Why disposal is where the exposure concentrates
Three separate exposures converge on a single moment, which is what makes disposal disproportionately dangerous for a workflow most organisations run on an email and a gate pass.
Fraud, first. Non-cash misappropriation — the theft of equipment and inventory rather than money — features in 22% of occupational fraud cases, at a median loss of $66,000 and a median of twelve months before detection. Fake and undervalued disposals are a classic vector, for the obvious reason: an asset that has been recorded as scrapped is an asset nobody will ever look for.
Data, second. In 2020 and again in 2022, one global bank paid $95 million across two regulators after decommissioned data-centre equipment — roughly a thousand hard drives — was resold at auction without documented sanitisation. The disposal had been outsourced. The liability had not. A hotel holds guest personally identifiable information on its PMS servers, its POS terminals and its key-card encoders, and every one of those devices eventually reaches the end of its life.
Environment, third. Refrigerant-bearing equipment — chillers, PTACs, minibar units — legally requires certified recovery before disposal, with per-day penalties for venting. Electronics fall under WEEE and its equivalents. And the global picture is not encouraging: of 62 million tonnes of e-waste generated in 2022, only 22.3% was documented as properly collected and recycled.
What a governed disposal actually requires
Segregation of duties is the anti-fraud core, and it is not negotiable. Authorise, execute and record must be three different people. The person who sells the asset never posts the entry. The proceeds are handled by someone other than the seller. Collapse any two of those roles into one pair of hands and you have built the scheme the fraud statistics describe — sold it, pocketed it, marked it scrapped — and you have built it yourself, in your own policy.
Authorisation is tiered by value, and two conditions escalate it regardless. Departmental sign-off for small items, rising through to CFO and board as value climbs. But a sale below net book value, and a sale to any related party, need elevated approval and documented justification whatever the amount — because staff buying disposed assets at undervalue is one of the oldest schemes there is. Open bidding or an independent valuation is what defuses it.
Disposal, write-off and impairment are three different things, and confusing them corrupts the books. Impairment writes an asset’s value down while you still hold it. Disposal removes it, by sale, scrap or donation. Write-off removes it with no proceeds — lost, stolen or destroyed, and that requires incident documentation, not just a journal entry. Derecognition is the accounting act at the end of a disposal: gain or loss equals proceeds minus carrying amount, and it is not revenue.
Disposal discipline is the upstream control for register accuracy. Ghost assets — items on the books that no longer exist — are, overwhelmingly, unrecorded disposals. Fix the disposal workflow and you stop manufacturing them. And watch the trade-in, which is the stealth gap: the old asset leaves inside a procurement transaction, so no disposal record is ever raised, and nobody notices because the paperwork that exists is all about the new asset. Policy has to force a disposal record on every trade-in, or the register will quietly keep the ghost.
Renovation is where registers go to die. A PIP cycle generates hundreds of rooms of FF&E at once — liquidation, auction or donation, in bulk, at speed. Two risks ride along with it: revenue leakage on bulk lots that were never competed, and skip-loads of refrigerant-bearing units going out the back with nobody holding a recovery certificate. The volume is exactly what makes item-by-item discipline feel unreasonable, and exactly why it is required.
What happens without a disposal workflow
Assets walk — the ACFE pattern, running a median of twelve months before anyone notices. The seller records the entry, so proceeds are skimmed and the item is marked scrapped, and the control that would have caught it was the one you decided not to build.
IT equipment is scrapped unsanitised, and guest PII leaves the building on a drive you no longer own. Disposals go unposted, so ghost assets accumulate, so the register overstates the asset base, so the audit write-off arrives in a year nobody chose.
And refrigerants are vented, because the unit was in the skip before anyone asked. Per-day penalties follow, and so does the ESG damage — which, unlike the penalty, does not have a ceiling.
How Zepth runs disposal
A disposal workflow per method — sale, auction, donation, scrap, write-off — with approval routing driven by value and by flag conditions, so a below-NBV sale or a related-party purchaser escalates automatically rather than depending on someone choosing to raise it.
Certificates, bills of sale and environmental records are captured against the asset, and the register and lifecycle state update on posting rather than on a follow-up nobody owns. The result is that the audit trail auditors sample is produced as a by-product of working, instead of assembled the week before they arrive.