Taking control of who has what

Nov. 18, 2010 | by D. B. "Libby" Libhart

Do you have control of your restaurant? By that I mean everyone who has keys to the building, and storage areas, codes to the POS system, and combinations to the safe are authorized. And by authorized, I mean they have been properly screened, vetted, and have shown the appropriate responsibility to run your business. And for every management change all those keys, codes and combinations have been changed. If you haven’t, you do not have control of your store or restaurant.

The next level of control is determining who else has keys, codes and combinations that either you don’t know about, or have become complacent about. It may be in the form of maintenance having keys to the back door and alarm, cashiers with POS authorization codes, and every manager whoever worked for you having the combination to the safe because it has never been changed.

Many investigations into cash and product loss reveal severe breakdowns in these controls. Cashiers steal thousands of dollars simply by looking over the shoulder of the manager as they input their code for an override and stealing authorization passwords. They then used the authorization code to conceal their cash thefts. Employees with keys to the back door can steal thousands of dollars of product and merchandise by taking it out with the trash, hiding it and returning for it later, placing it in their car, or colluding with a friend on the outside. Employees with no authorization to have the combination to the safe steal entire deposits or safe funds.

Some of these security breakdowns occur over time as policies and procedures become eroded. Managers become trusting and hand over their entire set of store keys to the maintenance guy to turn off the alarm and unlock the back door to take out the trash – unsupervised. Or worse, assign him the keys with no due diligence on checking his background.

Managers become complacent in regularly changing their POS authorization codes. They get busy and give cashiers their codes or swipe cards. Every manager who ever worked for you may have the combination to the safe because it has never been changed, or their PIN codes are still stored in the electronic safe. What I frequently hear: “It’s been a while since it’s been changed.” I never get a clear understanding on how long “a while” is. A former shift manager may now have a career selling cars at the local dealership, but they may be able to get into your safe. How frightening is that?

I recommend that managers change their password codes every day without sharing them with anyone until the loss trends are corrected. And do not allow codes of 12345 or 99999. It’s just too easy pickins’. Let’s be a little more creative. Make sure keys to alarms and back doors are not conveniently located on a hook somewhere or in possession of someone who shouldn’t have them.

Control of the store or restaurant requires definitive policies and procedures for issuance of store keys, codes, combinations and authorized accesses. Discipline and routines must be strictly followed and not relinquished to crew members when too busy or compliance is inconvenient. The management team must be strong on enforcement. Follow up to make sure compliance doesn’t break down. One break in the chain and you’re right back where you started, with unexplained massive losses, and me asking, “Do you have control or your restaurant?”

Topics: Business Strategy and Profitability , Human Resources , Operations Management

D. B. "Libby" Libhart / D.B. “Libby” Libhart has more than 30 years of experience in the loss prevention industry. He has provided security and safety leadership in retail settings such as department stores, drug stores and quick-service restaurants. Before launching his own company, LossBusters, Libby served as the Senior Director of U.S. Security and Safety for McDonald’s Corp. He entered the QSR industry with Taco Bell and subsequently YUM Brands.
www View D. B. "Libby" Libhart's profile on LinkedIn

Sponsored Links:

Related Content

Latest Content

comments powered by Disqus