If you operate a franchise location — a convenience store, gas station, restaurant, or bar — your POS system is generating a report every day that most operators either never look at or don’t know how to read. That report is your POS exception report, and it is the single most powerful tool in your loss prevention arsenal. Used correctly, it tells you which employees are stealing, how they’re doing it, and how much it’s costing you.
The challenge is that reading and acting on exception reports requires time, expertise, and the ability to correlate transaction data with video surveillance. Most franchise operators don’t have a dedicated loss prevention team. The result: the report runs in the background, nobody reviews it, and employee theft continues undetected for an average of 18 months before discovery.
What Is a POS Exception Report?
A POS exception report is a system-generated report that flags transactions deviating from normal patterns — specifically, any transaction type that carries elevated risk of theft, error, or policy violation. Rather than showing you every transaction (which would be thousands per day), it surfaces only the anomalies that warrant investigation.
The word “exception” is key: it means the transaction fell outside the expected range. A customer buying $12.47 in merchandise and paying cash is a normal transaction. The same cashier voiding that $12.47 sale thirty seconds after the customer walks out is an exception. Your POS system knows the difference — and a well-configured exception report will flag it.
Most modern POS systems — whether you’re on NCR, Oracle Hospitality, Clover, Toast, or a proprietary franchise system — generate exception data natively. The data is there. The question is whether anyone is using it.
What a POS Exception Report Includes
A complete exception report typically contains the following transaction categories:
- Voids: Transactions cancelled after items have been entered
- No-sales: Cash drawer openings without an associated transaction
- Refunds & returns: Credits processed back to a customer
- Discounts: Price reductions applied at the register, including manager overrides
- Post-voids: Transactions voided after the sale was completed (higher risk than standard voids)
- Line voids: Individual line items removed from an active transaction
- Price overrides: Manual price changes entered at the register
- Employee comparisons: Side-by-side metrics showing each cashier’s exception rates relative to peers
The employee comparison component is particularly powerful. If your average cashier runs 2 voids per 100 transactions and one employee is running 14 voids per 100 transactions, that discrepancy doesn’t require a trained investigator to interpret. It requires someone to look.
Why Exception Reports Matter for Loss Prevention
Exception reports matter because employee theft accounts for 42% of retail losses — making it the single largest contributor to shrinkage, ahead of shoplifting, vendor fraud, and administrative errors. And unlike shoplifting, which is visible on camera and tracked through inventory, internal theft is specifically designed to evade your existing controls.
The mechanism is straightforward: a cashier who steals via void abuse never creates a cash shortage that shows up in nightly reconciliation. The customer paid $18. The cashier voided the $18 sale and pocketed the cash. End-of-day: the drawer balances. No flag. No investigation. If you’re relying solely on cash register shortages to detect theft, you will miss the majority of what your employees are actually doing.
Exception reports are the primary detection tool used by professional loss prevention departments in major retail chains. They work because they create accountability at the transaction level. An employee who knows that every void is reviewed — or who sees signage confirming that “all POS exceptions are audited daily” — is significantly less likely to attempt theft. The deterrent effect alone often covers the cost of any monitoring program.
Exception reporting also provides the paper trail required for legal action. Employee terminations based solely on suspicion create wrongful termination exposure. Exception data, combined with video evidence, creates a defensible evidentiary record. Sweethearting cases, for example, are notoriously difficult to prosecute without this combination of POS and video.
The 7 Key Exceptions to Monitor
Not all exceptions carry equal risk. These are the seven transaction types that loss prevention professionals prioritize, along with what each exception means and the threshold at which it becomes a red flag worth investigating.
| Exception Type | What It Means | Red Flag Threshold |
|---|---|---|
| Voids | An entire transaction is cancelled after items are entered. Legitimate uses include customer changes their mind before paying. Illegitimate uses include voiding after cash is accepted. | >3% of transactions, or 2× peer average |
| No-Sales | The cash drawer is opened without a sale being recorded. Legitimate uses include making change for a customer. Illegitimate uses include skimming cash from the drawer between transactions. | >5 per shift, or clustered at shift change |
| Refunds | Cash or credit returned to a customer for a returned item. Fraudulent refunds are processed to fictitious customers, with the refund amount pocketed by the employee. | Any refund without customer present on video; >$50/shift |
| Discounts | Price reductions applied at point of sale, including employee discounts, manager overrides, and promotional codes. Unauthorized discount application is a primary sweethearting mechanism. | Any manager-level discount applied by non-manager; >4% discount rate |
| Post-Voids | A transaction voided after it was fully completed and tendered. Higher risk than standard voids because the sale was already recorded as complete. Almost always requires manager override, making unauthorized post-voids especially suspicious. | Any post-void without documented manager approval |
| Line Voids | Individual line items removed from an active transaction before payment. Harder to detect than full voids because the transaction still closes normally with remaining items. A common mechanism for removing high-value items (tobacco, alcohol) from the ring. | >5% of items entered; pattern of specific SKUs being voided |
| Cash Drawer Opens Without Sale | The drawer opens with no transaction associated. Distinct from no-sales (which are at least recorded). These events can indicate the drawer mechanism is being bypassed or that cash is being removed outside of any transaction flow. | Any occurrence requires investigation; >2 per shift is critical |
How to Read a POS Exception Report
Reading a POS exception report effectively means understanding what each column represents, how to sort and filter for high-risk items, and how to compare employees against each other. Here is a step-by-step walkthrough of the process used by professional loss prevention auditors.
