IFMIS and the Punctured Myth of Invincibility

When the NYS scandal broke, there were the usual stages of grief:

  1. Denial and Isolation
  2. Anger
  3. Bargaining
  4. Depression
  5. Acceptance

Yet as others pointed out last year (see here and here),  IFMIS had a dodgy track record in another country: Malawi. I’ve included a link on this page to the forensic audit of Malawi’s Cashgate scandal that details the myriad failures of an electronic system that was meant to be better than the manual one it replaced. The scandal is partly blamed for bringing down the government of Malawi’s first female president.

The executive summary of the Malawian forensic audit report is most eloquent and chilling:-

“The IFMIS system is designed to enable the [Government of Malawi] to monitor its budget and cash position. However subsequent reviews have identified significant control weaknesses within the system. The GoM suspect that a number of perpetrators have exploited these weaknesses through collusion, resulting in financial loss to the government exchequer. In the latest episode, it is alleged that the perpetrators were able to transfer funds from the government bank accounts to the vendor accounts for goods and services that were never supplied and then to delete these transactions from the IFMIS system.”

Almost word for word what happened in Kenya.

Today, the matter is back in the spotlight because the hacking collective Anonymous used very basic email phishing techniques to hack into the Ministry of Foreign Affairs and International Trade and steal 1TB of documents.

And remember The Bangladesh Bank’s more sophisticated hack in which the SWIFT system was compromised and $81 million vamoosed?

If the Kenya government refuses to learn the lessons about cyber-security, dunia itaifunza.