ContactlEmail l Call: (619) 286-5250

Internal Controls: Is Technology Really An Alternative?

By David W. White, CPA, CFE, ISHC

Hospitality industry technology has for several years been at the point where it is possible to operate a hotel of virtually any size or service level with accounting department staffing levels a fraction of what was once necessary. That's both good and bad news. Technology has responded well to increasing needs for more information more quickly. But is there too much reliance on technology and not enough on people when it comes to internal controls?

Two areas should be of particular concern to hotel owners when an operator is in place. The first is centralization of the accounting function, which can eliminate the presence of accounting personnel at the property level. The second is reducing internal audit staff or frequency, or outsourcing the internal audit function.

Centralized accounting is more prevalent in the limited-service sector; however, it is reasonable to expect increasing implementation among properties of higher service levels as operators continue to seek ways to maximize profits. While centralized accounting may be the most inexpensive method of generating financial statements and management reports, it is important that support functions are not running too lean, concerned only with processing data at the lowest possible cost while considering noncompliance with internal controls and increasing exposure to fraud to be a manageable risk. While hardware and software controls may mitigate fraud exposure to some extent with respect to captured transactions, they do not eliminate it. The possibility of unrecorded transactions should also be of concern, especially if there is little or no monitoring at the property level.

The objective of an organization's internal control structure should be internal controls that are adequate overall. The spirit of this objective is to have adequate internal controls in place and functioning throughout the organization. Too much control in some areas and too little control in others misses the point - it's not an "average" concept. Further, what management believes is occurring is sometimes significantly different than what is actually occurring, and what are believed to be compensating controls are not always effective.

Over time, there is a tendency for compliance with internal controls to deteriorate. Deterioration occurs for a variety of reasons, including the trust that naturally develops in working relationships. It's easy for management to take the word of a trusted employee and sign off on a control procedure that wasn't actually performed. Recognizing this occurs, compliance monitoring should include not only checking the physical evidence of compliance, but also observing that controls are operating as intended. Observation is most effective when done on an ongoing basis.

The internal audit function is another key element in maintaining adequate internal control, and it is therefore important to know what an operator is doing in this area. It should not be surprising to find that an operator has reduced internal audit staffing, reduced the frequency of property visits, or eliminated the internal audit function. In some cases, the internal audit function is outsourced. Whether handled internally or outsourced, industry experience among those monitoring compliance with established policies and procedures is key. Inquire as to the background and experience of those performing the internal audit function. Lack of an internal audit function should be regarded as a red flag.

Arguably, fifty percent of internal control is psychological. Therefore, it may be reasonable to be less concerned about fraud simply by creating the perception of control, even if it really doesn't exist. However, in terms of dollars this doesn't mean the potential for loss has been reduced by fifty percent. What it does mean is that people who will commit fraud will be more creative or careful in how they proceed. Expecting managers who may be doing the work of more than one person, or who are not trained in fraud prevention, to recognize unusual activity other than of the most obvious nature is unrealistic.

From an ownership perspective, at the end of the day the best money spent may well be for experienced accounting personnel at the property level.

David W. White, CPA, CFE, ISHC is a sole practitioner based in San Diego, California. He can be contacted via his website www.davidwhitecpa.com or the ISHC website www.ishc.com .

© Copyright 2011


Licensed by the California Board of Accountancy

Accounting and Consulting to the Hospitality Industry

Disclaimer: Information provided on the World Wide Web by the firm is intended for reference only. The information contained herein is designed solely to provide guidance to the reader, and is not intended to be a substitute for professional advice based on specific factual situations. Information on this web site does NOT constitute professional accounting, tax or legal advice and should not be interpreted as such. Further, the firm is not responsible for the content of any web site for which a link is provided. The reader accepts the information as is and assumes all responsibility for the use of such information.