How to help your clients prevent employee theft

Published Thursday 11 June 2026

Table of contents

• Why employee theft is a growing risk for your clients
• Warning signs of employee theft
• 10 internal controls to help prevent employee theft
• How technology supports theft prevention
• How to advise clients who discover theft
• Strengthen your practice with smarter fraud prevention
• FAQs on employee theft prevention

Key takeaways

• According to the ACFE 2024 Report to the Nations, organizations lose an estimated 5% of revenue to occupational fraud each year, with small businesses (fewer than 100 employees) facing median losses of $141,000 per case.
• The fraud triangle of Pressure, Opportunity, and Rationalization explains why theft happens, and strong internal controls are the most direct way to reduce opportunity.
• Separation of duties, regular bank reconciliation, mandatory vacation policies, and anonymous reporting systems are among the most effective controls you can recommend to clients.
• Cloud accounting tools with automated reconciliation, real-time dashboards, and audit trails give you and your clients faster visibility into anomalies before losses escalate.

Why employee theft is a growing risk for your clients

Employee theft isn't a fringe risk. It's one of the most common and costly threats your clients face, and many of them don't realize how exposed they are until the damage is already done.

The ACFE 2024 Report to the Nations analyzed 1,921 occupational fraud cases with total losses exceeding $3.1 billion. Organizations lose an estimated 5% of revenue to fraud annually. For small businesses with fewer than 100 employees, the median loss per case was $141,000, a figure that can threaten the survival of a business operating on thin margins.

Asset misappropriation accounts for 89% of all fraud cases, with a median loss of $120,000. Corruption schemes carry a median loss of $200,000, while financial statement fraud, though less common, results in median losses of $766,000. The median duration of fraud before detection is 12 months, meaning losses compound quietly over time.

The fraud triangle

Understanding why employees steal helps you advise clients more effectively. The fraud triangle identifies three conditions that converge to create fraud risk:

• Pressure. Financial stress, addiction, lifestyle inflation, or personal debt can push an otherwise honest employee to consider theft.
• Opportunity. Weak internal controls, lack of oversight, and concentrated access to assets create openings. This is the element you have the most influence over as an advisor.
• Rationalization. The employee convinces themselves the act is justified: "I deserve this," "I'll pay it back," or "The company won't miss it."

Why small businesses are especially vulnerable

Your small business clients are disproportionately at risk. Lean teams mean fewer people available to enforce separation of duties. Owners often trust long-tenured employees with broad access to financial systems and bank accounts. Many don't have formal policies around cash handling, expense approvals, or vendor verification.

This is where your role as a trusted advisor becomes critical. Clients rely on you to see the gaps they can't, and to recommend controls that match their size and resources.

Warning signs of employee theft

Catching fraud early can mean the difference between a recoverable loss and a business-ending event. As a practitioner, you're often the first person positioned to spot irregularities in the numbers or patterns that don't add up.

Financial red flags

These are the anomalies that surface during reconciliations, reviews, or routine reporting:

• Unexplained variances. Recurring discrepancies between bank statements and general ledger entries, especially if they're small enough to avoid obvious detection.
• Missing or altered documentation. Gaps in sequential records such as check numbers, invoices, or purchase orders.
• Unusual vendor activity. Payments to vendors with no verifiable address, duplicate invoice numbers, or vendors that only one employee manages.
• Rising expenses with flat revenue. Overhead costs increasing without a corresponding change in business volume.
• Delayed or incomplete reconciliations. When an employee resists reconciling accounts or consistently falls behind, it may indicate they're covering discrepancies.

Behavioral red flags

Financial anomalies don't exist in a vacuum. Behavioral patterns often accompany fraudulent activity:

• Refusal to take time off. Employees who never take vacation may be afraid their scheme will be discovered in their absence.
• Lifestyle changes. Spending that seems inconsistent with salary, such as new vehicles, luxury items, or frequent travel.
• Defensiveness about job duties. Resistance to cross-training, process documentation, or oversight of their accounts.
• Working unusual hours alone. Consistently working early or late without a clear business reason, particularly when it involves access to financial records.

