The Secret Business Inside Your Business: Recognizing Employee, Owner and Partner Theft

Posted on
Trust your people—but design the business so that the merchandise, the money and the records must independently tell the same story. --YNOT!

A practical guide based on frauds I encountered inside real companies

Most business owners believe theft looks like somebody slipping cash out of a register or carrying a box through the back door.

That happens, but it is not the kind of theft that usually destroys a successful company.

The dangerous theft is organized. It uses your employees, your trucks, your warehouse, your computer system, your vendors and sometimes even your customers. The people involved learn your procedures, discover where nobody is watching, and then build a private enterprise inside the business you paid to create.

I spent many years consulting with businesses and installing and supporting their computer systems. During that time, I encountered several major internal theft operations. The businesses were different—a chemical and cleaning-supply distributor, a furniture company, a construction-supply company, a tile company and a family bakery—but the patterns were remarkably similar.

The lesson is simple: A thief may steal an item. A group of employees working together can steal the company.

This chapter explains the four major kinds of internal business theft I have seen, how they grow, why normal accounting controls miss them and what a CEO can do before an unexplained discrepancy becomes a corporate funeral.


The four families of business theft

Most internal theft can be placed into four broad categories:

  1. Inventory and delivery theft: Merchandise leaves the company without a legitimate recorded sale, and the participants collect the money.
  2. Financial-record theft: Company cash is diverted through checks, vendors, payroll, transfers, refunds or false invoices.
  3. Owner and family extraction: Owners or relatives remove money, hide sales, manipulate taxes or treat business cash as their personal wallet.
  4. Partner and stakeholder fraud: One owner diverts value that belongs partly to partners, lenders, factoring companies, investors or other parties.

These categories frequently overlap. An inventory scheme may need an accounting employee to erase the sale. An owner hiding revenue may also be defrauding a lender. A dishonest partner may create a fake vendor and pay it through accounts payable.

The method changes, but the objective remains the same: separate the company’s assets from the records that are supposed to account for them.

Theft Type One: The secret delivery business

Case one: The chemical and cleaning-supply distributor

One company sold everything from toilet paper and vacuum cleaners to chemicals, cleaning supplies and equipment. It was a substantial business for the time—approximately $15 million in annual sales with three locations.

Several employees were working together. The operation involved a senior operations person, a warehouse employee, a truck driver and someone in accounting.

The first version of their scheme was remarkably simple:

  1. A participating customer placed an order.
  2. The order was entered into the legitimate system.
  3. The warehouse picked the merchandise.
  4. A company truck delivered it.
  5. At the end of the day, somebody canceled the order.

The customer had the merchandise, the thieves had the customer’s cash, and the computer said the transaction never happened.

After succeeding with that method, they expanded. If a customer legitimately ordered ten vacuum cleaners, the conspirators loaded twenty. The company received payment for ten, while the additional ten were sold for cash.

Eventually, their hidden operation became so profitable that the participants obtained their own warehouse. At that point, this was no longer casual theft. They had built a distribution company inside the legitimate distribution company. The employer supplied the inventory, labor, vehicles, fuel, customers and working capital. The thieves kept the profit.

The owner finally became suspicious and hired an investigator. The investigator followed the trucks and discovered that some were making deliveries outside their authorized routes. Those deliveries led back to the separate warehouse and exposed the scale of the enterprise.

The paperwork lied, but the trucks told the truth.

Case two: The furniture company and the “failing” network

My company was installing a computer system for a furniture business, but the system repeatedly failed. Machines disconnected, communications stopped and we had a terrible time keeping everything operational.

Eventually, we discovered that network connections were being physically unplugged.

We secured and repositioned the connections, which stopped the immediate problem for a while. Later, the owner called because orders and merchandise were still disappearing and inventory remained out of balance.

The underlying problem was not merely technical. Several people were allegedly cooperating. Someone in sales facilitated an order, a truck delivered the furniture, and someone with access to the software or underlying tables later altered or removed the transaction.

The network disruption may have served as camouflage. It created confusion, undermined confidence in the new system and made missing information look like a computer problem. Even if every disconnection was not directly connected to the theft, the chaos benefited the people who did not want a reliable record.

