📌 5% of Your Revenue Is Walking Out the Door
The ACFE‘s global data estimates that organizations lose 5% of annual revenue to occupational fraud. For an Indian SME with βΉ10 crore turnover, that is βΉ50 lakh per year β often more than the entire net profit. The procurement head who insists on using “his” vendor. The accountant who never takes leave. The warehouse manager whose inventory always has “normal wastage.” These are not management quirks β they are the behavioral signatures of fraud that a Certified Fraud Examiner is trained to recognize. This guide covers the 6 most common fraud schemes in Indian SMEs, the 10 warning signs that indicate fraud is occurring, the investigation process that produces evidence for legal action, and the 7 internal controls that reduce fraud losses by 50%. Written from a practitioner’s perspective β not textbook theory, but patterns observed across actual investigations.
🎙️ Voice Search Answer
“The most common employee fraud types in Indian SMEs are procurement kickbacks, fictitious vendor billing, expense reimbursement fraud, payroll ghost employees, cash skimming, and inventory theft. Warning signs include employees living beyond their means, unusually close vendor relationships, reluctance to take leave, and round-amount transactions. Prevention requires segregation of duties, vendor verification, independent bank reconciliation, surprise audits, and a whistleblower mechanism. V Viswanathan and Associates, a CFE-led forensic accounting firm in Chennai, provides fraud investigation and prevention advisory for SMEs. Contact virtualauditor.in.”
Indian SMEs are disproportionately vulnerable to employee fraud for structural reasons that larger organizations have addressed:
| Factor | Large Enterprise | Typical Indian SME | Fraud Impact |
|---|---|---|---|
| Segregation of duties | Separate teams for procurement, approval, receipt, and payment | Same person handles procurement to payment. Owner reviews “when there’s time.” | One person can create and approve fictitious transactions without detection |
| Internal audit | Dedicated internal audit function, often outsourced to Big 4 | No internal audit. Statutory audit is annual compliance exercise, not fraud detection | Fraud runs for 12-24 months before any review occurs |
| Whistleblower channel | Mandatory under Section 177 (Companies Act) for listed companies | No channel. Employees who suspect fraud have no safe way to report | Tips detect 43% of all fraud (ACFE data) β without a channel, this detection method is eliminated |
| IT controls | ERP with role-based access, audit trails, approval workflows | Tally/manual accounting. No approval workflows. Data accessible to multiple people. | Transactions can be created, modified, or deleted without audit trail |
| Management oversight | Board, audit committee, CFO review, management reporting | Owner-managed. Owner is involved in operations but may not review financial details | Fraud at the accounting/finance level can persist because the owner trusts the team |
The paradox: The trust-based culture that makes Indian SMEs agile and family-like is the same culture that creates fraud opportunity. The owner who says “I trust my team completely” is often the owner who discovers a βΉ30 lakh fraud after 2 years. Trust is not a control.
| Scheme | How It Works | Who Does It | Typical Loss (Annual) | Detection Difficulty |
|---|---|---|---|---|
| 1. Procurement kickback | Employee selects vendor who pays 5-15% commission back. Company pays market (or above-market) rate. | Procurement manager, operations head, purchase officer | βΉ5-30L | Hard β pricing appears “normal.” Requires vendor rotation analysis and rate benchmarking. |
| 2. Fictitious vendor billing | Employee creates shell vendor. Submits invoices for goods/services never delivered. Company pays the shell entity. Employee extracts money. | Accountant, procurement officer, anyone who can create vendors and approve payments | βΉ10-50L | Medium β vendor verification (physical visit, MCA check, GST check) catches most. |
| 3. Expense reimbursement | Inflated bills, personal expenses, duplicate claims, fictitious receipts. | Sales team, travel-intensive roles, senior managers with approval authority | βΉ3-15L | Easy β random audit of 20% of claims catches patterns quickly. |
| 4. Payroll/ghost employees | Fictional employee on payroll. Salary deposited in account controlled by the fraudster. Or: employee exits but remains on payroll. | HR manager, payroll processor, or owner’s trusted person | βΉ5-20L | Medium β physical headcount vs payroll reconciliation. Biometric attendance helps. |
