Most small business fraud isn't committed by strangers. It's committed by people you trust — and it often goes on for years before anyone notices.

5% of annual revenue lost to fraud on average

14 mo. median duration before fraud is detected

42% of cases discovered by a tip — not an audit

Source: ACFE Report to the Nations 2024

Running a small business means wearing many hats. You're the visionary, the salesperson, the manager — and often the last person to review the books in detail. That trust gap is exactly what fraudsters count on.

As a forensic accountant, I've worked with business owners who were shocked to discover that someone on their payroll had been quietly siphoning funds for months, sometimes years. The discovery rarely comes from a dramatic confrontation. More often, it begins with a nagging feeling — an expense that doesn't quite add up, a vendor name that rings no bells, a reconciliation that keeps getting pushed to next week.

The good news: most occupational fraud is preventable if you know what to look for. This guide walks you through the most common fraud types, the warning signs that precede them, and the practical controls that stop them — without requiring a compliance department or a large budget.

Why Small Businesses Are at Higher Risk

Contrary to what many owners assume, small businesses are more vulnerable to occupational fraud than large corporations — not less. The Association of Certified Fraud Examiners (ACFE) consistently finds that smaller organizations suffer larger losses relative to their size, take longer to detect fraud, and recover less of the stolen funds. The core reason is structural: small businesses concentrate too much financial authority in too few hands. A single trusted employee may handle invoicing, payments, bank reconciliation, and payroll — functions that large organizations deliberately separate. When one person controls an entire financial process, they also control the ability to hide their tracks.

Segregation of Duties High Risk

Often one or two people handle all financial functions — from recording transactions to reconciling accounts.

Why it matters No independent check on transactions or reconciliation means errors and theft go undetected.

Owner Oversight High Risk

Owners are focused on operations and growth, often leaving financial review to a trusted employee.

Why it matters An extended window without owner review gives fraudsters months — sometimes years — to operate undetected.

Vendor Verification High Risk

Vendor vetting is informal or nonexistent — new vendors are added on the word of a single employee.

Why it matters Shell companies and fake vendors go undetected when no one cross-checks vendor details independently.

Internal Audit Medium–High

Rarely present in small businesses; external accounting is periodic and backward-looking.

Why it matters Without routine independent review, anomalies accumulate unnoticed between annual filings.

Technology Controls Medium

Basic software is often used without enabling audit trails, user permissions, or access logs.

Why it matters Without logs, records can be altered or deleted with no trace — making concealment significantly easier.

Tip Hotlines Medium

Usually absent in businesses under 100 employees, where reporting fraud feels personal and risky.

Why it matters Anonymous tips are the #1 fraud detection method — without a channel, colleagues stay silent.

"A bookkeeper who handles both incoming payments and bank reconciliation has the access and the opportunity to conceal theft. Separating these duties is one of the most powerful controls you can implement — at no extra cost."

— MMB MBA

The Three Types of Fraud That Hit Small Businesses Hardest

Occupational fraud falls into three broad categories. Understanding each type — how it works, who commits it, and what it looks like in your books — is the first step toward recognizing it in your own business.

Asset Misappropriation

This is by far the most common form of occupational fraud, accounting for 89% of all reported cases according to the ACFE. It occurs when an employee steals or misuses the organization's resources — cash, inventory, equipment, or proprietary information. Because it happens at the transaction level, it can be difficult to spot without reviewing source documents.

1. Skimming targets businesses with cash sales — retail, restaurants, and service companies. Cash is taken before it ever hits the books, making it hard to trace. Watch for understated daily receipts or missing register tapes.

2. Larceny differs from skimming in one key way: the cash has already been recorded when it's stolen. Any business processing cash payments is at risk. Look for altered deposit records or unexplained discrepancies in the ledger.

3. Check tampering occurs when someone with check-writing authority forges or alters checks to redirect funds to themselves. Red flags include voided checks with no explanation, dual endorsements, and missing check stubs.

4. Expense reimbursement fraud is common wherever employees submit expenses without close review. Claims may be inflated, entirely fictitious, or personal purchases dressed up as business expenses. Duplicate receipts, suspiciously round dollar amounts, and charges that don't match the business are the tells.

