I recently came across an audit report by the international audit firm, Baker Tilly, on a 2013 Integrated Financial Management Information System (Ifmis) scam in Malawi that was popularly known as the cash gate scandal.
As I read through the report, I was tempted to conclude that our local cowboys learnt the tricks of how to use Ifmis to siphon money from the public purse from the Malawians. Going through the Baker and Tilly audit left me with a feeling of déjà vu.
Here is a quick summary of the findings. First, the audit of Malawi’s Ifmis found massive abuse of user access controls — even theft of passwords. There were several cases where crafty civil servants were able to access Ifmis from any location even outside office hours.
Baker and Tilly also found that there was no procedure to terminate user profiles of departed employees and those transferring from one ministry to another.
The companies that were paid were relatively new outfits with no internet presence, low turnover, and with bank accounts that had zero balances before they received Ifmis-generated payments.
Compare this with what Kenya’s Auditor-General found in the special audit report on the National Youth Service. First, some civil servants had user rights that allowed them to siphon and commit funds from the Ministry of Devolution and Planning even when they were not employees of the ministry.
There is the case cited in the special audit report of an employee of the Ifmis department at the Treasury — one Fredrick Munge Musengi — who was found to have irregularly introduced the names of dozens of suppliers into the Ifmis system despite the fact that he was not an employee of the ministry.
It is a major loophole in the system because it implies that a third party with powerful access rights is able to create a supplier in the system, force in fake LPOs, create a goods-received note, process invoices, and pay the fake suppliers without reference to the accounting officers of the ministry.
The NYS has its own defined Ifmis complete with a list of approved users based at its headquarters in Ruaraka.
The report cites cases where some civil servants logged into Ifmis on Saturday, when government offices are closed.
And, just like in the Malawian case, where auditors found that there was no procedure for terminating user profiles of employees who were transferred from one ministry to another, the special audit report on NYS found that the access rights of a former director-general, Dr Nelson Githinji, remained active long after he ceased to be an AIE holder and he continued to log into the Ifmis system several months after his rights as AIE holder had been revoked.
The Malawians had their own version of Josephine Kabura. A junior civil servant, one Victor Sithole, was found in possession of $300,000 stashed in the boot of his car.
From information coming out of affidavits, court cases, and the proceedings of the multiple investigations by parliamentary committees, it seems our local cowboys have taken the game to a higher level than the Malawians.
In nearly all the Ifmis scams, the first step in executing the fraud has been in the re-allocation of large sums of money via supplementary budgets into specific lines the fraudsters have selected.
The next step is to introduce into the system the names of fake suppliers, LPOs, goods-received notes, invoices, and flag-to-pay instructions.
In the Kabura case, it turned out that all the documents booked into the Ifmis were fake.
The moment the budget re-allocation is completed, the money is made available through an exchequer release, sparking a scramble and rush to commit the funds against orders and invoices belonging to the fake suppliers.
This is how Kabura and the clique around her managed to siphon Sh1.8 billion of taxpayers’ money through Ifmis.
Should the current Ifmis be scrapped? Absolutely. But we still need an effective integrated financial and management information system.
In theory, the Ifmis system we have is based on Oracle E-Business Suite, an accounting package developed by Oracle of the USA. In reality, what is in place is a product of conspiracies between crafty government officials and local rent-seeking software merchants.
Through highly inflated and ill-conceived customisation and re-engineering projects, the merchants have colluded with public officials to create a mongrel of the original Oracle E-Business Suite.
This is the system at the heart of corruption in the public sector.