Business (Managing Higher Ed)

The Value of Parking Audits

parking payment station


Parking operational audits were once a critical daily task for campus parking operations. Patrons paid for daily parking permits and meter time with cash, and daily audits were necessary to make sure that all of the money that was supposed to make it to the bank actually got there.

Today, with most parking fees collected via credit card and virtual parking privileges being purchased by license plate, many campus administrators are under the mistaken impression that audits are no longer necessary. After all, you can’t steal if there’s no cash to pilfer. Right?

Actually no, parking audits are still essential.

While theft has been significantly reduced in campus parking systems with the influx of new payment technology, it hasn’t been eliminated. Thieves are more sophisticated than ever and management needs to look deeper to deter and detect problems. There are a number of problems that can only be detected through an audit, including cash deposit discrepancies, exception ticket issues, improper coupon and validation use, liability issues such as PCI-DSS compliance, and accounts receivable control. With the complexity of today’s parking management systems, audits are more important than ever and those audits must be much more nuanced to find all the potential problems.

Changing Landscape, But Typical Challenges

It wasn’t that long ago that operational audits were business as usual, both throughout campus and in the campus parking office. Parking managers checked lots while office staff scoured through tickets and reports. Revenue control systems were scarce, and the data provided uninformative. Most parking fees were collected in cash, and daily reporting was manual. The limits of the technology of the time and creative parking attendants combined to make revenue control a real challenge.

Employee theft often starts accidentally. An attendant may forget to turn in a $5.00 bill one day. No one says anything. The next week, that same attendant may be short on cash and might need lunch money, so he holds back some cash. Again, no one notices. Before you know it, he is driving a brand-new Porsche!

Fast-forward to 2018. Revenue control and audit systems have come a long way in recent years. Today, the audit process is more nuanced. Theft is reduced but not eliminated, and management needs to look deeper to deter and detect problems. For example:

Cash Deposit Timeliness—Discrepancies between the dates that revenue is collected and when the funds hit the bank can indicate revenue malfeasance. For example, an attendant may hold back cash that he has collected, using it to make his Porsche payment. He may replace that money with tomorrow’s funds, and so forth. An operational audit compares Daily Revenue Summaries to bank deposit slips to revenue reports produced by the parking access revenue control (PARCS) equipment. Any differences identified should be explored, explained, and promptly corrected.

Permit Management—While many colleges and universities have transitioned to electronic permit sales and virtual, some still utilize physical permits. For campuses with a front counter operation (selling and distributing permits from a discrete location), it’s important to make sure that the physical permits are kept secure at all times. Leaving them out on a shelf for easy access invites theft. Permits are extremely valuable, and each can be sold for hundreds of dollars.

Keeping logs and sales sheets secured and making sure they are all there is vital. A parking audit can track permit sales and make sure that the appropriate revenues have been collected and deposited.

Exception Ticket Verification—Fee computers do most of the rate-calculation heavy lifting. But what about manually adjusted rates, lost tickets, voided tickets, etc.? Is the manual adjustment approved by management? The audit process compares the exception tickets to “exception ticket logs” and to daily reports to establish each ticket’s legitimacy.

Coupon and Validation Control—Some parking systems still use physical validation coupons. Are coupons sequentially numbered? Does the parking operator maintain a log of coupons sold so auditors can make sure that coupons aren’t missing or sold out of order? These are both potential signs of theft.

Liability Red Flags Such as PCI-DSS Compliance—Campus parking operators risk significant liability exposure if credit card data security is not compliant to established standards. Does the PARCS vendor provide annual certification of PCI-DSS compliance? Is the (old) PARCS system properly truncating patrons’ credit card numbers? A parking audit can reduce owners’ and operators’ exposure to these potentially serious risks.

Accounts Receivable Control—On many campuses, enforcement is an important source of revenue. No parking administrator wants to hear that scores of citations have gone unpaid and are now uncollectable. Student tickets are usually sent to the bursar’s office and likely must be paid in order to register or to receive a diploma. Tickets issued to people from outside the campus community, and often to faculty and staff, often are not pursued as actively. Auditors bring A/R issues to light, allowing management to address moneys due before A/R becomes bad debt.

Stay on Top of Your Game

These are just a few examples of the types of problems that have become typical in the technology age and which can be addressed through parking audits. Annual operational audits help campus parking operations stay on top of their game by employing a three-pronged approach: a year-to-year system performance overview, single-month management statement analysis, and deep-dive audit of tickets and reports for a seven-day week. Audit results are documented in a comprehensive written report that serves as a guidebook to help eliminate avoidable revenue losses and expense overruns.

For campus parking operations, regular parking audits are absolutely essential. Rather than eliminating the need for audits, the advent of parking technology and electronic payment has made regular audits even more important by creating a more complex parking management environment.


The payment card industry data security standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover, and American Express. The PCI DSS applies to any vendor or service provider that handles, processes, stores, or transmits credit card data; any vendor or service provider that processes, handles, or stores credit card data is required to be PCI-DSS compliant.

This article originally appeared in the College Planning & Management October 2018 issue of Spaces4Learning.