This is a warning every CEO should remember:

When a control system repeatedly “fails,” do not investigate only the technology. Ask who benefits when it is unavailable.

Case three: The construction-supply company

A construction-supply company selling products such as drywall experienced continuing inventory discrepancies. Its delivery trucks were preloaded before leaving in the morning.

That created an opportunity. Extra material could be added to a legitimate load without appearing on the customer’s paperwork. The truck would make an additional or enlarged delivery, and the participants would collect cash.

Once again, the apparent combination included someone in the warehouse, someone driving the truck and someone with access to the accounting or inventory records.

The system reported one reality. The truck carried another.

Why delivery theft becomes so large

Major delivery theft usually requires control over three separate functions:

  • The merchandise: Someone must release, load or conceal the extra inventory.
  • The transportation: Someone must move it to the buyer without raising an alarm.
  • The records: Someone must cancel, alter, void or omit the transaction—or explain away the shortage.

Traditional separation of duties assumes these employees will check one another. Collusion destroys that assumption. If the warehouse employee, driver and accounting employee cooperate, each department can produce records that appear to support the others.

That is why a company cannot rely exclusively on internally generated paperwork. It needs independent evidence: vehicle locations, route histories, customer confirmations, photographs of loads, gate records, fuel usage, physical counts and permanent system logs.

Theft Type Two: Stealing money through the books

Inventory theft removes products. Financial theft removes cash while making the payment appear legitimate.

Common methods include:

  • Writing checks to a company controlled by the employee or an accomplice.
  • Creating a fictitious vendor.
  • Paying an invoice for goods or services never received.
  • Inflating a real invoice and receiving a kickback.
  • Paying the same invoice twice and diverting the second payment.
  • Creating ghost employees on payroll.
  • Inflating hours, commissions, bonuses or expense reimbursements.
  • Making unauthorized wire or electronic transfers.
  • Changing vendor bank information before a payment run.
  • Issuing false refunds or credits.
  • Paying personal bills with company funds.

A recent St. Lucie County case illustrates the allegation. Authorities accused a bookkeeper and comptroller of using unsupervised access to financial systems to bypass accounts-payable procedures, initiate unauthorized wire transfers and work with two other people to issue duplicate payments. Investigators said nearly $7 million was diverted over approximately seven years and allegedly spent on luxury vehicles, vacations, jewelry, designer items, utilities and other personal expenses. The three defendants have been charged, but the allegations must still be proven in court.

The facts alleged in that case are new. The control failures are ancient.

Why signing the checks does not protect the owner

Many owners tell themselves, “Nobody can steal from me because I sign the checks.” Others review a payment list before electronic payments are released.

That is better than no review, but it is not enough.

If an owner is looking at thousands of checks and entries, most names and amounts will appear ordinary. The owner may not know that:

  • A $100,000 invoice should have been $80,000.
  • The vendor’s mailing address belongs to an employee’s relative.
  • The company never received the billed merchandise.
  • A payment was divided into smaller amounts to avoid an approval limit.
  • The same invoice was entered under slightly different numbers.
  • A “temporary employee” exists only in the payroll database.
  • The vendor’s bank account was changed immediately before payment.

The largest theft may also be composed of small transactions. Five hundred dollars taken repeatedly can disappear inside a busy company. Small thefts are often treated as noise until the thief becomes confident, recruits help or increases the amount.

In every major scheme I personally encountered, growth became the thieves’ weakness. Like business owners, thieves want to expand. What began as an occasional transaction became a regular income stream and then an enterprise. Eventually, the scheme grew large enough to distort inventory, cash flow, margins or operations—and sometimes large enough to endanger the company itself.

Theft Type Three: When the owner or family takes the money

Owners often speak about employees stealing from them. They speak less frequently about owners stealing from their own companies.

The owner who wanted a delete button

An owner of a tile company once asked me whether I could make it possible to erase completed sales from the books.

At first, I thought he meant properly voiding a transaction. A legitimate void preserves the original sale, records who voided it, explains why and reverses the accounting through an audit trail.

