Employee fraud is the most statistically significant financial crime risk for most businesses — yet it is the one most often dismissed with "it won't happen to us." The uncomfortable reality, confirmed by decades of global research that reflects local patterns, is that it happens to businesses of all sizes, in all sectors, and the perpetrators are almost always trusted employees.
The statistics that should make every business owner sit up
The Association of Certified Fraud Examiners (ACFE) data paints a clear picture: - Businesses lose approximately 5% of revenue to fraud annually - The median loss per fraud case exceeds $150,000 - The average employee fraud runs for 18 months before detection - Over 90% of fraudsters had no prior criminal record - 43% of fraudsters had been with the organisation for more than five years
For a $3 million revenue business, 5% means $150,000 lost every year. An 18-month detection lag means $225,000 before anyone notices. These are not outlier scenarios — they are the statistical norm for organisations without robust fraud management.
Red flags: warning signs of employee fraud
The signs of employee fraud are often visible in retrospect but overlooked in real time. Train yourself and your managers to notice:
*Financial anomalies:* - Unexplained variances in accounts or stock that "get resolved" without clear explanation - Accounts payable entries to unfamiliar vendors - Duplicate payments or round-number payments - Journal entries without supporting documentation - Declining gross margins without corresponding changes in cost inputs
*Behavioural signals:* - An employee who never takes leave and always handles their own workload — potentially to avoid someone else covering and discovering the fraud - Unusually close relationships with specific vendors or customers - Lifestyle significantly inconsistent with known salary (new car, expensive holidays, home renovations) - Defensiveness about sharing duties or financial processes - Coming in very early, staying very late, or working weekends when no one else is there
*Process red flags:* - A single person controlling a financial process from end to end without oversight - Reconciliations that are always done by the same person and never independently reviewed - Cheque books, tokens, or system access not secured appropriately
Controls that actually work
Effective fraud prevention combines structural controls with cultural elements:
*Structural controls:* 1. **Segregation of duties:** Whoever processes payments should not also reconcile the bank statement. Whoever approves invoices should not also have system access to add new vendors. Genuine segregation is the most powerful structural fraud control.
- 1.**Dual authorisation for payments:** Any payment above a threshold requires two separate approvals. Make these genuine — the second approver should actually review the underlying documentation, not just countersign.
- 1.**Independent reconciliation:** Bank reconciliations reviewed by someone other than the person who processes payments. The business owner doing a monthly review of reconciliations is a powerful deterrent.
- 1.**Supplier masterfile controls:** New vendor additions and banking detail changes should require additional authorisation and verification by someone outside the accounts payable function.
- 1.**Expense claim scrutiny:** Regular review of expense claims against supporting receipts, by someone not in the same team as the claimant.
*Cultural controls:* 6. **Anonymous reporting channels:** A tip line, email inbox, or third-party reporting service through which employees can report concerns without personal risk. ACFE research shows tips are the single most common fraud detection method — more effective than audits.
- 1.**Clear consequences:** Staff should know that fraud will be prosecuted and results in immediate termination. A visible, firm position on fraud reduces opportunistic theft.
- 1.**Background checks for financial roles:** Reference checks and criminal background checks for all roles with financial access. Credit checks are appropriate for senior finance positions.
Why controls aren't enough
Controls reduce the likelihood and scale of fraud — they don't eliminate it. A determined, long-tenured employee with deep knowledge of your control environment can often circumvent controls they helped design. The person doing the bank reconciliation has significant scope to hide their own fraud.
This is why fidelity insurance exists: to provide the financial backstop when controls are circumvented, which they inevitably are in some organisations over time.
Fidelity insurance: the essential financial backstop
Fidelity insurance covers direct financial losses from employee dishonesty. For most SMEs, cover is available from $800-$2,000 per year — typically less than a week's wages for the person with the greatest financial access.
The claims trigger doesn't require a criminal conviction — just evidence on the balance of probabilities that an employee committed a dishonest act. Many fraud cases are settled without prosecution; fidelity claims can still succeed.
Given the average employee fraud loss exceeds $150,000, fidelity insurance at $1,500 per year represents exceptional value as a financial safety net.
Talk to a specialist broker — Rothbury, Marsh, or Unite Insurance — or submit a referral request through FraudInsurance.co.nz.