5. Inventory theft affects retailers, manufacturers, and distributors. Goods are stolen outright or quietly underreported. It often hides behind shrinkage write-offs or manipulated vendor credits that make the numbers appear to reconcile.

6. Payroll diversion happens when a fraudster updates their own direct deposit routing to redirect wages — or sometimes an entire paycheck — to a personal account. It's most common where payroll changes can be made without a second set of eyes or HR approval.

Billing Fraud

Billing fraud is deceptively hard to catch because it looks like normal business activity. Payments flow to what appear to be legitimate vendors — but the vendor is fictitious, controlled by the employee, or inflating its invoices. This type of scheme often goes undetected for years because it doesn't trigger obvious anomalies in the accounts payable ledger.

1. Shell company billing is one of the most brazen forms of billing fraud — an employee sets up a fictitious vendor and submits invoices for services never rendered. Because the vendor looks legitimate on paper, payments flow unquestioned. No web presence, no verifiable phone number, and a PO box address are the clearest warning signs.

2. Invoice inflation involves a real vendor — but one that's been coached to overbill, with the excess kicked back to the employee approving the invoices. It's particularly hard to detect because the vendor relationship looks normal. Prices consistently above market rate, or a vendor relationship managed exclusively by one employee, should raise questions.

3. Personal purchases get buried in business accounts under vague descriptions like "consulting," "supplies," or "professional services." The invoices look routine until someone asks what was actually delivered. Detailed invoice review and occasional vendor confirmation calls go a long way here.

4. Duplicate payments occur when the same invoice is paid more than once and the surplus is diverted. It often exploits gaps between accounting staff or busy periods when volume is high. Identical invoice numbers or amounts paid in close succession are the giveaway.

5. Pay-and-return schemes are more sophisticated — a legitimate payment is made, then a fraudulent credit or refund is created and redirected to the employee before the vendor is made whole. Unusual credit memos or vendor refunds that don't appear in the ledger are the signal to dig deeper.

Payroll Fraud

Payroll fraud exploits the trust organizations place in HR and finance staff to accurately report and process compensation. It is particularly damaging in businesses with manual payroll processes, loose timekeeping, or a single person responsible for both processing and approving payroll.

1. Ghost employees are fictitious workers added to the payroll whose wages are quietly diverted to the fraudster. This scheme thrives in businesses with large or seasonal workforces where no one is tracking headcount closely. A periodic roster review — comparing payroll records against actual employees — is the most direct way to catch it.

2. Inflated hours are submitted by hourly employees whose timesheets go unreviewed, or approved by supervisors who aren't cross-checking against actual output. It's especially common in service businesses, construction, and hospitality. Exception reports comparing hours logged to productivity metrics can surface the pattern quickly.

3. Unauthorized raises happen when someone with payroll system access quietly increases their own compensation — sometimes by small enough increments to avoid notice for months. Any business where a single person both processes and approves payroll is exposed. A regular audit comparing actual pay rates to approved compensation agreements closes this gap.

4. Commission manipulation inflates sales figures or suppresses return credits to boost payout amounts. It tends to surface in sales-driven businesses where commissions are calculated from data the salesperson has some control over. Cross-referencing commission calculations against CRM records and invoices is the most reliable check.

5. Benefits abuse covers a range of schemes — fraudulent expense reimbursements, improper insurance claims, or manipulated vacation accruals. It's most common where benefits are discretionary and claims aren't routinely audited against eligibility records.

Warning Signs You Should Never Ignore

Fraud rarely announces itself. But decades of forensic investigation have revealed a consistent set of behavioral and financial patterns that precede — and accompany — nearly every scheme. These are not proof of fraud on their own, but any cluster of them warrants a closer look.

• An employee who insists on handling finances alone and actively discourages oversight, questions, or cross-training — framing it as "efficiency" or "I've always done it this way."

• Unexplained increases in expenses without a corresponding rise in revenue, activity, or headcount. Pay particular attention to catch-all categories like "miscellaneous" or "supplies."

