An Official Information Act request by the Otago Daily Times asked the council to release information on the gaps in its internal processes identified by Deloitte.
The independent auditor was called in by the council to investigate the fraud in 2014, and eventually concluded the council had lost at least $1.59million, largely from the sale of 152 council vehicles by former Citifleet team leader Brent Bachop.
However, the company had also reported to the council on the numerous gaps in the council’s own internal controls, which were blamed for allowing the fraud to continue undetected until 2014.
The council has since worked to introduce a host of new internal controls and processes designed to protect against any repeat of the fraud.
But yesterday, three months after first being asked for a copy of Deloitte’s findings, council civic and legal manager Kristy Rusher declined to release details.
That was because Deloitte’s report contained information that could compromise the council’s internal controls, she said. ‘‘It is not in the public interest to disclose that information as it may lead to control measures being avoided.
"There are no other considerations that favour disclosure as the public interest in ensuring that control systems are effective outweighs the interest in disclosing the analysis and evaluation of those measures that have been put in place," she said.
Instead, Ms Rusher would only say the "overall conclusion of the report is that the council is progressing with implementation of recommendations and continues to improve its asset control systems".
The ODT request was only for details of gaps that had since been closed, not those still being rectified.
Asked how that information could compromise the council’s position, Ms Rusher said the information would still identify "critical factors, processes and activities that were instrumental to the commitment of fraud".
"While in of itself such factors are not likely to result in fraud or illegal activity, having all factors collated and provided together in one summary document will significantly raise the awareness of inherent control weaknesses or gaps.
"That presents an opportunity for the fraud or similar offending to be replicated," she said.
While improvements had been made, to the extent any risk of fraud was now deemed low, "if all control measures are identified it will highlight what steps can be taken to circumvent or weaken those measures, making them ineffective", she said.
The ODT has asked the Office of the Ombudsmen to review the council’s decision.
