Cambridgeshire County Council is facing an escalating battle against fraud, corruption, and hidden governance risks — and it is whistleblowers, not criminals, who are increasingly shaping the fight for accountability.
The council’s latest internal audit progress report, just released, reveals a sharp rise in whistleblowing referrals alongside a growing number of fraud investigations and unresolved weaknesses in internal controls.
Covering the 2025/26 financial year, the report paints a sobering picture of a public sector under pressure: attempted cyber scams, invoice fraud, potential officer misconduct, and delayed implementation of audit recommendations that could leave public funds exposed.
Whistleblowing referrals surge across the council
The most striking finding in the report is the sharp increase in whistleblowing cases being raised with the council’s Internal Audit team.
By 31 January 2026, auditors had received 41 whistleblowing referrals — up significantly from 30 cases at the same point the previous year and already exceeding the total of 36 referrals recorded across the whole of 2024/25.
The report acknowledges both the scale of the rise and the strain it is placing on the audit service: “As at the 31st of January 2025, Internal Audit has received 41 whistleblowing referrals in the 2025/26 financial year… this is a significant increase… and represents a high caseload for the team… This is creating a pressure for the team.”
Whistleblowers drive accountability — but not every case can progress
The report repeatedly highlights the essential role whistleblowers play in exposing wrongdoing and strengthening council processes.
Referrals have led to investigations, procedural reforms, and the prevention of losses.
The council has also introduced new training to ensure staff understand the distinction between general complaints and whistleblowing disclosures: “Ensuring that the council’s new feedback policy… clearly delineate the difference between a complaint and a whistleblowing.”
However, auditors also note that some referrals lack enough detail to pursue:
“The referral contained no details… The case was therefore closed.”
One whistleblowing case involved concerns over a potential conflict of interest, where a staff member was undertaking an external role without the appropriate declaration.
While no wrongdoing was ultimately identified, the audit team issued four high-priority recommendations: “Improvements… surrounding declaration of interest forms were suggested…”
Fraud risks range from cybercrime to insider misconduct
The audit report makes clear that fraud in local government is not limited to one type of threat. Instead, Cambridgeshire is confronting a wide spectrum of risks, from external scams to internal wrongdoing.
Among the cases detailed are attempted frauds that could have resulted in financial losses — but were prevented through staff vigilance and adherence to policy.
Bank mandate scam narrowly prevented
In one case, fraudsters hacked a service user’s email account and attempted to divert a legitimate council refund payment into a different bank account.
The attempted fraud was stopped only because council colleagues recognised warning signs: “A bank mandate fraud was attempted… This was prevented by colleagues… who identified and investigated red flags… No funds were lost.”
The case highlights how increasingly sophisticated cyber-enabled fraud attempts are targeting routine council transactions.
Invoice fraud detected before any loss occurred
Another case involved a fraudulent invoice designed to trick the council into paying money to criminals posing as legitimate suppliers.
A council officer spotted inconsistencies and took action immediately: “They identified inconsistencies… contacted the supplier, who confirmed the invoice was fraudulent, and there was no loss to the council.”
Such scams, auditors warn, are becoming more common across the public sector, exploiting high volumes of procurement and payment activity.
Money laundering warning signs in refund requests
Not all suspicious activity involves large sums. Even low-value payments can raise red flags, particularly when individuals request refunds to accounts unrelated to the original transaction.
The report notes: “This type of request is noted as a possible warning sign of money laundering.”
In this instance, staff followed corporate policy and processed the refund correctly, while alerting finance and audit teams.
Phishing scams target council staff
Fraudsters are also attempting to extract sensitive financial information directly from employees.
In one incident, a council officer received a suspicious phishing phone call aimed at obtaining bank account details.
The staff member recognised the danger: “The member of staff recognised this as suspicious and did not engage…”
Internal audit later shared an alert across the council intranet to raise awareness and prevent future incidents.
Council officer fraud investigations continue
While many fraud threats come from outside, the report also acknowledges the uncomfortable reality that risk can sometimes emerge from within the organisation.
Auditors confirmed: “One possible case of council officer fraud has been flagged… and is currently under investigation.”
Two other internal cases have been investigated, with draft reports issued and under review with service management.
Governance and conflict of interest
Not every fraud risk comes with an obvious scam or dramatic financial theft. Some of the most damaging vulnerabilities are quieter — rooted in weak governance, poor oversight, and undeclared conflicts of interest.
The report states that Internal Audit is “currently handling seven open cases related to internal governance concern…”
Overdue audit actions leave risks unresolved
Perhaps most concerning is the report’s finding that a growing number of audit recommendations remain outstanding.
As of January 2026: “There are currently 87 management actions outstanding, compared to 72 in the last reporting period.”
Some actions are overdue by more than a year — and one by more than three years.
National Fraud Initiative identifies recoverable funds
Cambridgeshire also participates in the Cabinet Office-led National Fraud Initiative (NFI), which matches data sets nationally to identify fraud and error.
The latest cycle has already produced significant results:
“3603 matches have been reviewed… resulting in £27,239.47 identified to recover.”
The report also confirms that 337 blue badges have been cancelled, producing an estimated notional saving of £267,578.
Conclusion: action, not just reports
Cambridgeshire’s internal audit progress report offers a stark reminder that fraud and corruption remain persistent threats in local government.
The surge in whistleblowing referrals shows that more people are speaking up — but it also highlights the growing pressure on investigators and the importance of acting swiftly on recommendations.
All quotes and data are sourced directly from the report presented to the Audit and Accounts Committee of Cambridgeshire County Council on 19 February 2026.
Key Figures at a Glance — Cambridgeshire Council Audit 2025/26
| Metric | Figure / Details |
| Whistleblowing Referrals | 41 cases received by 31 Jan 2026 (up from 30 last year) |
| Total 2024/25 Referrals | 36 cases for entire year |
| Overdue Audit Recommendations | 87 outstanding (up from 72) |
| Longest Overdue Recommendation | Over 3 years |
| Bank Mandate Fraud Attempts Prevented | 1 case, £0 lost |
| Invoice Fraud Detected | 1 case, £0 lost |
| Money Laundering Risk Cases | 1 low-value refund flagged |
| Phishing Scam Incidents | 1 reported and managed |
| Council Officer Fraud Cases | 1 possible case flagged, 2 others under investigation |
| Governance / Conflict of Interest Cases | 7 ongoing |
| National Fraud Initiative Matches Reviewed | 3,603 |
| Funds Identified for Recovery (NFI) | £27,239.47 |
| Blue Badges Cancelled (NFI) | 337 badges; estimated notional saving: £267,578 |
