Check out our exclusive 3-part series on how to prevent employee theft and fraud. In Part 1, we will discuss how to implement back-of-house controls effectively.

Picture the perfect employee. He’s charming, and well-connected in the community, which translates into many group and event bookings generating significant revenue for your hotel. Over the many years he’s been working for you, he’s happily taken on more and more responsibility. His strong people skills and relationships with customers mean he’s the natural person to pursue collections, and with the majority of your receivables in the current category, he’s doing a great job. He’s always looking for a new challenge, so he’s been cross trained on some of the accounting functions, specifically recording the payments he receives from customers. This was originally a temporary solution when you had some staff turnover a few years back, but he’s doing such a great job it’s become part of his regular duties.

If warning bells aren’t going off yet, they should be. The scenario I’ve described is based on a real situation where the employee defrauded the hotel of millions of dollars over a number of years.
Employees who commit theft and fraud need both the motivation and opportunity. A weak internal control environment provides an opportunity that can be exploited, thereby increasing the risk of employee fraud. Internal controls are a series of checks and balances that ensure a business is operating in the optimal manner, and that its financial reporting is reliable.

This 3 part series will focus on those internal controls that can be implemented throughout a hotel operation to prevent or detect employee theft and fraud, specifically:

• Back-of-house controls (Part 1);
• Front-of-house controls (Part 2);
• IT monitoring controls (Part 3);
• Physical-access controls (Part 3).

Back of House

Poor internal controls in the back-of-house functions typically provide staff with the opportunity to commit more significant frauds than those in the front of house. Many back-of-house controls hinge on the concept of segregation of duties, which means that more than one person is required to complete a task/transaction. Segregation of duties can include separation between the people who initiate, authorize, and complete a transaction, or segregation between the custody of assets and accounting for those assets in the accounting system.

For example, the person who opens mailed cheques (as well as the person who deposits cash and cheques into the bank account) should not record the receipts in the accounting system, or there is the opportunity for the individual to pocket the cash and cover their tracks. Given the opportunity to manipulate data in the accounting system, it can take months or even years before such a fraud is discovered, often after hundreds of thousands or even millions of dollars go missing.

Another example of  segregation of duties involves segregation between the person who sets up new employees and vendors  or payment, and the person who processes payments. Without segregating these two functions, someone could set up fictitious employees or vendors and pay themselves. As an additional control, system-generated reports showing new vendors and new employees should be reviewed on a regular basis to ensure that they represent valid payees.

A related internal control to segregation of duties is ensuring that employees take their allotted vacation every year. Having someone else perform an employee’s job for a few weeks a year ensures that the job is being performed in the appropriate manner, and provides the opportunity to discover and remedy any irregularities that may be occurring.

Check back for Part 2 next week!