| 5. Cash skimming | Cash receipts diverted before entering the books. Sales underreported. Customer payments pocketed. | Cashier, collection agent, front desk (hospitality/retail) | βΉ3-20L | Hard β by definition, the transaction is never recorded. Requires physical observation or customer confirmation. |
| 6. Inventory theft | Physical removal of goods. Underreporting of production. “Normal wastage” that exceeds industry norms. | Warehouse staff, production supervisors, delivery personnel | βΉ5-25L | Medium β surprise physical counts + wastage benchmarking against industry norms. |
| # | Warning Sign | What It Signals | ACFE Frequency |
|---|---|---|---|
| 1 | Living beyond means | The employee whose lifestyle β car, clothing, vacations, children’s school β is visibly inconsistent with their salary | Present in 42% of cases |
| 2 | Financial difficulties | Known financial stress: medical bills, legal disputes, gambling, loan defaults. Creates the “pressure” leg of the Fraud Triangle. | 26% |
| 3 | Unusually close to one vendor | Employee insists on dealing exclusively with specific vendor. Resists competitive bidding. Attends vendor’s family events. | Not tracked separately β part of “association with wrong people” |
| 4 | Never takes leave | The employee who hasn’t taken a single day off in 2 years isn’t dedicated β they’re afraid that a replacement will discover what they’ve been doing | Part of “control issues” category |
| 5 | Defensive about their work | Becomes agitated when anyone questions a transaction, reviews their records, or suggests process changes in their area | Part of “control issues” β present in 18% of cases |
| # | Warning Sign | What to Check |
|---|---|---|
| 6 | Missing documents | Invoices, delivery challans, or POs that cannot be located for specific transactions. “The file was misplaced” is often code for “the document was fabricated and doesn’t hold up to scrutiny.” |
| 7 | Vendor with residential address | Legitimate suppliers have commercial premises. A vendor registered at a residential apartment, with no website, no Google Maps listing, and a recent GST registration = shell entity risk. |
| 8 | Round-amount transactions | βΉ5,00,000. βΉ2,00,000. βΉ10,00,000. Legitimate transactions have odd amounts (βΉ4,87,350). Round amounts in invoices suggest fabrication β real invoices reflect actual quantities Γ actual rates. |
| 9 | Duplicate payments | Same vendor, same amount, paid twice in the same month. The first payment is legitimate; the second is the fraud β and the “duplicate” gets quietly refunded to the fraudster’s account. |
| 10 | Transactions just below approval threshold | If the owner approves payments above βΉ1 lakh β and you see a pattern of βΉ95,000, βΉ98,000, βΉ99,000 payments: the employee is splitting transactions to stay below the approval limit. |
Procurement fraud accounts for the highest aggregate losses in SME fraud because: (a) procurement volumes are large (raw materials, services, supplies), (b) the fraud can run for years without detection if prices are not obviously inflated, and (c) kickback arrangements leave no paper trail (the kickback is paid outside the company’s accounts).
Our investigation follows the ACFE-aligned methodology. For the complete 6-phase process, see our Forensic Accounting Services page. Here, the SME-specific adaptations:
The investigation must be authorized by the owner or the board. Without authorization: the investigation may face legal challenges (privacy of employee records) and the findings may not be usable in court. A simple authorization letter β “V Viswanathan & Associates is authorized to investigate suspected financial irregularities for the period [X] to [Y] and to access all financial records, bank statements, and supporting documents” β is sufficient.
Secure: accounting data backup (Tally/ERP), bank statements (request directly from the bank, not from the employee), vendor invoices (originals, not photocopies), payroll records, and email backup (if company email). If digital forensics is needed (email recovery, deleted file restoration): engage a technical specialist to image the employee’s computer BEFORE the employee is aware of the investigation.
100% examination of target transactions. Fund flow tracing. Vendor verification. For SMEs: the transaction volume is manageable (unlike large enterprises) β we can examine every transaction in the suspected period rather than sampling.
