The call usually starts the same way. A principal in a family office notices an account balance that doesn’t reconcile with expected cash. A real estate operator sees a vendor that no one clearly remembers approving. A nonprofit director asks why restricted funds appear to have covered ordinary operating costs. At first, it looks like sloppiness. Then someone pulls supporting records, and the explanation gets worse.
In many of these matters, the hardest part isn’t understanding the accounting entry. It’s accepting who made it. The person at the center is often trusted, long-tenured, competent, and thoroughly familiar with the organization’s blind spots. That combination is exactly why misappropriation of assets can persist longer than owners and boards expect.
For closely held businesses, family entities, and nonprofits, the issue is rarely just theft in the abstract. It touches liquidity, reporting, governance, taxes, investor confidence, lender relationships, and family dynamics. Once it surfaces, you need a disciplined response. Before it surfaces, you need controls that fit the reality of how your organization runs.
The Hidden Threat Inside Your Organization
A controller who has “always handled everything” asks that bank statements continue going directly to her. A bookkeeper in a property entity says she’ll finish payroll herself because it’s easier that way. An operations manager at a nonprofit insists donor restrictions are too complicated for anyone else to understand. None of that sounds like fraud on its face. In practice, those are the kinds of facts that sit in the background before an asset theft matter is uncovered.
The broader environment isn’t helping. Financial fraud against small businesses has increased by 70% since the start of the pandemic, according to Experian’s discussion of growing small business financial fraud. For smaller and closely managed organizations, that increase matters because they often rely on trust, speed, and lean staffing rather than layered controls.
Why sophisticated people still miss it
Most owners don’t ignore risk. They prioritize operations. The family office is focused on cash calls, distributions, and tax deadlines. The developer is managing lenders, tenants, and project schedules. The nonprofit executive director is trying to keep programs running with a small back office. Fraud takes hold in the spaces where everyone assumes someone else is checking.
That’s why misappropriation of assets isn’t a “small company problem.” It’s a structure problem. Complex entities, related-party activity, decentralized approval habits, and a culture of deference to trusted insiders can create ideal conditions for theft.
Practical rule: If one employee can approve, move, and record money or property, the organization has created an opening that trust alone won’t close.
Where the risk feels different for family offices and nonprofits
Family offices often have excellent advisors but uneven operating discipline inside the entity itself. Real estate structures add more accounts, more vendors, and more judgment calls. Nonprofits face a different pressure point. The same trusted people who keep the mission moving may also control cash handling, vendor setup, and grant reporting with very little separation.
When misappropriation is discovered, the loss rarely ends with the amount taken. Management time disappears. Records have to be reconstructed. Insurance and legal questions follow. In a nonprofit, donor confidence can be shaken. In a family office, the issue can spill into trust administration, partnership accounting, and transfer planning.
Deconstructing Asset Misappropriation
Misappropriation of assets is direct theft or misuse of an organization’s property. The property may be cash, checks, inventory, equipment, reimbursement funds, payroll, or other business resources. It differs from financial statement fraud, where someone manipulates books to change how results appear, and from corruption matters such as kickbacks or conflicts that distort decision-making.
The reason this category deserves so much attention is simple. Asset misappropriation accounts for approximately 89% of occupational fraud cases, with a median loss of around $120,000 per case, as summarized in Arledge’s discussion of preventing misappropriation in small business.
The fraud triangle in plain English
A useful way to understand why this happens is the fraud triangle. Think of it as a three-legged stool. Remove one leg, and the arrangement becomes unstable.
- Pressure can be personal financial strain, debt, lifestyle demands, resentment, or a perceived need to “borrow” temporarily.
- Opportunity exists when controls are weak, review is casual, or one person has too much unchecked authority.
- Rationalization is the story the person tells himself. “I’m underpaid.” “I’ll put it back.” “No one will notice.” “I do more than anyone here.”
Family offices and nonprofits often focus on character when they should also focus on opportunity. Character matters. It just isn’t a control.
