Serve You Premium Hotels Ltd.

Internal Audit Report

Period: FY 2021-2022
September 28, 2022
 Table of contents

INTRODUCTION

RISK RATING GUIDELINE

EXECUTIVE SUMMARY

DETAILED OBSERVATIONS

LIMITATION OF PROCEDURES

Report usage limitations:

This report is solely for the information of client management and should not be used, circulated, quoted or otherwise referred to for any other purpose, nor included or referred to in whole or in
part in any document without our prior written consent. The organization assumes no responsibility to any user of the report other than those included in the distribution list. Any other persons
who choose to rely on our report do so entirely at their own risk.
 INTRODUCTION
Internal Audit Scope
Our procedures were performed in accordance with the Internal Audit Objectives
Internal Audit scope and approach set forth in our
Project Letter dated August 07, 2022 and were limited to Briefly the objectives of our Internal Audit were to:
the following areas: ►Gain an understanding of key activities and processes being performed at various plants;
►Perform an assessment of risks within the processes and test related controls for the processes; and
►Fixed assets ►Provide observations and recommendations wherever appropriate.
►Statutory Compliance
►Order to cash
Internal Audit Approach
Introduction
►Procurement and ITGC
►Hire to Retire Briefly the approach of our Internal Audit were to:
►Inventory ►Conduct interviews to understand process objectives and flows;
►Finance and Sales ►Obtain data relevant to the scope for the period under review;
►Analysis of the data obtained and identification of preliminary observations;
Review Period ►Identify gaps in the design and/or operating effectiveness of controls;
►Co-develop action plan and implementation matrix.
►April 1, 2021 to March 31, 2022

Scope Exclusions Internal Audit Team Distribution List

►Not Applicable
►[Link]
►[Link]
►[Link]
Draft Report for Management Comments ►Mr. Melwin
►Ms. Reshell
►The draft report is issued to the Management of Client ►Ms. Namratha
►[Link]
for their comments on September 07, 2022. ►Mr. Darshan
►Mr. Prinson
 Risk Rating Guideline
Risk Rating Description

Absence or lack of controls or breach of rules / regulations / guidelines of regulators resulting in

major vulnerability which requires prompt action from management to avoid financial / operational /
High reputation damage of the entity.(More than 10% of turnover)

Represents medium severity control weakness which can be treated as serious when taken
collectively or breach of rules / regulations / guidelines of regulators resulting in any kind of violation
Moderate of the law which can be rectified with corrective actions.( ranging from 5%-10%)

Represents minor weaknesses / deficiencies in the organization which requires management focus
to enhance existing controls
Low
EXECUTIVE SUMMARY

Overall Audit Opinion- Needs Improvement

 Executive Summary
Issue Type
Risk
Sr. No Process / Area Issue Type and Report Reference Operating
Design Compliance Rating
Efficiency

1 Fixed assets Fixed were not found that were mentioned in fixed assets register a H
Statutory
2 Calculation of PF and ESI done by management are not appropriate a H
Compliance
Order to Mandatory data fields to be filled in Customer on boarding form are
3 a M
Cash(O2C) indirectly skipped and they are provided services
Order to violation of companies policies as the due date has exceeded and the
4 M
Cash(O2C) balances are overdue.
5 Procurement Approval of indent after shelf life a L
No proper records maintained by Finance team for balance confirmation sent
6 Procurement a H
to vendor
7 Procurement Excess Credit period allowed to customer a H
8 Procurement Advance for purchases given more than stated in companies policy a M
9 Hire to retire Vague Documents related few employees were found. a H
10 Inventory Inventory statement is not updated as per the physical location of the goods a M
 Executive Summary
Issue Type

Risk
Sr. No Process / Area Issue Type and Report Reference
Operating Rating
Design Compliance
Efficiency

11 ITGC Non adherence of fire safety policy a H

12 Order to Cash Booking of revenue in different currency a H

13 Inventory Lack of Inventory Management a M

 1.1DETAILED OBSERVATION- FIXED ASSET REGISTER

Observation:
Risk/Potential Impact
As on 01.04.2022 On Physical Verification a total of 7 Fixed assets were not found that
were mentioned in the fixed asset register amounting to Rs.7,00,01,493. -Potential misappropriation of Inventory

Management explanation:

-The management has explained that fixed asset bearing ID 3,15 ,4 were disposed off.

-During the Physical verification of the fixed assets, two fixed assets- camera and
mobile phone were not found. Recommendation:
management contended that those fixed assets were found to be missing.
-The management needs to design a
-During the Physical verification of the fixed assets, TV was not found. proper system and process as to the
disposal, safeguarding of the assets.
-The management contended that the said fixed asset was installed at the MD’s
Premises for the purpose of conduct of Board Meetings, meetings with the clients etc. -The management needs to implement
proper procedures to transfer its assets
-During the Physical verification of the fixed assets, One machinery was not found. to its subsidiary.

