Councils must secure IT systems in wake of fraud

© DC Thomson
Fraudster Mark Conway was jailed for five years.

Councils have been warned to learn the lessons handed to Dundee after the local authority was defrauded of £1 million by one of their own IT experts.

Mark Conway, who is currently serving a five year jail term, conned council coffers of £1.065 million in an elaborate scheme over the course of a seven year period.

In a report on the con, the Accounts Commission warn robust IT and financing systems need to be put in place across Scotland.

The Convention of Scottish Local Authorities (COSLA), the association of all 32 Scottish councils, assured each authority already had in place “robust procedures” to mitigate fraud.

Dundee City Council was forced to hire an independent company to review its IT systems following Conway’s trial, at an expense to the public purse.

Conway, who was rumbled in May 2016, admitted the theft and was forced to sell off his house and forfeit his pension as the council tried to recoup the losses which had accrued under their noses.

The crook blamed his actions on an addiction to online gambling.

The Courier revealed in February bookmakers William Hill handed back the “proceeds” of Conway’s theft in the form of an “ex gratia” payment of £500,000 to the local authority.

The company were then hit with a multi-million pound fine from the Gambling Commission in part because of their inaction dealing with Conway.

Dundee City Council Chief Executive David Martin was instructed to write to the banks Conway used, the Gambling Commission and the Department for Culture, Media and Sport following a meeting of the council’s scrutiny committee investigating the fraud at the end of last year.

The council is yet to say whether a response has been received to any of the letters sent.

Graham Sharp, chair of the Accounts Commission said: “Lessons must be learnt from this serious and prolonged act of fraud. Our role is to provide the assurance people expect that all councils have in place robust checks to ensure public money is properly spent and accounted for. This case provides clear lessons for every council in Scotland.

“Councils must have fundamental internal controls in place to ensure secure IT systems, and those responsible for using them, must be managed appropriately.

“Managers in all Scottish councils are responsible for ensuring these arrangements are in place.”

A COSLA spokesperson said: “We welcome the report from the Accounts Commission and note that an independent review of procedures has already taken place in Dundee and measures have been put in place to strengthen controls.

“All of Scotland’s councils have robust procedures to mitigate against acts of fraud – these are regularly monitored, reviewed and updated.

“Councils are no different to other organisations, in that they will continue to take action to prevent this type of thing from happening in the first place.”

Dundee City Council said the council took action to rectify their systems after Conway was discovered.

A spokesperson said: “A report considering the Accounts Commission’s findings will go before a meeting of Dundee City Council on April 23.

“Following the discovery of this crime, the council has taken action to prevent a fraud of this type from happening again in the future.

“An independent review of procedures has already gone ahead and measures have been put in place to strengthen controls.

“The council has been engaging with Police Scotland to ensure that lessons are learned from the fraud by other local authorities and public sector agencies.

“Dundee City Council was involved in ongoing efforts which ensured that the funds taken from the authority by this individual were fully recovered.”