Cash misappropriation means someone diverts money before or after it is recorded. That can include skimming receipts, stealing incoming checks, or causing improper disbursements.
Non-cash misappropriation means someone takes or uses property other than cash. That can include inventory, equipment, fixed assets, or other resources that can be converted to personal benefit.
How the mechanics usually work
Cash schemes tend to be easier to hide in environments with weak reconciliations, limited owner review, or heavy reliance on one administrator. They can start small. A check altered here, a reimbursement padded there, a payroll change nobody independently verifies.
Non-cash schemes often survive because organizations don’t monitor possession and access with the same rigor they apply to bank accounts. In a real estate environment, that may involve equipment, materials, or tenant-related receipts. In a family office, it may involve records, bearer assets, or transactions layered through related entities.
Why prevalence matters
Because misappropriation of assets is so common, leaders shouldn’t treat it as an extreme event. They should treat it as an operational risk category. The right question isn’t whether trusted people can be trusted. The right question is whether your system would detect misuse before it becomes expensive, embarrassing, and difficult to unwind.
Common Schemes and Their Critical Red Flags
Some schemes are blunt. Others are dressed up as ordinary accounting activity. In closely held businesses and real estate entities, payroll schemes and vendor fraud represent 40%+ of detected cases, according to Teramind’s summary of asset misappropriation patterns. That tracks with what many practitioners see in the field. The fraud often sits inside routine workflows that no one wants to slow down.
Common Asset Misappropriation Schemes at a Glance
| Scheme Type | How It Works | Primary Red Flags |
|---|---|---|
| Check tampering | An employee alters, intercepts, or creates improper checks | Missing check images, unusual endorsements, unexplained manual checks |
| Expense reimbursement fraud | Personal expenses or inflated claims are submitted as business costs | Repetitive round-dollar claims, thin support, duplicate receipts |
| Payroll fraud | Ghost employees, inflated hours, or unauthorized pay changes | Payroll changes without approval, unusual access, employees no one supervises directly |
| Billing schemes | Fake vendors or inflated invoices route funds outward | New vendors with weak onboarding, duplicate addresses, rushed approvals |
| Skimming | Cash or receipts are taken before proper recording | Gaps between activity and deposits, frequent voids, weak receipt controls |
Check tampering
This scheme often appears in organizations where one person prepares checks, obtains signatures, records the transaction, and reconciles the bank account. In a family office, it may hide inside a high volume of household, property, or trust-related disbursements. In a nonprofit, it may be buried under routine operating payments.
Red flags include:
- Manual workarounds: Checks issued outside the normal accounts payable process.
- Missing support: Invoices or approvals that appear after the payment date, not before it.
- Restricted visibility: The employee discourages others from reviewing bank images or cleared items.
- Signature irregularities: Payments cleared with unusual endorsements or inconsistent signer patterns.
Expense reimbursement fraud
This is one of the easier schemes to rationalize. The employee submits personal meals, mileage, travel upgrades, or recurring “small” expenses that no one challenges. In entities with executives, family members, and multiple cost centers, the review burden can become so fragmented that weak claims slide through.
Watch for:
- Round-dollar submissions: Claims that look manufactured rather than naturally incurred.
- Serial small claims: Reimbursements spread across periods to avoid attention.
- Poor documentation: Credit card slips without detailed receipts, or reimbursements approved after payment.
- Same-vendor repetition: Frequent charges from the same merchant that don’t fit the employee’s role.
Payroll fraud
Payroll fraud deserves particular attention because it often exploits access rather than clever accounting. A payroll manager adds a ghost employee, changes bank details, inflates hours, or adjusts compensation without independent approval. In a real estate group with many entities and on-site staff, that can be hard to spot if HR, timekeeping, and payroll all route through the same person.
Look closely at:
- Unauthorized payroll system access: Changes made by someone who shouldn’t have access at that level.
- Employee records that don’t line up: Staff on payroll without clear supervision or current personnel files.
- Resistance to coverage: The payroll employee never takes leave and insists no one else can run the cycle.
