The Office of the Auditor General has launched a special audit on the eCitizen platform to establish the accuracy of data processed through the system, and the lack of valid agreements with service providers.
- •The special audit is to interrogate both IT and physical security, governance arrangements and the adequacy of the controls in place.
- •A review of the system revealed several weaknesses for instance over-reliance on the vendor by the system management unit to make growth supporting changes including on-boarding of new government services.
- •The payment system has also not been implemented in an alternative site to allow continuity in case of a disaster or quick resumption in the event of disruption.
Among other challenges, the management of the system lacks signed service level agreements with payment service providers for payment channels. Safaricom agreement for providing for co-location and support services to the platform lapsed in 30 June 2023.
In the 2023/24 audit report, the management of the system was found in breach of data protection law. “There was no evidence provided for audit review to confirm whether the management unit was registered as data controller or data processor with Data Commissioner. There was no data protection framework in place outlining personal data handling practices,” notes the auditor’s office.
The latest audit on eCitizen points to variances in revenue from semi-autonomous government agencies, variances in respect to USD collections, unsupported commissions, unsupported prior year balances, and unreconciled closing balances.
The statement of revenue collections and transfers reflects revenue from commission (Convenience fees) of KSh 591,988,503 and total transfers in Kenya Shillings and Unites States dominated amounts of KSh 857,210,458. The funds were meant to cater for system maintenance by the vendor.
“However, the basis for the rate of commission levies to the users of the platform was not supported by a consultancy agreement with the vendor, making it difficult to establish the terms of consultancy and responsibilities of each party in the management of the system platform,” says Auditor-General Nancy Gathungu.
