The Courier & Advertiser (Angus and Dundee)
Fraud sparks security warning for council IT
money: Local authorities across Scotland urged to tighten up in wake of Dundee case
Councils have been warned to learn the lessons handed to Dundee after the local authority was defrauded of £1 million by one of their own IT experts.
Mark Conway, who is serving a fiveyear jail term, conned council coffers of £1.065 million in an elaborate scheme over the course of a seven-year period.
In a report on the con, the Accounts Commission warn robust IT and financing systems need to be put in place across Scotland.
The Convention of Scottish Local Authorities (Cosla), the association of all 32 Scottish councils, assured each authority already had in place “robust procedures” to mitigate fraud.
Dundee City Council was forced to hire an independent company to review its IT systems following Conway’s trial, at an expense to the public purse.
Conway, who was rumbled in May 2016, admitted the theft and was forced to sell off his house and forfeit his pension as the council tried to recoup losses which had accrued under their noses.
The Courier revealed in February bookmakers William Hill handed back the “proceeds” of Conway’s theft in the form of an “ex gratia” payment of £500,000 to the local authority.
The company were then hit with a multi-million-pound fine from the Gambling Commission in part because of their inaction dealing with Conway.
Dundee City Council chief executive David Martin was instructed to write to the banks Conway used, the Gambling Commission and the Department for Culture, Media and Sport following a meeting of the council’s scrutiny committee investigating the fraud at the end of last year. The council is yet to say whether a response has been received.
Graham Sharp, chairman of the Accounts Commission, said: “Our role is to provide the assurance people expect that all councils have in place robust checks to ensure public money is properly spent and accounted for. This case provides clear lessons for every council in Scotland.
“Councils must have fundamental internal controls in place to ensure secure IT systems, and those responsible for using them, must be managed appropriately.”
A Cosla spokesperson said: “We welcome the report from the Accounts Commission and note that an independent review of procedures has already taken place in Dundee and measures have been put in place to strengthen controls.
“All of Scotland’s councils have robust procedures to mitigate against acts of fraud – these are regularly monitored, reviewed and updated.”
Dundee City Council said it took action to rectify systems after Conway was discovered. A spokesperson said: “A report considering the Accounts Commission’s findings will go before a meeting of Dundee City Council on April 23.
This case provides clear lessons for every council in Scotland. GRAHAM SHARP