We have installed ReadSpeaker’s webReader, which allows visitors to instantly convert online content to audio on our website.
Click on the icon above to try this out, and take advantage of the full range of useful webReader features by clicking the link below.
Readspeaker website
This accessibility statement applies to www.audit.wales. This website is run by Audit Wales. We want as many people as possible to be able to use this website.
View accessibility statement
We’re always looking to improve the accessibility of this website. If you find any problems not listed on this page or think we’re not meeting accessibility requirements, contact:
info@audit.wales
As electronic banking becomes more commonplace, Community Councils must have sound cyber security processes in place.
Serious failures in governance and financial management found at Harlech Community Council according to the report in the public interest issued today by the Auditor General for Wales.
Harlech Community Council (the Council) is made up of 12 councillors who are responsible for managing money raised by the Council and spends around £100,000 a year to provide local services. Following routine audit work on annual returns completed by councils, attention was drawn to a report that Harlech Community Council had been the victim of fraud resulting in the loss of £9,000. The fraud followed a breach of the Clerk’s email address that allowed a third party to access her email account. We extended our audit work to identify how the Council’s procedures failed to prevent the loss being incurred.
In December 2022, the Clerk made two payments of £4,500 to a third party without proper authorisation from the Council. The Auditor General’s report found that there was a failure to carry out proper due diligence when making these two payments. This highlights the fact that the Council did not have effective internal controls in place and did not follow its current rules for making payments. The ease in which the fraud was carried out also leads to concern that making payments without proper scrutiny in place may not have been an isolated occurrence.
It is also important that the Council has accurate and accessible records of proceedings and decisions. Harlech Community Council’s minutes do not present an accurate picture of how the loss of £9,000 occurred.
As electronic banking is becoming more widely used, the Council, and other councils across Wales, must have better cybersecurity processes in place to protect against the risk of losses due to online frauds.
The report notes that the Council has taken some steps to address deficiencies in its internal arrangements.
Our report makes five recommendations to Harlech Community Council, some of which are:
It is concerning that we are commenting about weaknesses in financial management and governance on a regular basis. The fraud at Harlech Community Council is another example of this. It’s important the sector takes notice and make improvements on this ongoing issue of poor financial management and cyber security.