Digital gaps the corrupt use to steal public funds

The government spent Sh11 billion to set up and re-engineer the Integrated Financial Management Information System (IFMIS)
The government spent Sh11 billion to set up and re-engineer the Integrated Financial Management Information System (IFMIS). FILE PHOTO | NMG 

Taxpayers lost billions from the public coffers when most government institutions were largely running on analogue system. The problem appeared to defy all remedies, and it was finally decided that going digital would be the best solution. The government thus took most of its payments and tendering processes online.

Billions were then sunk into setting up one digital system after another to manage finances in a bid to seal loopholes exploited by the corrupt to steal public resources.

The government spent Sh11 billion to set up and re-engineer the Integrated Financial Management Information System (IFMIS). The system would essentially be used to pay for services delivered to government institutions and disburse money to the counties. Payments for goods not delivered or outside the budget would be a thing of the past, or so the public thought.

However going by the Auditor General’s reports, the digital system is far from being the silver bullet against graft as envisaged by IT experts and government officials.

An audit on the IFMIS, which is the government’s main financial management software, found it marred with a number of loopholes making it prone to abuse, exposing the taxpayers to immense risk of losing substantial resources.


It emerged that several unidentified users were capable of logging into the system remotely while others had multiple identities in the government’s main financial nerve centre.

One of the unearthed fault lines was in the use of passwords.

“Good practices require that passwords must be reset at least every 90 days. At the time of the audit, the configuration in IFMIS relating to password expiration indicated that the expiry period is set to ‘none’, which means the passwords never expire,” Auditor-General Edward Ouko wrote in the audit released in early 2017.

“This is a potential loophole that can be exploited and hence lead to unauthorised persons gaining entry to sensitive government data as well as carrying out fraudulent activities.”

IFMIS, which is just one of the many State-driven digital projects meant to curb corruption and which cuts across government departments, was also found to be running on a poor network architecture badly affecting its uptime and causing financial inconveniences especially in counties where network downtime ranges anywhere between two and four days continuously.

The question is: Were these mere oversights or was someone keen to leave a loophole including the one that creates more than one ID for a single individual to facilitate fraud?

Former Information and Communications permanent secretary Bitange Ndemo believes the oversights are indeed deliberate and that the systems were set to fail from the onset.

Dr Ndemo, who teaches at the University of Nairobi’s School of Business, said digital solutions can curb corruption more effectively when properly implemented, complete with components of artificial intelligence.

“ÏFMIS should have been in the cloud. The easy human intervention when one just needs to switch it off once every quarter to facilitate payments for orders outside the budget is something very deliberate,” he said. “The beautiful thing about going digital is that the theft can be traced, digital footprints are not easy to erase.”

Indeed, IFMIS had several duplicated vendors according to the audit with a review of the supplier master data showing the existence of almost 50 cases of duplication of the same vendor, meaning the trader in question may as well have been paid 50 times.

Experts aver that going digital is a watertight way to tame theft of funds but only when the system meets minimum integrity and configuration standards. For instance, they say, If IFMIS had used biometrics, it would have been difficult to manipulate or steal passwords.

The World Economic Forum (WEF), an international organisation for public-private co-operation, believes technology is the greatest ally of transparency and a critical tool against corruption.

WEF, however, recognises that the rate of change and complexity of solutions accompanying the Fourth Industrial Revolution makes it hard for institutions to keep pace with emerging technologies. According the organisation, developing countries can still make meaningful strides if the digital strategies are put into proper use.

Some State corporations are however tightly held hostage by corrupt individuals that the very systems meant to fight corruption fall victims to the same malpractice even at the point of procurement. The result is the purchase of a system prone to manipulations by the same corrupt people it was meant to shut the door on. Also these systems are either always down, malfunctioning or fail outright to function.

One such system was the Sh300 million a Social Security Pension Administration (SSPAS) by the National Social Security Fund. The system which was meant to protect pensioners’ contribution and enable timely transfers into members’ accounts was found to have been ignored when NSSF was audited for the year to June 2017.

“Consequently, the fund may not have gotten value for money for SPASS procured the year 2011/2012 at a cost of Sh300 million and members risk loss of accrued interest especially those claiming benefits in the intervening period,” the Auditor-General wrote as part of his qualified opinion on NSSF.

Digital intervention, however, remains a key deterrent to those planning to steal without trace.

The current use of mobile money and digital banking records make key pieces to the puzzle while tracing stolen funds. Direct transfer of funds while paying for government services like the e-citizen platforms have been key deterrent to theft. Techies say the next level of ensuring the integrity of software now remains the sealing of loopholes which either exist deliberately or accidently.