Segregation of Duties for Resorts with Limited Staff

Segregation of duties (SoDs) is an important concept in internal control frameworks, financial reporting, and regulatory compliance. The premise of SoD’s is to prevent one employee from having both access to assets and responsibility for maintaining accountability for those assets. As a result of adequately dividing responsibilities across different team members, a company may increase effective internal controls, reduce the risk of potential errors and fraud, and improve the overall control environment. It’s important to keep in mind, however, that SoDs do not prevent collusion.

Why Segregation of Duties is Important

Segregation of duties is critical to effective internal control because it reduces the risk of both erroneous and inappropriate actions. Businesses should attempt to separate functional responsibilities to mitigate the risk that errors, either intentional or unintentional, could be made without being discovered by another person.

However, small and mid-sized resorts often face the problem of properly separating job functions due to limited staffing or resources, especially in today’s age of labor shortages. Having one employee performing such tasks as reconciling the bank statement, paying the company bills, receiving customer payments, and making the related general ledger entries increases the company’s risk of possible employee fraud and theft. This does not mean business owners should simply accept this risk. There are other mitigating procedures that can be implemented to offset risks and strengthen internal controls. The following procedures are simple and can be easily implemented:

Bank Account Review for Transparency

First, consider this simple control: All bank statements should be provided to someone other than the bookkeeper, such as a board member, business owner or the like. This individual should receive the unopened bank statements before the bookkeeper or accountant. While no magic bullet, it has power.

The person who receives the bank statements should simply open the bank statements and review the transactions for appropriateness, paying attention to cleared checks noting payees and amounts. Alternatively, the bank can potentially provide read-only access to this individual in lieu of paper statements. Having a second person to oversee the bank statements is a deterrent for fraudulent activities.

Related: Timeshare Management Companies Share Labor Shortage Solutions

Disbursement Review and Approval

In many cases, fraud is perpetrated by purchasing goods for personal use, which often goes undetected in resorts. Implementing a policy of a payables review and approval before each disbursement cycle is prudent and is an easy way to provide an extra layer of control. When there is a small staff, an owner or board member can review a listing of payables before payment is made to help mitigate the risk of such things as items for an individual’s personal use, gift cards, or other unauthorized transactions occurring.

The point here is to have at least two sets of eyes on transactions. Fraud is less likely to be perpetrated if it is known that someone else will be reviewing transactions and asking questions.

Performing Surprise Audits

Another way to create transparency within smaller businesses can be achieved by periodically scheduling a random inspection or review of financial information. Although these are not opinion audits such as those typically issued by an accounting firm, they can be performed by an accounting firm or done internally by management or by a board member. Consistency and sticking to a periodic, rotating schedule are key to this type of internal control. Make it a policy that the audits will be performed either monthly or quarterly but not specific as to which areas will be examined. Some potential areas of focus are as follows:

• Make sure that all cleared checks are reviewed for appropriate recipients and signatures
• Review all non-recurring journal entries made or entries made outside regular business hours and request an explanation for each
• Inspect bank reconciliations for appropriateness
• If a budget is being utilized, review budgeted numbers to actual (look for unusual variances)
• Request a report of all new vendors added and review for appropriateness

These are just a few ideas of ways to implement mitigating controls in a small to a medium-sized resort with limited team members, and the functions can be rotated among individuals. The idea is that employees know that there is a system of checks and balances in place. A resort should review whether there are other areas unique to its operation where employees may be able to manipulate information and/or assets and identify how to monitor these activities. The ideas above are straightforward and inexpensive to implement, yet they are powerful and can help reduce the risk of possible fraud or theft.

ABOUT WITHUM

Withum is a forward-thinking, technology-driven advisory and accounting firm, committed to helping clients in the hospitality industry be more profitable, efficient, and productive in the modern business landscape. For further information about Withum and its cybersecurity, digital advisory, and hospitality services teams, contact Lena Combs (LCombs@Withum.com) at (407) 849-1569, or visit www.withum.com.