- Unusual pay modifications: Off-cycle adjustments, manual overrides, or recurring exception entries.
Billing schemes and shell vendors
This is a classic problem in real estate and family office settings because vendor relationships are often long-standing, informal, and spread across entities. Someone creates a shell company, reroutes payments to a related address, or submits false invoices for services never rendered.
The red flags are often documentary before they are behavioral:
- New vendors with weak setup: No W-9 on file, vague service descriptions, or no contract.
- Address overlap: Vendor addresses, emails, or contact numbers that resemble employee information.
- Invoice patterns: Sequential invoice numbers from supposedly unrelated vendors, or invoices that arrive just under approval thresholds.
- Approval pressure: Urgent payment requests that bypass ordinary review because “the principal already knows.”
Skimming and receipt diversion
Skimming happens before the receipt is properly recorded. That makes it especially dangerous because the books may never show what should have been there. In a nonprofit, this can occur with events, donations, or cash-heavy program activity. In operating businesses, it can occur at the point of sale or when incoming payments are handled informally.
Pay attention to:
- Deposit gaps: Activity levels that don’t match deposit timing or amounts.
- Voids and credits: A pattern of reversals that no one independently reviews.
- Weak custody: One person opening mail, logging receipts, making deposits, and posting to the ledger.
- Lifestyle inconsistency: Not proof by itself, but worth noting when paired with record anomalies.
The most dangerous red flag is often over-reliance on one indispensable employee. Fraud risk rises when convenience becomes a substitute for review.
How to Detect and Investigate Fraudulent Activity
Suspicion isn’t proof. Once a matter crosses from “something feels off” to “we may have a real issue,” the response needs to become methodical. Amateur investigations create two problems at once. They miss evidence, and they compromise evidence that later matters in insurance, employment, civil, or criminal proceedings.
What trained investigators actually look for
A proper forensic review starts with transaction patterns, access logs, source documents, and timing. The point isn’t to prove a theory too quickly. The point is to identify what happened, how it happened, who had the ability to do it, and how far the issue spread.
According to this whitepaper on forensic controls and monitoring, effective fraud detection uses behavioral analytics to identify unusual expense submission patterns, unauthorized payroll system access, and suspicious vendor modifications. The same framework highlights monitoring for duplicate vendor addresses matching employee home addresses and after-hours system logins during inventory movements.
A sound investigation has sequence
Most credible investigations follow a disciplined order:
Preserve records first
Secure accounting files, payroll records, bank statements, check images, emails, approvals, and system logs before anyone starts asking broad questions.Limit internal discussion
Keep the circle tight. Rumors lead to deleted messages, altered files, and witness contamination.Run targeted analytics
Search for duplicate payments, duplicate addresses, round-dollar anomalies, unusual journal entries, user-access exceptions, and vendor master file changes.Test physical reality
If inventory, equipment, or cash custody is involved, perform counts and compare them to records and movement logs.Interview carefully
Interviews should occur after documentary groundwork is underway, not before. Otherwise people shape their answers around what they think you know.
Why chain of custody matters
In family offices and nonprofits, leaders sometimes want to move quickly by pulling records themselves and confronting the employee immediately. That instinct is understandable. It’s also risky. If electronic evidence is altered, if laptops are searched informally, or if records are gathered without documentation, later counsel may have to work around avoidable evidentiary issues.
Use a simple discipline:
- Track who collected each item
- Record when it was collected
- Preserve native files where possible
- Avoid editing, annotating, or renaming original evidence
- Maintain a log of every handoff
If you may need to rely on the evidence later, treat every file as if a court, insurer, auditor, or regulator will ask where it came from.
Why a do-it-yourself approach usually backfires
Business owners know their organizations best. That doesn’t mean they should run the investigation themselves. In practice, a principal who personally interviews suspects, handles the forensic review, and decides what “looks wrong” often becomes both witness and decision-maker. That’s a difficult position to defend later.