• Vendor names you don't recognize, vendors that share a PO box or home address with an employee, or vendors with no verifiable online presence.

• Voided or missing receipts, especially for cash transactions, or a pattern of transactions just below approval thresholds.

• An employee living noticeably beyond their apparent means — a lifestyle that doesn't align with their compensation. This is one of the most consistently reported behavioral indicators in ACFE data.

• Bank reconciliations that are consistently delayed, incomplete, or "almost done" for weeks at a time. This is often a sign that someone is struggling to cover their tracks.

• Duplicate payments to the same vendor, or vendors receiving payments at irregular intervals that don't match stated payment terms.

• An employee who never takes vacation — or returns immediately when they do. Fraud schemes often unravel when the perpetrator is absent and someone else handles their duties.

• Customer complaints about payments not being applied to their account. This can signal skimming where cash was collected but never deposited.

• Unusual journal entries near the end of reporting periods — particularly round-dollar entries or credits to expense accounts that reduce balances right before month-end.

"Business owners often sense a problem before they can articulate it. If something feels off — trust that instinct. Forensic accounting exists precisely to surface what the numbers are quietly telling you."

— MMB MBA

Six Controls That Significantly Reduce Your Risk

You don't need an expensive compliance department to protect your business. The controls below can be implemented by any small business owner, often at little or no cost. Together, they address the three conditions that enable fraud: opportunity, motivation, and rationalization. By eliminating opportunity, you make your business a far harder target.

1. Separate financial duties to block asset misappropriation, check tampering, and billing fraud. The person who writes or approves checks must not also reconcile the bank account — even partial separation makes concealment significantly harder. This is one of the most powerful controls available, and it costs nothing to implement.

2. Review bank and credit card statements personally every month, even briefly. Doing this before statements go to your bookkeeper signals that someone is watching and creates an independent check against all fraud types. Fifteen minutes a month can close a gap that fraudsters count on staying open.

3. Require dual authorization on larger payments to prevent unauthorized transfers, shell company billing, and check fraud. Set a threshold — $2,500 is a common starting point — above which two authorized signatories must approve the payment. Many banks offer dual-control features at no added cost.

4. Set up transaction alerts on all business accounts to catch unauthorized transfers, high-value transactions, and after-hours activity in real time. Most banks and payment platforms offer free SMS or email alerts for transactions above a set amount. Configure them on every account, card, and platform your business uses.

5. Use accounting software with audit trails and user permissions to prevent record manipulation, unauthorized access, and concealment of transactions. Platforms like QuickBooks and Xero log who did what and when. Set role-based access so staff can only see and edit what their specific job requires — and no more.

6. Have your books reviewed periodically by an outside accountant to catch long-running schemes, collusion, and systematic manipulation that internal staff may miss or deliberately obscure. Even one or two external reviews per year introduces an independent perspective that no insider can anticipate or circumvent.

Understanding Why Fraud Happens: The Fraud Triangle

Most occupational fraud is not committed by career criminals. Research consistently shows that the majority of perpetrators have no prior criminal record, have worked for their employer for years, and are considered trusted members of the team. Understanding what motivates otherwise honest people to commit fraud is essential to prevention.

The Fraud Triangle, developed by criminologist Donald Cressey, identifies three conditions that must all be present for occupational fraud to occur. Eliminate any one of them, and fraud becomes significantly less likely.

1. Opportunity is the only element of the Fraud Triangle you can directly control — and the most important one to eliminate. It refers to the ability to commit and conceal fraud, almost always created by weak internal controls. A single person controlling both payments and reconciliation, informal vendor vetting, or expenses that no one reviews are all open doors. Segregation of duties, owner review of statements, dual authorization on larger payments, and software access controls close them.

2. Pressure — is a personal financial need or desire the employee feels they cannot address openly. Medical debt, gambling, divorce, lifestyle inflation, or simply wanting to keep up with a certain standard of living are among the most common drivers. This element is difficult to prevent directly, but awareness matters. Employee assistance programs, attentiveness to sudden lifestyle changes, and a workplace culture where people feel they can raise financial concerns without stigma all reduce the conditions in which pressure festers quietly.

