Hotel Financial Security: Are Your Vendors Real?
By Peter Goldmann, President, FraudAware Hospitality
Despite the constant barrage of news about corporate theft and fraud, there are still far too many situations in which hospitality companies unknowingly pay criminally-minded individuals or phony companies posing as legitimate vendors.
How is it possible that "legitimate" companies have a private mailbox at the local UPS Store, a private residence, or even a prison address? Or that invoices a month apart with consecutive numbers both get paid? Or "invoices from a "vendor" whose address happens to match that of a company employee get paid?
To avoid such frauds your company must have in place tight controls for the...
Vendor Master Set-Up
The Vendor Master set-up process requires appropriate-and continuously enforced-segregation of duties.
Details: The individual or department authorizing a vendor should be in a department other than that of the team processing invoices and generating disbursements.
When establishing segregation of duties for the Vendor Master set-up, Christine Doxey, Vice President of Account Management at Apex analytix, a leading recovery audit consulting firm urges companies to include employees who are responsible for the business process and those who are provided with systems access.
Caution: Even where it may appear that segregation of duties exists, ensure that system access is controlled to allow use only by individuals authorized to process specific transactions.
In addition to the red flags of fraud mentioned above, says Doxey, any of the following details appearing in your payables process could indicate that your Vendor Master set-up process is vulnerable to financial abuse...
Additional controls to consider for the Vendor Master set-up process include:
Essential final step: Require vendors to complete a vendor profile form that provides information that further increases your ability to verify their legitimacy.
With a vendor profile, the vendor is required to provide certain documents that include sales tax certificate, city business license, names of key officers (to screen for conflict of interest), physical business address, daytime phone number, and other confirmable data. Example of a vendor profile form...
The process of continuously monitoring vendor transactions includes a review of the controls as noted above for the Vendor Master set-up process. The review should include selecting a sample of vendors as well as reviewing the supporting documentation for the validation of new vendors or changes of address.
All system-generated audit reports must be reviewed - not only for segregation of duties, but to determine if a vendor address has been fraudulently altered and then immediately changed back to the original address.
Important: Review invoice attributes throughout the process to determine if specific vendors may be perpetrating fraudulent activities. Common suspicious attributes...
Critical added control: Vendor Master clean-up. As part of its continuous monitoring process, the company should periodically review all duplicate vendors and initiate a vendor master clean-up procedure.
The clean-up process will alleviate duplicate vendors that have been set-up for the same vendor at the same address.
Example: There could be a slight difference in spelling or the use of abbreviation.
Key: It is much easier to control a smaller vendor master than a large one.
The Power of Real-Time Continuous Monitoring
Continuous monitoring on a real time basis quickly identifies potentially fraudulent vendors and determines whether your Vendor Master set-up controls are working properly. If there is a concern about a specific vendor, raise the issue with your internal controls or internal audit department after performing an evaluation of internal controls within the procure-to-pay process. If a control weakness is identified, immediately adjust the control and increase the sample size of the test. To choose the right continuous monitoring software vendor:
Peter Goldmann is the Developer of FraudAware/Hospitality, the first on-line fraud awareness training course for hospitality managers, supervisors and line employees. He is is the publisher of the monthly newsletters, White-Collar Crime Fighter and Cyber-Crime Fighter. His company, White-Collar Crime 101 LLC also is the developer of FraudAware/Hospitality, a customizable Web-based fraud awareness training course for managers, supervisors and line employees. He is a member of the Association of Certified Fraud Examiners, and The International Association of Financial Crimes Investigators. Mr. Goldmann can be contacted at 203-431-7657 or email@example.com Extended Bio...
HotelExecutive.com retains the copyright to the articles published in the Hotel Business Review. Articles cannot be republished without prior written consent by HotelExecutive.com.