A stronger approach separates roles. Counsel handles legal direction. Forensic accountants quantify and trace. Management supplies access and operational context. That division preserves credibility and reduces the chance that an understandable emotional response turns into a strategic mistake.
Building Your Fortress with Strong Internal Controls
The best response to misappropriation of assets is to make the scheme harder to execute and easier to detect. Think of internal controls the way you’d think about home security. A lock matters. So do lights, cameras, alarm monitoring, and neighbors who notice unusual activity. One layer won’t stop everything. Several layers change the odds.
Start with segregation of duties
The most important control principle is simple. Separate authorization, custody, and recording. One person shouldn’t approve a transaction, control the asset, and book the entry. That separation is especially important in small teams because people naturally collect responsibilities over time.
In practical terms:
- Authorization: Decide who can approve vendors, payroll changes, reimbursements, wire transfers, and journal entries.
- Custody: Limit who handles checks, deposits, cash, inventory, devices, and other movable assets.
- Recording: Assign bookkeeping and reconciliation to someone who doesn’t control the underlying asset flow.
This doesn’t require a massive staff. It requires intentional design. An owner, outside accountant, board treasurer, or family representative can serve as an independent reviewer where headcount is limited.
Controls that work in the real world
The strongest controls are usually not exotic. They are boring, repeatable, and hard to bypass without leaving a mark.
- Independent bank review: Have statements and cleared check images go to an owner, board member, or outside reviewer first.
- Vendor master controls: Restrict who can create or modify vendors. Require support for address or bank detail changes.
- Payroll change approval: Any new hire, pay change, or bank account update should require documented review outside payroll processing.
- Three-way matching: Match purchase order, receipt, and invoice before paying vendors where the process fits the business.
- Physical restrictions: Use locks, access logs, camera coverage, and controlled key or badge access for cash and high-value property.
- Anonymous reporting: Give employees and volunteers a confidential way to report concerns without retaliation.
Mandatory vacations and job rotation
One of the most underused controls is forced absence. When a person never takes leave and insists on constant control, management should read that as a risk signal, not dedication alone. Temporary handoff exposes hidden workarounds, unusual reconciliations, and undocumented procedures.
That’s worth seeing in action:
In family offices, this point can be uncomfortable because loyalty is often long-standing and highly personal. In nonprofits, it can feel impractical because staffing is thin. Even so, no person should be operationally irreplaceable in cash, payable, payroll, or donor-fund handling.
Sector-specific pressure points
Real estate entities should pay close attention to vendor onboarding, change orders, rent-related adjustments, security deposit activity, and intercompany transfers. Those are areas where documentation can look ordinary while the economics are not.
Family offices should focus on related-party payments, trust distributions, reimbursements, household staffing, and entity-to-entity movement of funds or property. Informal approvals are common in these environments. Informal approvals are also hard to audit later.
Nonprofits need clear controls around donor restrictions, grant expenditures, disbursement approval, and board oversight. The mission can’t be an excuse for weak accounting hygiene.
Strong controls don’t signal distrust. They signal maturity. Good people usually welcome a system that protects them from suspicion as well as theft.
Your Step-by-Step Response Plan When Fraud Is Suspected
When a concern becomes concrete, speed matters. So does restraint. The wrong move in the first day can complicate the next year.
First moves that protect the case
Don’t confront the suspect immediately
A direct confrontation may feel justified, but it can trigger deletion of records, narrative coordination, or movement of funds. Keep the matter quiet until evidence is secured and counsel is involved.Secure access and preserve evidence
Preserve email, accounting records, payroll files, devices, shared drives, and bank access details. If you need to change access permissions, do it in a way that looks operationally normal when possible.Bring in counsel early
Counsel helps shape privilege, employment decisions, reporting obligations, and interactions with insurers or law enforcement. That step should happen before broad internal interviews begin.
Then move into controlled fact-finding
After immediate preservation, the organization should cooperate with a formal forensic process. That means producing records, identifying systems, listing approvers, and mapping who had access to what. It also means resisting the urge to make final conclusions based on a few troubling transactions.
