It Wasn’t a “Glitch”: Why Marion’s Deficit Requires a Digital Autopsy

​ANALYSIS: The City Admits “New World” is Broken—But New Software Alone Won’t Fix the $9 Million Mystery Without a Close Look!

​
On December 8, 2025, Mayor Bill Collins confirmed the City of Marion is facing an estimated $9 million deficit and a financial system that “will never be accurate.” But the numbers are only half the story.

Our investigations have uncovered a catastrophic failure of internal controls, security permissions, and operational discipline that has left the city’s checkbook wide open for over a decade.

IMMEDIATE RECOMMENDATIONS: Governance & Documentation

Before addressing the specific red flags of the current crisis, Marion Watch submits two urgent recommendations that City Administration must implement immediately. 

These are not optional “nice-to-haves”; they are the foundational pillars required to prevent this history from repeating itself with the new software.

MAYOR BILL COLLINS (R) GIVES STATEMENT TO COUNCIL ON FISCAL CAUTION, THE CITY’S 2026 BUDGET, AND THE CITY’S DEFICIENT NEW WORLD FINANCIAL SOFTWARE

1. Reinstate and Empower the IT Oversight Committee- We strongly recommend the immediate reinstatement of the IT Oversight Committee. However, it cannot function as it has in the past—a symbolic group that meets rarely and oversees little. This committee must be:

• Active and Authorized: It must hold regular, mandatory meetings to review all IT contracts, software performance, and security protocols.

• Independent: It serves as a check-and-balance against the “silo” mentality where departments make unilateral tech decisions that jeopardize the whole city.

• utilized: This committee must be the gatekeeper for system changes, including permissions changes. Had this committee been properly utilized previously, the “silent sabotage” of the New World system could have been identified and halted much easier many years ago.

2. Implement a Mandatory “Trouble Ticketing” System The City must deploy a centralized IT Trouble Ticketing System immediately.

• The Problem: Currently, when a system fails or a vendor underperforms, complaints are often made via phone calls or casual emails. These disappear into the ether, leaving no permanent record. This allows vendors to claim, “We didn’t know there was a problem,” and allows staff to claim, “I told IT, but they didn’t fix it.”

• The Solution: A ticketing system creates an unalterable “digital paper trail” for every glitch, crash, and error. It is the “Flight Data Recorder” for the city’s IT.

• Why It Matters: If we had utilized a ticketing system over the last decade, we would currently have thousands of logged incidents proving vendor negligence, or possible negligence of city IT staff. Without it, we are left with hearsay. We must stop managing multi-million dollar systems with verbal complaints and start building a legal record of accountability.

Obvious to the Experts Hidden From You: How an IT Observer Could See Marion’s “Silent Sabotage” Years Before the City Admitted It

---

The Core Analysis

The question isn’t just “is the software broken?” The question is: “Does Marion meet the standard professional ‘Red Flags’ that trigger a mandatory Forensic IT Audit?”

The answer is an undeniable YES.

What is a Forensic IT Audit?

Before we discuss the red flags, it is critical to understand what we are asking for. A forensic IT audit is fundamentally different from the standard financial audits the city undergoes annually.

• Standard Audit: Assumes the data on the screen is true and simply checks the math. Spot check audits of the software controls are performed, but this is a high-level overview, not an in-depth analysis.

• Forensic IT Audit: Assumes the system may be compromised and checks the digital evidence.

It bypasses the broken “New World” user interface to query the raw database logs directly. It looks for the “digital fingerprints” that standard reports miss: deleted transaction logs, altered timestamps, machine IDs, and “back-door” edits. It is the only process capable of distinguishing between a computer glitch and human manipulation.

1. The Red Flag Assessment

According to global standards for fraud detection and IT governance (ACFE and GAGAS), specific warning signs dictate when a standard audit is not enough. Marion checks every single box. Note that this is a concise explaination to ensure readers can understand the subject more clearly.

[X] RED FLAG 1: Ineffective Internal Controls

• The Standard: When a system cannot reliably track revenue and expenses.

• Marion’s Reality: The Administration admitted financials “will never be accurate” on the current system. The “General Ledger”—the city’s master record—is effectively null and void. This is coupled with the declaration by the Ohio Auditor of State regarding the financial data being unreliable.

[X] RED FLAG 2: Override of Controls (Credential Abuse)

• The Standard: When individuals have “Super-User” access that allows them to bypass approval chains, or when strict password protocols are violated.

• Marion’s Reality: We uncovered that “Super-User” permissions were granted inappropriately, allowing users to alter financial records without witnesses. More alarmingly, we are aware of instances where user credentials were demanded by others, leading to rampant password sharing.

• Why This Matters: In the IT world, this is called a “Loss of Non-Repudiation.” If User A has User B’s password, you can never prove who actually clicked the button. A forensic audit looks deeper—analyzing, for example, machine IDs and usage patterns—to determine who actually sat behind the keyboard.

[X] RED FLAG 3: Physical Security Breaches

• The Standard: When critical IT infrastructure is accessible to unauthorized personnel.