That was not what he wanted. He wanted to delete sales after the fact because he did not want to pay taxes. I refused.

A properly designed business system should never permit a completed transaction to disappear without evidence. Corrections will always be necessary, but corrections and concealment are not the same thing.

Sales tax is not the owner’s money

One common version of owner fraud involves sales tax. A company makes a sale, invoices the customer and collects the tax. Later, someone deletes the invoice, reduces its value, falsely marks it exempt or voids it without a legitimate reason.

The owner may think he is merely reducing the company’s tax bill. In reality, the business collected money from the customer for a designated purpose and then concealed the transaction instead of remitting the required amount.

This is not clever bookkeeping. It creates tax exposure, false financial records and potentially far more serious consequences than the amount temporarily retained.

The family bakery that was eaten from within

A relative owned a bakery for approximately twenty years. It was successful and made substantial money. This was before modern point-of-sale systems, when the business used an old cash register.

As his children grew older and began working in the bakery, one would take $20 from the register. Eventually, $20 became $100. Whenever someone needed money, the register became the family ATM.

Then the children married. Their spouses also worked in the bakery and began taking money. Each person probably viewed his or her own withdrawal as small and harmless. But many “small” withdrawals by several people became a major continuing drain.

Eventually, the bakery failed.

This is the family-business version of death by a thousand cuts. Nobody thinks the particular $100 will destroy the company. But the register contains more than profit. It contains money needed for payroll, ingredients, rent, equipment, debt, taxes and tomorrow morning’s operations.

The rationalization is usually:

“It is our family’s business, so it is our family’s money.”

That belief can kill a profitable company.

The same mentality can damage any shared institution, including corporations, nonprofit organizations and governments: when everyone treats a common pool of money as a source of personal benefits, individually “small” extractions can collectively overwhelm it.

Theft Type Four: Partner, lender and stakeholder fraud

An owner may own part of a company without owning every dollar inside it.

Many businesses borrow against inventory or accounts receivable. Others sell receivables to factoring companies. Company assets may also support supplier credit, investor agreements, partner distributions and loan covenants.

If an owner deletes invoices, hides collections, understates inventory, diverts customer payments or submits false reports, the victim may not be limited to the government. Depending on the arrangement, the conduct may also deceive or harm:

  • A factoring company that purchased receivables.
  • A bank lending against an accounts-receivable borrowing base.
  • A lender relying on inventory as collateral.
  • A supplier that extended credit based on financial statements.
  • Investors or minority owners.
  • Equal partners entitled to their share of the profits.

Business-partner theft

Partner fraud occurs when one owner uses access or control to take value that belongs partly to the others. It can include:

  • Hiding cash sales.
  • Deleting or reducing invoices after collecting payment.
  • Paying personal expenses through the company.
  • Giving oneself an unauthorized salary, bonus or distribution.
  • Putting relatives on payroll at excessive salaries.
  • Creating a related company and overpaying it as a vendor.
  • Selling company inventory privately.
  • Diverting customers to a separate business.
  • Taking a company opportunity personally.
  • Using company employees, trucks, equipment or facilities for another enterprise.
  • Manipulating profit before calculating a partner’s distribution or buyout.

A controlling owner may say, “It is my company.” But if there are partners, investors, lenders or factors, that statement is incomplete. Control is not the same as exclusive ownership.

Why ordinary controls fail

Most companies design controls to stop one dishonest person. One employee prepares the transaction, another approves it and a third records it.

That works—until those people cooperate.

The most dangerous schemes cross organizational boundaries:

What must be controlled Possible participant
Customer or order Sales employee
Physical merchandise Warehouse employee
Transportation Driver or dispatcher
Invoice and payment Accounting employee
System history Administrator or database user
Exceptions and questions Manager or controller

If several of these people are involved, the company’s internal reports can agree perfectly while being completely false.

The answer is not simply more paperwork. It is independent evidence and controls that no single working group can rewrite.

The CEO’s anti-theft recipe

Ingredient 1: Permanent transaction history

Never allow completed orders, invoices, payments, receipts or inventory movements to be silently deleted.

