Monday, March 15, 2010

Food & Beverage Cost Control

To ensure food and beverage cost incurred is reasonable, properly supported and accounted for.

1. 0 Purchase

             1.1 Quotation
*           Ensure vendors selected are approved by management.
*           Ensure vendor list is periodically reviewed by management.
*           Ensure purchase request is properly approved by user department.
*           Check quotations are obtained from vendors according to corporate
          policy (monthly/quarterly update of price).
*           Match quotations with price comparison list.
*           Ensure vendors are selected based on quotations submitted and, more
          importantly, on vendor’s past performance.
*           Ensure quotation selected is approved by purchasing manager.
*           Ensure cost plus vendor is approved by financial controller and general

             1.2 Purchase Order
*           Match purchase order to supporting quotation to ensure corporate
           policy on selection of vendor is followed.
*           Ensure management has checked the estimated inventory level does not exceed the maximum inventory level. If exceeded, customer order is needed to support the purchase.
*           Check estimated inventory level to past utilization rate to ensure no over purchase.
*           Ensure purchase orders are properly authorized by management according to authority level.

2.0  Receipt
*           Check goods received are supported by approved purchase order.
*           Ensure goods received are properly inspected for quality and quantity/net weight by Receiver.
*           Check goods received to ensure expiry date of product is acceptable.
*           Ensure fresh/frozen/chilled food items received are marked with receipt date to alert kitchen staff of potential usage period.
*           Match invoice details to goods received.
*           Check casting of invoice.
*           Check posting to receiving report, inventory ledger and/or accounts payable/general ledger.
*           Ensure goods rejected are returned to vendor with credit note issued.

3.0  Usage
*           Ensure issues for storeroom are supported by approved stock requisition.
*           Perform yield test for high cost food items to ensure actual utilization rate as compared to standard utilization rate is acceptable.
*           Ensure bottles and sales slips for high cost beverage items are returned to storeroom to exchange for new issues of beverage. Empty bottles must be destroyed by store personnel to avoid duplicate issue of beverage.
*           Ensure portion control is properly exercised.
*           Check wastage to ensure no saleable portion is abandoned.
*           Ensure voided orders are not served to customers.
*           Review monthly wastage to ensure wastage (in amount and in percentage) is acceptable.

4.0  Cost
*           Ensure recipe and menu cost control is prepared timely and updated every six months by Head Chef.
*           Ensure accurate costing before menu price is finalized.
*           Ensure all food and beverage portion/serving sizes are established in conjunction with costing and pricing of menus.
*           Ensure free pouring is properly monitored.
*           Check food and beverage cost only includes costs incurred for revenue generating activities. Costs incurred for non-revenue generating activities (i.e. duty meal and entertainment) are treated in accordance with the nature of the activity.
*           Ensure food cost percentage and beverage cost percentage, as compared to budget and/or last year performance, is reasonable. For significant fluctuation, explanation is required.
*           Ensure weekly food and beverage cost report has been prepared for timely control of food and beverage cost.
*           Ensure management has reviewed the monthly and year-to-date food cost percentage and beverage cost percentage.



1.1 Identify income statement accounts that require further audit assurance by considering:

*           Audit tests of related asset and liability accounts,
*           The results of analytical procedures (e.g., annual fluctuation analysis and comparative analyses of income statement accounts), and
*            The reasonableness of income statement accounts based on knowledge of the division and its business.

In deciding on the appropriate audit procedures for income statement
accounts the auditor should assess the risk of error and fraud in those
accounts. Relevant considerations include information gathered or
updated about the division, including the adequacy of the division's
accounting records and procedures; the nature of the account balance;
key performance indicators; management information identified when
assessing the control environment; and conclusions reached when assessing
other aspects of the control environment.

The auditor should bear in mind that the assessment of the risk of error
and fraud in these accounts is addressed primarily by audit procedures
directed at the balance sheet accounts and analytical procedures. For
example, assurance is obtained about the completeness of revenues by
auditing trade accounts receivable and identifying and testing
completeness controls; assurance is obtained about depreciation and
possibly repairs and maintenance expenses by auditing property, plant and
equipment and related accounts; assurance is obtained about interest
expense by auditing notes payable and related accounts. The risks that
remain within the income statement relate to a material misclassification
within the accounts and to fraud. It is normally sufficient to perform
analytical procedures to address these risks. If those procedures do not
provide the necessary assurance, the auditor may need to examine evidence
in support of the account balance by performing tests of details.

It may also be appropriate to examine evidence in support of the account
balance for other reasons, such as:

*           Statutory or regulatory requirements, or
*           To obtain information useful in identifying other risks.


For those accounts requiring further assurance, perform analytical
procedures at a more detailed level, combined, where appropriate,
with analysis and tests of items in the account balance. The
procedures should be limited to those necessary to provide the
particular audit assurance sought.


1.0     Protection Management

1.     Who is responsible for maintaining and operating the equipment?
2.     Are maintenance agreements the most cost effective agreements available?
3.     Surely there are a lot more protection management responsibilities than this. What are they, how can they be clarified, how do they relate to the rest of this checklist?

2.0     Protection Policy

1.     Is there a company written policy on phone use?
2.     What is it? Are there particular features it should have, and what are they?
3.     Are there things it should not have, and what are they? Why
4.     is the policy set as it is, who sets it, how does it change,is it realistic for the environment?