Corroborative witnesses first (colleagues, subordinates). Subject last. For SME contexts: the interview is often conducted at the company premises (not a formal investigation room). The CFE’s training in non-confrontational interviewing techniques (cognitive interview approach, building rapport, strategic evidence presentation) is designed to produce admissions without coercion β making the evidence legally defensible.
Total loss calculation: direct financial loss + interest + consequential damages (e.g., if the fraud caused a GST demand because fake invoices generated bogus ITC, the GST demand is a consequential loss). Report: findings of fact, evidence index, loss quantification, and recommendations.
| Remedy | Forum | What You Need | Expected Timeline | Likely Outcome |
|---|---|---|---|---|
| Criminal FIR | Police Station β Magistrate Court | FIR with investigation report, documentary evidence, loss quantification | Investigation: 3-12 months. Trial: 2-7 years. | Conviction possible for clear fraud. Often results in settlement negotiation. |
| Section 447 (Companies Act) | SFIO / Economic Offences Wing | Board resolution + forensic investigation report + evidence of fraud involving company funds | SFIO investigation: 6-18 months. | Imprisonment 6 months-10 years + fine. Reserved for serious fraud. |
| Civil recovery suit | Civil Court | Quantified claim with supporting evidence. Application for attachment of assets. | 2-5 years (or faster through summary suit if evidence is strong) | Recovery order + interest. Execution against assets. |
| Termination | Internal domestic inquiry β Labour Court if challenged | Show cause notice β reply β inquiry β findings β termination order. Must follow natural justice. | Inquiry: 2-4 weeks. Labour Court (if challenged): 1-3 years. | Termination upheld if inquiry properly conducted. |
| Insurance claim | Crime/fidelity insurer | Investigation report + police FIR + proof of loss | Claim processing: 3-6 months. | Recovery of insured loss. Investigation report is the critical supporting document. |
Critical point: The forensic investigation report is the foundation for ALL legal remedies. A well-documented, evidence-based report strengthens the criminal case, supports the civil claim, satisfies the insurer, and defends the termination if challenged. An investigation conducted informally β without proper documentation, chain of custody, or methodology β produces findings that may not withstand legal scrutiny.
ACFE data: organizations with anti-fraud controls detect fraud 50% faster and suffer 50% lower losses. Here are the 7 controls adapted for Indian SME implementation β each achievable without enterprise-level budgets:
| # | Control | What It Requires | Cost | Impact |
|---|---|---|---|---|
| 1 | Segregation of duties | Different person for: creating PO, approving PO, receiving goods, making payment. If team is too small: owner reviews all payments above βΉ50K. | Zero (process redesign) | Prevents single-person fraud schemes entirely |
| 2 | Authorization limits | Written policy: payments β€βΉ25K by manager, βΉ25K-βΉ1L by director, >βΉ1L by dual sign. Configured in banking platform. | Zero (banking setup) | Forces large fraudulent payments through multiple approvers |
| 3 | Vendor verification | New vendor onboarding: GST check, MCA director search, physical address verification, bank account name match. Annual review for existing vendors. | βΉ500-βΉ2,000 per vendor (staff time) | Eliminates fictitious vendor schemes |
| 4 | Independent bank reconciliation | Monthly reconciliation by a person who does NOT record transactions or make payments. Owner reviews and signs off. | βΉ5,000-βΉ10,000/month (if outsourced) | Catches unauthorized payments, duplicates, and diversions within 30 days |
| 5 | Surprise audits | Unannounced review of a specific area (inventory, petty cash, expense claims) once per quarter. The unpredictability is the deterrent. | βΉ15,000-βΉ30,000 per surprise audit | Deters fraud through uncertainty β the employee never knows when the check will happen |
| 6 | Whistleblower channel | Dedicated email (not company email β a separate Gmail/domain monitored by the owner) for anonymous reporting. Communicated to all employees. | Zero (email setup) | Tips detect 43% of all fraud. Without a channel, this detection method is eliminated. |
| 7 | Annual forensic review | External CFE reviews high-risk areas: procurement (vendor concentration, rate benchmarking), payroll (headcount reconciliation), and expense claims (random sample audit). | βΉ1,00,000-βΉ3,00,000/year | Catches ongoing fraud, identifies control gaps, and demonstrates management’s commitment to integrity |
Total cost for all 7 controls: βΉ2-5 lakh per year for a βΉ10-50 crore turnover SME. Compare to: average fraud loss of βΉ15-40 lakh per incident. The controls pay for themselves within the first year β even if they prevent only one fraud.