-Management has explained that the said machinery was installed at subsidiary's -Timeline for remediation:
premises. 30.11.2022
1.2 DETAILED OBSERVATION - STATUTORY COMPLIANCE

Observation: Risk/Potential Impact:

-During the current month there has been promotion of various employees and -Compliance Risk- Potential fines
salaries have been paid to them as per higher pay scale. Whereas while calculating and penalties.
PF, ESIC for the same month, the calculation is made as per previous scale.

Management Explanation:

-Management contented that balance payment relating to salaries will be made in Recommendation:
next month to the department.
-Proper automated processes shall be
implemented for calculation of Salary, EPF,
ESI,TDS etc.

-Timeline for remediation

31.10.2022
 1.3 DETAILED OBSERVATION - O2C

Observation:
Risk/Potential Impact:
-As per the company policy it is mandatory to fill the data of customers in the
customer on boarding form and a list of blacklisted customers needs to be -Potential collusion among employees
obtained and no services shall be provided to them. -Potential loss of working capital
requirements
-Mandatory data fields to be filled in Customer on boarding form are indirectly
skipped and they are provided services
Recommendation:
-The company has provided services to the blacklisted customers.
Services amounting to ₹1,002,651.00/- has been provided to the clients. -Monthly monitoring of the process and also
there should be a continuous follow up.
-Following were:
-The company needs to improve the systems in
[Link] INDUSTRIES LTD. Rs. 7,92,905/- place and any further bookings from blacklisted
[Link] AGENCY Rs. 91,896/- customers shall automatically be blocked so that
no future transactions take place.
I have attached the detailed annexure below.
Annexure: -Timeline for remediation.
30.11.2022
 1.4 DETAILED OBSERVATION - O2C

Observation:
Risk/Potential Impact:
-There has been a violation of companies policies as the due date has exceeded
-Risk of default which will affect the
and the balances are overdue. Also there has been no categorization made at the
financial in future
time of creating the vendor master.

-There is no segregation of government and non government customers.

-Management contended that they accept payments beyond due dates and
extension of credit period is granted to the customers.
Recommendation:
-Following overdue balance were:
-Develop an automated process that shall
1. 19.02.2021 State Government - Rs.18,98,027/- automatically indicate the client to collect
2. 17.12.2021 KAKA AGRO INDUSTRIES(CS) - Rs.21,28,958/- dues.
-Segregation of vendor master
I have attached the detailed annexure below.
Annexure: -Timeline for remediation.
31.12.2022
2.1 DETAILED OBSERVATION -Procurement and ITGC

Risk/Potential Impact:
Observation:
-Non Compliance with Purchase Manual
-The purchase orders have been placed even though the time limit has expired which is
against the company’s policy and also the indents not exercised within the time limit
-Possibility of procurement even though the item is
are blocked manually .
no longer required
-The company is not having automated controls in process by which such errors have
-Possibility of higher costs of procurement due to
happened.
non compliance with EOQ norms
PO delayed beyond company's policy- Rs.18,45,599/-
-Since indented items were not ordered within
defined time period, there is a possibility of
Total PO- Rs. 6,00,85,632/-
shortage
I have attached the detailed annexure below.
Recommendation:

-Implementation of automatic blocking in

Annexure:
the system. The system should show a pop up
warning 7 days prior to the expiry of the indent

-Timeline for remediation.

31.12. 2022
 2.2 DETAILED OBSERVATION - Procurement

Risk/Potential Impact:
Observation:
-Operational Inefficiency
-The response rate is below 1%, for balance confirmation from debtors,
however there is no documentary evidence for the same.

-Finance manager is not having any documentary evidence regarding response

rate from vendors regarding balance confirmation.

Recommendation:

-Finance team should implement appropriate

controls in place and set monthly reminders to
clients

-Timeline for remediation.

31.10. 2022
 2.3 DETAILED OBSERVATION - Procurement

Observation:
Risk/Potential Impact:
-Due to an urgent order the procurement manager has imported raw materials from
China , however as per the policy of the Chinese vendor 75% shall be deposited as -Blockage in working capital requirement:
an advance and as a result the procurement manager had to pay 75% advance
amounting to Rs.6,85,41,241.
-After approval from the project manager and procurement head. The same as not
ratified.

-Management explanation
Recommendation:
The management contended that the same was not ratified due to BOD not being
available in the country.
-Board meeting shall be held immediately to
ratify the same

-Timeline for remediation.

31.10. 2022
 2.4 DETAILED OBSERVATION - Procurement

Risk/Potential Impact:
Observation:
-The company's processes are weak as any
-The company is having the server room on the ground floor,where the data of the personnel can have access to the sensitive
entire company and offshore data is stored. information of the organization

-All the data stored in the server room is not encrypted due to which there are high
chances of unauthorized access to the data and changes can be done by any
personnel.
Recommendation:

-Server room should be at least on a slightly

raised platform however, it is situated at the
ground floor which has a high risk of water
damage.

