Auditor-General Edward Ouko has recommended an overhaul of the electronic procurement system used in government due to glaring security lapses that exposed it to fraud and abuse by users.
Mr Ouko says an audit of the Integrated Financial Management System (Ifmis) revealed huge gaps that made it prone to manipulation that could lead to fraudulent transactions even as ministries and counties report loss of billions of taxpayers’ money.
In his report, the auditor says some of the loopholes included lack of proper approval process for creation of new accounts and password expiry dates, duplication of user identities and poor data and security backup systems.
He says transactions are still being done manually.
Mr Ouko’s call comes in the wake of similar sentiments by the Council of Governors and former Transition Authority boss Kinuthia Wamwangi, who have blamed the system for crippling operations in counties after it collapsed last December.
The audit report, compiled between July 2010 and November 2016, says although introduced to curb theft of public funds, Ifmis achieved minimal outcomes.
“The underlying network infrastructure design and capacity was not adequate to cater for the needs of the Ifmis application standard uptime requirements and that of the end-users,” says the auditor.
He adds: “It was observed that most of the users in the counties reported frequent downtime of the application — attributing it to network downtime — ranging anywhere between two to four days continuously. Also, ministries reported slow response time and sometimes downtime extending to a day.”
In some instances, the auditor notes, it was observed that the backup policies and procedures were not adequate, with only one tape used to back up all data.
“Consequently, efficient controls were not exercised for protecting the sensitive data. Disks were sent to Oracle support team without the data being erased.
“Sensitive data which might have been stored on the disk is running a risk of disclosure of information to third party,” says the report.
The review involved the assessment of the Ifmis academy which was established in 2012 to train users in the national government and counties.
And to mitigate the glitches witnessed, Mr Ouko recommends the development of support centre hubs across the country to provide day-to-day support, train users and for maintenance and update of servers and databases regularly.