How to help clients prevent employee theft: a guide for accountants

Published Friday 5 June 2026

Table of contents

• The scale of employee theft in the UK
• Common types of employee theft
• Warning signs of employee theft
• 10 steps to help clients prevent employee theft
• What to do when employee theft is discovered
• How technology helps prevent employee theft
• Strengthen your advisory services with Xero
• FAQs on preventing employee theft

Key takeaways

• Police-recorded data shows employee theft in England and Wales is rising year on year, with thousands of offences reported annually and experts widely acknowledging these figures represent only a fraction of actual cases.
• The most effective prevention combines strong internal controls, such as segregation of duties and authorisation limits, with cloud accounting technology that provides real-time visibility and automated audit trails.
• As a trusted advisor, you're uniquely placed to help clients design controls that fit their business size and risk profile, and to spot the financial red flags that indicate theft may already be occurring.
• UK criminal law gives clients a clear basis for reporting theft and pursuing civil recovery, making it worth building awareness of the legal framework into your advisory conversations.

The scale of employee theft in the UK

Employee theft remains a persistent risk for businesses of every size, and the trend is heading in the wrong direction. Understanding the current landscape helps you frame the conversation with clients and build a compelling case for stronger controls.

Police-recorded crime data for England and Wales logged 6,244 employee theft offences in 2023/24. Freedom of Information responses from 43 UK police forces show that figure translates to nearly 500 reported incidents every month, with a 19% increase over the preceding period. These numbers only capture cases that make it to the police; the true scale is significantly higher because employee theft is widely acknowledged to be underreported.

The Association of Certified Fraud Examiners (ACFE) uses the Fraud Triangle, developed by criminologist Donald R. Cressey, to explain why employees steal. The three factors are pressure, opportunity, and rationalisation. For accountants and bookkeepers advising smaller business clients, opportunity is the factor you can most directly influence through better controls and processes.

Common types of employee theft

Theft takes many forms, and some are far harder to detect than others. Recognising the full range helps you advise clients on where their specific vulnerabilities lie.

• Cash skimming and larceny. Removing cash before or after it enters the accounting system. Common in retail and hospitality businesses with high volumes of cash transactions.
• Billing and expense fraud. Submitting fictitious invoices, inflating expense claims, or creating shell supplier accounts. This often involves collusion or exploits weak purchase order processes.
• Payroll fraud. Creating ghost employees, inflating hours, or manipulating overtime records. Particularly common where one person controls both payroll input and approval.
• Inventory theft. Taking stock, raw materials, or finished goods. Often disguised through write-offs for damaged or obsolete items.
• Time theft. Falsifying timesheets, buddy-punching, or conducting personal business during work hours. While less dramatic, the cumulative cost can be substantial.
• Data and intellectual property theft. Copying client lists, proprietary processes, or sensitive financial data. This risk has grown as more business information is stored digitally.

Warning signs of employee theft

Spotting the indicators early limits financial damage and gives your clients options for how to respond. The red flags fall into two categories: financial anomalies you may detect in the accounts, and behavioural changes the business owner may observe.

Financial red flags to watch for in client accounts include:

• Unexplained variances between expected and actual figures. Regular shortfalls in cash, inventory counts that don't match records, or cost of goods sold that drifts without a clear reason.
• Missing or altered documentation. Gaps in receipt sequences, voided transactions that lack proper authorisation, or purchase orders that don't match delivery notes.
• Unusual journal entries or adjustments. Entries posted outside normal processes, round-number adjustments, or frequent write-offs to suspense accounts.
• Supplier account anomalies. New suppliers with PO box addresses, invoices with no VAT registration number, or a single supplier receiving disproportionate payments.

Behavioural indicators the business owner should monitor include:

• Reluctance to take leave or share duties. An employee who never takes holiday and resists anyone else handling their responsibilities may be concealing irregularities.
• Lifestyle changes inconsistent with salary. New cars, expensive holidays, or other spending that doesn't align with what the role pays.
• Defensiveness about work processes. Reacting aggressively when asked routine questions about transactions, or insisting on handling specific tasks alone.
• Unusual working patterns. Consistently working late alone, arriving before everyone else, or accessing systems outside normal hours without a clear business reason.

10 steps to help clients prevent employee theft

Prevention is always more cost-effective than investigation and recovery. These steps give you a practical framework to walk clients through, starting with the controls that deliver the greatest protection.

1. Implement segregation of duties. No single person should control an entire transaction from initiation to recording to reconciliation. Even in small businesses, splitting responsibilities across two or three people creates natural checkpoints. Where headcount makes full segregation impractical, the business owner should retain approval authority over payments and be the one to review bank statements.
2. Set clear authorisation limits. Every payment, purchase, and write-off above a defined threshold should require a second signature or approval. Document these limits in a written policy so there's no ambiguity. Review the thresholds annually to ensure they still reflect the business's transaction volumes.
3. Reconcile bank accounts monthly. Regular bank reconciliation is one of the most effective detective controls available. Someone independent of the cash-handling and payment processes should perform the reconciliation and investigate every unmatched item promptly.
4. Conduct surprise audits. Scheduled audits have value, but unannounced spot-checks are far more effective as a deterrent. Rotate which areas you check: petty cash one month, inventory the next, expense claims the month after. An unpredictable schedule is itself a deterrent.
5. Tighten cash-handling procedures. Require dual-person verification for cash counts at shift changes. Limit who has access to cash drawers and safes. For businesses that still handle significant cash volumes, ensure daily banking is standard practice rather than allowing cash to accumulate on-site.
6. Use technology to automate controls.Cloud accounting software with automated bank feeds, digital approval workflows, and comprehensive audit trails removes many opportunities for manipulation. Automated reconciliation flags discrepancies as they arise rather than weeks later.
7. Review payroll and expense processes. Separate payroll preparation from approval. Require receipts for every expense claim above a minimal threshold. Run periodic checks comparing the payroll register to human resources (HR) records to identify ghost employees or unauthorised pay changes.
8. Implement a clear reporting policy. Encourage employees to report concerns through a confidential channel. Make it clear that reporting is protected and valued. Businesses with a visible whistleblowing policy experience fewer and less severe fraud losses.
9. Screen new hires for sensitive roles. For positions involving financial responsibilities, conduct background checks, verify qualifications, and follow up on employment references. This isn't about distrust; it's about due diligence proportionate to the level of access the role provides.
10. Review controls regularly as the business grows. Controls that work for a five-person business may be inadequate once headcount reaches 20 or 30. Build an annual controls review into your advisory conversations. As transaction volumes, staff numbers, and systems change, the control environment needs to adapt.

