GLD Vacancies

Welsh community council lost £9k to scam due to poor internal controls: Auditor General

A Welsh community council that lost £9,000 to an email scam has been told to review its arrangements for making payments after the Auditor General for Wales found the "ease" with which the fraud was pulled off pointed to poor internal controls at the council.

In December 2022, Harlech Community Council’s clerk sent two payments of £4,500 to a third party after an email exchange with someone purporting to be the council's vice chair.

The person said the payments were for a 'strategic consultancy service' and requested they be made the same day.

The vice chair's name in the email address was slightly misspelt and the emails were "poorly written with grammatical and typographical errors," according to the auditor.

The auditor, who launched an investigation in July 2023 after finding out about the fraud, found that the email exchanges "demonstrate that the Clerk failed to properly question the instructions to make the two payments".

He said the failure suggested the council did not have effective internal controls in place and that the "ease with which the fraud was perpetrated suggests that the practice of making payments without proper scrutiny may not be an isolated occurrence".

He also found that the circumstances of the fraud were not properly recorded in the council's minutes.

The auditor made the following recommendations:

  • The council should review its arrangements for making payments to ensure that all payments are subject to an appropriate authorisation process.
  • The council should review larger payments made over the last 12 months to establish if this incident was an isolated incident or was a regular occurrence.
  • The council must ensure that its minutes are properly scrutinised before approval to ensure they are accurate and consistent with the matters reported and discussed at the meeting.
  • The council should ensure that its website is updated on a regular basis and contains all information the council is required to publish electronically.
  • The council should ensure that its website is clearly structured and is not obscured by information related to another council.

Auditor General, Adrian Crompton, said: “It is concerning that we are commenting about weaknesses in financial management and governance on a regular basis. The fraud at Harlech Community Council is another example of this. It’s important the sector takes notice and make improvements on this ongoing issue of poor financial management and cyber security.”

In a post to the community council's website, councillors apologised to residents for the £9,000 loss.

The post added: "Following this meeting of the Harlech Community Council it was decided, although the Council's financial procedures have been tightened in accordance with the Internal Auditor's report, to form a sub committee to look into the way forward the Council can work with regards to financial matters."

Adam Carey