How practitioners spot them

Your regular engagement with a client's books gives you a natural advantage. Reviewing bank reconciliations, scanning vendor lists, and comparing period-over-period trends are all part of routine work that can surface theft. When something looks off, ask questions. A pattern of vague explanations from the same employee often tells you everything you need to know.

Apply the same scrutiny internally. If your practice handles client funds or has employees managing accounts payable, the same red flags apply to your own operations.

10 internal controls to help prevent employee theft

Strong internal controls are the primary defense against employee theft. Here are 10 controls you can recommend to clients, and implement within your own practice, to reduce the opportunity side of the fraud triangle.

1. Separation of duties

No single employee should control an entire financial process from start to finish. The person who authorizes a payment shouldn't be the same person who records it or reconciles the bank account. For smaller clients with limited staff, suggest that the business owner personally reviews bank statements and approves payments above a set threshold.

2. Regular bank reconciliation and statement review

Monthly reconciliation is the minimum standard, but more frequent reviews catch problems faster. Encourage clients to have someone independent of the accounts payable process review bank statements for unfamiliar transactions. When you perform bank reconciliation as part of your service, you add a layer of external oversight that's difficult for an internal bad actor to circumvent.

3. Inventory management and auditing

For clients with physical inventory, regular counts compared against recorded levels are essential. Unannounced spot checks are more effective than scheduled audits because they remove the ability to prepare. Recommend that clients track inventory shrinkage as a key metric and investigate variances promptly.

4. Cash handling procedures

Cash-intensive businesses need clear policies: dual control over cash drawers, daily reconciliation of register totals, tamper-evident deposit bags, and documented procedures for counting and depositing cash. The fewer people who handle cash without oversight, the lower the risk.

5. Petty cash controls

Petty cash funds are a common target because they're perceived as low-risk by employees. Recommend a fixed-amount imprest system with mandatory receipts for every disbursement, regular surprise counts, and a single custodian with clear accountability. Set a maximum per-transaction limit and require a second signature for anything above it.

6. Vendor verification and payment approvals

Fictitious vendor schemes are one of the most common forms of occupational fraud. Advise clients to verify new vendors independently before adding them to the system: confirm the business address, check for tax identification numbers, and look for connections to existing employees. Require dual approval for payments above a designated threshold.

7. Access controls and user permissions

Not every employee needs access to every part of the accounting system. Role-based permissions ensure that employees can only view or edit data relevant to their job function. Review user access lists quarterly and revoke permissions immediately when someone changes roles or leaves the organization.

8. Mandatory vacation policies

Requiring employees to take consecutive time off, typically at least five business days, is a proven fraud detection tool. Many schemes require the perpetrator's ongoing involvement to stay hidden. When a different employee covers the role, irregularities often surface. This applies to your own practice as well: make sure no single team member is the only person who ever touches a particular client account.

9. Employee screening and background checks

Pre-employment background checks are a straightforward preventive measure. Credit checks (where legally permitted), criminal history reviews, and reference verification help identify candidates with past issues. For clients in regulated industries, ongoing screening may also be appropriate. Remind clients to follow all applicable federal and state laws, including Fair Credit Reporting Act requirements.

10. Anonymous reporting systems

Tips are the number one fraud detection method, responsible for uncovering 43% of cases in the ACFE 2024 report. Employees provided 52% of those tips. Web-based reporting tools (used in 40% of tip-driven detections) have surpassed telephone hotlines (30%) as the preferred channel. Encourage clients to implement an anonymous reporting mechanism and communicate its availability regularly to staff.

How technology supports theft prevention

Technology doesn't replace good internal controls, but it strengthens them by reducing manual processes and creating visibility that makes fraud harder to hide.

Automated reconciliation

Automated bank reconciliation matches transactions against bank feeds in near real-time, flagging discrepancies that might take days or weeks to surface manually. When you use Xero's automated reconciliation with your clients, unmatched or unusual transactions are surfaced immediately rather than sitting unreviewed until month-end.

Real-time dashboards and reporting

Real-time financial dashboards give both you and your clients ongoing visibility into cash flow, expenses, and account balances. Sudden spikes in spending categories or unexpected changes to vendor payment patterns become visible as they happen, not weeks later. Xero's customizable reporting allows you to build views tailored to each client's risk areas.

