Auditor General Nancy Gathungu has listed flaws in President William Ruto's plan to digitise all government services and integrate them on the eCitizen platform.
In the 2022/2023 report on the National Government, the Auditor General explained that these flaws may hinder service delivery and jeopardise the government's data.
Gathungu further revealed that the office was conducting a special audit on the eCitizen platform to provide highlights on the credibility and reliability of the platform.
She remarked that the audit was informed by the current strategic importance of eCitizen in the financial architecture of government.
"The special audit will interrogate both IT and physical security, governance arrangements and the adequacy of the control in place," read part of the report.
Some of the flaws identified by the Auditor General were;
Over-reliance on the Consultant
The Auditor General revealed that the government did not fully control the system and relied on the vendor for crucial functions.
"Lack of full control of the system exposes the Government to the risk of revenue leakage, lack of full accountability, system unavailability or downtime, security vulnerabilities and threats including lack of business continuity," read part of the report.
The lack of control hinders the Government Digital Payments Unit (GDPU) from executing vital system configurations and implementing changes essential for fostering growth, such as onboarding new government services.
Manual Reconciliation and Settlement of Payments
As per the Auditor General's report, settlements for payments to Ministries, Departments, and Agencies (MDAs) were tediously carried out manually by the GDPU's accountant two days a week.
Gathungu explained that manual transfer introduced risks of human errors and delays in the transfer of payments. She urged the management to work on ensuring reconciliation and settlement of payments were done in real-time.
"Given the new government policy which requires all payments for services to be done through eCitizen, the manual system of reconciliation and settlement might not be sustainable," she added.
Failure to Provide a Consultancy Agreement Between The National Treasury and the Vendor
On this, the Auditor General noted that the management did not provide the consultancy agreement.
Gathungu noted this made it impossible to establish the terms of consultancy and the respective responsibilities of each party in managing the platform and its system.
Lack of Approved Information Technology Security Policy
Reports indicated that the GDPU did not have an approved IT Policy for governance and management of the system's ICT resources.
Gathungu added that there was no ICT Steering Committee in place to assist in the development of ICT Policy Framework which will enable the unit to realise long-term strategic goals.
Additionally, the system lacks an approved Business Continuity Plan and a secondary backup site.
"Lack of an approved IT Policy may result in an unclear direction regarding maintenance of information security across the Unit and safeguarding the Unit’s ICT assets," read part of the report.
These flaws may affect the efficiency of the digital platform in future. Ruto envisions it to have over 5,000 government services in a move to consolidate government operations.
