A Queensland council says an internal investigation has found human error contributed to ratepayers being defrauded of $2.3 million.

Noosa Council initially said no employees were at fault when overseas fraudsters posed as council suppliers in December last year and refused to reveal details about the theft.

But a report to council to be considered on Thursday said investigations had found “elements of human error that contributed to some failures in our internal controls”.

The report, which Mayor Frank Wilkie and Deputy Mayor Brian Stockwell voted against releasing, said three “key lessons” could have prevented the fraud.

They included following council policy when changing a supplier’s details, verifying emails, and escalating bank enquiries to senior staff.

Details about the nature of the scam were expected to feature in a report from the Queensland Audit Office (QAO) early next year.

A man in a suit stands in a lecturn with microphones in front of a Noosa Council banner.

Frank Wilkie says police asked the council not to publicly disclose anything related to the fraud. (ABC News: Jessica Ross)

However, council chief executive Larry Sengstock told the ABC he took “full responsibility” for the theft .

He said the loss had not impacted key services and the council had received $200,000 from insurance and $440,000 from bank recovery.

Mr Sengstock said despite the losses, the organisation also had money set aside for natural disasters, which meant operations were not affected.

“We are a financially sound organisation,” Mr Sengstock said.

“We thought we did have processes that would be able to combat all of this. But unfortunately, until you know, you don’t know.”

He said the wellbeing of council staff was “high priority”.

“Many of our staff continue to be impacted by this unfortunate incident,” Mr Sengstock said.

Mr Sengstock said “some [council] processes were not followed” but it was “unfair to portion blame”.

“We are tightening and strengthening processes and the executive and I want to ensure our staff, who work extremely hard for the community, are given support and assistance,” he said.

The report said the organisation had improved procedures, including security training for all staff, protocols to now independently verify any changes to supplier details, changes to bank account details requiring formal oversight and approval, an audit log for every supplier payment, a third-party payment protection software, and a “staff commitment to compliance”.

Were scam warnings ignored?

The Noosa fraud came roughly a year after the Gold Coast city council was hit by a similar scam worth $2.78 million.

The QAO said it passed on findings from its investigation into the scam to all Queensland local councils and the state government in March 2024.

An older man in a suit stands behind a lecturn with another man standing beside him, in front of Noosa council sign.

Larry Sengstock and Frank Wilkie have spoken publicly about the council scam. (ABC News: Jessica Ross)

The audit office’s recommendations were similar to the findings from the latest Noosa Council report.

When asked if Noosa Council had implemented those recommendations in early 2024, Mr Sengstcok said at the time of the incident council had processes in place that “were considered appropriate”.

“We are implementing all Queensland Audit Office recommendations,” he said.

The state government also had no record of whether Noosa Council implemented the scam prevention recommendations made by the QAO.

In the new report, council said it implemented every recommendation from the QAO.

However, the report did not mention the Gold Coast scam or any of the QAO’s 2024 warnings.