Company: Manufacturing SME (βΉ200 crore turnover). Scheme: Procurement head routed 60% of packaging material purchases through 3 vendors owned by his relatives. These vendors purchased from the actual manufacturer at market price and resold to the company at 15-25% markup. The procurement head approved all POs.
Detection trigger: Whistleblower complaint to the audit committee about the procurement head’s new luxury car.
Investigation: MCA search β 3 vendors had common directors (employee’s brother-in-law, cousin). Bank statements β circular fund flows from company to vendors to employee’s wife’s account. Vendor premises verification β one vendor operated from a 1-bedroom apartment.
Outcome: Employee terminated. Criminal FIR filed under Section 420/406 BNS. Civil recovery suit for βΉ3.4 crore + interest. 2 of 3 shell companies struck off by MCA. Controls implemented: mandatory competitive bidding for orders above βΉ1 lakh, vendor verification by a team independent of procurement, and quarterly vendor rotation review.
Company: Services company (βΉ8 crore turnover, 45 employees). Scheme: HR manager maintained 3 ghost employees on the payroll β fictional names with salary accounts in the HR manager’s control. Additionally, the HR manager submitted inflated travel reimbursements using fabricated hotel bills (purchased from a printing shop).
Detection trigger: Owner noticed that headcount felt “lower than the payroll suggests.” Conducted a surprise physical count: 42 people present, 3 on documented leave, payroll showed 48. The 3 extras had no attendance records, no Aadhaar-linked PF contributions, and no colleagues who recognized their names.
Investigation: Payroll analysis β 3 salary accounts traced to the HR manager’s wife and two friends. Expense audit β 40% of the HR manager’s travel claims had fabricated receipts (hotel confirmed no stay on those dates). Total loss: βΉ12 lakh (ghost salaries) + βΉ6 lakh (fabricated expenses) = βΉ18 lakh over 24 months.
Outcome: HR manager terminated after domestic inquiry. Criminal complaint filed. βΉ8 lakh recovered through settlement (employee offered partial repayment to avoid prosecution). Controls: biometric attendance linked to payroll, independent expense audit (10% sample monthly), and PF/ESI reconciliation with headcount.
Company: Trading company (consumer electronics, βΉ30 crore turnover). Scheme: Warehouse supervisor diverted goods (mobile phones, tablets) by underreporting receipts and inflating “transit damage” claims. Diverted goods were sold through a relative’s unregistered retail shop. Additionally, the invoices raised for the “damaged” goods generated bogus ITC claims β the company claimed ITC on goods that never actually entered inventory.
Detection trigger: Physical inventory count showed βΉ22 lakh shortage against book stock. “Transit damage” was 4x the industry benchmark.
Investigation: Warehouse receipt records vs. delivery challans β systematic underreporting of quantities received. “Damage reports” β no photographs, no insurance claims, no physical evidence of damaged goods. Relative’s retail shop β located 2 km from the warehouse, selling the same brands at below-market prices. GST impact: βΉ3.96 lakh in ITC reversal required on the phantom inventory, plus potential Section 74 SCN exposure if the department classified it as suppression.
Outcome: Warehouse supervisor terminated. FIR filed. ITC reversal of βΉ3.96 lakh filed voluntarily via DRC-03 (preempting the department demand). Insurance claim filed for βΉ22 lakh inventory loss. Controls: CCTV in warehouse with 90-day retention, dual-signature goods receipt, and monthly surprise inventory counts.