3. Rationalization is the internal story the fraudster tells themselves to justify the theft — "the business owes me," "I'll pay it back before anyone notices," "they'll never miss it," or "they underpay me and this evens things out." Like motivation, rationalization cannot be fully controlled from the outside. But it is less likely to take hold in workplaces where compensation is fair, contributions are recognized, ethical standards are clearly communicated, and leadership models the behavior it expects from others.

If You Suspect Fraud Has Already Occurred

If warning signs are present, or if your instincts are telling you something is wrong, the steps you take in the first 48 hours matter enormously — both for preserving evidence and for any subsequent legal action.

• Contact a forensic accountant immediately for a confidential assessment before taking any other action. Confronting the suspected employee directly — however instinctive — destroys evidence, gives the perpetrator time to cover their tracks, and can create legal liability for you.

• Secure access to financial records by changing passwords and restricting system access as soon as possible. Every day of continued access is an opportunity to delete records, modify entries, or move funds before the investigation begins.

• Preserve originals of all records without alteration, annotation, or reorganization. Printing and marking up originals — or moving files around — can compromise a criminal case and reduce the admissibility of evidence in legal proceedings.

• Consult your attorney before making any employment decisions. Terminating the employee before the investigation is complete can forewarn accomplices, trigger wrongful termination claims, and disrupt the evidence trail at precisely the moment it matters most.

• Notify your insurer if you carry employee dishonesty or fidelity bond coverage. Most policies have time-sensitive reporting requirements — delayed notification can void your claim entirely, leaving you without the recovery you've paid for.

A Note on Confrontation: The single most common mistake business owners make when they suspect fraud is confronting the employee directly — often because it feels like the honest, straightforward thing to do. In practice, it almost always makes the situation worse. The employee can destroy digital evidence, alert accomplices, fabricate explanations, or make a legal claim against you. Contact a forensic accountant first, every time.

The Real Cost of Inaction

Small business owners sometimes assume that the cost of preventive controls outweighs the risk — particularly if they have trusted, long-tenured staff. The data tells a different story. According to the ACFE, businesses with fewer than 100 employees suffer a median fraud loss of $150,000 — higher than organizations of any other size — and recover only about 22% of what was taken, whether through insurance, civil litigation, or criminal restitution.

The picture becomes more striking when you compare across organization sizes. Mid-sized businesses with 100 to 999 employees see a median loss of $130,000 and recover roughly 30%. Large organizations with 1,000 or more employees fare best, with a median loss of $109,000 and a recovery rate near 35%. In other words, the smallest businesses lose the most and get back the least — a combination that can be genuinely business-threatening when it strikes.

The cost of prevention, by contrast, is modest. Separating financial duties costs nothing. Transaction alerts are free through most banks. Accounting software with audit trails runs a few hundred dollars a year at most. Even an annual outside review of your books is a fraction of the median fraud loss at any business size. Preventive controls are not an overhead expense — they are insurance against a loss that, for many small businesses, would not be recoverable.

Figures approximate. Source: ACFE Report to the Nations 2024.

Have Questions? MMB MBA Can Help.

At MMB MBA, we specialize in forensic bookkeeping, QuickBooks consulting, and helping businesses untangle financial irregularities. If you suspect fraud in your organization — or if you're a business owner who suspects something is wrong — we can conduct a discreet, professional review of your books and help you understand what you're looking at.

Contact us today at www.mmbmba.com

General Informational Purpose Only

The content published in this blog post, including all text, checklists, examples, recommendations, and any other materials contained herein (collectively, the "Content"), is provided by MMB MBA solely for general informational and educational purposes. The Content is not intended to be, and should not be construed as, legal advice, accounting advice, financial advice, tax advice, investment advice, or any other form of professional advice. Reading this blog post does not create any professional relationship — including but not limited to an attorney-client relationship, accountant-client relationship, or consultant-client relationship — between you and MMB MBA or any of its principals, employees, contractors, or affiliates.