How to help clients prevent employee theft
Help your clients protect their business with practical theft prevention strategies and controls.

Written by Lena Hanna—Trusted CPA Guidance on Accounting and Tax. Read Lena's full bio
Published Thursday 9 July 2026
Table of contents
Key takeaways
- According to the Association of Certified Fraud Examiners (ACFE) 2024 report, organisations lose an estimated 5% of annual revenue to occupational fraud, with asset misappropriation occurring in 89% of cases.
- Strong internal controls, including segregation of duties, regular reconciliations, and documented approval workflows, are the foundation of theft prevention advice you can offer clients.
- Cloud accounting tools with automated reconciliation, real-time reporting, and digital audit trails make it easier for you to spot irregularities early and build ongoing monitoring into your practice.
- When theft is suspected, securing financial records and understanding Hong Kong's Theft Ordinance (Cap. 210) are critical first steps before involving legal counsel or reporting to police.
Employee theft is one of those risks that many small business owners don't think about until it's too late. As their trusted adviser, you're in a strong position to help clients put the right safeguards in place before losses occur.
Why employee theft is a risk your clients may underestimate
Most of your clients trust their teams, and that's a good thing. But trust without oversight creates opportunity for fraud. The ACFE's 2024 Report to the Nations found that organisations lose an estimated 5% of annual revenue to occupational fraud, with a median loss of $120,000 per case for asset misappropriation.
Small businesses are particularly vulnerable because they often lack the formal controls that larger organisations have in place. Fewer staff means less segregation of duties, and owner-operators are frequently too busy to review transactions in detail. These gaps are exactly where employee theft thrives.
A widely cited principle in fraud prevention holds that roughly 10% of people will never steal, 10% will steal given any opportunity, and the remaining 80% could go either way depending on circumstances. Your role is to help clients remove the circumstances that push that 80% in the wrong direction.
Common types of employee theft
When you're advising clients on theft prevention, it helps to walk them through the specific risks their business faces. Theft doesn't always look like someone taking cash from the register. Here are the most common forms you should be watching for.
- Cash skimming: an employee intercepts cash payments before they're recorded, making the theft invisible in the books.
- Inventory theft: stock goes missing without corresponding sales records, particularly common in retail, hospitality, and warehousing.
- Payroll fraud: ghost employees, inflated hours, or unauthorised pay rises that slip through without proper approval workflows.
- Expense fraud: fictitious or inflated expense claims, duplicate reimbursements, or personal purchases disguised as business expenses.
- Time theft: employees consistently claiming hours they haven't worked, costing clients in wages without corresponding productivity.
- Data theft: sensitive client information, supplier lists, or proprietary data taken by employees, often undetected until the damage is done.
Understanding these categories helps you tailor your fraud prevention advice to the specific vulnerabilities in each client's business.
Internal controls to help prevent employee theft
Building theft prevention into your advisory offering starts with helping clients design practical internal controls. The Fraud Triangle, a concept developed by criminologist Donald Cressey in the 1950s and later popularised by the ACFE, identifies 3 conditions that lead to fraud: opportunity, pressure, and rationalisation. Strong controls directly reduce the opportunity element.
Segregation of duties
Advise clients to separate key financial responsibilities so that no single employee controls an entire transaction from start to finish. For example, the person who approves invoices shouldn't also be the one making payments. In smaller businesses where staffing is limited, suggest that the business owner retains sign-off on payments or bank transfers as a compensating control.
Regular reconciliations and reviews
Encourage clients to reconcile bank accounts, petty cash, and inventory records regularly rather than leaving it all to year-end. Monthly or even weekly reconciliations make discrepancies visible quickly. Position this as a service you can provide, building it into your engagement as an ongoing monitoring function.
Documented approval workflows
Help clients establish clear approval thresholds for purchases, expenses, and payroll changes. Written policies remove ambiguity and make it harder for employees to claim they didn't know the rules. These don't need to be complex; a simple 1-page policy covering spending limits and approval chains can make a significant difference.
Surprise audits and spot checks
Recommend periodic unannounced checks on cash handling, inventory counts, and expense claims. The unpredictability of these checks acts as a deterrent. You can offer this as a quarterly or biannual service, adding value to your practice while giving clients peace of mind.
Tip and reporting channels
The ACFE's 2024 data shows that 43% of occupational fraud is detected through tips. Encourage clients to establish a way for employees to report concerns anonymously. Even a dedicated email address managed by an external party can serve this purpose for smaller businesses.
How technology supports theft prevention
Technology won't eliminate theft on its own, but it significantly reduces the opportunity for it. Cloud accounting platforms give you and your clients real-time visibility into financial data, which is one of the most effective deterrents available.
