In 2005 the Government of Malawi appointed Soft-Tech Consulting Limited (Soft-Tech), an EPICOR Limited software solutions technology partner, to implement an EPICOR based Integrated Financial Management Information System (IFMIS) for supporting budgeting, accounting and reporting.
According to the executive summary in the report over recent years the Government of Malawi has customized IFMIS to meet its own specific requirements across over 50 Ministries and government entities.
IFMIS generates payments to suppliers entered onto the system. In turn cheques are raised for payment to suppliers and others which are then printed on Reserve Bank of Malawi (RBM) cheques.
This function is currently centralized at the Accountant General’s Department.
All the payment vouchers, less the supporting documents from the various Ministries, are manually brought to the Accountant General’s Department for verification before cheques are processed.
The IFMIS system is designed to enable the Government of Malawi to monitor its budget and cash position. However subsequent reviews have identified significant control weaknesses within the system.
The Government suspect that a number of perpetrators have exploited these weaknesses through collusion, resulting in financial loss to the government exchequer.
In the latest episode, it is alleged that the perpetrators were able to transfer funds from the government bank accounts to the vendor accounts for goods and services that were never supplied and then to delete these transactions from the IFMIS system. There should never be a system that completely deletes a transaction once entered in the application. Within the system there should be audits and logging of who entered, Changed or deleted a transaction.
It is claimed that the system was manipulated to release funds without lawful authority, create and approve unauthorized payments, issue cheques through the Accountant General’s Department and transfer funds into supplier accounts without authorisation.
The preliminary audit work completed by the Government of Malawi revealed that, within IFMIS, a significant number of transactions had been deleted. To quantify the extent of these deletions and identify how the internal control failures occurred, the Accountant General commissioned Soft-Tech to complete an investigation. The outputs of the Soft-Tech report have been relied upon, in part, to inform our work.
Integrated Financial Management Information System (IFMIS) security protocols appear to be very inadequate. Every transaction entered in a secured database needs to be tagged to an authorised user. There should be a separate logging table that keep track of any transactional changes. In this day and age no one should actually be able to delete a transaction from such a sensitive database.
My recommendation to Malawi government is to ditch this obviously lacking so called financial tracking system because it obviously did not prevent cashgate. Sometimes it is best to start from scratch instead of trying to fix something beyond saving.