Hotel loss prevention — internal controls, audits, and shrink

Loss prevention in hospitality is mostly about internal controls. The shrink problem at hotels is primarily internal — F&B inventory, cash handling, comp manipulation — rather than the customer-theft pattern that dominates retail loss prevention.

F&B inventory shrink

F&B is the largest single loss-prevention exposure at most full-service hotels. Inventory shrink — the difference between what should be on the shelf based on purchases and sales versus what's actually there — runs 1–5% of food cost and 3–8% of beverage cost at typical operations. The drivers are spoilage (legitimate but trackable), portion control variance, employee meals beyond policy, and theft.

Inventory controls focus on tightening each link. Receiving against purchase orders catches over- and under-shipments. Storeroom locks and access logs limit who can pull stock. Production sheets track what's used during a service period. Beverage controls — pour spouts, daily inventory counts on high-value liquor, sealed tape on wine cellar access — get tighter the higher the per-unit value.

Cash handling controls

Cash handling at hotels happens at the front desk (room charges paid in cash), F&B outlets, banquet bars, the spa, and the bell stand. Each of these has its own control regime: sealed cash drawers, end-of-shift drops, dual verification of large transactions, and reconciliation against the POS or PMS record. Discrepancies trigger investigation; recurrent discrepancies at a single station trigger personnel review.

Casino cash handling is its own regulated regime. The cage operates under tight Nevada (or equivalent jurisdiction) rules: dual-counted deposits, sealed bag tracking, surveillance coverage of every cashier window, and a separate audit function that reconciles cage activity daily. Compared with the casino regime, hotel cash handling looks loose — but the consequences of casino cash handling failures (regulatory action, license risk) justify the additional rigor.

Comp manipulation and rate fraud

Comp authority — the ability of a manager or host to grant a discount or write off a charge — is a frequent loss-prevention concern. Casino comps in particular run through approval chains specifically designed to prevent unauthorized issuance, with required documentation tying every comp to a player account and authorized comp officer. Without those controls, comp fraud — issuing comps to friends, splitting a real player's comp budget across multiple accounts — becomes hard to detect.

Rate code manipulation is the non-casino version. An agent applies a corporate-negotiated rate to a non-corporate guest, an AAA discount to a non-member, a loyalty member rate to a non-member. Each instance is individually small; in aggregate they degrade ADR (average daily rate) without a clear cause visible in summary reports. Rate audit programs sample reservations to verify rate-code eligibility documentation is on file.

Internal investigations

When losses cross the threshold from expected shrink into a specific incident, the property runs an internal investigation. A typical investigation involves the security or LP director, the GM, HR, and (if the incident might be criminal) outside legal counsel. Evidence gathering covers POS or PMS transaction logs, CCTV review of specific time windows, access control logs, and interviews with involved personnel.

Disciplinary action depends on what the investigation finds and on the property's progressive discipline policy. Theft generally means termination; policy violations may warrant warnings and retraining. Criminal referral happens when the amount is significant and the evidence is strong; many hotels decline to refer smaller cases because the investigation, prosecution, and reputational cost outweigh the recovery.

Audit programs

Routine audit is the structural defense against loss. F&B monthly inventories, POS exception reports (voids, comps, refunds above threshold), folio audits (sample of guest folios reviewed for billing accuracy), and loyalty-points audits (sample of member transactions reviewed for correct earn rate) all surface patterns that point to control weaknesses. Brand corporate audit teams supplement local audit with periodic deeper reviews.

The audit cadence varies by exposure. High-cash-handling areas (F&B, cage at casinos) run daily or per-shift audits; low-exposure areas (front desk room charges, where most are credit card) run monthly or quarterly. The calibration is a property-by-property decision based on prior audit findings and risk assessment.