Automated bank reconciliation flags unmatched transactions immediately rather than letting them sit unnoticed for months. With Xero's accounting software, you can set up bank feeds that pull transactions in daily, making it straightforward to spot unusual activity as it happens. Real-time reporting dashboards let you and your clients monitor cash flow, expenses, and revenue trends without waiting for month-end reports.
Digital audit trails are another significant advantage. Every transaction in a cloud accounting system is time-stamped and linked to the user who entered it, creating accountability that paper-based systems simply can't match. If something doesn't add up, you can trace it back to the source quickly.
For clients dealing with physical stock, inventory management apps that integrate with their accounting platform can track stock movements in real time, flagging discrepancies between recorded and actual inventory levels. This kind of visibility turns theft prevention from a periodic exercise into a continuous process.
What to do when you suspect employee theft
When a client comes to you with concerns about potential theft, having a clear process matters. Reacting too quickly or too slowly can both create problems. Here's how to guide your clients through it.
The first step is to secure all relevant financial records. Advise your client to restrict the suspected employee's access to accounting systems, bank accounts, and sensitive documents without tipping them off. If you're using cloud accounting software, user permissions can be adjusted immediately.
Next, gather evidence methodically. Review transaction records, reconciliation reports, and audit trails to identify the scope and pattern of any irregularities. Document everything thoroughly; this evidence will be essential whether the matter is resolved internally or escalated.
Under Hong Kong's Theft Ordinance (Cap. 210), theft carries a maximum penalty of 10 years' imprisonment. False accounting, covered under Section 19 of the same ordinance, also carries up to 10 years. These are serious offences, and your clients need to understand the legal weight of proceeding with a formal complaint.
Advise clients to consult a solicitor before confronting the employee or making decisions about termination. Legal counsel can help ensure the investigation process doesn't compromise any future prosecution. If the evidence supports it, a report to the Hong Kong Police Force should be filed.
Throughout this process, remind your clients to keep the matter confidential. Premature disclosure can damage team morale, expose the business to defamation claims, and potentially allow the suspected employee to destroy evidence.
Strengthen your advisory offering with Xero
Fraud prevention is exactly the kind of proactive, high-value advisory work that sets your practice apart. By helping clients build robust internal controls and monitoring systems, you move beyond compliance into the role of trusted business adviser.
Xero gives you the tools to deliver this effectively: real-time data access, automated reconciliation, detailed audit trails, and customisable reporting that makes ongoing oversight practical rather than time-consuming. Building theft prevention reviews into your regular client engagements creates a recurring revenue stream while protecting the businesses you serve.
Join the partner program to access practice tools, training resources, and support that help you grow your advisory offering.
FAQs on employee theft prevention
Here are some frequently asked questions about employee theft prevention that your clients may raise.
What's the most effective way to detect employee theft early?
Regular bank reconciliations and automated transaction monitoring are the most reliable methods. Cloud accounting platforms flag unmatched transactions in real time, letting you catch discrepancies before they accumulate. Combining this with periodic surprise audits creates a strong detection framework.
How do I raise the topic of theft prevention with clients without causing alarm?
Frame it as part of good business governance rather than a response to a specific threat. During annual reviews or onboarding, position internal controls as standard practice for protecting the business. Most clients appreciate the proactive approach when it's presented as routine risk management.
What legal protections should Hong Kong businesses have in place?
Employment contracts should include clear clauses on confidentiality, use of company assets, and consequences for dishonesty. Under Hong Kong's Theft Ordinance (Cap. 210), theft and false accounting both carry serious penalties, so having documented policies demonstrates that the business takes these matters seriously.
Can small businesses with limited staff still implement effective controls?
Yes. Even with a small team, clients can implement compensating controls such as owner sign-off on all payments, mandatory annual leave (forcing handover of duties), and automated reconciliation through their accounting software. You can also offer external oversight as part of your engagement, acting as the independent review layer the business lacks internally.
How can I build theft prevention into a recurring advisory service?
Start by including a controls assessment in your onboarding process for new clients. Then offer quarterly reviews covering bank reconciliations, expense audits, and payroll checks. Package this as a governance or risk management service alongside your existing compliance work; it adds genuine value and creates a predictable revenue stream for your practice.
Disclaimer
Xero does not provide accounting, tax, business or legal advice. This guide has been provided for information purposes only. You should consult your own professional advisors for advice directly relating to your business or before taking action in relation to any of the content provided.
Become a Xero partner
Join the Xero community of accountants and bookkeepers. Collaborate with your peers, support your clients and boost your practice.