The Bleser Report
In today’s edition we address the following topics:
Sales Managers what are you thinking?
I will admit back in the day when I was in food and beverage I was often “amazed” at what sales/catering managers were able to get away with. Sure it cost me money but when my food cost was out of line, I could explain it. But now what they are doing doesn’t show up on the financials until it’s too late. In the majority of instances the General Manager and/or the corporate staff is unaware that they are even doing it.
So what are they doing to get the business? They have moved past deleting or changing the
attrition/cancelation clauses. They are changing wording on the contracts so that it increases the risk for a premise liability lawsuit against the hotel. I have seen hotels accept the client’s
contracts instead of using the hotels contract. When the Sales Managers are asked about it, they simply shrug their shoulders. One Sales Manager said she didn’t see the harm considering the dollar
amount of the function. Have Sales Managers ever been told the reason why the hotel has standard contracts?
Oh but it gets better. Let’s throw out the premise liability argument. What about guest and corporate data privacy? I recently saw a contract that had an entire credit card number. (By the way the contract was emailed. Big mistake!!!) I asked the Sales Manager if she had ever been told about PCI? Not surprisingly she had no idea what I was talking about. That is bad enough but when combined with the other information contained within the contract I could’ve easily had Christmas paid for in a matter of minutes. What about corporate information and third part vendors? When was the last time you looked at those contracts? Are Sales Managers aware that they might be signing away care, custody and control over the use of the “hotel name” and other information?
Organizations should provide guidelines to their General Managers and sale managers in regards to what changes are acceptable to their contracts. Establish protocol for when contract changes should be approved by the General Manager, Regional Vice President, and the corporate staff. Periodically revenue managers and Sales Managers, like all managers, should receive data privacy awareness training. When was the last time you discussed data privacy at a revenue meeting?
They should be constantly reminded about the importance of data privacy. Guidelines should be established for social media as well. Hotels could be held liable for postings made on sites like Facebook, Twitter and Trip Advisor.
Yes. Another meeting but this one will have a purpose. In the past we trained our front desk clerks not to
say the room number and guest name aloud. This was and is part of our orientation training. This is constantly being discussed in the monthly departmental meetings. But what about sensitive guest or
corporate information? Do you ever discuss that with your front line associates?
Why do we do monthly safety meetings? The reason is simple. We have seen that they can have a positive effect on workers compensation expenses. Why not then, once a quarter, replace the safety meeting with a data privacy meeting? Instead of the associates doing a safety audit, do a data privacy audit of the hotel. Look for sensitive corporate and guest information. This will help in creating a data privacy culture.
Data security is not the responsibility of accounting or the IT Department. It is the responsibility of an entire organization.
My favorite quote.
Author John R. Parke III once said, “The eyes can’t see what they are not trained to do.” I recently watched an episode of The Undercover Boss. In it they showed the CEO of Choice going undercover at a few hotels. In one brief scene, maybe 10 seconds at most, they showed him standing on the edge of the tub to clean the bathroom tile. I wonder how many managers turned to their spouse like I did, and said, “Safety Violation. I can’t believe that Executive Housekeeper didn’t correct him.” Maybe she did and the video ended up on the cutting room floor.
The point is my eyes have been trained to identify things like that. This training includes identifying red flags for internal fraud and the data privacy. My eyes shouldn’t be the only ones trained to see these things. Unfortunately the hospitality industry has been slow to grasp the benefits of awareness training.
Why are we not training our managers, our Regional Vice Presidents, our internal auditors, staff accountants on the red flags of fraud? Why are we not training them to identify possible weaknesses within our data security plan?
Studies have shown that fraud awareness training helps reduce an organizations loss significantly…about 2% of your revenues. Organizations can’t prevent or catch fraud unless they don’t know what the red flags looks like. The risks are constantly changing. I recently conducted a fraud training class in Dallas. It was held at night, during the week. It was promoted by the local HFTP chapter. Yet only 15 people attended. How can you prevent something or reduce your risk when you don’t know what those risks are?
