If you thought government had sealed loopholes in the Integrated Financial Management Information System (Ifmis) after Cashgate, you were wrong as an audit shows that K8.2 million was recently siphoned out in 18 months.
According to an internal audit report at the Malawi Law Commission which Nation on Sunday has seen, Ifmis is still leaky as officers made unauthorized transactions through the system.
The fraud contradicts government’s claims that following Cashgate it had put in place controls to Ifmis, including access, security and user rights to make it more secure and prevent fresh abuse.
The stolen money at the commission amounts to 4.7 percent of the Other Recurrent Transactions (ORT) of t h e Law Commission’s allocated budget of K174.2 million for management and administration.
The audit says two officers , assistant accountan t Nerho Mwenel upembe and account assistant Edward Chibweya managed to make unauthorised payments in the Ifmis by using default set-up.
The internal audit report indicates that between April 2015 and October 2017 the two officers siphoned K8.2 million from fuel card number 1121000966 using several filling stations belonging to Petroda and Total Malawi in Lilongwe.
The audit indicates that the two would use the point of sale (POS) devices in several filling stations at Biwi, Area 43, Area 47 and Salima Turnoff to cash out the money.
In a report explaining the fraud, director of administration and finance at the commission, Felix Mpapa, said the commission had five fuel cards of which two were for Petroda and three for Total Malawi.
“Out of the two cards for Petroda, one was meant for local running while the other was for field trips.
The field trips’ card was reported missing.
“The two officers claim they discovered the missing card among a heap of old files, but did not report back to management that the card had been recovered,”
Mpapa wrote in his report to management.
He further explained that the officers used to raise separate vouchers translating into two payments with the same amount—one fraudulent and the other authentic.
“The two officers have also admitted to have forged [the] authorising signature.
The two officers revealed that they were using default set up to authorise payment in the Ifmis,” further reads Mpapa report.
Law Commission deputy chief law reform officer and spokesperson Mtamandeni Liabunya confirmed the case of the two officers, saying the auditor has been able to track some transactions amounting to K8.2 million, which he deems suspicious and could be a result of fraud and manipulation of accounts.
“There is, however, some indication that the amount could be reduced to K7.9 million,” said Liabunya.
He told Nation on Sunday that the two officers were presented with the findings of the investigative audit and they admitted responsibility of fraudulently withdrawing K7.9 million between February 1 2015 and October 30 2016.
“The two officers have been on interdiction without pay since February 6 2017. The commission is, however, committed to act in accordance with the dictates of the law in relation to this issue,” said Liabunya.
He further said the commission was working on modalities of recovering the sums involved as so far revealed, adding: “Bearing in mind the tough economic situation the country is facing, it is regrettable that the commission has to lose public resources in this manner.”
On fears of laxity of Ifmis, Liabunya said the discovery of the fraud was an indication that the commission’s systems and regulations were working because the audit was triggered by the commission itself.
“On the issue of Ifmis, the commission will have to wait, until investigations are through, to address that extension.
The commission believes the investigations will reveal the extent to which the issue can be attributed to the human factor, a weakness of systems, or, indeed, both,” he said.
Governance commentator Antony Mkumbwa told Nation on Sunday that the use of default setting to get access into Ifmis should be a worrying development.
He added that he did not believe Cashgate was stopped, challenging that serious abuse of Cashgate proportion was still going on in the country.
“What it means is that there was no proper user profiling when the system was being set up and instead users were left to use default/factory settings. If this is true then whichever consultant was engaged to implement Ifmis for the Law Commission was glossily negligent by leaving default/factory settings for the software unchanged to customised settings. This is an extremely serious anomaly in information systems set up,” said Mkumbwa.
He further observed that the access to Ifmis was an indication that its implementation was done haphazardly, without following a well-documented implementation plan and that the system has not been properly audited, saying: “Otherwise, such anomaly of using factory/default settings would have been easily detected,” he said.
Mkumbw a said until controlling officers start being held accountable and punished for not adequately accounting for funds given to their ministries, departments and agencies (MDAs), the country cannot say with certainty that there is no fraud in government.
“Lack of proper accountability of funds is a fraud conduit. The fraud at Law Commission is a wake-up call to government that Ifmis is still vulnerable to manipulation. The results of an audit by KPMG on the National Audit Office is a good example that Cashgate is still with us.
“What needs to happen is a comprehensive risk assessment of the entire Ifmis and payment system in government. If this is not done, I assure you, we will see more Cashgates,” he said, warning that reliance on external audits only may not tell the whole story.
Special assistant to the Minister and public relations officer in the Ministry of Finance, Economic Planning and Development, Alfred Kutengule, said any system was as good as the people operating it.
Said Kutengule: “The issues raised, if indeed they represent what actually happened, show that there are still officers who are abusing password privileges by not following the security protocols that they have to conform to. This is a people issue and has nothing to do with the integrity of the system.”
In an e-mail response, Kutengule said Ifmis controls were indeed strengthened and efforts were still ongoing to strengthen them further as government was installing modern real time monitoring tools to safeguard the system against this type of abuse.
“This is, however, not to say the system will be foolproof. There is no system that is foolproof if people who have rights to the same decide to abuse or misuse the privileges they have been granted,” he said.
He explained that Ifmis audits were regularly conducted, but said the major milestone will be the installation of the computer aided/assisted audit tools which was underway.
In 2013, between April and September, about K24 billion was discovered to have been stolen from the public purse whereas between 2009 and 2014 about K236 billion could not be accounted for.