HFTP Blog
April 14, 2021

Ramping up Hotel Internal Controls Post-Pandemic

Finance
Written by Neil Grammer, CPA — Contributor

With two major “black swan” events within 12 years of each other, we can learn from the 2008 financial crisis to help ensure internal controls and business processes are working properly as the hotel industry ramps back up.

To survive the COVID-19 pandemic, most hotels have had to drastically reduce staffing, eliminating typical internal controls and segregation of duties. These controls are designed to make sure no single individual can execute transactions that will intentionally divert funds from the hotel for illicit purposes.

For example, the person receiving and opening payments from customers should not also be preparing the bank deposit or have access to the PMS to adjust the city ledger. Without adequate staffing, controls like these may have been eliminated or multiple levels of access given to one individual to keep the business running during the pandemic.

Controls also help the hotel run efficiently by identifying potential operational or guest service issues before they become widespread, impacting the guest experience and brand guest satisfaction scoring. Interestingly, hotels with good internal controls typically have good guest service scores, as well.

How to Ramp Up Hotel Internal Controls

As we saw after the financial crisis, hotels will slowly start to reinstate normal internal controls as operations ramp back up. Here are some things to consider:

  • Password control. Ensure all administration passwords for the PMS, POS and other hotel systems are changed, and audit the levels of access granted to each associate.

  • User maintenance. Run an active current user list for all users and ensure that only current associates remain active. Terminate or make inactive all other non-active associates. Also, ensure their access is appropriate for their role....(For example, not all front desk associates should have access to credit card information.)

  • Segregation of duties. Along with the obvious requirement to segregate cash receipt duties between opening mail and recording checks received, posting to accounts receivable and making the actual deposit, make sure the person performing the reconciliation is not involved in the cash handling process.

  • Separate deposits. If not already a current practice, separate the bank deposit into two distinct deposits. One each for currency and checks. This will help prevent “check kiting,” where accounts receivable checks are substituted for cash.

  • Daily report review. To help identify and prevent large fraudulent or unnecessary operational losses, these reports should be reviewed daily:

    • The accounts receivable check posting report shows where checks were posted in the city ledger. Posting to unapplied cash or generic accounts for OTAs, brand reward accounts, or crew accounts can hide fraud or create billing nightmares. Cash should be posted to the exact billing account.

    • Credit card credit activity report should be reviewed, and all credits must be supported by a folio and detailed notes as to why the credit was issued. Credits to accounts that exceed the original charge should be reviewed and approved by the director of finance.

    • All credits, rebates and allowances should be reviewed to ensure proper approval and to understand if underlying operational, mechanical or associate issues are causing guest service problems or associates are diverting funds for personal use.

What Hotel Fraud Looks Like

The largest and most far-reaching fraud activities usually have these things in common:

  1. The perpetrator had excessive access to systems and processes that allowed them to hide fraudulent transactions and thereby circumvent segregation of duties and internal controls.

  2. The individual was often a trusted and long-term dedicated employee that was well-liked and respected within the hotel or company.

  3. To hide and confuse any possible detection, the associate would often make a high number of journal entries during, and especially at, month-end to hide their activity and confuse or intimidate anyone who may have to review, approve or make sense of the entries....

  4. The perpetrators were able to explain away the situation, as they were trusted and respected and were deemed experts capable of handling these types of complex issues.

As our hotels ramp up for the return to normal travel and meetings in the coming year, please keep in mind that internal controls are there to not only protect the hotel assets, but they are also there to help keep honest employees honest.

Controls are also a powerful tool to assist operations teams in identifying guest service issues that could have a direct impact on reputation and GSS which equal future rate and demand. They can help manage food and liquor costs as well as reduce overtime and other payroll related costs. These can include meal break and other payroll time reporting fines and penalties. So, controls should not just be confined to something that the finance department comes around occasionally to check on because of an impending compliance deadline. Controls should be part of the everyday responsibility of all associates if a hotel is to achieve top and bottom line growth.

Neil Grammer, CPA is a consultant at Strategic Solution Partners and executive managing member of Grammer & Associates, which provides accounting, audit and advisory services to hospitality, healthcare and not-for-profit organizations.

education efficiency finance fraud prevention guest service HFTP hospitality hotels internal controls operations pandemic reputation