Remember the example of monthly safety meetings. We train our staff to recognize the red flags of unsafe
conditions. The fraud training, the data security training still impacts the P&L even though there isn’t a separate line on the financials.
Your risk management program is ineffective until you train your eyes to see what they are not trained to do.
As always I welcome you comments and questions.
Why I do what I do
The short answer is because it’s fun. Fun? Auditing is fun? Well that’s where we run into the first misconception about our firm, Bleser & Associates, LLC. My firm doesn’t simply audit. Anyone can take a checklist and complete an audit. That’s not us. We look beyond what is written on the piece of paper. Our audits and other services are designed to make companies better. Unlike 90% of the companies that do internal audits, we take a consultative risk management approach to our audits. I will explain why and what this is a little bit later on but first how did I get to where I am today.
Blame it on Mr. Howard Johnson. Back in the 70’s he had an unfortunate incident occur at one of his hotels. A famous singer was assaulted and Mr. Johnson wanted to know how it happened and what could be done to prevent it from happening again. Mr. Johnson contacted my dad. That one call began a series of events that ultimately led to electronic locks in our industry. For the next 12 years dad developed a risk management program that included audits for all Howard Johnson’s restaurants and motor lodges as they were called back then. These audits encompassed all facets of a hotel/restaurant operation. He also conducted internal theft investigations. I can remember being fascinated by the stories he would tell of how people stole from Mr. Johnson but were ultimately caught.
Fast forward to 1991. Towards the end of my enlistment in the Marines I received my acceptance letter from the University of South Carolina. I graduated from “the real USC” in 1995 with a degree in Hotel, Restaurant Tourism Administration and went to work for Cracker Barrel Restaurants. The intense training I received from them was second to none. Cracker Barrel not only taught me how to achieve the desired cost percentages but also how to provide exceptional guest service. I subsequently applied those lessons and others for two hotel companies; Servico and Starwood Hotels and Resorts. Both companies offered unique challenges and opportunities and I was able to gain an incredible amount of professional knowledge and skill.
But to put it bluntly, Starwood burned me out. This was at a time prior and during the merger of Westin so I experienced a lot of the growing pains. At the same time my dad had his own successful business, Hospitality Safeguards, Inc. Hospitality Safeguards, Inc. provided the same services to hotels and restaurants that he was accustomed to doing for Howard Johnsons. He was getting older and I was looking for a new challenge. I already had a proven track record of being able to increase revenues, improve guest service and ensure the other operational metrics were meeting or surpassing the company’s goals. I began to realize during our periodic phone calls that I was still intrigued about how and why people stole. Ultimately I joined dad and for the next ten years he was my mentor. Together we became recognized industry experts in the area of fraud and internal controls.
I realized very quickly that the industry perception of an internal audit didn’t match our mission. There were several perceptions about internal auditors that didn’t apply to us. For example:
Unfortunately these perceptions still exist in our industry. Numerous CEO’s, CFO’s, Investors, Asset Manager’s, General Manager’s and Controllers believe these are not perceptions but truths. From day one I have been committed to changing them into lies.
Bleser & Associates, LLC takes a consultative risk management approach to every assignment. This approach has proven to increase revenues, reduce risks, increase
the value of the asset and improve the efficiency of the organizational. These risks cover all aspects of the operation. We have the time to look for new risks and create policy and procedures to
reduce those risks. We take the time to educate our clients. When red flags are identified we take the time to dig deeply to ensure our clients assets are not at risk. If they are at risk then
we offer suggestions that will reduce the risk. We do all of this in a professional, easy going, energetic manner. This approach has proven to be extremely effective instead of the imitidation
method that so many auditors employ. Besides other auditors don't have the knowledge or can't afford to take the time to do what we do.