Cloud accounting audit trails

A comprehensive audit trail records who made what change and when. This creates accountability and makes it significantly harder to alter records without detection. If you suspect fraudulent activity, audit trail data provides the transaction-level detail needed for investigation and potential legal proceedings.

Document capture and verification

Manual data entry creates opportunities for fabrication. Automated document capture tools like Hubdoc pull bills and receipts directly from suppliers and match them to transactions. This reduces the risk of fictitious invoices being entered into the system and creates a verifiable paper trail.

How to advise clients who discover theft

Even with strong controls in place, theft can still happen. When a client comes to you with suspicions or evidence of employee fraud, how you guide them through the next steps matters enormously.

Having the conversation

Clients who discover theft often feel a mix of anger, betrayal, and embarrassment. Your role is to be calm, direct, and practical. Acknowledge the seriousness of the situation without adding to their emotional distress. Focus the conversation on what can be done now, not on assigning blame for gaps in controls.

Immediate steps

Speed matters once theft is suspected. Advise the client to:

• Secure financial records. Restrict the suspected employee's access to bank accounts, accounting software, and physical assets immediately.
• Preserve evidence. Save copies of bank statements, transaction logs, audit trail reports, and any relevant communications before anything can be altered or deleted.
• Engage a forensic accountant. For significant or complex cases, a forensic specialist can quantify the loss and trace the path of stolen funds in ways that hold up under legal scrutiny.
• Notify the insurance carrier. If the client carries fidelity bonds or crime insurance, early notification is typically a policy requirement.

Legal considerations

Advise clients to consult with an attorney before confronting the employee or taking disciplinary action. Employment law varies by state, and missteps in the termination process can create additional liability. Criminal referrals should be made in consultation with legal counsel.

Remind clients that recovering stolen funds is often possible through civil litigation, restitution orders, or insurance claims, but the process takes time. The priority is to stop the bleeding, preserve evidence, and get the right professionals involved early.

Strengthen your practice with smarter fraud prevention

Helping clients prevent employee theft is one of the most tangible ways you demonstrate your value as a trusted advisor.

The right tools make that work faster and more effective. Join the partner program to access cloud accounting features that support oversight, automated reconciliation, and real-time financial visibility for every client in your portfolio.

FAQs on employee theft prevention

Below are frequently asked questions about employee theft prevention that address common concerns practitioners encounter when advising clients.

What should you do if a client's employee confesses to theft?

A confession doesn't eliminate the need for a thorough investigation. Advise the client to document the confession in writing, secure all financial records, and consult with legal counsel before negotiating repayment or making termination decisions. Informal verbal agreements to "just pay it back" can complicate insurance claims and criminal proceedings later.

How often should clients review their internal controls?

At minimum, an annual review is a reasonable standard. However, significant changes, such as staff turnover in financial roles, rapid growth, new locations, or a shift to remote work, should trigger an immediate reassessment. Positioning this as a recurring part of your advisory engagement gives you a natural touchpoint with clients.

Are small businesses legally required to have anti-fraud policies?

There's no universal federal requirement for private small businesses to maintain formal anti-fraud policies. However, certain industries, government contractors, and businesses subject to state-specific regulations may have compliance obligations. Regardless of legal requirements, having written policies establishes expectations and can serve as a mitigating factor if fraud occurs.

Can employee theft be covered by insurance?

Yes, but only with the right coverage in place before a loss occurs. Fidelity bonds and commercial crime insurance policies are designed to cover employee dishonesty. Standard general liability and property policies typically exclude employee theft. Advise clients to review their coverage with their insurance broker and ensure policy limits align with the level of financial access employees have.

What role does company culture play in preventing theft?

Culture affects the Rationalization leg of the fraud triangle. Employees in organizations where leadership models ethical behavior, communicates expectations clearly, and treats staff fairly are less likely to justify dishonest actions. Encourage clients to pair strong controls with transparent communication about why those controls exist. Framing controls as standard business practice rather than a sign of distrust helps maintain morale while reducing risk.