CASH SAFE AND KEY MANAGEMENT
General Business Process
1. Retail business including bulk sales and all other businesses have a necessity of managing day to day cash, cash coupons and cash vouchers of various forms. Businesses invest heavily on procuring hardware, software and other guarding devices to securing such cash and valuables which gets collected every day. The general principles, on which the business models are designed for such protection, are as follows :-
(a) Install cash safes at appropriate locations.
(b) Suitable business processes for safe custody of cash and cash accounting process.
(c) Suitable cash pick up/ cash banking model.
(d) System checks.
(e) Requisite electronic security measures.
2. Experience shows that any lacunae in any of the issues as discussed below can lead to recurring cash losses with inability of the business to pin point the blame on any individual or group of individuals.
Locks and Key Management
3. Generally, there are two keys for a lock and that for cash safe, In some cases, locks have four keys. It has been noticed that in some instances, keys of the all locks are same ie they are interchangeable, implying that any lock can be opened with any of the similar key like that of POS. The following considerations while designing the business process, for key management can reduce the risk of cash loss / misappropriation by malicious minds :-
(a) While negotiating with vendors / while procuring locks / Points of Sales counters (POS) cash tills – ensure to incorporate the clause in deal that it is the duty of vendor to ensure that keys are not interchangeable.
(b) In case that is not possible, then operating procedures should define that all such surplus keys are counted and deposited with some designated authority in his safe custody. Ownership of custodian of operational key should be defined.
(c) Generally, it is spelt out in the business process as to who is the custodian of “Duplicate” keys of locks and safes. However, such listings of responsibilities is sketchy at best. They do not lead to tracing the ‘Key movements’ which is required to be done in the investigations into reported losses. Any loose end in this process shall disturb detection of chain of events leading to such losses.
(d) Amplifying further, for example, if the duplicate keys are not certified to be held correctly periodically, it would become extremely difficult for investigators to ascertain as to when the keys were physically counted and by whom. Hence, pinpointing period of loss of such keys becomes difficult to the extent that it can block further investigations.
(e) Under no circumstances the process should lead to multiple ownership at any given point of time. Ownership of original and duplicate keys must be fixed to individuals at all times and that too separately. In case of original owner is absent from duty for some reason or the other, the process should dictate the proper handing / taking over by current custodian / next custodian.
(f) In lots of cases, it has been observed that employees resort to shortcuts in handling of keys. It should be a matter of serious concern to the business that keys are routinely passed on to unauthorized employee on the plea that the authorized employee is not available due to some business reasons. Hence, to facilitate smooth business operations, the keys get handed over to next employee. It is also an unwritten fact that in such cases, the seniors are aware of such practices in their business but they choose to ignore such deviations – at their peril till such time a loss is reported. IF A PROCESS LAYS DOWN CERTAIN ACTIONS TO BE DONE IN A CERTAIN MANNER – IT MUST BE DONE THAT WAY OR NOT DONE AT ALL. In case of serious business issues, the deviations must be reported and proper checks must be spelt out in risk mitigation process to overcome such eventualities.
4. The issues listed above, though, might give an impressions of their being trivial in nature, but, if the loophole exists – be sure that it shall be exploited sooner or later and that would have crippling effect on business. More so, because the investigator shall not be able to pinpoint the blame on any individual for the loss.
Cash Safe
5. Why do we have the requirement of lock or cash safe ? What kind of lock or cash safe is ideal for the business? The basic aim of provisioning of cash safe and lock is that, the thief should not be able to walk away freely with our cash / valuables. To prevent this, we have locks, safes, physical barriers and other electronic systems in place TO DETER THE POTENTIAL THIEF AND IN CASE OF ACTUAL ATTEMPT TO STEAL AWAY, THEN SUITABLE RESISTANCE MUST BE OFFERED KEEPING IN MIND THE REACTION TIME OF THE PREVENTION TEAM, be it own internal department or law enforcing agency.
6. From the above, it logically flows that while designing a process and procuring equipment, the business must be conscious of the fact as to how much of delay potential our systems and hardware should impose on potential thieves – measurable in term of time. For example, we know that our first reaction can take in 30 minutes of time ie the time at which physical reaction can be possible by business team – then it is imperative that our cash safe, the locks and other barriers in place be of such specifications that they offer resistance to thieves for 30 minutes, at least, and in the meantime our reactions shall be in place. That would ensure safety of our cash and valuables. In case of internal thefts, the same should be preventable by suitable business process.
