Ask A CFO Anything —>

Bookkeeping Fraud: How It Happens and How to Stop It

12 min read
bookkeeping fraud prevention

The Association of Certified Fraud Examiners (ACFE) estimates that businesses lose approximately 5% of annual revenue to fraud — and small businesses are disproportionately affected. The reason: small businesses have fewer controls, and owners who trust their team often skip the oversight steps that make fraud difficult.

Most bookkeeping fraud doesn’t look dramatic. It’s not an employee wiring $500,000 to an offshore account. It’s someone submitting fake expense reports month after month, inflating vendor invoices by a small percentage, or writing personal checks from the business account and misclassifying them. Small, sustained, and hard to see without controls.

How Bookkeeping Fraud Happens

Expense Reimbursement Fraud

The most common type in small businesses: employees submit personal expenses as business expenses, duplicate expenses (submit the same receipt twice), or inflate the amounts on receipts. In businesses without receipt verification, this can run undetected for years.

Signs: Expense reports always just under the approval threshold; many “cash” or “lost receipt” claims; expenses from weekends or holidays for supposedly business-related meals.

Check Fraud and Cash Theft

Someone with check-signing authority (including the business owner’s bookkeeper if they’re given account access) writes checks to themselves, to fake vendors, or to cash — then records them as legitimate expenses. Cash businesses are particularly vulnerable when deposits are handled by one person without verification.

Signs: Vendor payments to unfamiliar names; checks with sequential numbers that appear in the bank feed but not in the books; reconciliation discrepancies that are “resolved” with adjusting entries.

Vendor Fraud

A bookkeeper or accounts payable clerk creates a fake vendor and submits invoices from that vendor for services never rendered. They control both the invoice creation and the payment approval. Or they have a kickback arrangement with a real vendor — inflating invoices in exchange for a share of the overpayment.

Signs: Vendors with PO boxes (no physical address) or addresses matching an employee’s address; invoices from vendors without any other verifiable business presence; vendors that only appear in one employee’s expense workflow.

Payroll Fraud

Adding ghost employees to the payroll, increasing pay rates for themselves or family members, or submitting additional hours that weren’t worked. In smaller businesses, payroll fraud often involves the same person who processes payroll also having access to the payroll system and general ledger.

Signs: New employees who don’t appear in your hiring records; payroll amounts that exceed your approved salary agreements; payroll deposits to bank accounts not associated with the employee’s stated payment info.

Warning Signs Most Business Owners Miss

Unusual reluctance to take vacation. Fraudsters who are maintaining an active scheme often won’t take vacation because they fear someone else will cover their duties and discover the fraud. An employee who consistently refuses time off despite company encouragement is worth attention.

“I’ll handle that myself.” Excessive ownership over processes that should be shared — refusing to delegate certain accounting tasks, being defensive when asked about specific accounts, always being the one who does bank reconciliation.

Living beyond means. Not a definitive indicator — people have complex personal finances. But an employee with an unexplained significant lifestyle improvement (new car, expensive vacations) while earning an average salary warrants awareness.

Reconciliation discrepancies that always seem to resolve. If your bookkeeper consistently resolves reconciliation discrepancies with adjusting journal entries rather than finding the underlying cause, those entries may be concealing fraudulent transactions.

Internal Controls That Actually Work

Separation of Duties

The most powerful fraud prevention: no single person controls an entire transaction from start to finish.

  • The person who records transactions should not also reconcile bank accounts
  • The person who approves expenses should not also process reimbursements
  • The person who processes payroll should not have authority to add employees or change pay rates
  • The person who writes checks should not also reconcile the bank account

For very small businesses (2–5 employees), perfect separation of duties may be impossible. The solution: compensating controls — the owner performs spot checks and reviews that substitute for formal separation.

Bank Account Review by the Owner

Regardless of who handles bookkeeping, the business owner should personally review bank and credit card statements monthly — not the reconciliation report, but the actual bank statement. Look at every transaction. This 20–30 minute monthly review is one of the highest-return fraud prevention activities.

Dual Approval on Significant Payments

Implement a dual-approval requirement for payments above a threshold ($2,500 or $5,000 for most small businesses). The person who enters the payment in the system is different from the person who approves and releases it. For wire transfers: especially critical — wire fraud is difficult to reverse once executed.

Read-Only Access for Accounting Review

When working with an outsourced bookkeeper, consider maintaining read-only access to your accounting software as the owner. You don’t need to do accounting — but being able to look at the books at any time, without going through the bookkeeper, limits the opportunity to conceal fraud.

Surprise Cash Counts and Spot Checks

For businesses with cash: unannounced spot checks on cash drawers or deposits. For businesses with expense reports: random sampling — pick 10% of expense reports each month and verify receipts and business purpose. The knowledge that spot checks happen is itself a deterrent.