Step 1: Start with Employee Comparison, Not Absolute Numbers
The most powerful insight in any exception report is not raw counts — it’s relative performance. If your average cashier runs 8 voids per week and one employee runs 47, that discrepancy is your starting point. Absolute numbers are context-dependent (a high-volume shift will naturally produce more exceptions); employee comparisons normalize for volume differences.
Sort your report by void rate, refund rate, and no-sale rate as percentages of total transactions — not as raw counts. An employee who works twice the hours of a peer should naturally have more exceptions; the rate eliminates that variable.
Step 2: Look at the Timing Columns
When exceptions occur is as revealing as how many occur. Key timing patterns to watch for:
- End-of-shift clustering: Voids and no-sales concentrated in the last 30 minutes of a shift often indicate an employee settling up before leaving — pocketing cash that was collected during the shift and voiding the corresponding transactions.
- Shift-change no-sales: No-sale drawer openings right at shift handover are a classic skimming indicator. The outgoing employee opens the drawer, removes cash, and the incoming employee takes over a drawer that’s already short.
- Low-traffic period refunds: Refunds processed during slow periods (early morning, late night) when few customers are present should be cross-checked against video to confirm a customer was actually there.
Step 3: Examine the Dollar Values
Review the dollar amounts associated with each exception type. High-value voids deserve more scrutiny than low-value ones. A $1.29 void on a price correction is routine; a $23.50 void on a tobacco purchase twenty seconds after a customer exits is suspicious.
Also look for patterns in voided amounts: if an employee consistently voids transactions in the $15–$25 range, that specific range may correspond to the average tobacco or alcohol purchase at your location.
Step 4: Cross-Reference with Cash Over/Short Report
Your exception report and your cash over/short report should be read together. An employee with high voids but a balanced drawer is likely pocketing voided cash. An employee with high voids and consistent shortages is either incompetent or stealing in a less sophisticated way. Both require investigation — but the pattern determines which type of theft is occurring.
Note that sophisticated theft often produces a balanced drawer by design. If you’re seeing cash register shortages every day, that is a separate issue worth investigating — but the absence of shortages does not mean the exceptions are clean.
Step 5: Verify Against Video
Every exception that passes the threshold tests above should be verified against video. This is the step most operators skip because it requires pulling specific timestamps and reviewing footage, which is time-consuming. It is also the step that separates a suspicion from evidence. No employee should be confronted, disciplined, or terminated based on exception data alone. The video is what transforms a pattern into proof.
Patterns That Signal Employee Theft
Experienced loss prevention auditors look for specific patterns in exception data that are unlikely to occur through legitimate operations. Recognizing these patterns early stops losses before they compound.
One Cashier with 5× the Voids of Peers
This is the single clearest signal in exception reporting. If every other cashier on your team runs 2–4 voids per 100 transactions and one employee runs 20–25, the explanation is almost never “they make more mistakes.” Trained cashiers don’t make that many errors. What they do, when stealing, is use the void function to remove transactions after accepting cash.
No-Sales Clustered at Shift Change
A legitimate no-sale opens the drawer to make change for a customer standing at the register. No-sales clustered at shift change — when no customers are present — have no legitimate explanation. The most common reason: the outgoing cashier opens the drawer under the pretext of counting out, removes a predetermined amount of cash, and the incoming cashier takes over a drawer that was already reconciled to show the “correct” beginning balance.
Refunds Processed with No Customer at the Counter
Fraudulent refund schemes are among the most profitable forms of employee theft because they often go undetected for months. The pattern: an employee processes a refund for a customer who isn’t there — often using a real past transaction’s receipt or inventing a plausible transaction — and pockets the refund cash. Video verification of refund transactions instantly reveals whether a customer was present. No customer, no legitimate refund.
High Discount Rates on Specific SKUs
If your exception report shows one cashier applying markdowns specifically to tobacco, alcohol, or energy drink SKUs — the highest-value items at most c-stores — you are likely looking at sweethearting. The employee isn’t stealing cash; they’re giving away inventory to friends or favored customers. The POS shows the discount as legitimate; only video reveals that no manager was present to authorize it and the recipient was a known associate.
Exception Spikes After Manager Leaves
Pull your exception report filtered by time-of-day and overlay it against manager presence records. A consistent pattern of void spikes, no-sales, or refund activity during periods when the manager is off the floor or has left for the day is a strong indicator that the employee is exploiting reduced supervision. This is a behavioral pattern, not just a transaction pattern, and it is one of the most actionable findings in exception analysis. See also 10 c-store employee theft methods for more context on how supervision gaps are exploited.