-The management should implement the

procedures for safeguarding of data and data
encryption.

-Timeline for remediation.

30.11. 2022
 3.1 DETAILED OBSERVATION - Hire to Retire

Risk/Potential Impact:
Observation:
-Booking excess expenses which will not
-The company’s policy is to record the attendance of employees through biometric. portray true picture of the company
However, the HR Manager has been computing salaries through excel sheets
manually, which is against the company's policies.

-7 employees on a regular basis have the same pattern of entry time and leave taken
and also on further enquiry with the HR Manager, it was found that the HR Manager is Recommendation:
not clearly disclosing about the seven employees.
- Maker Checker controls need to be implemented
- Segregation of duties
Most of the organization have 2 different team HR and
payroll team which perform salary processing related
activities. The HR team provides attendance data to
the payroll team for processing.
- Oversight by independent third party
Apart from maker-checker and regular internal audits
there should be independent review by the third party

-Timeline for remediation.

31.10. 2022
 3.2 DETAILED OBSERVATION - Inventory

Observation: Risk/Potential Impact:

-Location 1, observations seem to be in line with the policy. If the auditor feels like -Lack of inventory management may lead to
within 3 months expiring stock needs to be moved to an unrestricted area as well, he loss of working capital requirement in future.
shall discuss with the management to change the policy of the company. Usage of expired stock can lead to legal
actions as well.
-Location 2, the product having expiry within 1 year appeared in the unrestricted
area, which is not in line with the company’s policy.
-Products which were expired on 2020, were not discarded amounting to Recommendation:
Rs.2,42,48000/-.
-There should be a proper system to discard the
inventory once it expires so that there is no
piling up of expired stock and storage and
inventory handling cost can be saved.

-Automated controls should be in place.

SOP’s needs to be developed for implementing
the company's policy. There would be inventory
wastage if there is no proper segregation.

-Timeline for remediation.

31.10. 2022
 3.3 DETAILED OBSERVATION - O2C

Risk/Potential Impact:
Observation:
-Booking of revenue in $ currency will lead to
-There was an instance where a customer made payment of Rs. 11 Lakh for using the excess points credited to the buyer.
hotel services and the subsidiary had booked a bill of $11 lakh, which led to crediting
points after conversion into INR 70 per dollar.

-In the present case the customer made purchase of Rs. 11 Lakh and the points are
credited by converting by wrongly considering 11 lakh dollars which is incorrect. Recommendation:

-Proper SOP’s needs to be developed.

Maker checker controls needs to be
strengthened.

-Timeline for remediation.

31.10. 2022
 3.4 DETAILED OBSERVATION - Inventory

Observation: Risk/Potential Impact:

-The company has a policy of disposing the rejected items at the end of the month. -Lack of inventory management
However storerooms for rejected and new items are adjacent.

-Housekeepers are employed by the external agencies and keep rotating monthly.

Recommendation:

-Adequate periodic training should also be

provided to housekeeping staff as the
housekeepers are employed by the external
agencies and keep rotating monthly.

-CCTV security personnel as well as the CCTV

cameras are in working conditions and also the
security shall be vigilant when he is on duty and a
proper backup of CCTV recordings is maintained.

-Timeline for remediation.

31.10. 2022
 LIMITATION OF PROCEDURES

▪As it is practically not possible to study all aspects of a process in its entirety thoroughly during the limited time period of an audit, based on our methodology for conducting internal audits,
we conducted a review of the process and held discussions with the process owners and other key people in the process during the planning stage of audit which helped us in identifying
specific areas where control weaknesses & process gaps may exist, opportunities for process improvement and/or cost reduction/revenue enhancement. Our subsequent test work, study of
issues in detail and developing action plans are directed towards the issues identified. Consequently this report may not necessarily comment on all the function / process related matters
perceived as important by the management.

▪The issues identified and proposed action plans in this report are based on our discussions with the people engaged in the process, review of relevant documents / records and our physical
observation of the activities in the process. We made specific efforts to verify the accuracy and authenticity of the information gathered only in those cases where it was felt necessary. The
work carried out and the analysis thereof is based on the interviews with the personnel and the records provided by them.

▪The identification of the issues in the report is mainly based on the review of records, sample verification of documents / transactions and physical observation of the events. As the basis of
sample selection is purely judgmental in view of the time available, the outcome of the analysis may not be exhaustive and representing all possibilities, though we have taken reasonable
care to cover the major eventualities.

▪The ‘Implementation dates’ for the mentioned ‘Recommendations’ are based only on our discussions with the process owners. Wherever a “Recommendation” has been reported as
“Implemented” the same has not been tested/ validated by us.

▪This report does not comment upon any change/ development taken place in the process and functioning of audit areas after 31 st August, 2022.
THANK YOU