A significant deficiency in internal control was noted in the Beaver Water District financial statement audit for the fiscal year ending September 30, 2024. This deficiency was described in the Management Comment Letter (MCL) as follows:
"A failure of expense controls to prevent a fraudulent vendor payment occurring during the year. The controls did allow for the detection and correction of the fraudulent vendor payment. The potential future effects are continued targeting of phishing and other scams and additional losses related to those fraudulent payments."
In response to this significant deficiency the Beaver Water District has implemented the following Corrective Action Plan:
Corrective actions that have been taken by Beaver Water District include-
Positive Pay, an automated cash-management service used by the bank holding our operating accounts will continue to be utilized indefinitely. Regarding vendor payments made via ACH, the District's Accounting Office will positively confirm the remittance account information, including payee, routing number and bank account number.
An Evolve Cyber Liability Insurance Policy has been purchased by the District to limit potential liability related to fraud. This policy became effective January 1, 2025, at an annual premium of $12,527.84 and a deductible of $10,000.00.
A Fraud Training course named "Social Engineering Red Flags, KnowBe4 Security Awareness Training" was completed in 2023 and will be repeated in 2025. The number of hours completed by each employee totaled 7.25 hours and included awareness and prevention of phishing and other scams. This course or one similar will be repeated on an annual basis.
The person responsible for implementing these corrective actions is Adam Motherwell, the District's Chief Financial Officer.