Every fraud case leaves clues. Some are flashy. Some are boring. This one is painfully boring, and that is exactly why it worked.
A former Atlanta Hawks finance executive recently pleaded guilty to stealing $3.8 million over several years. Not through some brilliant cyber hack. Not through fake vendors overseas. Through routine payments that no one properly questioned.
That should make every business owner uncomfortable. Because this was not a failure of intelligence. It was a failure of controls.
The Myth That Gets Businesses in Trouble
Here is the dangerous belief I see over and over again.
“She’s been here forever.”
“He’s the numbers guy. He knows what he’s doing.”
“We trust our people.”
Trust is not the problem. Blind trust is.
Fraud does not usually start with a criminal mastermind. It starts with opportunity. When one person controls too much of the process and no one checks their work, temptation creeps in. And once it works the first time, it keeps working.
In the Hawks case, the executive had enough authority to initiate and approve payments without meaningful oversight. No separation of duties. No second set of eyes. No regular review that actually questioned what was happening.
That is not bad luck. That is a system designed to fail.
Controls Are Not About Distrust
This is where business owners push back.
“I do not want to insult my team.”
“I do not want to slow things down.”
“We are not big enough for that.”
Let me be blunt. Controls protect good employees just as much as they protect the company.
When people know their work is reviewed, it removes suspicion. It creates accountability. It makes fraud harder and mistakes easier to catch early.
Think of it like a relay race. You would never let one runner run every leg and still call it a team sport. Finance should be no different.
What “People Checking People” Actually Looks Like
This does not mean hiring a full internal audit department. It means designing your process so no one can hide.
Here are non negotiable basics every business should have.
Payment initiation and payment approval are handled by different people.
Bank activity is reviewed by someone who does not have the ability to move money.
Vendor changes are independently verified, not approved via email alone.
Monthly financials are reviewed line by line, not just glanced at for profit.
High level executives still answer questions about transactions. Authority does not mean immunity.
If one person can create a vendor, approve a payment, release funds, and reconcile the account, you have a fraud risk. Period.
Why This Keeps Happening
Fraud cases like this make headlines, but the real damage happens quietly in small and mid sized businesses every day.
Why?
Because owners are busy.
Because growth outpaces structure.
Because no one wants to believe it could happen to them.
Until it does.
The Atlanta Hawks case is a reminder that even sophisticated organizations can miss obvious red flags when controls are weak. Size does not save you. Good intentions do not save you. Longevity does not save you.
Only systems do.
The Detective’s Rule
At Detect-a-Fraud, we live by one rule.
If no one is watching, someone eventually takes advantage.
Your job as a business owner is not to catch fraud after it happens. It is to make it so uncomfortable and difficult that it never gets started.
Your Next Step
Pull out your last three months of bank statements and ask yourself one simple question.
Who reviewed this that did not touch the money?
If the answer is no one, or only the same person who processed the transactions, you have your first clue.
And clues are where prevention begins.
