Manitoba’s Auditor General says several municipalities and the provincial government’s municipal oversight branch failed to properly safeguard public resources, following an investigation into allegations of wrongdoing and a major cybersecurity breach.
Auditor General Tyson Shtykalo released his findings Wednesday, pointing to weaknesses in both local governance and the Department of Municipal and Northern Relations, which is responsible for monitoring how municipalities use provincial funds.
“The Province of Manitoba provides significant funding to municipalities to support local governance, infrastructure, and services,” Shtykalo said in a statement. “With this funding comes a responsibility—both for municipalities and the Department of Municipal and Northern Relations—to ensure effective stewardship of public resources.”
The review was launched after Manitoba’s Minister of Finance requested it following a cybersecurity incident involving the Municipality of Westlake-Gladstone.
Between Dec. 19, 2019, and Jan. 5, 2020, unauthorized withdrawals that totalled more than $472,000 were taken from a municipal account.
The Auditor General said Westlake-Gladstone failed to conduct a root cause investigation into the breach, leaving the municipality without answers on how the incident occurred or how to prevent similar problems in the future.
“This highlights the need for all municipalities to implement controls based on a recognized cybersecurity framework, to protect them from cybersecurity threats,” Shtykalo said.
The report also examined public complaints and departmental information involving six municipalities. Of those, three were found to have at least partially substantiated allegations.
- Swan Valley West — The municipality purchased two fire trucks without tendering, a violation of its purchasing policy.
- Springfield — Councillors claimed about $3,000 in ineligible travel expenses over a nine-month period, in contravention of a municipal bylaw.
- Ethelbert — A former Head of Council acted unilaterally, contravening governance norms and conflict-of-interest rules.
In the other three cases reviewed, allegations were not substantiated.
The Auditor General also found shortcomings within the Department of Municipal and Northern Relations. The reports that the department lacks a comprehensive oversight process to follow up on complaints, track how municipalities spend provincial grants, and review required financial submissions.
Without proper monitoring, the report states there is an increased risk that public funds may not be used appropriately or that governance issues at the local level may go unaddressed.
The report made five recommendations aimed at improving cybersecurity controls for municipalities and strengthening provincial oversight of municipal finances.
Shtykalo said adopting a recognized cybersecurity framework would help municipalities reduce risks from online threats.
He also called on the department to establish clearer procedures for investigating complaints and ensuring compliance with provincial requirements.
Comments