Despite technological advances, thieves can find loopholes that hurt the bottom line.
OPERATIONAL AUDITS were once standard for parking lot owners and managers of buildings and complexes that offer paid parking. That’s because patrons almost always paid cash for parking, and daily audits were necessary to make sure that all the money that was supposed to make it to the bank actually got there.
Today, with most parking fees collected via credit card and valets issuing validation tickets via license plate recognition scanners on handheld devices, many owners are under the impression that audits are no longer necessary. After all, you can’t steal if there’s no cash to take, right?
It might seem counterintuitive, but parking audits are more important than ever. While new payment technologies have significantly reduced theft, the problem hasn’t been eliminated. Thieves are more sophisticated, and management must look deeper to prevent problems and detect them when they occur.
Many things can only be detected through an audit. These include parking management agreement compliance issues, cash deposit discrepancies, inaccurate charges, improper coupon and validation use, liability issues such as compliance with the Payment Card Industry Data Security Standard (PCI-DSS) and monthly parking access system errors. Audits are essential for today’s complex parking management systems, and they must be much more nuanced than in the past to find all the potential problems.
The More Things Change …
Back when operational audits were common, parking managers checked lots while office clerks scoured through tickets and reports. Revenue control systems were scarce, and they often provided uninformative data. Most parking fees were collected in cash, and daily reporting was done by hand. Technological limits and larcenous parking attendants combined to make revenue control a real challenge.
Employee theft often starts inadvertently. An attendant forgets to turn in a $5 bill one day. No one says anything. The next week, that same attendant is short on lunch money, so he holds back some cash. Again, no one notices. Over time, though, theft can become a serious problem that affects the bottom line.
Revenue control and audit systems have come a long way in recent years. Today, the audit process is more nuanced. Theft is less common, but it hasn’t been entirely eliminated. That’s why management needs to look deeper to deter and detect problems.
Parking Management Agreement Compliance
Many parking management agreements contain restrictions on chargeable expenses, liability insurance costs per space, allowable percentages for payroll taxes and workers’ compensation, and expense variances to budget. Audits include a contract-compliance analysis that frequently reveals deficiencies and results in parking operators repaying money to owners.
Cash Deposit Timeliness
Discrepancies between the dates that revenue is collected and when the funds hit the bank can indicate revenue malfeasance. For example, an attendant might hold back cash he has collected and use it to make his car payment, replacing that money with the next day’s parking payments, and so forth. An operational audit compares daily revenue summaries, bank deposit slips and revenue reports produced by the parking access and revenue control system (PARCS) equipment. Any differences identified should be explained and promptly corrected.
Exception Ticket Verification
Fee computers do most of the heavy lifting to calculate rates. But what about manually adjusted rates, lost tickets, voided tickets, etc.? Is the manual adjustment approved by management? The audit process compares the exception tickets to “exception ticket logs” and to daily reports to establish each ticket’s legitimacy.
Coupon and Validation Control
Some parking systems still use physical validation coupons. Are coupons sequentially numbered? Does the parking operator maintain a log of coupons sold so auditors can make sure that coupons aren’t missing or dispensed out of order? These are both potential signs of theft.
Liability Red Flags Such as PCI-DSS Compliance
Property owners and/or parking operators risk significant liability exposure if credit card data security doesn’t meet established standards. Does the PARCS vendor provide annual certification of PCI-DSS compliance? Is the (old) PARCS system properly truncating patrons’ credit card numbers? A parking audit can reduce owners’ and operators’ exposure to these potentially serious risks.
Monthly Parking Access System Control
Auditors compare the list of “active” monthly credentials on the PARCS equipment to the cards and accounts invoiced by the parking operator. Any discrepancies should be identified and corrected. Are industry-standard control systems in place for monthly parkers? This includes anti-passback systems, which prevent users from entering a garage by tailgating someone with access credentials. If not, monthly users may take tickets on the way into the garage, dispose of such tickets and use access credentials to exit. This results in an ongoing pattern of missing “open” tickets, a major control deficiency.
Accounts Receivable Control
No one wants to hear that the 50-space monthly account that was three months in arrears skipped town without paying. Auditors bring accounts-receivable issues to light, allowing management to address funds due before they become a problem.
These are a few examples of the problems that can be addressed through parking audits.
Will Rhodin is a consultant with Walker Consultants.
A version of this article appeared in the July 2018 issue of Property Management Quarterly, which is published by the Colorado Real Estate Journal.