• Marion’s Reality: We confirmed the city’s secure server room—the physical heart of the city’s finances—was used as an office and break area. This violation of ISO 27001 meant physical access to the hard drives was largely unrestricted, leaving hardware vulnerable to tampering or direct data extraction.

[X] RED FLAG 4: Flawed Implementation & The “Workaround” Culture

• The Standard: A system must be used as designed, with safety protocols intact.

• Marion’s Reality: The “New World” system never functioned correctly for many departments. To keep the city running, staff were forced into a culture of “workarounds”—systematically bypassing safety controls just to process bills and payroll. When the city recently tried to enforce these controls,when the Collins administration took over, the system collapsed because it had been running on bypasses for so long. It caused other widespread issues. A prediction we had that has now been verified. 

[X] RED FLAG 5: Persistent Ignored Warnings & Veritas Anomalies

• The Standard: When management ignores expert warnings about unexplained system behavior.

• Marion’s Reality: This is the “Silent Sabotage.” Experts identified critical errors years ago, yet previous leadership deflected and concealed the issues. Furthermore, Veritas has identified “strange anomalies” and “unexplained issues” within the data that defy logic—ghosts in the machine that suggest deep-seated corruption. Information regarding the depth and scope of the software issues—and how to perform the necessary workarounds—was not shared with multiple incoming administrations.

2. The Vital Link: Why the New System Will Fail Without the Audit

The Administration plans to possibly migrate to “Software Solutions” in early 2026, an Ohio based company already used by the Marion County Auditor. However, purchasing new software does not magically fix old data.

The “Garbage In, Garbage Out” Protocol You cannot build a clean house on a rotten foundation. The forensic audit is the mandatory “filter” required to make the new system accurate.

• Establishing the “Source of Truth”: The new system requires an accurate “Beginning Balance” to function. Currently, we are guessing the deficit is $9 million based on data from a liar (the New World system). If we import that unverified number, the new system is corrupted on Day 1.

• Sanitization vs. Migration: Standard migration just moves data from A to B. A forensic audit acts as a “Sanitization” process, identifying and quarantining the corrupted data, fake duplicates, and “glitch” transactions so they are not infected into the new system.

3. Investigating Vendor Negligence & Misuse of Public Funds

Beyond the data errors, there is a critical question of financial liability that only a forensic audit can resolve.

• The Unused Modules: The City spent millions on the “New World” suite, yet investigators have found that multiple costly modules were purchased but never implemented.

• The Breach: Spending taxpayer money on software that sits on a shelf is a misuse of public funds. A forensic audit is required to determine why these modules were abandoned, who knew, and why this was allowed for more than a decade.

• Determining Liability: Was this vendor negligence (selling us broken tools)? Or was it a refusal by staff to use controls that would have prevented manipulation? It could be both! This investigation is critical to holding the vendor liable for negligence and potentially recovering the misused funds to offset the deficit.

• Concealment: The Audit’s Unique Role: A forensic audit is the only procedure that can search for financial crimes by reviewing the raw database logs, which are inaccessible via the broken user interface. It will search for transaction logs that have been deleted, altered, or artificially backdated, a common tactic used to conceal fraudulent activity.

• Linking Digital Fingerprints to Financial Loss: The audit’s focus on “digital fingerprints” (machine IDs, usage patterns, and access times) can establish a direct link between credential abuse (Red Flag 2) and specific financial events. This is the only way to move past the “Loss of Non-Repudiation” and legally prove who executed a fraudulent transaction, or who concealed the purchase of a costly but unused module.

• Reconstructing the Timeline: By analyzing data untouched by the application’s broken front-end, the forensic audit can reconstruct a clear, unalterable timeline of events. This timeline is necessary to determine if the $9 million deficit is merely a calculation error from a broken system, or the cumulative result of deliberate, criminal acts of theft or concealment that have occurred over a decade.

4. Justification for Purchasing New Software (“Software Solutions”)

Why can’t we just fix “New World”? Because the system has degraded into a web of unexplainable errors and broken trust.

• Ending the “Workaround” Cycle: The new software (“Software Solutions”) is necessary not just to have controls, but to have a system that works without bypassing them. We need a platform where “doing it the right way” doesn’t break the process, eliminating the excuse for workarounds.

• Enforcing “Separation of Duties”: “New World” failed not only because it lacked features, but because the lack of enforcement allowed them to be ignored. The new system is the only way to mechanically enforce Role-Based Access Control (RBAC), ensuring that no single person can initiate, approve, and reconcile a transaction without the system blocking them.

• Eliminating the “Legacy of Deflection”: The “New World” vendor has collected taxpayer money for over a decade while the system failed state reporting standards. Purchasing new software is the only way to sever ties with a vendor that allowed this “Silent Sabotage” to fester.

The Bottom Line

The “New World” software is not just broken; it was left unlocked, bypassed, and compromised.

We need the Forensic Audit to verify the data and uncover the waste of public funds on unused modules.

We need the New Software to finally change the locks and ensure that no single person ever holds the keys to the entire city treasury again.

Marion Watch emphasizes that there must be accountability: Audit the past, secure the future.