Self-Service vs. Managed Exception Monitoring
Knowing your POS generates exception data is one thing. Having a system to review it consistently is another. Franchise operators have two options: self-service review (you pull and read the reports yourself) or managed auditing (a third-party service does it for you). The right choice depends on your resources, expertise, and tolerance for detection gaps.
| Feature | Self-Service (You Review) | Managed (DohShield) |
|---|---|---|
| Time Investment | 1–3 hours per location per week minimum; more for multi-unit operators | Zero — daily review handled by DohShield audit team |
| Expertise Required | High — requires understanding of exception thresholds, fraud patterns, and investigation protocols | None — DohShield reviewers have reviewed 125K+ incidents across franchise verticals |
| Video Correlation | Manual — operator must pull and match timestamps; time-consuming and often skipped | Automated correlation — every exception is matched to corresponding video footage |
| False Positive Handling | No filter — operator reviews all exceptions, including the 60–80% with legitimate explanations | Pre-filtered — only confirmed incidents escalated; false positives resolved before they reach you |
| Evidence Quality | Raw POS data only — typically insufficient for formal disciplinary action | Complete evidence package: POS data + timestamped video clip + pattern documentation |
| Detection Frequency | Weekly or less in practice — daily review rarely sustained by busy operators | Daily — every business day, without exception |
| Cost | Your time plus risk of missed detections | Flat monthly fee; 487% average ROI across DohShield clients |
For single-location operators with dedicated management time and some loss prevention background, self-service review is workable — provided it’s done consistently. For multi-unit franchise operators, or any operator without dedicated LP resources, the time cost of self-service review makes it impractical. Exceptions that aren’t reviewed daily are exceptions that aren’t caught.
How DohShield Automates Exception-Based Auditing
DohShield was built specifically for franchise operators who need professional-grade exception monitoring without the overhead of an in-house loss prevention department. The service reviews every POS exception daily, correlates each one with synchronized video surveillance, and delivers a complete evidence package for every confirmed incident.
The process works in four stages:
- Data ingestion: DohShield connects to your POS system and pulls exception data every business day. No manual export required.
- Threshold analysis: Exceptions are scored against location-specific baselines and peer benchmarks. Low-risk exceptions are cleared automatically; high-risk patterns are flagged for human review.
- Video correlation: Every flagged exception is matched to the corresponding video timestamp. A trained reviewer watches the footage and determines whether the exception is legitimate or indicates theft.
- Evidence packaging: Confirmed incidents are packaged as a complete evidence file: POS receipt data, exception pattern documentation, and the timestamped video clip. The package is ready for employee confrontation, HR action, or prosecution.
The deterrent effect of daily auditing is also significant. When employees are informed that all POS exceptions are reviewed against video every day, exception rates drop measurably within the first 30 days — even before a single incident is confirmed. Theft requires the belief that it won’t be caught. Systematic daily auditing removes that belief.
For operators managing convenience store theft across multiple locations, DohShield consolidates exception monitoring into a single daily briefing, ranked by severity. You see the highest-risk findings first, with evidence already assembled. No report-pulling, no video-scrubbing, no manual threshold-checking.
Frequently Asked Questions
POS exception reports should be reviewed daily. Theft patterns compound quickly — a cashier running excessive voids will repeat the behavior every shift until caught. Weekly or monthly review allows losses to accumulate for weeks before discovery. Daily review, whether self-managed or through a managed auditing service like DohShield, is the industry standard for effective loss prevention. The goal is to shrink the detection window from months to days.
Void abuse is when an employee uses the POS void function to remove transactions from the system — not to correct a genuine mistake, but to steal cash or merchandise. The most common pattern: a cashier rings a full transaction, accepts cash payment, waits for the customer to leave, then voids one or more items and pockets the cash difference. Because the void appears legitimate in the POS system, it often goes undetected without video correlation. Void abuse is one of the most common forms of internal theft and one of the most clearly surfaced by exception reporting.
Yes, POS exception reports can be used as evidence in employee termination, civil recovery, and criminal proceedings — but the report alone is rarely sufficient. Courts and HR processes require corroborating evidence, typically synchronized video footage showing the transaction as it occurred at the register. A complete evidence package combining POS data, exception patterns, and timestamped video is the standard required to act on theft findings. DohShield delivers exactly this package for every confirmed incident, making it actionable for HR, legal, or law enforcement purposes.
Unfiltered POS exception reports can generate a high number of false positives — 60% to 80% of flagged transactions may have legitimate explanations such as price corrections, customer-requested returns, or training errors. This is why reviewing raw exception reports without video correlation is inefficient. Managed auditing services like DohShield filter false positives by verifying each exception against video before escalating, ensuring operators only act on confirmed incidents. This filtering process is also what makes the evidence packages DohShield delivers legally defensible — every confirmed incident has already been cross-referenced against video to rule out innocent explanations.