within the pay­roll func­tion. Pay­roll is such a huge ex­pense for all op­er­a­tions that the slight­est weak­ness or gap in the con­trols could have dis­as­trous re­sults. Em­ploy­ees could be paid in­cor­rectly and once again, un­scrupu­lous em­ploy­ees could ex­ploit gaps and weak­nesses in the con­trols to per­pe­trate frauds such as hav­ing cti­tious em­ploy­ees on the pay­roll, not record­ing va­ca­tion, or over­pay­ing them­selves, rel­a­tives, and friends. In ad­di­tion to the po­ten­tial for fraud in the op­er­a­tion, with­out strong nan­cial con­trols it would be easy for in­no­cent mis­takes to al­low a ma­jor re­port­ing er­ror to go un­de­tected and cause man­age­ment to make an in­cor­rect de­ci­sion, which could po­ten­tially cost large amounts of money. Strong nan­cial con­trols not only help pre­vent and de­tect fraud, but they also help de­tect true mis­takes in the ac­count­ing and man­age­ment re­port­ing.

Other risk ar­eas within an op­er­a­tion in­clude con­trols around cash, nan­cial re­port­ing, gen­eral ledger ac­count rec­on­cil­i­a­tion, and in­ven­tory (par­tic­u­larly in the food and bev­er­age area), as well as con­trols around the ho­tel front desk. Many times when these ar­eas are au­dited, nu­mer­ous dis­crep­an­cies sur­face and the rst ques­tions clients will ask are: "How long has this been go­ing on?" The above-men­tioned items are not meant to be com­plete by any means; rather, they should get au­di­tors think­ing out­side the box in their risk as­sess­ment and au­dit plan­ning and pro­vide a start­ing point for their au­dit.

Rem­e­dy­ing Gaps and Weak­nesses

Once au­di­tors have per­formed their risk as­sess­ment and have identied the ar­eas that they feel are at risk within their or­ga­ni­za­tion, they need to as­sess the con­trols cur­rently in place. Re­view the poli­cies and pro­ce­dures for each of those ar­eas, in­ter­view­ing staff at all lev­els within the par­tic­u­lar ar­eas and ob­serv­ing them per­form­ing the var­i­ous func­tions. Af­ter doc­u­ment­ing the cur­rent state, au­di­tors should de­ter­mine whether the con­trols are ad­e­quate to mit­i­gate or pro­tect the or­ga­ni­za­tion from the risks, or if there are weak­nesses or gaps that need to be ad­dressed and cor­rected. To best ac­com­plish this, the op­er­a­tion should pre­pare re­me­di­a­tion plans with a time line and iden­tify re­spon­si­ble peo­ple. The in­ter­nal au­dit team should re­view the plan, and once the re­me­di­a­tion plans have been de­vel­oped and are in progress, it is im­por­tant to mon­i­tor progress reg­u­larly. Hav­ing the op­er­a­tions staff re­spon­si­ble for the re­me­di­a­tion send pe­ri­odic up­dates to the in­ter­nal au­dit team would be an ex­cel­lent way to mon­i­tor each of the var­i­ous re­me­di­a­tion plans. Once the re­me­di­a­tion plans have been com­pleted and the re­vised con­trols have been in op­er­a­tion for a few months, in­ter­nal au­dit­ing should test com­pli­ance with, and the ef­fec­tive­ness of, the new con­trols. When the re­views have been com­pleted with sat­is­fac­tory re­sults, in­ter­nal au­dit­ing should add the ac­count­ing and nance de­part­ments to its au­dit plan and sched­ule, so that the nan­cial con­trols are be­ing mon­i­tored reg­u­larly go­ing for­ward.

Hos­pi­tal­ity Fraud

A good ho­tel manager nat­u­rally wants to spend most of his or her time meet­ing and greet­ing guests than autho­riz­ing guest re­fund re­quests; mon­i­tor­ing check – in pro­ce­dure or ver­i­fy­ing em­ployee time card ac­cu­racy. Re­sults: Dis­hon­est em­ploy­ees, guests and sup­pli­ers of­ten have nu­mer­ous op­por­tu­ni­ties to ex­ploit miss­ing or awed anti – fraud con­trols. Losses to fraud are the in­evitable re­sult. Among the ma­jor rea­sons that hos­pi­tal­ity com­pa­nies are ex­posed to high lev­els of fraud is that the in­dus­try's cul­ture fre­quently em­pha­sizes cus­tomer ser­vice over in­ter­nal con­trols that go into run­ning a ho­tel, re­sort or restau­rant. No prob­lem with that, right? Bet­ter cus­tomer ser­vice equals more re­peat busi­ness, means big­ger prots. But it comes with a hefty price. When line em­ploy­ees, su­per­vi­sors, man­agers and se­nior ex­ec­u­tives are fo­cused so nar­rowly on get­ting cus­tomers to come back, nan­cial con­trols in­evitably get short-changed.

Hos­pi­tal­ity Fraud: Lessons Learned

Prop­erly de­signed in­ter­nal con­trols can never be tight enough in a hos­pi­tal­ity prop­erty. Dis­hon­est ho­tel, restau­rant and bar em­ploy­ees and guests seem to al­ways nd new ways to steal. The com­pany's au­dit and ac­count­ing de­part­ments, in co­op­er­a­tion with man­age­ment, must con­tin­u­ously re­view ex­ist­ing con­trols… im­prove on them and care­fully screen for new tricks that em­ploy­ees and out­siders are inventing to steal their money.

Newspapers in English

Newspapers from Nigeria

© PressReader. All rights reserved.