Accessibility tools

We have installed ReadSpeaker’s webReader, which allows visitors to instantly convert online content to audio on our website.

Click on the icon above to try this out, and take advantage of the full range of useful webReader features by clicking the link below.

Readspeaker website

Accessibility statement

This accessibility statement applies to www.audit.wales. This website is run by Audit Wales. We want as many people as possible to be able to use this website.

View accessibility statement

Reporting accessibility problems

We’re always looking to improve the accessibility of this website. If you find any problems not listed on this page or think we’re not meeting accessibility requirements, contact:

info@audit.wales

Fraud at community council highlights importance of following proper governance and financial management processes

08 November 2023

  • As electronic banking becomes more commonplace, Community Councils must have sound cyber security processes in place.

    Serious failures in governance and financial management found at Harlech Community Council according to the report in the public interest issued today by the Auditor General for Wales.

    Harlech Community Council (the Council) is made up of 12 councillors who are responsible for managing money raised by the Council and spends around £100,000 a year to provide local services. Following routine audit work on annual returns completed by councils, attention was drawn to a report that Harlech Community Council had been the victim of fraud resulting in the loss of £9,000. The fraud followed a breach of the Clerk’s email address that allowed a third party to access her email account. We extended our audit work to identify how the Council’s procedures failed to prevent the loss being incurred.

    In December 2022, the Clerk made two payments of £4,500 to a third party without proper authorisation from the Council. The Auditor General’s report found that there was a failure to carry out proper due diligence when making these two payments. This highlights the fact that the Council did not have effective internal controls in place and did not follow its current rules for making payments. The ease in which the fraud was carried out also leads to concern that making payments without proper scrutiny in place may not have been an isolated occurrence.

    It is also important that the Council has accurate and accessible records of proceedings and decisions. Harlech Community Council’s minutes do not present an accurate picture of how the loss of £9,000 occurred.

    As electronic banking is becoming more widely used, the Council, and other councils across Wales, must have better cybersecurity processes in place to protect against the risk of losses due to online frauds.

    The report notes that the Council has taken some steps to address deficiencies in its internal arrangements.

    Our report makes five recommendations to Harlech Community Council, some of which are:

    • The Council should review its arrangements for making payments to ensure that all payments are subject to an appropriate authorisation process.
    • The Council should review larger payments made over the last 12 months to establish if this incident was an isolated incident or was a regular occurrence.
    • The Council should ensure that its website is updated on a regular basis and contains all information the Council is required to publish electronically.
    ,
    It is concerning that we are commenting about weaknesses in financial management and governance on a regular basis. The fraud at Harlech Community Council is another example of this. It’s important the sector takes notice and make improvements on this ongoing issue of poor financial management and cyber security. Auditor General, Adrian Crompton
    ,

    Related Report

    Failures in financial management and governance and losses incurred – Harlech Community Council

    View more