By Anderson Ojwang
The heist. A well-planned and coordinated rip-off at the Kisumu County revenue and Kisumu City. The report by the Kisumu County Assembly Ad Hoc Committee gives an in-depth capture of how loopholes were created to allow for the heist.
In the report dubbed the “Revenue Performance and Root Causes Analyses on Integrated Automated Revenue Management System,” findings revealed gaps and loopholes in the system open to exploitation and corruption at the institution.
The committee investigated the Integrated Automated Revenue Management System (IRMS), the digital platform contracted by the County Government of Kisumu to automate and digitise its Own Source Revenue collection.
The system procurement
The committee investigated the procurement and tendering process, execution of the contract by Safaricom PLC and its sub-contractor RevTech (Rev Tech Innovation Limited).
It also looked at the management and governance of the system during its operational life, its performance against objectives, the technical audit findings, and the accountability failures arising from the system’s administration.
Establishment of the IRMS: Background and rationale
The County Government of Kisumu initiated the procurement of an Integrated Automated Revenue Management System as part of its broader strategy to modernise Own Source Revenue collection, eliminate cash-based revenue handling, improve real-time reporting, and seal documented leakages in the manual collection system.
Prior to this, the county’s revenue administration was characterised by manual receipting, inadequate audit trails, and significant opportunities for revenue diversion at the collection point.
The system was intended to provide a fully integrated, cashless revenue collection platform covering all major OSR streams, including markets, parking, bus parks, Single Business Permits, Outdoor Advertising, Land Rates, Physical Planning and e-Construction, and to support enforcement through real-time data access and geospatial mapping.
System ownership
The platform was procured as a Software-as-a-Service (SaaS) arrangement, meaning the county would not own the software but would pay for its use on a commission-plus-service-fee basis.
The IRMS contract was awarded to Safaricom PLC and went live on 18th December 2023, with an initial focus on unstructured revenue streams.
Risk
The decision to adopt a SaaS model with a revenue-sharing commission was a significant policy choice that, as the committee’s review has established, carried substantial uncapped financial risk for the county.
The commission
The committee found that the SaaS commission-based model, adopted without any cap, performance linkage or sunset provision, created an open-ended and escalating financial obligation that was not adequately risk-assessed at the procurement stage.
Tendering process
The IRMS was procured through Tender No. CGK/FIN/OP/2023-2024/005, titled “Supply, Delivery, Design, Development, Installation, Deployment, Testing, Commissioning and Maintenance of a Fully Automated and Integrated County Revenue Management System.”
The tender was published with a submission deadline of 31st August 2023. The contract was signed on 31st October 2023, with the Chief Officer for Finance and the County Attorney as county signatories.
The committee noted that the County Attorney, as a signatory to the contract, bears professional responsibility for ensuring the contract’s compliance with procurement law – a responsibility that must be examined in light of the post-award commission introduction.
Undelivered contractual obligations
The tender specifications required delivery of a comprehensive system including: automated IFMIS integration; GIS and Mapping integration; an e-Construction module for Physical Planning; full cashless payment channels; enforcement support capabilities; a Self-Service Portal; and real-time reporting dashboards.
As of the date of this report, several of these contractual deliverables remain undelivered or non-functional.
Contract execution: Safaricom PLC and RevTech
The contract was executed between Safaricom PLC and the County Government of Kisumu. RevTech (Red Tech Innovation Limited, referred to as ‘RTI’) was not a direct party to the county-Safaricom agreement but is explicitly referenced in the agreement as a named partner.
RevTech owns the intellectual property rights to the BILA software, while Safaricom holds an exclusive, non-transferable licence to use it. Safaricom PLC is the principal contractor and bears all liabilities related to the system under the county contract.
Weaknesses
The existence of a backend sub-contractor with IP ownership introduces a significant risk to the county: if either Safaricom’s licence or its relationship with RevTech is terminated, the county’s access to the system software is immediately at risk.
The contract did not designate specific county officers for day-to-day communication, only listing the signatories. This structural omission meant that any county officer could formally communicate with Safaricom, including authorising system changes or data modifications.
The committee found that this design flaw directly enabled the issuance of unauthorised data deletion instructions by Revenue Board personnel, as documented in the findings relating to the 887,086 archived transactions.
Revenue leakage and off-system collection
The committee has established, with direct and documented evidence, that revenue was being diverted from the county’s revenue fund through informal cash-based collection arrangements operating entirely outside the IRMS.
The Kibuye Market field visit provided concrete and unambiguous evidence of this practice. The IRMS data cannot, therefore, be relied upon as an accurate or complete representation of actual revenue generated at Kisumu County’s markets and collection points.
Systemic non-compliance at collection points
The committee found that revenue collection at key market sites was characterised by widespread non-compliance, selective enforcement, and the systematic omission of mandatory levies, including parking fees.
A non-compliance rate of approximately sixty-three per cent (63%) was documented at Kibuye Market, and the committee has no basis to assume that this rate is exceptional or atypical of other collection points.
Contractual mismanagement and systemic risk
The county’s dependence on a single service provider for its entire digital revenue management infrastructure, without adequate contractual safeguards, performance benchmarks, data protection provisions or exit provisions, constitutes an unacceptable operational and legal risk.
The series continues tomorrow.
