Dublin Simon Community failed to report €38k theft by employee to HSE 

However, while the incident was reported to the Simon board and both gardaí and the Charities Regulator, it was not reported to the HSE, with whom Simon operates a service level agreement (SLA).

The Simon Community received €5,182,000 from the HSE during the 12 months up to the end of 2021.

The audit, carried out by Crowleys DFK on the part of the HSE, concluded Simon had breached its reporting requirements, as detailed in the SLA, by failing to report the incident.

The auditors recommended that Simon’s management “must ensure that reporting requirements prescribed in the SLA are adhered to”. The recommendation was given HSE internal audit’s highest priority rating.

However, the charity’s management said it was their understanding that “we met all reporting requirements in relation to this incident to the relevant authorities”.

They said the incident had related to “unrestricted funds”, involving a service not directly funded by the HSE, and therefore “it was not deemed necessary to report” it.

The audit, first published in February of this year, concluded that only a limited level of assurance could be provided to the HSE regarding “the adequacy and effectiveness of the governance, risk management and internal control system” used by Simon.

Value for money

The audit also found there was a risk of failure to obtain value for money due to the operating practices at the charity, which has a list of preferred suppliers for recurring purchases of goods and services.

“There is no documentation to demonstrate that Dublin Simon considered performing a procurement exercise, ie obtaining quotations from other suppliers to ensure value for money,” the audit said.

Simon’s management acknowledged this point and said a new electronic procurement system had since been put in place and “all recommendations will be incorporated into revised processes and systems”.

The audit noted there was room for improvement in how the charity documents its board meetings, notably with regard to the recording of conflicts of interest, while “instances of directors not fulfilling the expected attendance rate were also noted”.

One director has not been rotated within the past 19 years, the audit found, which does not align with the terms of the organisation’s own governance manual.

The audit also found Simon was “at risk of financial loss due to fraud” because five separate employees have the authority to both set up and authorise payments via online banking.

“No one user should have rights to both create and authorise online banking payments,” the auditors said, adding the practice “should not be permitted”. 

Simon said this issue had been rectified as of the first quarter of 2023.