The majority of the internal auditors don’t have this ability because conducting audits is not their primary responsibility. They also have blinders on because they
are only doing it for one company. This results in the organization losing several thousands of dollars each year. I take it personally when my clients lose money needlessly. I want my clients
I will admit it is fun when I catch someone stealing. But I get the same enjoyment when I see the light bulb go on in someone’s head when they realize I have made
their organization better...when I have exceeded their expectations.
That being said I wake up each morning with the hope of achieving four goals.
Simply put I do what I do because it’s proven to be a cost effective way to improve the value of an asset in an industry I love and I have fun doing it.
Thoughts Of A Wandering Auditor
Hyatt Place's Selfish Decision
Recently I visited a Hyatt Place and discovered that the front desk clerks are not allowed to ask for identification at check in. It is now a brand standard. Considering that I deal with fraud and credit card fraud is rampant I found this difficult to believe. First I thought maybe it was the owners decision and not Hyatt. After checking with several of Hyatt Place hotels it was confirmed that this decision came from the Franchisor. Then I began to wonder. Why would a merchant take a step back when it comes to protecting not only themselves but their guests as well from credit card fraud? I am told that several hotels raised their voice in opposition due to fighting charge backs. But lets face it. In today's society winning or losing a charge back often comes down to a flip of the coin. There is a bigger question that needs to be answered. Does this mean that the front desk clerks aren't allowed to ask for identification when a guest requests another key to their room? I would hope not and if Hyatt says that would violate their safety/security policies then they must be violating their own internal control policy. If not then I think it is very reasonable to question what other policies and procedures have the folks at Hyatt Place implemented that have weakened their internal control structure. The weakening of the internal control environment causes business to lose thousands of additional dollars. Looking at it from a safety/security standpoint haven't premise liability lawyers taught us that we must be consistent as to how we treat our guests?
Besides it has now become an industry best practice to ask for identification at check in to ensure that the name on the identification matches the name on the credit card and the registration card. It protects the guest as well as the hotel. In addition it also establishes good will with the guest. It tells the guest that the hotel is being proactive and helping ensure that no one is using the guest’s credit card fraudulently. What a great first impression!
Further research revealed what appears to be the real reason why Hyatt has instituted this policy. According to people I have talked to in the industry it is because the franchisor doesn't want their Q/A inspectors to get caught. I am not kidding. Can you create a brand standard that is anymore selfish? This brand standard not only will cost them in loss revenue but it sends the wrong message to the general public and to those who work on the front lines in our hotels. Thankfully from talking to others in industry it appears no other franchisor is considering implementing the same brand standard. For the record I did reach out to the folks at Hyatt Place to try to understand the reasoning behind it. Not surprising they haven't responded to me.
Call Me Crazy!
If you are reading this and you know me then what I am about to propose might not come as a shock. If you don't know me then it will. Allow me to preface it for those who don't know me. I believe in being proactive when it comes to fraud prevention and risk management. I believe and have proven that an affective proactive internal control program can increase your revenues by about 2 1/2 - 3%. (By the way independent studies support me.) That being said, unlike the folks at a certain franchisor, I think the industry should take another step forward in the fight against credit card fraud. Drum roll, please!
I think there should be small hand held black lights at all front desks and that all drivers licenses should be scanned with one at check in. I can just hear it now..."our guests will never accept it.", "our guest satisfaction scores will drop". These and others are the same arguments that I heard back in the early part of the century when as a member of the Loss Prevention Committee for AHLA I proposed that we simply ask for identification at check in on a consistent basis. But think about it for a moment. Don't the majority of our guests arrive by airplane? The last time I checked TSA is using a black light. I don't see anyone raising a big stink with them. Second, don't we check for counterfeit bills with a special marker? Then why are we not checking for counterfeit identification at check-in? So is this a crazy idea? I would love to hear your thoughts regarding this or any other risk management issue. Feel free to contact me at firstname.lastname@example.org