Owner And Bookkeeper Playbook

Purpose

Give owners, bookkeepers, and small teams a simple shared process for pausing and verifying unusual payment, vendor, payroll, refund, support, and access requests before anyone acts under pressure.

When to use this

• A request involves a new payment destination, new payment method, or new payment link.
• A vendor asks to change contact details, payment instructions, or account records.
• A manager, owner, customer, or vendor appears to ask for urgent or secret action.
• A support message, popup, call, or software notice asks for remote access or login help.
• A payroll, HR, refund, or customer payment request arrives outside the usual process.
• A staff member feels rushed, unsure, embarrassed, or pressured to skip normal review.

Required approvals

• Owner approval is required for new money destinations, unusually urgent payments, and exceptions to normal payment rules.
• Bookkeeper review is required for invoices, refunds, vendor record changes, and payment timing questions.
• A designated backup reviewer should be named for times when the owner or bookkeeper is unavailable.
• Vendor relationship owner approval is required before changing vendor master-file records.
• Payroll or HR reviewer approval is required before changing employee-related records.
• Approved technology contact review is required before remote access, login approval, or support-session requests.

Verification steps

• Classify the request as invoice, vendor change, customer refund, payroll or HR, executive request, support or access, or social media issue.
• Look for stop signals: new money destination, unusual channel, urgency, secrecy, remote access, login request, or request for private information.
• Pause the action and tell the requester that the business verifies these requests before acting.
• Verify through a known channel already used by the business, not through contact details supplied in the unusual request.
• Check the known-contact list and vendor master file for the approved contact path and current business relationship owner.
• Use a second reviewer for payment changes, vendor record changes, payroll changes, refund redirection, and access requests.
• Document any exception with the reason, reviewer roles, known channel used, and final decision in plain internal notes.

Escalation triggers

• The request asks for secrecy or says not to contact the usual person.
• The request changes where money, refunds, payroll, documents, or account notices will go.
• The request asks for passwords, one-time codes, login approvals, remote access, or private documents.
• The request arrives through a new email, text, social message, popup, search result, or unexpected call.
• The sender uses deadline pressure, penalties, missed-pay language, account suspension, or executive urgency.
• The message asks staff to work outside the normal invoice, vendor, payroll, refund, or support process.
• The staff member feels uncertain and cannot quickly match the request to normal business records.

Record to keep

• General date and type of request.
• Business process affected, such as invoice, vendor change, payroll, refund, support, or social account.
• Role of the person who received the request.
• Stop signals noticed, such as urgency, secrecy, unusual channel, new destination, or access request.
• Known channel used for verification.
• Reviewer roles involved in the decision.
• Final status: approved through normal process, held, denied, or routed for further review.

Do not do this

• Do not approve a new money destination from a single message.
• Do not use contact details supplied only inside the unusual request.
• Do not share passwords, one-time codes, recovery prompts, private documents, employee records, customer details, or payment details.
• Do not grant remote access from a surprise popup, call, text, email, or social message.
• Do not make exceptions without documenting who reviewed the exception and why it was allowed.
• Do not punish staff for pausing a request or asking for help.
• Do not confront a suspected scammer or try to investigate them directly.

Role-based tips