General Report of the Controller and Auditor General on the audit of information systems for the year ended 30th June, 2018
Government has increasingly computerized its processes to promote more efficient and effective government operations, facilitate more accessible government services, allow greater public access to information and make government more accountable to citizens. However, these computerized processes need to be audited to determine whether the intended objectives have been achieved.
I have audited Information Technology (IT) systems in the financial year ended 30th June 2018. The audit covered three major IT systems and general controls surrounding these systems namely LGA IFMS Epicor at PO-RALG, HCMIS Lawson at PO-PSM and GePG at MoFP. In addition the report includes audits of information systems with their IT general controls of Public Authorities, MDAs and ICT project management. The objective of IT audits include: Ascertaining the level of compliance with the applicable laws, policies and standards in relation to IT; evaluating the reliability of data from IT systems which have an impact on the financial statements of the organizations; and Checking if there are instances of inefficiencies in the use and management of IT systems.
This general report provides a summary of main findings derived from 17 individual audits conducted in information systems whose audit reports have been separately issued to the Accounting officers. Assessment of the risk as per audit findings shows that 21 cases rated high while 18 cases rated medium, there were no cases rated low. The following are the main findings from the audit conducted:
Assessment of the IT systems effectiveness reveals control weaknesses relating to segregation of duties. District/Municipal Council Treasurers have access rights in LGA’s IFMS Epicor system to enter budget, allocate fund, create, approve and post vouchers. In addition, they also do process payments. Assigning of conflicting access rights to one person at once violates segregation of duties which may lead to misuse. The review payment process in LGA IFMS Epicor system revealed that, system provides disbursement numbers and automatically creates TISS file to be sent to BOT and affecting the customer bank accounts. I have noted that payments can be voided without proper authority while they have already been paid....