Around half of Dutch organizations have encountered theft or fraud in the past two years. For small businesses, the average loss sits at €180,000, with 42% of cases caused by weak internal controls.

The problem isn't always dishonest people. Usually, weak structure is the culprit.

When your business lacks clear answers about who approved a payment, whether the invoice was genuine, or whether the VAT claim was justified, you have a control gap. 

This gap affects cash flow, tax positions, and your ability to defend yourself in an audit or fraud investigation.

Where controls break down

Most fraud does not typically begin with forged documents. Often, routine carelessness allows issues to arise.

You receive an invoice by email. Someone forwards the invoice to bookkeeping. Someone else pays the invoice because the supplier's name looks familiar. No one checks whether the legal name matches, whether the IBAN has changed, whether the service was delivered, or whether the VAT details are correct.In this situation, your accounting entry becomes the mechanism through which money leaves the business. 

If the entry is wrong, the payment, VAT treatment, and management reporting are all affected.

The Belastingdienst requires your administration to support proper tax filings. For legal entities, Dutch civil law requires records that show your financial position and obligations at any given time. 

This isn't abstract. This is the minimum structure, making abuse harder and detection faster.

Seven practical checks

1. Document approval before paymentEvery payment above a set amount needs approval by someone other than the person booking the invoice. In small firms, you may approve it, but it must be explicit and traceable.

2. Control supplier master data changesA fake or changed bank account is riskier than a fake expense. If bank details change, confirm directly, don't rely on the invoice.

3. Verify minimum invoice data before bookingCheck legal names, addresses, VAT details where needed, invoice numbering, delivery date, description of goods or services, taxable amount, VAT rate, and VAT amount. Performing these checks regularly helps ensure liabilities and tax claims rest on reliable evidence.

4. Split ordering, receipt, booking, and paymentFull segregation of duties can be challenging in most small firms. However, even partial segregation may help. One person can confirm receipt of goods or services, another can prepare the booking, and you approve payment. This approach aims to ensure no single person completes every step of a transaction without oversight.

5. Test your audit trailSelect ten transactions from the last quarter and try to reconstruct each one from start to finish: request, approval, supplier check, invoice, bookkeeping entry, VAT treatment, payment, and supporting evidence. If any step cannot be followed, it may indicate that controls are less robust than they appear in your software dashboard.

6. Check record retentionThe Belastingdienst requires businesses to retain records for 7 years, with longer periods in some cases. Invoices sent and received must be retained in the form in which they were issued or received. If evidence is scattered across inboxes or personal devices, you have a control weakness even before any fraud occurs.

7. Review VAT claims with a fraud lensIf input VAT is reclaimed on invoices that have never been properly verified, the problem is no longer administrative negligence. This becomes a tax exposure with far higher consequences. Recent FIOD cases show false invoices and false VAT claims remain a live enforcement issue.

What this means in practice

Weak bookkeeping controls don't, by themselves, create fraud. They remove the obstacles preventing fraud.

The real issue is whether you can prove that your transactions are real, authorized, correctly recorded, and still traceable years later. When this structure is weak, fraud becomes easier, detection becomes slower, and you lose control twice: first over cash, then over the explanation.

The right next step isn't to panic. Start with a control review. Check approvals, supplier changes, invoice validation, record retention, and the path from transaction to payment.

In a small business, this discipline is not unnecessary bureaucracy. It can be a practical way to safeguard your operations.