A £1 million fraud perpetrated at Dundee City Council from 2009-2016 was the result of failures in fundamental controls within the council’s financial systems, the Accounts Commission reports.
Considering a report on this significant fraud perpetrated by a Dundee City Council employee, the Commission notes that the extent of the fraud could have been limited if the council had addressed significant weaknesses in its invoicing systems.
On investigation, the employee who perpetrated the fraud had unrestricted access to several systems which allowed him to insert fake invoices into the system and alter the bank payment details of suppliers without detection.
The report found that the council acted quickly in response to the discovery of the fraud, and has since addressed the issues that led to the fraud and brought in more robust management of their financial systems. Since 2016 it has taken significant steps to improve its resilience to prevent future fraud and corruption.
Graham Sharp, Chair, Accounts Commission said:
“Lessons must be learnt from this serious and prolonged act of fraud. Our role is to provide the assurance people expect that all councils have in place robust checks to ensure public money is properly spent and accounted for. This case provides clear lessons for every council in Scotland.
Councils must have fundamental internal controls in place to ensure secure IT systems, and those responsible for using them, must be managed appropriately. Managers in all Scottish councils are responsible for ensuring these arrangements are in place."