3.0     Standards and Procedures

1.     Are Customer Service Records reconciled with the Property Accounting Fixed Asset Register?
2.     Are monthly phone bill tracking reports reviewed?
3.     Are PBX traffic, performance, circuit outage, and problem reports reviewed by telecom management?
4.     Is there an agreement with the LEC, the IXC, and the equipment vendors for the ability of only authorized personnel to request service level changes, and to report errors?
5.     Is there a regular dump of Incoming Peg Count, Attendant Response, All Trunks Busy, Service Queue, and Trunk Group Overflow reports? Reported to telecom management?
6.     What are the procedures for making PBX SW or HW changes.
7.     Is the PBX program backed up whenever changes are made?
8.     Does anyone on the telecom staff carry a pager number during off-hours?
9.     Are all orders for services in writing? Are confirmations in writing?
10.   Are service order numbers used?
11.   Are bills reviewed for accuracy? How often?
12.   Are monthly telephone bills distributed to department managers for review? Do they sign approval and return them?
13.   How are phone charges allocated to each cost center? Are they accurate?
14.   Are all toll calls billed verified against the PBX traffic reports?
15.   How are billing issues resolved?
16.   Is there internal recording of Install/Remove services?
17.   Are all leased trunks, lines, and circuits billed verified against the PBX inventory reports?
18.   Are services for part of the month pro-rated?
19.   Is Call Detail Recording (CDR) or Call Accounting reconciled with phone bills?
20.   Are maintenance bills reviewed, broken down, and  verified? By who? How and who approve replacement parts?

4.0     Documentation

1.     Obtain network maps and topology diagrams, telecommunication records, and policy and procedure guides. Are they up to date and easily understood?
2.     Are Customer Service Records listing the equipment reviewed and retained? By whom?
3.     Are monthly phone bill tracking reports generated?
4.     Accurate and up to date list of current trunks and leased lines?
5.     Are circuit numbers clearly marked on channel banks,CSU/DSUs, and modems?
6.     Is there an up to date list that correlates telephones and Central Office lines to ports on the PBX?
7.     Are MDFs and IDFs clearly labeled?
8.     Are the procedures for making PBX SW or HW changes fully documented?
9.     Is there a list of authorized contacts?
10.   Does the telecom manager have a list of home phone numbers for the LEC, IXC, and PBX account executives?
11.   Are PBX operating manuals available to telecom staff?
12.   Are there 3rd party calls on the phone bills?
13.   Is Call Detail Recording (CDR) or Call Accounting enabled?
14.   This is an interesting list. It is probably not comprehensive, but it is more so than the other areas. There is no question
15.   about where the documentation is kept and who has access, how the documentation tracks to the other areas, etc. but it's a real good start.

5.0     Protection Audit

Who audits the PBX, how often, what do they look for, etc. This is
covered to some extent in standards and procedures, but
only a few issues are loosely covered and no explanation of
why is provided. Audit has to be done by specific people
who do PBX audits in order to be effective.

6.0     Technical Safeguards

1.     Are DISA capabilities activated?
2.     Are "leaky PBX" capabilities designed?
3.     Is there a modem on the PBX programming port?
4.     Is there a UPS?
5.     Are 976, (900), and (700) calls blocked?
6.     Is Call Detail Recording (CDR) or Call Accounting enabled?

This is a starting point, but hardly comprehensive. A good
PBX auditor will cover many other technical issues.
This is, of course, PBX specific, so it's hard to make
a generic list, but more than these items should be included.

7.0     Incident Response

1.     Is there a disaster recovery plan?
2.     Is there a standby site for moving operations in the event of a disaster? Does it have sufficient trunking for voice and data? Is it periodically re-evaluated or tested?
3.     Is the PBX program backup stored off-site?
4.     Has a "bounty hunter" telecom payment consultant been used in the past? Results?
5.     Do maintenance agreements guarantee technician response time?

This is deisnged for disaster recovery only. It doesn't
take a comprehensive view of incidents and how they are
responded to. How do we respond to day-to-day incidents?
How do we detect them? Who does it? What tools do they need? etc.

8.0     Testing

1.     Has the disaster recovery plan been tested?
2.     Is the UPS tested?

(There are a lot of other testing issues that have to be addressed in a comprehensive PBX audit.)

9.0     Physical Protection

1.     Where is the telephone equipment (PABXs) located?
2.     Who has access to the equipment?
3.     What are the visiting procedures for accessing the equipment?
4.     Are craftspeople escorted?
5.     Is there fire suppression equipment installed and tested?
6.     Are cabinet doors kept closed and locked?
7.     Do the cables entering and leaving the PBX or equipment room pass through firestop material?
8.     Are power circuits clearly marked?

(This is a good starting list, but not a comprehensive list of physical security issues to be considered.)

10.0   Legal Considerations

1.     What are the purchase/lease/rental agreements for telecom equipment?
2.     What maintenance agreements are signed?

( It's a start, but where is corporate liability covered?nHow about employee agreements? Is policy properly verified by legal, and is it enforcable? How do we proceed to track down attackers so that we can prosecute, or do we want to prosecute? Is there adequate insurance? etc.

11.0   Protection Awareness

1.     Are there education programs for users?

(This is not an adequate question to cover the issue of awareness.)

12.0   Training and Education

1.     What training is provided telecom staff for the PBX?

(This is not an adequate question to cover these issues.)

13.0   Organizational Suitability

(This is not addressed in the audit at all.)