What to do when employee theft is discovered

Despite the best controls, theft can still occur. How your client responds matters for legal, financial, and operational reasons, and the steps overlap closely with broader fraud prevention practices. Your role is to help them navigate this carefully.

The first priority is to secure evidence before the employee becomes aware of the investigation. This means preserving financial records, restricting system access where appropriate, and documenting what has been identified so far. Advise your client not to confront the employee until they have a clear picture of the scope and have taken legal advice.

Under the Theft Act 1968, employee theft in England and Wales carries a maximum penalty of seven years' imprisonment. Reporting to the police is a decision the business owner must make, but you can help them understand the options. Many business owners hesitate to involve the police because of the perceived disruption, but formal reporting creates a record that may be important if the employee seeks future employment in a similar role.

For the employment relationship, Advisory, Conciliation and Arbitration Service (ACAS) guidance on disciplinary procedures should be followed. Even where theft appears clear-cut, failing to follow a fair process can expose the business to an unfair dismissal claim. Gross misconduct dismissal is appropriate where theft is substantiated, but the investigation and hearing process must still be properly conducted.

On the question of recovering losses, employers can't simply deduct stolen amounts from wages without the employee's written agreement. Unlawful deductions from wages are a separate legal risk under the Employment Rights Act 1996. Civil recovery through the courts or a negotiated repayment agreement are the proper routes.

How technology helps prevent employee theft

Cloud accounting technology has fundamentally changed how businesses can protect themselves. Where traditional paper-based systems relied on manual checks, modern software provides continuous, automated oversight.

Automated bank feeds and reconciliation mean that every transaction is matched against a bank record in near real-time. Discrepancies surface immediately rather than waiting for a month-end review. This dramatically narrows the window of opportunity for concealing fraudulent transactions.

Comprehensive audit trails record who created, edited, or approved every transaction, and when. This makes it far harder for an employee to alter records without leaving a trace. User-level permissions ensure that access to sensitive functions, such as creating new suppliers or processing refunds, is restricted to authorised staff.

Digital document capture and storage, through tools like Xero's Hubdoc integration, creates a verified record of source documents attached to each transaction. Missing or altered receipts become immediately visible when the expectation is that every transaction has a digital source document attached.

For practices advising multiple clients, Xero HQ provides a single dashboard to monitor the health of client organisations. Unusual patterns across bank accounts, outstanding reconciliation items, or spikes in certain expense categories can be identified across your client base without logging in to each organisation individually.

Inventory management integrations connect stock records directly to the accounting system, making it harder to disguise inventory theft through manual adjustments.

Strengthen your advisory services with Xero

Helping clients build robust financial controls is one of the most valuable services a practice can offer. It deepens client relationships and positions your practice as a strategic advisor.

The Xero Partner Programme gives practices the tools to deliver this kind of advisory work efficiently, from Xero Practice Manager that frees up capacity, to client-facing features like automated bank feeds, user permissions, and audit trails that make strong controls practical even for the smallest businesses. Join the partner programme to access the full suite of practice tools and resources.

FAQs on preventing employee theft

Below are answers to frequently asked questions about preventing employee theft in the workplace.

What is the most common form of employee theft?

Cash theft, including skimming and larceny, remains the most frequently reported type across UK businesses, particularly in retail, hospitality, and other cash-intensive sectors. However, billing fraud and expense claim manipulation are increasingly common in office-based environments where cash handling is minimal.

How should accountants raise theft concerns with clients?

Start with the data rather than the accusation. Present the specific anomalies you've identified, such as unexplained variances or documentation gaps, and ask the client for context before suggesting further investigation. Framing the conversation around financial health rather than blame makes it easier for clients to engage constructively and take action.

Can an employer deduct money from wages for theft in the UK?

Not without the employee's written consent. If the employer pursues a criminal conviction, the court can issue a compensation order requiring the employee to repay losses. Otherwise, the employer needs to negotiate a repayment agreement or pursue a separate civil claim through the county court.

How should a business report employee theft in the UK?

Report the matter to the local police by calling 101 or visiting a police station; for fraud-related theft, report through Action Fraud online. It's important to keep the criminal reporting process separate from any internal disciplinary proceedings, as the outcomes are independent of each other.

What percentage of employee theft is reported?

Employee theft is significantly underreported. Many businesses choose not to involve the police because they consider the amount too small for prosecution, prefer to handle the matter internally, or want to avoid the disruption of a criminal investigation. There is no single reliable UK figure, but research consistently shows that most incidents go unreported.