The system should record:

  • The original transaction.
  • Every change made afterward.
  • The user who made the change.
  • The date, time and workstation or source.
  • The old and new values.
  • The stated reason and approving person.

Voids should reverse transactions, not erase history. Database administrators should not conduct routine business transactions, and direct table changes should be logged and reviewed.

Ingredient 2: Independent physical verification

Compare computer records with facts that accounting personnel cannot easily alter:

  • Surprise inventory counts.
  • Random truck inspections before departure.
  • Load photographs or scanned pallet labels.
  • GPS routes compared with authorized stops.
  • Gate entry and departure records.
  • Fuel use and mileage compared with planned routes.
  • Customer confirmations of quantities delivered.
  • Returned-goods inspections.
  • Warehouse video around loading areas.

Do not let the warehouse count itself without independent participation.

Ingredient 3: Exception reports, not mountains of transactions

Do not hand the CEO a list of 10,000 payments and call that oversight. Produce a short report of unusual activity:

  • Orders canceled after picking, loading or delivery.
  • Invoices changed after payment.
  • Manual wire transfers.
  • Duplicate invoice numbers or amounts.
  • New vendors followed quickly by large payments.
  • Vendor bank-account changes.
  • Multiple vendors sharing an address, phone number or bank account.
  • Payments just below approval thresholds.
  • Unusual weekend or after-hours entries.
  • Negative inventory and unexplained adjustments.
  • Trucks traveling outside assigned routes.
  • Employees receiving duplicate payroll payments.
  • Payroll deposits going to the same account under different names.
  • Gross-margin changes by salesperson, route, warehouse or customer.

The CEO does not need to examine everything. The CEO needs to see what does not behave like everything else.

Ingredient 4: Verify vendors and employees independently

Before activating a vendor:

  • Confirm its legal name, tax identification and physical address.
  • Call a publicly verified number, not only the number on the submitted form.
  • Check ownership and possible relationships with employees.
  • Require independent approval for banking changes.
  • Reconfirm changes using previously verified contact information.

For payroll, periodically compare employees with personnel records, supervisors, work locations and actual people. A payroll list is not proof that everyone on it exists.

Ingredient 5: Separate initiation, approval, custody and reconciliation

No one person should be able to:

  • Create a vendor and pay it.
  • Enter an employee and release payroll.
  • Create an order, load it, deliver it and cancel it.
  • Receive cash and post the corresponding credit.
  • Initiate a wire and approve it.
  • Reconcile the bank account that person controls.

For high-risk transactions, require two independent approvals. Make sure the second approver receives original evidence, not merely a summary prepared by the first person.

Ingredient 6: Watch the people with the power to conceal

Senior employees are not lower risks simply because they are trusted. A controller, operations manager or system administrator may be able to override the very controls designed to catch everyone else.

Review privileged actions separately. Rotate certain duties. Require vacations. Have an outside accountant or auditor perform surprise testing rather than relying only on scheduled annual work.

Trust is a relationship. Control is a business process. A healthy company needs both.

Ingredient 7: Protect the control system itself

The furniture-company experience taught me to treat repeated technical failures as possible business evidence.

Watch for:

  • Network cables or devices repeatedly disconnected.
  • Logging unexpectedly disabled.
  • Cameras that fail during specific shifts.
  • Scanners or GPS devices reported “broken” by the same people.
  • Users insisting on shared accounts.
  • Employees resisting upgrades that improve traceability.
  • Frequent demands for direct database access.
  • Unexplained gaps in backups or logs.

Technical reliability and fraud prevention are connected. If someone can disable the evidence, that person can enlarge the opportunity.

Ingredient 8: Control owner and family withdrawals

Owners and relatives should follow written rules too:

  • Pay salaries through payroll.
  • Record distributions formally.
  • Never use the register as an ATM.
  • Require receipts and business purposes for company expenses.
  • Separate personal and company credit cards.
  • Apply related-party transaction rules.
  • Give minority partners access to meaningful financial reports.
  • Reconcile cash and inventory even when family members are involved.

