Tayside and Central Scotland

Council recovers money from £1m IT worker fraud

Mark Conway / Dundee City Council Image copyright Police Scotland/Google
Image caption Mark Conway was jailed in August for the six-figure theft

Dundee City Council has recovered almost all of the £1,065,085 stolen by a former employee, the local authority has confirmed.

Mark Conway, 52, was jailed for five years and four months in August after admitting carrying out the fraud between August 2009 and May last year.

The council said all but £10,000 of the stolen money had been recovered.

It said this had been achieved through "a range of sources" including Conway himself and an insurance policy.

IT officer Conway stole the money over almost seven years after running up debts on gambling websites.

The council's scrutiny committee was told on Wednesday that Conway carried out the fraud using his "expert knowledge of the authority's IT systems and his system access privileges".

Councillors were told: "The fraud was carried out by inserting false invoices into the payment process.

"The invoices appeared to have come from the main systems but were not actually recorded in them.

"Mark Conway was able to capture payments made against the fraudulent invoices and divert them to bank accounts within his control."

Privileged access rights

The council has mandatory insurance cover called Fidelity Guarantee to protect itself against financial losses incurred by the dishonesty of employees.

Councillors were told the insurance policy excess was £10,000.

A PwC report commissioned by the council following the discovery of the fraud said: "The method used to process the fraudulent payments was the result of over-reliance on a single individual within IT who abused his privileged access rights.

"The user had access to systems right across the purchase to payable cycle and was able to use that access to execute the fraud."

One of the report's six recommendations is for the council to restrict access for privileged system users in future.

The report added: "Restricting system access rights, and, where possible, segregating responsibilities, limits the ability of any one user being able to bypass system enforced segregation of duties controls."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites