Govern­ment of­fi­cers have two Ifmis IDs, au­dit re­port shows

Sys­tem was ma­nip­u­lated to ex­e­cute the Sh1.6 bil­lion Na­tional Youth Ser­vice fraud as well as the Sh51 mil­lion Kil­ifi county theft. Health min­istry of­fi­cials tried to steal Sh30m

The Star (Kenya) - - General News - FELIX OLICK @olick­fe­lix

Se­nior govern­ment of­fi­cials have mul­ti­ple Ifmis IDs, a new au­dit re­port shows, lift­ing the lid on the con­tro­ver­sial sys­tem that has been used to loot bil­lions of shillings in tax­payer money.

The de­tails emerged amid dis­clo­sures that Ifmis was in­stalled at a cost of Sh5.5 bil­lion and a fur­ther Sh5.6 bil­lion had been al­lo­cated for its re-en­gi­neer­ing be­tween 2013 and 2018.

An au­dit re­port by Au­di­tor Gen­eral Ed­ward Ouko states that al­most 50 govern­ment of­fi­cials who are users of the Ifmis sys­tem had more than one user ID.

Cre­ation of more than one ID for a sin­gle in­di­vid­ual, Ouko warns, opens the sys­tem to mis­use and is a huge risk.

The sys­tem was ma­nip­u­lated to ex­e­cute the Sh1.6 bil­lion Na­tional Youth Ser­vice fraud as well as the Sh51 mil­lion Kil­ifi county theft.

It has also emerged that se­nior of­fi­cials at the Health min­istry tried to steal Sh30 mil­lion from the Na­tional Qual­ity Con­trol Lab­o­ra­tory through the sys­tem.

How­ever, last week, Trea­sury CS Henry Rotich de­fended the sys­tem as fool­proof and termed it “ro­bust and in­ter­na­tion­ally tested”.

But Ouko says the Ifmis depart­ment domi­ciled at Trea­sury has not estab­lished com­pre­hen­sive se­cu­rity poli­cies, stan­dards and pro­ce­dures.

“With­out a proper ap­proval mech­a­nism, cre­ation of ghost IDs may go un­no­ticed, thus putting govern­ment in­for­ma­tion as­sets at risk,” Ouko said in the 118-page re­port tabled in Par­lia­ment.

A re­view of the sup­plier mas­ter data, Ouko said, in­di­cates the ex­is­tence of al­most 50 cases of du­pli­ca­tion of the same sup­plier.

He warned that the pres­ence of ac­tive du­pli­cate sup­plier records in the Ifmis in­creases the pos­si­bil­ity of dou­ble pay­ment.

“Lack of ad­e­quate ICT poli­cies and pro­ce­dures, cou­pled with im­proper ap­proval pro­cesses for cre­ation of new sys­tem IDs, to­gether with the ca­pac­ity to cre­ate du­pli­cate sup­plier names in the Ifmis sys­tem with pass­words that don’t ex­pire, may have led to se­cu­rity vul­ner­a­bil­i­ties that were ex­ploited in the NYS saga,” the re­port reads.

Ac­cord­ing to the Au­di­tor Gen­eral, good prac­tice re­quires that pass­words be re­set ev­ery 90 days.

How­ever, the Ifmis pass­words ex­piry pe­riod is set to none, which means the pass­words do not ex­pire at all.

“This is a potential loophole that can be ex­ploited and, hence, lead to unau­tho­rised per­sons gain­ing en­try to sen­si­tive govern­ment data as well as car­ry­ing out fraud­u­lent activities,” the re­port states.

The au­dit also in­di­cates that the Min­istry of De­fence, the Na­tional In­tel­li­gence Ser­vice and eight other agen­cies do not use Ifmis.

These in­clude the Teach­ers’ Ser­vice Com­mis­sion, the Ethics and Anti-Cor­rup­tion Com­mis­sion, the now-de­funct Com­mis­sion for the Im­ple­men­ta­tion of the Con­sti­tu­tion, Kenya Na­tional Com­mis­sion on Hu­man Rights and Com­mis­sion on Rev­enue Al­lo­ca­tion.

Others are the Wit­ness Pro­tec­tion Agency, Na­tional Gen­der and Equal­ity Com­mis­sion and the In­de­pen­dent Polic­ing Over­sight Author­ity.

The re­port also in­di­cates that Ifmis adop­tion levels in govern­ment stand at a pal­try 22.1 per cent. Trea­sury, the champion of the sys­tem, has only achieved an 0.9 per cent adop­tion level. De­spite pok­ing holes into the multi­bil­lion-shilling fi­nan­cial man­age­ment sys­tem, Ouko did not state the amount of money that could have been looted through it.

Ac­cord­ing to in­ves­ti­ga­tors of the NYS scam, per­pe­tra­tors of the ripoff only needed to add a zero to their trans­ac­tion amounts to claim fig­ures 10 times the ac­tual claim.

Where a sup­plier supplied goods worth Sh10,000, a zero would be added to make it Sh100,000. Where sup­plies to­taled Sh1 mil­lion they would shoot to Sh10 mil­lion.

“It is clear that a zero has been added on each amount en­tered in the Ifmis, re­sult­ing in ex­tra mil­lions of shillings paid to the sup­plier. This is a case of ma­nip­u­la­tion of the Ifmis,” said an of­fi­cial of the Bank­ing Fraud In­ves­ti­ga­tions Unit.

Newspapers in English

Newspapers from Kenya

© PressReader. All rights reserved.