File this under “the perils of treating political problems as technical problems”:
The government’s main financial management system is marred by technology loopholes, making it prone to abuse and possible loss of public funds, an official audit has revealed. An inquiry report by the Auditor- General reveals that the Integrated Financial Management Information System (Ifmis) has numerous control weaknesses that badly expose it to fraud and misuse, with unidentified users capable of logging in remotely while others have multiple identities in the government’s main financial nerve centre.
So exposed is the system that one can create more than one User ID. This can lead to misuse of such additional User ID freely in committing fraud. The audit reveals that almost 50 users had more than one User ID leaving little accountability on the users. The system also lacks a trackable approval process in the creation of new User IDs, meaning it is possible to create ghost IDs and carry out transactions including remotely without being noticed.
In fact, a list of authorised personnel provided with remote access was not available for audit review meaning their identities remained anonymous. There was no practice of approving the remote login requests; which means even those not authorised would log in remotely. Remote transactions were largely blamed for the theft at the Ministry of Devolution which saw the loss of more than Sh1.6 billion in the infamous National Youth Service (NYS) scandal.
Vendors were also duplicated in the system with a review of the supplier master data showing the existence of almost 50 cases of duplication of the same vendor, meaning the vendor may as well have been paid 50 times.