⚠️ Translation Notice: This content has been automatically translated. The original English text is the official version. Translation may contain errors.
⚠️ Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.
Findings and Recommendations 4 findings
F1
The Finance Department did not identify, or appropriately act upon, indications of fraud in this specific phishing attack.
Related Recommendations (1)
R1
By December 31, 2024, the Fresno City Council should adopt a written city-wide policy specific to indicators of fraud similar to the Department of Defense, Inspector General's website (Fraud Detection Resources (dodig.mil)).
F2
The Finance Department policies, if correctly followed, would have prevented this fraud from occurring.
Related Recommendations (1)
R2
By December 31, 2024, the Fresno City Council should ensure only the vendor provided data contained in approved contract documents is utilized when engaging in any financial transaction.
F3
Upon learning of the fraud, City officials immediately began to ascertain the magnitude of the loss, the reasons why the loss occurred, and the steps to ensure a fraud of this nature would not occur again.
Related Recommendations (1)
R3
By December 31, 2024, the Fresno City Council should ensure changes to a vendor’s bank account are verified and reviewed by multiple staff members.
F4
Today, the Finance Department staff appears to be following policy and exhibiting sound business practices. 10
Related Recommendations (1)
R4
By December 31,2024, the Fresno City Council should adopt a city-wide written procedure for changing ACH payments including dollar limits and appropriate accounting controls.
Additional Recommendations 7
These recommendations are not explicitly linked to specific findings.
-
R5By December 31, 2024, the Fresno City Council should ensure that changes to an existing vendor payment method (i.e., physical check to electronic fund transfers) is approved by the Director of Finance.
-
R6By December 31, 2024, the Fresno City Council should ensure that only the Director of Finance is authorized to bypass the prenote process.
-
R7By March 1, 2025, the Fresno City Council should develop a single, current, authoritative source of Finance Department written policies (including those listed in R1 - R6) for which its employees are held responsible.
-
R8By March 1, 2025, the Fresno City Council should enjoin the Finance Department, to the extent possible, to avoid relying on "understood" or verbal policies. 11
-
R9By March 1, 2025, the Fresno City Council should contract with an outside firm to conduct penetration “phishing” tests that identify vulnerabilities in the system.
-
R10By March 1, 2025, the Fresno City Council should direct the city manager to provide a written report to the council addressing all the recommendations made in the independent CPA’s “Report on Internal Control - Accounts Payable and Disbursements” (issued on 11/16/2023).
-
R11By June 30, 2025, the Fresno City Council should ensure all city-wide finance/fiscal affair managers and supervisors attend annual human error prevention and reduction strategy training.
No Responses Found 1
Government entities assigned to respond to this report. No response documents have been linked in our database.
Fresno
City