By David Lund
Hot on the heels of creating a hotel policy manual is the newfound ability to create an internal control review process. Policies are all about the rules of the road and the ICR is all about the roadside check stop.
“Excuse me, Sir, have you been drinking tonight?”
“Why no, Officer, we’re just coming back from church.”
In this piece I am going to examine how to create and use the ICR so your hotel and hotel company will have an effective, efficient and low-cost method of catching the rule breakers and most importantly, making sure everyone stays on the right side of the rules and we all make it home safely.
“What gets measured gets improved.” – Peter Drucker
Having a pristine and focused policy manual is an important managerial tool. It puts together the dos and don’ts inside your business. It defines at each critical internal control intersection what the proper policy is to follow in order to safeguard the company’s assets and minimize potential liability. (If you would like to read about how I helped a client create a custom hotel accounting policy manual, have a look here. Article.) However well these policies are written is completely inconsequential without an effective, practical and frequent system to review compliance to the rules.
Remember what Peter says: What we measure gets improved. If you simply set sail with your policies and expect the crew to follow your directions without a frequent review of the effectiveness of the policies, you will certainly be off the course.
In a practical manner what needs to be done to ensure your policies are being followed: You need to test them. Most business people think that is being accomplished by the annual external audit.
Think again. The annual audit is there as a 10,000-foot view into the accuracy of the financial statement. It’s not to review the effectiveness of the internal controls. You need a different function to accomplish this.
You can accomplish internal controls review two different ways
One, establish a company/brand internal audit team. In many large branded hotel companies that’s exactly what they do. They send in the death squad every year or two, usually completely unannounced and they shake down the prisoner’s cells and see what they can find. All attempts at humor aside, this is an effective way to take the temperature of the patient but it’s a big negative from a moral point of view at the property and it is quite expensive to administer. Two internal audit members and a manager’s salaries, plus travel to the hotel and meals, etc., quickly adds up to $20-30K or more that is now a property expense.
Your management and accounting teams’ morale and the time required to feed the auditors their information while on property is taxing to say the least. Resistance to the intrusion is significant and the amount of ground that can be effectively covered in the week or two on property is questionable. How many control points can they effectively review in the time they are assigned to the audit? How much quality information is going to be reviewed and what’s the cost benefit? For large branded hotels this is just part of the game and there is no point arguing with city hall.
Two, a process which works very well on its own or in combination with the company/brand internal audit team is a self-audit system: The Internal Control Review.
The Internal Control Review can be set up and administered to provide regular and thorough checkups on all critical aspects of the hotel accounting policy compliance. For that matter it can be set up to review any part of the business, HR, service, food preparation, security, etc.
