Written by 
In our previous article, “Marion Watch Predicts: Old, Unsafe Computer Habits Likely Still Harming City Finances,” we laid out our theory: decades of financial mismanagement signal a broken “control culture” in Marion, one in which we predict that Identity and Access Management (IAM) failures, such as improper access privileges and password sharing, are still rampant.
This isn’t just a guess. Based on the combined IT, financial, legal, and law enforcement experience on our team, we are making a specific prediction: aside from the City Auditor’s office specifically, and the recently revealed permission issues ordered corrected by the Ohio Auditor of State concerning override capabilities the Sewer, Sanitation, and Utility Billing departments are the most likely places to find current, costly breaches of IT security and financial controls.
This prediction is mostly based on IT red flags but relied on input from the rest of the team.
Why these departments? Because they represent the perfect storm of historical weakness, proven exploitation, and a modern, technical breakdown of the very software meant to protect taxpayer funds. For these very reasons and predictable, very well documented breaches we have urged the Ohio Auditor of State and the Collins administration to request a full forensic IT audit from about 2009 forward.
The Historical Weakness
This problem is generational. As we documented in our research in “The New World System: One Party Control, the Great Recession, and a Fiscal Nightmare for Marion” and our “Silent Sabotage” series, the city’s financial controls have been fundamentally flawed for decades.
Our research into official records found that a state audit from 1983—over 40 years ago—reported a critical failure in the Sewer Department: “all employees” could prepare bills, collect cash, access the register, and—most importantly—make adjustments to customer accounts without any approval. Fast forward to more recent times, and the echoes are loud and clear.
This lack of “segregation of duties”—a cornerstone of financial control—was not a bug; it was a feature of Marion’s control culture. It was a crisis waiting to be exploited.
The Human Exploitation
That crisis arrived. Our research confirms the 2015 conviction of former utility supervisor Brenda Nwosu for stealing over $34,000. She did it by manipulating customer accounts, the very weakness identified decades earlier, and her theft went undetected for over 3.5 years.
Worse, this was a failure of management, not just controls. As we detailed in our article, “Twila Laing: Silent Sabotage and the Crisis of Financial and IT Controls” (based on an episode of The Watchmen’s Report), current Finance Chair Twila Laing stated that she personally discovered and reported Nwosu’s suspicious activities, as well as other highly suspicious activities regarding improper use of city computer systems.
Her reports were ignored. This proves a management culture that allowed theft to continue, a failure that was only stopped by the State Auditor, not by city leadership.
The Technical “Smoking Gun”
This brings us to today. The same departments are hemorrhaging money, evidenced by the $5 million uncollected account balance in the Sanitation Department mentioned this year at Marion City Council and other surrounding issues led to the publishing of “Mayor Collins Announces Fiscal Caution Analysis.” This came after Marion Watch blew the whistle about grave breaches of IT and financial controls to the Ohio Auditor of State, and received a reply.
How is this still possible?
Because the human and IT failures of the past are combined with catastrophic technical failures. As we revealed in our report, “The Bomb at the Center of Marion’s Financial & IT Silent Sabotage Blast,” the city’s “New World” financial software was, for years, operating with its most critical safety features neutralized.
The smoking gun is in the city’s own council minutes: these records confirm that key safety controls and the system’s all-important reconciliation module were non-functional, misconfigured, or simply not installed and that the software had never functioned properly—a fact admitted by the previous administration.
Without a working reconciliation module, there is no reliable, automated way to prove that the money collected matches the money deposited.
This technical “black hole” was made worse by human decisions. As discussed at the August 4, 2025, city council meeting, a previous administration gave administrative access (often called “superuser” privileges) to staff who had no operational business need for it. Granting this level of power to a former Deputy Auditor is a particularly egregious ethical and financial violation. It obliterates the fundamental control of segregation of duties, effectively allowing a person responsible for checking the books to change the books, rendering a true, independent audit impossible. There is also widespread knowledge of the said deputy auditor allegedly demanding user credentials, a grave violation of all IT security standards, and financial confrols.
This combination is a disaster. You have:
- A $5 million hole in the very departments with a 40-year history of weak controls.
- A core financial system with its safety switches and audit trails effectively disabled.
- A documented history of “widespread inappropriate access” confirmed by current and former staff.
The recent $40,000 “washed check” fraud and $58,000 illegal payment are just symptoms. The disease is the total breakdown of financial and IT controls. Based on our team’s professional experience, the Sewer, Sanitation, and Utility Billing departments are ground zero for the next major financial or IT security breach.
All these signs are leading the public, as well as many in the Collins Administration, to shift their sights toward possible intentional sabotage. It has led Marion Watch to provide the Collins administration with a guideline on how to easily detect thses breaches on a network.
This distinction between intentional theft and catastrophic waste, however, may not matter in the end. From a legal and financial standpoint, when dealing with taxpayer money, the severe penalties for gross negligence often mirror those for outright theft. The law, at both the state and federal level, is designed to hold public officials accountable for the loss of funds, regardless of whether it was due to a malicious act or a negligent failure to perform their duties.
In Ohio, the legal framework makes this distinction clear.
- Under Ohio Revised Code (ORC) 117.28, the Auditor of State can issue a “Finding for Recovery” (FFR) against a public official whose “act or omission”—such as the failure to implement or enforce basic financial controls—results in the loss of public funds. That official can then be held personally and civilly liable to repay the full amount, the same as if they had personally stolen it.
- Furthermore, ORC 2921.41 (Theft in Office) is written broadly to criminalize not just stealing, but also “knowingly… using, or authorizing or permitting the use of” public property or funds in an improper manner. A systemic, known failure to secure IT systems or reconcile accounts could be argued to “permit the use” of funds improperly.
Federally, the penalties are just as severe, particularly since local governments receive federal funds.
- 18 U.S.C. § 666 (Theft or Bribery concerning programs receiving Federal funds) makes it a crime to “knowingly… misapplies” property or funds of an organization that receives federal assistance. A system with disabled reconciliation modules and no access controls is a textbook example of “misapplying” funds.
- The False Claims Act (31 U.S.C. § 3729) imposes massive liability on any entity that acts with “reckless disregard” for the truth when handling government money. Billing citizens from a system known to be broken, or certifying financial statements from an unreconciled system, could easily meet this standard.
Ultimately, whether the city’s $5 million sanitation deficit and other losses are due to a single thief or a systemic, negligent failure to implement any basic IT and financial controls, the outcome is the same: massive financial losses, the potential for severe legal penalties and civil liability for those responsible, and a profound breach of public trust.