You are not permitted to download, save or email this image. Visit image gallery to purchase the image.
Deloitte, in its report released yesterday, listed multiple council failings it believed contributed to an environment where Citifleet team leader Brent Bachop could perpetrate a 10-year-long $1.5 million fraud against ratepayers.
Council chief executive Dr Sue Bidrose says the council is well down the road to turning that culture around.
Several aspects of the council's culture at the time led to the fraud, Deloitte said, including that the purchase by council staff of council assets such as vehicles, gym equipment, IT equipment and copier paper, was accepted practice.
This practice was stopped by Dr Bidrose in February this year, before the fraud was uncovered, as one of the first policy changes made when she was appointed.
Deloitte also found the council had weak controls in place, there were low levels of fraud awareness, issues were not escalated adequately, there was a lack of management oversight, poor judgement, and limited fraud-detection testing in place.
Asked to explain how something like a staff member spending $100,000 on personal items on a council card could have possibly have happened, she said Deloitte's conclusion said it all.
''This is a control failure. There were controls in place and they failed. It shouldn't happen. In an organisation with good robust processes, these things don't happen ... unfortunately they did.''
The fact this could happen was an indictment on the council's business processes at the time, Dr Bidrose said.
There were already considerable efforts under way to improve and modernise those processes and it was as a result of that work that the fraud was uncovered.
An audit and risk subcommittee, with an independent chairwoman, had been formed, all tenders awarded through the council's tenders board were now published online, a central contracts register had been put in place, the ''whistleblower'' policy had been updated and fleet card processes had been reviewed.
Further, a dedicated risk and internal audit manager position had been advertised, fraud awareness training for all staff would begin in the new year, a new risk-management plan was almost complete and new procurement and tendering processes were being developed across the council.
Asked to respond to Deloitte's comment there was an inherent risk other material frauds at council were not identified in its investigation, Dr Bidrose said the current tightening up of processes was about making sure anything like this could not happen elsewhere in the organisation.
A couple of minor instances of theft had been picked up since the systematic changes began, but no other fraud.
Sometimes, people's worst nature got the better of them, she said.
''All you can do is try to make sure you have really good processes so that you minimise the likelihood and set a good culture.
''If those red flags were raised now, we would act on them straight away.''