In a revelation by the Auditor General on Friday, April 5, the Integrated Financial Management System (IFMIS) has experienced several breakdowns, including a significant three-week hiatus last year.
This disclosure has emerged just days after a stark warning from the United States, indicating that IFMIS remains susceptible to manipulation and hacking, potentially leading to substantial losses for taxpayers.
The Office of the United States Trade Representative (USTR) issued a report flagging multiple risks associated with IFMIS, especially American firms operating or seeking to do business in Kenya.
Addressed to the Budget and Appropriations Committee Chairperson, Ndindi Nyoro, Auditor General Nancy Gathungu's report highlighted instances of system downtime, particularly disruptive during crucial financial periods.
"There have been several incidences of IFMIS system downtime, especially at the beginning and towards the end of the financial year, affecting initiation and finalization of procurement and payment processes," the report noted.
During one such incident in October 2023, IFMIS was non-operational for three weeks, significantly impeding the implementation of planned activities.
Additionally, the audit report that covers the last nine years raises concerns regarding updates to the procurement module without prior notification to users, leading to challenges during procurement procedures.
Every ministry, department, and agency (MDA) within both the national and county governments must upload their transactions into the IFMIS system, which is exclusively overseen by the Treasury.
Despite this directive, numerous entities, particularly county governments, have raised grievances regarding extended periods of system downtime and unexplained postings, among other issues.
IFMIS, an Oracle-based enterprise resource planning system, is integral to both national and county government operations, aiming to bolster accountability and transparency in expenditure.
However, recent events have highlighted vulnerabilities in the system, prompting calls for urgent action.
The latest hacking threat facing IFMIS recalls previous cyber incidents, notably the 2019 hack of the National Youth Service (NYS) and IFMIS, among other government websites, by the Indonesian hacker group, Kurd Electronic Team.
In the attack, hackers adorned the landing pages of targeted websites with their logos, signalling their control over the sites.
This incident follows in the footsteps of a similar cyber onslaught a few years prior, where an Indonesian hacker, direxer, compromised over 100 government websites.direxer, affiliated with the online Indonesian security forum Forum Code Security, executed the attacks following tutorials from the forum.
