Changing Landscape, But Typical Challenges
It wasn’t that long ago that operational audits were business as usual, both throughout campus and in the campus parking office. Parking managers checked lots while office staff scoured through tickets and reports. Revenue control systems were scarce, and the data provided uninformative. Most parking fees were collected in cash, and daily reporting was manual. The limits of the technol- ogy of the time and creative parking attendants combined to make revenue control a real challenge.
Employee theft often starts accidentally. An attendant may for- get to turn in a $5.00 bill one day. No one says anything. The next week, that same attendant may be short on cash and might need lunch money, so he holds back some cash. Again, no one notices. Before you know it, he is driving a brand-new Porsche!
Fast-forward to 2018. Revenue control and audit systems have come a long way in recent years. Today, the audit process is more nuanced. Theft is reduced but not eliminated, and management needs to look deeper to deter and detect problems. For example:
Cash Deposit Timeliness—Discrepancies between the dates that revenue is collected and when the funds hit the bank can indicate revenue malfeasance. For example, an attendant may
hold back cash that he has collected, using it to make his Porsche payment. He may replace that money with tomorrow’s funds, and so forth. An operational audit compares Daily Revenue Summaries to bank deposit slips to revenue reports produced by the parking access revenue control (PARCS) equipment. Any differences iden- tified should be explored, explained, and promptly corrected.
Permit Management—While many colleges and universities have transitioned to electronic permit sales and virtual, some still utilize physical permits. For campuses with a front counter operation (selling and distributing permits from a discrete location), it’s impor- tant to make sure that the physical permits are kept secure at all times. Leaving them out on a shelf for easy access invites theft. Permits are extremely valuable, and each can be sold for hundreds of dollars.
Keeping logs and sales sheets secured and making sure they are all there is vital. A parking audit can track permit sales and make sure that the appropriate revenues have been collected and deposited.
Exception Ticket Verification—Fee computers do most of the rate-calculation heavy lifting. But what about manually adjusted rates, lost tickets, voided tickets, etc.? Is the manual adjust-
ment approved by management? The audit process compares the exception tickets to “exception ticket logs” and to daily reports to establish each ticket’s legitimacy.
Coupon and Validation Control—Some parking systems still use physical validation coupons. Are coupons sequentially numbered? Does the parking operator maintain a log of coupons sold so auditors can make sure that coupons aren’t missing or sold out of order? These are both potential signs of theft.
Liability Red Flags Such as PCI-DSS Compliance—Campus parking operators risk significant liability exposure if credit card data security is not compliant to established standards. Does the PARCS vendor provide annual certification of PCI-DSS compli- ance? Is the (old) PARCS system properly truncating patrons’ credit card numbers? A parking audit can reduce owners’ and operators’ exposure to these potentially serious risks.
Accounts Receivable Control—On many campuses, enforce- ment is an important source of revenue. No parking administrator wants to hear that scores of citations have gone unpaid and are now uncollectable. Student tickets are usually sent to the bursar’s office and likely must be paid in order to register or to receive a diploma. Tickets issued to people from outside the campus com- munity, and often to faculty and staff, often are not pursued as actively. Auditors bring A/R issues to light, allowing management to address moneys due before A/R becomes bad debt.
Stay on Top of Your Game
These are just a few examples of the types of problems that have become typical in the technology age and which can be addressed through parking audits. Annual operational audits help campus parking operations stay on top of their game by employing a three- pronged approach: a year-to-year system performance overview, single-month management statement analysis, and deep-dive audit of tickets and reports for a seven-day week. Audit results are documented in a comprehensive written report that serves as a guidebook to help eliminate avoidable revenue losses and expense overruns.
For campus parking operations, regular parking audits are absolutely essential. Rather than eliminating the need for audits, the advent of parking technology and electronic payment has made regular audits even more important by creating a more complex parking management environment. CPM
Will Rhodin is a consultant with Walker Consultants. He can be reached at wrhodin@walkerconsultants.com. David Lieb is a consultant with Walker Consultants who specializes in higher edu- cation parking and transportation. He can be reached at dlieb@ walkerconsultants.com.
WHAT IS PCI-DSS COMPLIANCE?
THE PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) IS
a widely accepted set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover, and American Express. The PCI DSS applies to any vendor or service provider that handles, processes, stores, or transmits credit card data; any vendor or service provider that processes, handles, or stores credit card data is required to be PCI-DSS compliant.
OCTOBER 2018 / COLLEGE PLANNING & MANAGEMENT 27