Office of the Utah State Auditor Releases Report on Emery County Improper Wire Transfer by County Treasurer

The Office of the Utah State Auditor released its Report on Emery County Improper Wire Transfer by County Treasurer. 

In June 2016, the Office released an Auditor Alert, notifying local government entities that two counties had been victims of so-called “Spear Phishing” attacks and had made improper wire transfers as a result.  A “Spear Phishing” attack is a targeted email scam which thrives on familiarity, using information publicly available on an entity’s website – such as names, titles, or other references – to extract protected information or money from the entity. The familiarity used in the attack often makes the recipient of the email less vigilant in verifying the requests. The scam also thrives on urgency, indicating that the payment must be made immediately.

As part of the investigation of the attack against Emery County, the Office reviewed the following items for the period July 2015 through June 2016:  1) transactions in certain county bank accounts, 2) certain bank statement reconciliations, 3) the internal controls over cash receipting and disbursing, including separation of duties, and 4) cash receipting controls related to property tax collections.

The Office recommends that Emery County prepare and adopt formal written policies and procedures over cash receipts and disbursements and that all officials and employees comply with established internal controls and processes, including receiving adequate supporting documentation and approval prior to the disbursement of any funds, regardless of the appearance of urgency.

The Office encourages all governmental entities to learn from Emery County’s unfortunate experience as well as the weaknesses identified within this report. Establishing and following effective internal controls is critical to protecting public funds and preserving public trust.

The full report may be found on the Office’s website,, specifically at     

A copy of the Auditor Alert can be found on the Office’s website at the Auditor Alert section for Local Governments at and specifically at .