By Reporter
The Kisumu County revenue system could have been a conduit for some officers at the county to siphon money from the institution.
The in-depth analysis of the Ad Hoc Committee report on the ICT department paints a worrying and glaring trend, which could have exposed the county government to the loss of millions of shillings in revenue collection.
Breakdown of Transaction Log Auditing & Monitoring
Massive Unreceipted Gaps:
The system logging 396 unreceipted transactions totalling over Kshs 6.39 million on a single day highlights a failure to implement automated, real-time transaction monitoring and exception alerts.
The ICT directorate failed to maintain the cryptographic and database reconciliation tools necessary to prevent such massive operational voids.
Based on the critical technical audit findings outlined in the report, the Director of ICT faces direct administrative and legal culpability for a severe breakdown in system security controls, technical governance, and digital infrastructure oversight.
As the technical custodian of the county’s digital assets, the Director is accountable for the following systemic failures:
Failure in Identity & Access Management (IAM)
Unrestricted Super Admin Backdoors:
Allowing two Super Administrator accounts to exist with the power to create, modify, or delete invoices and payment records without an immutable audit trail is a fundamental violation of standard information security protocols. The Director is directly responsible for failing to enforce strict access controls and the principle of least privilege.
Negligence in Environment Segregation & System Integrity
Compromised Production Environment:
Running a live production revenue system that is cluttered with test data and completely lacks basic input data validation indicates a gross failure in IT change management and standard software deployment procedures. Maintaining a system highly susceptible to malicious data manipulation points directly to a lack of technical quality assurance.
Failure to Safeguard Data Sovereignty and Backup Policies
The Missing Invoice Discrepancy:
The confusion surrounding the arbitrary archiving and removal of hundreds of thousands of digital invoices (valued in the hundreds of millions) demonstrates a severe lack of robust, independent data backup governance, data protection compliance, and secure archival workflows within the county’s infrastructure.
Inadequate Vendor Technical Oversight
Business Continuity Failures:
As the technical liaison managing the Integrated Revenue Management System (IRMS) framework with third-party vendors, the ICT directorate failed to ensure resilient business continuity setups or fail-safes, completely exposing the county to a catastrophic 74% revenue drop when the system was abruptly shut down over unpaid vendor fees.
Assembly Resolution
The Kisumu County Assembly, while discussing the report, adopted the amendments as presented.
