How A/E Firms Lose $50K–$200K to Internal Fraud (Real Case + Prevention Framework)

The Reality Most Firms Ignore

Embezzlement is not rare. It’s not a “big company problem.” And it doesn’t start as a major event.

It starts small.

In our case, it started with minor petty cash discrepancies. Over time, it grew into credit card abuse and eventually forged checks. By the time we uncovered it, the total exceeded $100,000 over five years.

The uncomfortable truth:

• Most firms assume it won’t happen to them
• Most firms don’t have controls in place to stop it
• Most cases go undetected for years

And when it’s discovered, it’s rarely a system failure—it’s a trust failure combined with a lack of verification

Who Actually Steals (And Why You Won’t See It Coming)

This doesn’t come from obvious bad actors.

It typically looks like:

• Long-tenured, trusted employee
• Handles financial processes end-to-end
• Reliable, works late, doesn’t take vacation
• No prior record

The pattern is consistent:

• Opportunity exists
• Oversight is minimal
• Behavior escalates gradually

This is not a hiring problem.

It’s a controls problem.

How It Actually Happens (Mechanics of Embezzlement)

Video: How It Happened

(Embed Part 2)

Embezzlement rarely relies on one method. It compounds across multiple weak points.

In this case, it came from three sources:

1. Petty Cash

• Small withdrawals initially ($20–$50)
• Fabricated receipts during reconciliation
• No independent review

2. Company Credit Card

• Personal items mixed with business purchases
• Gradual shift to fully personal use
• No audit of her own card activity

3. Checks

• Signed blank checks (critical failure)
• Later escalated to forgery
• Manipulation of records to hide discrepancies

Key insight:

Nothing here was sophisticated. It worked because no one was looking.

How We Caught It (And Why It Took So Long)

Video: How We Caught It

(Embed Part 3)

The trigger wasn’t a major red flag.

It was a minor anomaly:

• Petty cash balance didn’t make sense

That led to:

• Request for receipts
• Behavioral shift (immediate tell)
• Rapid internal investigation

Within hours:

• ~$28,000 identified
• Ultimately ~$90K+ documented

Key takeaway:

The signals were always there. They just weren’t acted on.

Where Firms Are Actually Exposed

Most A/E firms have exposure in the same places:

• Petty cash
• Credit cards
• Vendor payments
• Check handling
• Expense categorization
• Lack of statement review

And the common thread:

The same person controls too many steps

The Prevention Framework (What Actually Works)

Video: Facts & Prevention

(Embed Part 1)

This is where the value is. This is what makes the page rank and convert.

1. Remove Opportunity

• No blank checks—ever
• Eliminate or tightly control petty cash
• Require receipts for all purchases

2. Separate Responsibilities

• Person recording transactions ≠ person reconciling
• Person receiving payments ≠ person depositing

3. Owner-Level Visibility

• Bank statements delivered unopened to owner
• Credit card statements reviewed by owner
• Spot-checks become standard practice

4. Force Transparency

• Require vacations (hidden fraud often surfaces)
• Review anomalies—don’t dismiss them

5. Systemize Oversight

• Centralized financial data
• Audit trails
• Reduced ability to manipulate records

The Hard Truth

This wasn’t a personnel failure.

It was a systems failure.

“I trusted the person. I didn’t verify the process.”

That’s the pattern in almost every case.

Why This Matters for A/E Firms

Most firms operate with:

• Spreadsheets
• Fragmented systems
• Limited financial visibility

That environment:

• Makes controls difficult
• Makes detection slower
• Increases exposure over time

Fraud isn’t the only risk—bad data leads to bad decisions

Closing

You don’t need to assume bad intent to protect your firm.

You need:

• Clear processes
• Visibility into financial activity
• Systems that reduce reliance on trust alone

If your billing, expenses, and financial workflows aren’t centralized and reviewable, you’re operating with unnecessary risk.

Jump back to Our Best Practices Hub