Family status should not create invisible accounting.

Ingredient 9: Give employees a safe reporting channel

Large schemes often become visible to coworkers before they become visible to owners. Employees may notice unusual loads, unexplained deliveries, a supervisor’s special customer or an accounting employee who never takes vacation.

Provide a confidential way to report concerns. Protect good-faith reporters from retaliation. Investigate facts quietly and avoid confronting suspects before evidence is secured.

Ingredient 10: Investigate discrepancies as patterns

One inventory shortage may be a mistake. Repeated shortages by route, shift, driver, salesperson, warehouse or product are a pattern.

Do not continually “adjust the inventory” without investigating why it is wrong. Every adjustment that fixes the report without fixing the cause makes the next theft easier to hide.

A monthly CEO theft dashboard

A CEO should receive a short monthly dashboard containing at least:

  • Inventory shrinkage by location, product and responsible department.
  • Orders canceled or reduced after fulfillment began.
  • Manual inventory adjustments and the approving users.
  • Deliveries outside authorized routes or hours.
  • New vendors and recent vendor bank changes.
  • Duplicate or near-duplicate payments.
  • Payments just below authorization limits.
  • After-hours financial-system activity.
  • Payroll headcount versus human-resources records.
  • Customer credits, refunds and write-offs by employee.
  • Gross margin by branch, salesperson, route and major customer.
  • Accounts-receivable collections that do not match deposits.
  • Privileged system and database changes.

The dashboard should show trends and exceptions, not merely totals. A total can remain plausible while the theft moves from one account, location or method to another.

Questions every CEO should ask

  1. Who can create a vendor, and who independently verifies it?
  2. Who can change a vendor’s bank account?
  3. Who can initiate and approve a wire transfer?
  4. Can a completed invoice or order be deleted without leaving evidence?
  5. Who reviews cancellations after products have been picked or delivered?
  6. Can anyone modify the underlying database directly?
  7. Do our truck routes agree with our recorded deliveries?
  8. Who independently verifies physical inventory?
  9. Are inventory adjustments investigated or merely posted?
  10. Can payroll employees create or modify other employees?
  11. Do we compare payroll bank accounts for duplicates?
  12. Are owners’ and relatives’ withdrawals recorded like everyone else’s?
  13. Are receivables pledged or sold, and are reports to lenders independently verified?
  14. Could one partner hide sales or expenses from another?
  15. Who benefits when a control, camera, scanner or computer system stops working?

If the answer to several questions is “one trusted person handles that,” the company does not have a control. It has a dependency.

The final lesson: thieves become entrepreneurs

In the cases I saw, theft rarely remained small. The participants learned what worked. They refined their methods, recruited other people, increased the amounts and sometimes acquired their own customers and facilities.

They behaved like entrepreneurs—but their capital, inventory, employees and vehicles belonged to somebody else.

Their growth eventually created the evidence that exposed them: inventory that could no longer be reconciled, trucks traveling to unauthorized locations, cash flow that did not match sales, computer records that changed after delivery, or a profitable company that somehow could not pay its bills.

Do not assume that a familiar vendor name makes a payment legitimate. Do not assume signing checks means you know what you are paying for. Do not assume family members cannot bankrupt a family business. Do not assume an owner cannot defraud his partners or lenders. And do not assume that three departments agreeing with one another proves the transaction is real.

Sometimes three departments agree because three people are working together.

The CEO’s job is not to distrust everyone. It is to build a company in which trust does not have to carry the entire weight of verification.

 


This article discusses general business risks and controls. Specific suspected theft, tax, lending or partnership matters should be reviewed with qualified legal, accounting and investigative professionals before action is taken.


© 2026 insearchofyourpassions.com - Some Rights Reserve - This website and its content are the property of YNOT. This work is licensed under a Creative Commons Attribution 4.0 International License. You are free to share and adapt the material for any purpose, even commercially, as long as you give appropriate credit, provide a link to the license, and indicate if changes were made.

How much did you like this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Visited 2 times, 2 visit(s) today

Leave a Reply

Your email address will not be published. Required fields are marked *