Finding Text
Condition – For the year ended September 30, 2024, the District had a failure of controls over the expense section
from fraudulent vendor communications. The controls in place were followed and confirmed with the real
vendor, which had confirmed the invoice had needed to be paid. The impersonator has intercepted
communications inside the entity and posed as a known vendor.
Criteria – Controls in place over expensing include staff submitting purchase orders to accounting department,
which compare and match invoice and vendor information to confirm. Additional communication with vendor
and comparing ACH or payment information is reviewed if necessary.
Effects – The fraudulent vendor communications led to an ACH payment. When legal counsel and insurance
company was contacted no claim could be submitted due to limited coverage, and the funds could not be tracked.
The full amount was expensed.
Recommendation – Abacus has recommended an increase in insurance coverage, and an evaluation of current
expense controls. Additional controls to address phishing and vendor impersonation fraud. An evaluation of the
IT environment and security is also recommended.
Managements Response – Beaver Water District has committed to increase coverage and evaluate current controls.
An additional evaluation of the IT environment and security.