A million-pound fraudster was able to get away with his crime because of Dundee City Council’s over-reliance on his IT skills, a report has revealed.
Crooked Mark Conway conned the local authority out of more than £1 million after setting up an embezzlement scheme of “sophistication” over a period of almost 10 years.
The council has managed to recoup the money he stole after filing an insurance claim with Aviva.
The payment was possible due to a so-called “fidelity guarantee”, which all local authorities are required to have to protect themselves against employee dishonesty.
However, the council still had to stump up a policy excess of £10,000.
Conway was jailed for five years and four months at the High Court in Glasgow in August after he admitted embezzlement.
His crimes started as early as 2009, but did not come to light until May 2016, following an initial investigation into a £7,300 fraud scheme.
Conway submitted false invoices to the council, before “intercepting” the payments as they left its bank account and putting the money into his own.
His first crime was committed on August 6 2009 when he made a payment ledger entry on the council system for £17,912 to go to regular fuel supplier, Scottish Fuels.
Instead of the company’s bank details, he entered those for his own Nationwide Building Society account and the invoice was paid without question the following day.
Conway went on to make further entries, which were paid by council officials who believed they were making legitimate payments to service providers.
He was addicted to online gambling and used the public money to pay-off his debts.
The subsequent investigation conducted by Price Waterhouse Coopers (PwC), who were drafted in by the council to help with their inquiry, has uncovered an “over-reliance” on a single individual – Conway – who had privileged access rights to the authority’s systems because of his IT expertise.
Conway, 52, had worked for Dundee City Council for almost 30 years and because of his skills had access to systems across the “purchase and payable” cycle, which allowed him to cover his tracks for as long as he did.
PwC outlined six areas for the council to improve upon.
These include restricting system access rights and segregating responsibilities, in order to remove the threat of one person being able to bypass controls.
A further recommendation is that all “super users” with clearance similar to Conway’s should be identified and investigated.
If it is discovered these individuals have “conflicting” access rights, these will be segregated and delegated elsewhere. If this is not possible, the council will monitor that person’s access.
PwC also noted collusion between Conway and someone else in the council was “unlikely” due to the method of the fraud, but said it could not categorically rule it out. However, it said there was no evidence at present to suggest he worked with anyone else on his scheme.
PwC charged £55,804 in fees, £47,141 of which the council was able to recover – meaning the authority has been left £18,663 out of pocket because of Conway’s dishonesty.
Councillors will discuss the findings at a meeting of the scrutiny committee next Wednesday.