Redefining workers' comp: Casino restaurant servers figure out how to work the comp system to their advantage

Internal Auditor, August, 2004 by J. Mike Jacka

THE CASINO'S INTERNAL AUDIT director was alerted to the possibility that servers in the 24-hour coffee shop were stealing funds using complimentary tickets (comps) issued from various business units within the company.

To investigate, the internal audit department received about 30 food-and-beverage comps to use in a sting operation over a two-week period. Authorized by several different executives, some of the comps had designated dollar amounts while others were unlimited. The internal auditors, posing as typical casino patrons, visited the restaurant on varying shifts and days of the week. Their only restriction was that they were required to use significantly less than the full value of the comp.

After each visit, the auditors recorded the time; server's name; comp-slip number; items ordered; check total; and, if possible, the guest check number. The auditors would also leave the restaurant without signing the guest check. The following day, the auditors would pull their guest check from the accounting department. If the amount was consistent with the previous day, they made a copy and retained it for their files. However, if any alterations were made to the amount, they retained the original check and replaced the accounting department file with a copy.

At the end of two weeks, the problems were clear: In the 30 visits to the restaurant, three servers had misused eight checks. Further investigation revealed that when the servers obtained an underused comp ticket, they would use one of two methods to falsify the records and pocket the unused portion. The easiest way was to switch the comp ticket with a higher-dollar guest check that was paid with cash. The server would settle the check, apply the first guest's cash payment to the smaller check, and pocket the difference. To accomplish the second--and more difficult--technique, the servers would transfer items from a check paid in cash to the comp check and pocket the amount transferred.

Both methods could have been averted if there hadn't been such a widespread lack of controls. The restaurant's system allowed servers to ring and void the items on the guest checks, make check-to-check transfers, and handle check settlements. Had segregation-of-duty controls been in place, such as hiring a cashier to handle check settlements, this type of fraud could have been deterred.

In addition, the comp slips, although serially prenumbered, were not cross-referenced to the guest checks to prevent switching. In a manual comp system, the host should write the comp ticket number on the guest check. Some casinos have implemented adhesive comp slips that can be attached permanently to the guest check to prevent switching.

Finally, the restaurant's guest-check procedures enabled servers to leave checks open for an indefinite amount of time, making them easier to manipulate. Restaurant management should print an open check report to review for checks left open--and vulnerable--longer than normal.

Once the internal audit team assembled the evidence, the case was presented to the gaming authorities. The servers were subsequently arrested--at work and in front of their co-workers--with the intent of using this situation as an example to others. Although the total amount of the theft was not discovered, there was a measurable change in revenues in the three months that followed the arrests. The restaurant's total food and beverage revenue remained about the same, but the ratio of comp-to-cash sales significantly increased, with a higher percentage of sales coming from cash. Interestingly, the other restaurants in the casino realized the same benefit.

LAS VEGAS CHAPTER

UNUSED CREDIT

An auditor on a routine store audit was talking to the store's manager about how well the audit was progressing. Coincidentally, a customer approached the counter during their conversation and told the cashier that her statement did not reflect her last payment. The manager had left the counter to receive a delivery and the cashier was not sure how to handle the situation, so the auditor came over and explained to the customer that the company would research her payment to see what had occurred. He asked her for copies of her receipts and cancelled checks, which she had agreed to provide.

The auditor then asked the cashier and assistant manager to pull the activity register, payment register, and copies of the deposit slips for the day in question. When no record of the payment was found, they expanded their review to a few days before and after the date on the receipt. Still finding no record, the auditor took over the research, reviewed the previous 30 days, and noted several discrepancies between names on the payment register and those on the deposit slips.

The following day, the auditor asked the credit manager for help with the customer's account. She explained it away as a misposting. The auditor then told her that he had tried to verify that they were simply mispostings and, in the process, had found several other questionable items totaling more than $20,000. At that point, the credit manager broke down crying and said she needed extra money for family problems. Had that been true, the auditor realized, the credit manager could have taken advantage of the company's long-standing practice of loaning loyal employees money for just such a situation. Although the credit manager knew about the program, she chose not to use it.