Vendor Verification

Before adding a new vendor to your accounting system, verify: physical address (call the number, look up the address), business registration, and how the vendor was identified (who referred them?). New vendors added by a single employee without management awareness are a risk indicator.

If You Discover Fraud

  • Don’t confront the employee until you’ve consulted an attorney. Premature confrontation can compromise evidence and create legal exposure.
  • Preserve all records. Don’t let the employee access accounting systems or records once you’re aware of the fraud.
  • Quantify the loss. Your accountant or a forensic accountant should work through the records to estimate total loss.
  • File a police report. Necessary for any criminal prosecution and often required for fidelity bond claims.
  • Notify your insurer. If you have fidelity (employee dishonesty) coverage, notify immediately — these policies have notice requirements.
  • Consider civil recovery. Even if criminal prosecution is unlikely, civil recovery through a lawsuit is often possible.

Frequently Asked Questions

With a small team, formal separation of duties is often impossible — you can’t split a 2-person accounting function into fully independent roles. The compensating controls that work at small scale: (1) Owner review of bank statements monthly — personally review every transaction on the bank statement, not just the reconciliation report your bookkeeper produces. 20 minutes per month, high detection value. (2) Dual approval on large payments — any payment above $2,500 (or whatever threshold makes sense) requires two people to approve. Even if those two people are you and your one other executive, it eliminates the single-point-of-control problem. (3) Random spot checks — quarterly, pull 10 random expense reports or 5 random vendor invoices and verify against source documents. The randomness is the deterrent; fraudsters can time their schemes around scheduled reviews but not random ones. (4) Outsourced accounting firm — having an external firm review your books monthly provides the independent oversight that internal small teams can’t.

Step one: don’t confront the employee immediately — consult an employment attorney first. Premature confrontation without legal guidance can compromise your ability to recover funds, creates legal exposure if handled incorrectly, and may give the employee time to destroy evidence. Step two: preserve all records. Revoke the employee’s system access before or immediately after confrontation. Change banking credentials and check-writing authority. Step three: engage a forensic accountant to quantify the total loss — ‘small checks over 2 years’ may be larger than it appears when fully tallied. Step four: file a police report. This is necessary for insurance claims and potential criminal prosecution. Step five: contact your business insurance carrier — employee dishonesty coverage (fidelity bonds) may cover some or all of the loss. These policies have specific notice requirements, so notify promptly.

Fidelity insurance (also called a fidelity bond or crime insurance) covers losses from employee theft, embezzlement, and fraudulent acts. It’s a type of business insurance that specifically covers the risk of internal theft — not theft by outsiders. Coverage typically includes: employee theft of money or property, forgery of checks or financial documents, computer fraud, and funds transfer fraud. For most small businesses with employees who handle money, a fidelity bond is worth the cost — premiums are typically $500–$2,000 per year for a $100,000 coverage policy, depending on business type and the number of employees covered. Some businesses are required to have fidelity bonds by contract (certain government contractors, financial services firms, businesses that handle client funds). For others, it’s optional but prudent. The claim process requires reporting to law enforcement and documenting the loss — the bond doesn’t replace the internal controls that prevent fraud in the first place.

Remote businesses face some elevated fraud risks: less physical oversight means document manipulation is harder to catch visually; email-based approval processes are more susceptible to social engineering (fraudulent invoice or payment approval requests via email); and remote access to financial systems can be harder to control. Specific remote risks to address: implement multi-factor authentication on all banking, accounting software, and email systems — this prevents unauthorized access even if credentials are compromised. Use role-based access controls in accounting software — bookkeepers should only have the permissions they need, not admin access. Be particularly skeptical of urgent ‘vendor’ requests for banking information changes or rush wire transfers received via email — these are a common attack vector (business email compromise fraud). Verify any change to a vendor’s banking information by calling the vendor directly on a known phone number, not the one provided in the email requesting the change.

At minimum: annually, as part of your year-end accounting and tax process. A CPA reviewing your annual return should catch major irregularities. Better: quarterly spot reviews by an outside accountant who’s looking specifically at reconciliations, unusual transactions, and vendor/payee patterns. Best: monthly controller-level review as part of an outsourced accounting engagement, where a second set of professional eyes reviews the bookkeeper’s work before financial statements are finalized. The argument for more frequent review: fraud detection studies consistently find that the longer a fraud runs, the more damage it causes. A fraud caught after 3 months has a much smaller loss than one that ran for 2 years. Monthly review with separation of duties (the reviewer is different from the recorder) is the gold standard for businesses that can afford it. The cost of monthly controller review ($2,000–$5,000/month for outsourced) is typically small compared to the losses from undetected fraud.

You may also like