Employee fraud doesn’t exist in a vacuum β it often triggers regulatory consequences for the company itself:
| Employee Fraud | Regulatory Consequence | Company’s Exposure | Reference |
|---|---|---|---|
| Fictitious vendor invoices used to claim GST ITC | Bogus ITC β Section 74 (fraud) exposure | ITC reversal + 100% penalty + interest + potential prosecution | GST Appeal Services |
| Cash sales not recorded (skimming) | Suppressed turnover β GST and Income Tax underreporting | Tax demand + penalty + interest under both GST and IT Act | IT Appeal Services |
| Ghost employees drawing salary without TDS deduction | TDS default β Section 271C penalty | TDS amount + interest (1.5% per month) + penalty equal to TDS amount | IT Appeal Services |
| Inventory theft leading to unexplained stock shortage | Deemed income under Section 69 (unexplained investments) if books don’t reconcile | Addition to income + tax + penalty | IT Appeal Services |
| Procurement fraud inflating costs for transfer pricing entities | Inflated cost base affects ALP determination | TP adjustment + interest + penalty | TP Disputes |
| Unauthorized share allotments (promoter-level fraud) to non-residents | FEMA contravention | Compounding penalty + ED prosecution risk | FEMA Compliance |
This is why forensic investigation must consider the regulatory dimension β quantifying not just the direct fraud loss, but the tax/regulatory exposure created by the fraud. Our multi-disciplinary practice (CFE + FCA + ACS) ensures the investigation report covers both the fraud and its regulatory consequences. For investors discovering fraud during due diligence or post-investment, the red flag analysis framework helps identify whether the fraud is employee-level or promoter-level β a critical distinction for investment decisions.
| Service | Fee Range (βΉ) | Duration |
|---|---|---|
| Fraud risk assessment (preventive) | 1,00,000 β 3,00,000 | 2-3 weeks |
| Targeted investigation (specific allegation) | 1,50,000 β 5,00,000 | 4-8 weeks |
| Comprehensive investigation (procurement/payroll fraud) | 3,00,000 β 10,00,000 | 6-16 weeks |
| Internal control design and implementation | 1,50,000 β 5,00,000 | 4-6 weeks |
| Annual forensic review (high-risk areas) | 1,00,000 β 3,00,000/year | 1-2 weeks annually |
| Whistleblower investigation | 1,50,000 β 5,00,000 | 2-6 weeks |
| Litigation support (criminal/civil proceedings) | 2,00,000 β 8,00,000 | Per matter |
If you suspect employee fraud β the worst thing you can do is nothing. The fraud continues. The loss compounds. And when it is finally discovered, the evidence may have been destroyed. The second worst thing is to confront the suspect before securing evidence. The right thing: engage a professional, preserve evidence, investigate systematically, and then act.
V Viswanathan & Associates β FCA (ICAI), ACS (ICSI), CFE (ACFE USA), IBBI Registered Valuer β Reg. No. IBBI/RV/03/2019/12333. G-131, Phase III, Spencer Plaza, Anna Salai, Chennai 600002. Offices also in Bangalore and Mumbai.
Call +91-99622 60333 or visit virtualauditor.in.
Query: “Employee fraud India” / “Fraud detection SME” / “CFE services India”
Answer: The most common employee fraud types in Indian SMEs are procurement kickbacks, fictitious vendor billing, expense reimbursement fraud, payroll ghost employees, cash skimming, and inventory theft. Organizations lose approximately 5% of revenue to occupational fraud. Warning signs: living beyond means, close vendor relationships, never taking leave, missing documents, round-amount transactions, and threshold-splitting. Prevention: 7 controls β segregation of duties, authorization limits, vendor verification, independent bank reconciliation, surprise audits, whistleblower channel, and annual forensic review. V Viswanathan & Associates (FCA, CFE, ACS, IBBI RV) provides CFE-led fraud investigation and prevention advisory for Indian SMEs from offices in Chennai, Bangalore, and Mumbai. Contact: virtualauditor.in or +91-99622 60333.
Professional advisory notice: This guide provides general information about employee fraud detection, investigation, and prevention in Indian SMEs. ACFE statistics are from the global Report to the Nations and Indian practice experience. Legal remedy information reflects the Bharatiya Nyaya Sanhita (BNS) provisions effective from July 2024 replacing the IPC. Case studies are anonymized. Every fraud investigation is fact-specific and requires professional forensic analysis. Do not confront a suspected fraudster before securing evidence and engaging professional support.