The Integrated Financial Management Information System (IFMIS) in Kenya aims to assimilate public financial management functions, including procurement, budgetary preparations, and expenditure tracking and reporting, into a single cohesive system. As such, it was designed to improve financial transparency, enhance accountability, and boost efficiency in both national and county government financial operations. Despite this, the system continues to face challenges, including but not limited to corruption, particularly procurement fraud, cyber security threats, and inadequate technical capabilities of staff. According to the recent U.S. National Trade Estimate Report on Foreign Trade Barriers released on March 29, 2024, U.S. firms have expressed concerns about Kenya’s IFMIS citing insufficient connectivity and technical capacity in the county and national government offices1. In the report, the United States Trade Representative (USTR) identified corruption, as a major barrier for U.S. companies doing business in the country as they continue to report bribery requests from local government officials. This alert by America warrants serious attention. Therefore, there is need for urgent interventions to curb the above issues to ensure enhanced transparency and fair procurement processes. In return, this will encourage more collaborations with not only national but international partners, fostering better service delivery for Kenyans. This commentary seeks to assess vulnerabilities of the IFMIS and proper interventions to overcome them.
Firstly, corruption and manipulation of IFMIS still persist. Both corruption and manipulation of the system have been pinpointed as a key barrier towards transparency in tender bidding processes. Requests for bribes from local government officials undermine the system’s integrity, adversely affecting quality service delivery and international trade relations. In 2023, a review of the Ethics and Anti-Corruption Commission (EACC) National Ethics and Corruption Survey, highlighted procurement fraud as the most pervasive and damaging form of corruption impeding service delivery in Kenya2.
Notable high-profile examples of procurement fraud through IFMIS include the 2016 Health Ministry scandal where KES 5 billion was not accounted for and the 2018 National Youth Service(NYS) scandal where an estimated KES 1.8 billion is believed to have been stolen through fraudulent payments. Manipulation of IFMIS data on the other hand affects the effective operation of the platform. In 2021, the People Daily Newspaper stated that system weaknesses are used by operators to siphon money from public coffers. A notable risk acknowledged in this article was the exploitation of command codes in misappropriating government funds. Moreover, the lack of pre-defined per diem rates facilitated corruption leading to the overpayment and underpayment of individuals.
Secondly, there are still concerns regarding cyber threats in IFMIS. In 2023, a report by the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC) highlighted a staggering 1.2 billion cyber threat activities between October and December, representing a remarkable increase of 943.01% compared to the preceding period3. In response to these attacks, the National KE CIRT/CC reportedly issued advisories to key stakeholders, including the government, which was among the sectors most heavily targeted.
The risks caused by cyber threats drawback to 2014, during the re launching of the IFMIS, where former President Uhuru Kenyatta acknowledged the role of hackers in revenue losses amounting to hundreds of millions of shillings. Subsequently, in September 2021, the Office of the Auditor General (OAG) released an audit report on IFMIS Performance revealing numerous control weaknesses related to connectivity and access to the government’s main financial nerve center4. The report noted that unidentified users could gain remote access to the system, significantly exposing the platform to fraud and other illicit activities. This historical context underscores the gravity of cyber threats to the effective performance of the IFMIS platform.
Lastly, issues concerning inadequate technical capabilities of staff hinder the effectiveness of IFMIS. In assessing this, the OAG audit report of 2016 revealed negligence on basic security procedures and a lack of data safeguards both of which greatly expose the system as an easy target for fraudsters4. Nonetheless, while good practice advocates for the resetting of IFMIS passwords, at the time of the audit, it was established that the expiry date for the password was set to none, meaning the passwords would never expire, thus negating to prompt users for an update. Additionally, it was noted that the platform was often left to run without proper security policies, standards, and procedures, significantly exposing the government’s financial data to considerable risks. This coupled with the lack of encryption of system texts revealed poor safeguards prone to interception and security breaches.
In conclusion, while the IFMIS strategic plan 2022 2026 envisions increased accountability and transparency in public financial transactions, there is need for several interventions to effectively address existing loopholes5. Key recommendations include stringent enforcement of existing anti corruption and procurement regulations, including the Public Procurement and Asset Disposal Act (2015) and the Ethics and Anti Corruption Commission Act (2011), is crucial in efforts to mitigate fraud. This could be done through strengthening collaboration between the Public Procurement Regulatory Authority (PPRA), EACC, and law enforcement agencies, to thoroughly investigate and prosecute corruption and bribery cases related to the financial management system. Implementation of proactive measures, including regular inspections and audits as well as introduction of strict penalties for those found guilty is also vital for detecting and deterring procurement malpractices. Moreover, increasing oversight and public disclosure of procurement information as mandated in the Public Procurement and Asset Disposal Regulations (2020) will substantially enhance transparency. With regard to cybersecurity gaps, PPRA should partner with relevant actors locally and internationally to implement robust measures, including encryption, firewalls, and intrusion detection systems, as well as regular password updates and risk to account for evolving cybersecurity risks. A multi factor authentication and access controls will also go a long way in preventing unauthorized access to IFMIS data. Lastly, PPRA should enhance comprehensive training programs and refresher courses on best practices with regard to emerging cybersecurity issues and proper procurement procedures and make it mandatory for procurement officers, IT personnel, and finance staff in efforts to improve their capabilities, compliance and performance.
1 United States Trade Representative: 2024 National Trade Estimate Report on Foreign Trade Barriers
2 Institute of Economic Affairs: 2023 Review of the EACC National Ethics and Corruption Survey; EACC National Ethics and Corruption Survey 2021-2022
3 Communications Authority of Kenya: Cybersecurity Report October December 2023
4 Office of the Auditor General 2021: IFMIS Effectiveness Report 2016
5 The National Treasury and Planning: IFMIS Strategic Plan 2022 2026