A disciplined response usually includes:
- Centralized documentation: Keep a log of every action taken, by whom, and when.
- Single decision channel: Designate who can instruct IT, HR, finance, and outside advisors.
- Measured communication: Tell employees only what they need to know.
- Parallel business continuity: Continue critical cash, payroll, and vendor functions with temporary oversight in place.
Decisions after findings come in
Once facts are developed, management and counsel can decide whether to terminate, seek restitution, file insurance claims, pursue civil remedies, make a criminal referral, or some combination of those actions. In nonprofits and family offices, there may also be board, trustee, or beneficiary communication issues that require careful handling.
The key point is sequence. Don’t start with punishment. Start with preservation, analysis, and documentation.
A weak response can turn a contained theft matter into a broader governance problem. The facts may be fixable. A careless process is much harder to repair.
Frequently Asked Questions on Tax and Legal Aftermath
Fraud discovery doesn’t end with the investigation. For many organizations, the harder work begins after the facts are established. Financial statements may need revision. Insurance notices may need to be filed. Prior filings may have relied on false records. And in certain structures, the tax consequences can become technical quickly.
Can a business or family entity deduct losses caused by employee theft
Possibly, but the answer depends on the facts, timing, recovery prospects, entity structure, and how the loss is characterized under applicable tax rules. The accounting treatment and the tax treatment are not always the same. If insurance recovery, restitution, or litigation is possible, timing becomes especially important.
In practice, owners should avoid claiming a deduction based on assumptions formed before the forensic work is complete. Quantification, documentation, and legal posture matter.
What if a nonprofit discovers misappropriation of assets
Nonprofits face a distinct compliance issue. MOCPA’s discussion of asset misappropriation notes that nonprofits may have disclosure obligations on IRS Form 990 when there is a significant diversion of assets. That issue should be analyzed carefully alongside internal governance, donor communication, grant compliance, and any state-level reporting considerations.
Questions that often need attention include:
- Restricted funds: Were donor-restricted or grant-specific funds affected
- Board documentation: Did the board or audit committee respond appropriately
- Prior reporting: Did prior Form 990 filings or grant reports rely on incorrect data
- Control remediation: Can the organization demonstrate corrective action
Could this affect prior-year returns or trigger audit issues
Yes. If the fraud distorted deductible expenses, payroll, vendor costs, charitable reporting, trust accounting, or state allocation, earlier filings may need review. This is particularly sensitive in real estate groups and closely held businesses where one manipulated set of records can flow into partnership, corporate, individual, and state returns.
The right approach is usually layered:
- Quantify the misappropriation
- Identify which books and periods were affected
- Determine whether tax positions changed
- Assess whether amended filings or disclosures are necessary
How does this complicate family office planning
For family offices, theft can create estate and gift tax complications when funds, property, or benefits were moved through trusts, entities, or family-controlled structures. The legal ownership question may not match the bookkeeping trail. If a disbursement was recorded as one thing but functioned as another, planning assumptions may need to be revisited.
This is one reason family offices should resist informal accounting around advances, reimbursements, and inter-entity transfers. Clean records are not just an accounting preference. They preserve tax positions and fiduciary clarity.
Should we wait until the investigation is over before dealing with tax and reporting issues
No. You shouldn’t finalize tax conclusions too early, but you also shouldn’t leave tax counsel and accounting advisors out until the very end. The investigation and the compliance analysis should run in coordination. Evidence collected during the forensic process often determines what can be supported in tax filings, financial statements, insurance submissions, and board disclosures.
When misappropriation of assets touches multiple entities, multiple states, or exempt-organization reporting, a siloed response usually creates more work later.
If you’re dealing with suspected misappropriation of assets in a family office, real estate group, closely held business, or nonprofit, Blue Sage Tax & Accounting Inc. can help you assess the accounting, tax, and reporting consequences with discretion. The firm works with complex ownership structures, multi-entity records, and sensitive fact patterns where the numbers, governance response, and filing positions all need to align.