Showcasing the Best of Welsh Business

DEFAULT GROUP

Fraud at Community Council Highlights Importance of Cyber Security Processes

A - Home Page B - Original Content Business Zone
SHARE
,

As electronic banking becomes more commonplace, Community Councils must have sound cyber security processes in place.

Serious failures in governance and financial management found at Harlech Community Council according to the report in the public interest issued today by the Auditor General for Wales.

Harlech Community Council (the Council) is made up of 12 councillors who are responsible for managing money raised by the Council and spends around £100,000 a year to provide local services. Following routine audit work on annual returns completed by councils, attention was drawn to a report that Harlech Community Council had been the victim of fraud resulting in the loss of £9,000.

The fraud followed a breach of the Clerk’s email address that allowed a third party to access her email account. We extended our audit work to identify how the Council’s procedures failed to prevent the loss being incurred.

In December 2022, the Clerk made two payments of £4,500 to a third party without proper authorisation from the Council. The Auditor General’s report found that there was a failure to carry out proper due diligence when making these two payments. This highlights the fact that the Council did not have effective internal controls in place and did not follow its current rules for making payments. The ease in which the fraud was carried out also leads to concern that making payments without proper scrutiny in place may not have been an isolated occurrence.

It is also important that the Council has accurate and accessible records of proceedings and decisions. Harlech Community Council’s minutes do not present an accurate picture of how the loss of £9,000 occurred.

As electronic banking is becoming more widely used, the Council, and other councils across Wales, must have better cybersecurity processes in place to protect against the risk of losses due to online frauds.

The report notes that the Council has taken some steps to address deficiencies in its internal arrangements.

Our report makes five recommendations to Harlech Community Council, some of which are:

  • The Council should review its arrangements for making payments to ensure that all payments are subject to an appropriate authorisation process.
  • The Council should review larger payments made over the last 12 months to establish if this incident was an isolated incident or was a regular occurrence.
  • The Council should ensure that its website is updated on a regular basis and contains all information the Council is required to publish electronically.

Auditor General, Adrian Crompton said:

“It is concerning that we are commenting about weaknesses in financial management and governance on a regular basis. The fraud at Harlech Community Council is another example of this. It’s important the sector takes notice and make improvements on this ongoing issue of poor financial management and cyber security.”

.

 

Business News Wales