Chinamasa under fire

 4.1.5  I.T. Security Policy

The Information Security Policy communicates how an organisation plans to protect its physical and information assets. It serves to set a standard for the security procedures to be followed. Audit sought assurance that the policy had been approved by Management and communicated to all staff members to ensure that they were aware of their security responsibilities. Audit also sought assurance that staff had signed off acknowledgement forms as evidence of having read the policy. However, though the Ministry had an IT Security Policy in place, it did not address the following aspects as recommended by best practises:

(a) It was not endorsed by Management;

(b) Review periods were not specified;

(c) It did not specify how the policy would be communicated to users;

(d) There was no evidence to show that the policy was communicated to users during the period under review;

(e)There was no Management statement to support the goals and principles of IT;

(f) Data and Information Ownership was not stated;

(g) Consequences of Information Security Policy violations were not     clearly stated; and

(h) The Business Continuity Policy was not endorsed by the management.

 The absence of an approved documentation may imply that Management’s commitment to the implementation of data security practices and guidelines is low. The Accountant General advised the Committee that the finding had been addressed as the policy document was now in place. He indicated that they will extract the relevant sections and share these with users through circulars and the system inbox. It is intended that relevant staff members will sign off and retain the extracted sections of the policy document. Copies of the signed off acknowledgements will be kept on personal files as the policy now includes best practices benchmarks and review timeframes. The finding was therefore, addressed to the Committee’s satisfaction.

 4.1.6 Upload of expenditure by Ministry of Foreign Affairs in the SAP System after the 13th period of one month after the end of a financial year

All expenditure transactions by Government Ministries and Departments are processed through the SAP system. Uploading of expenditure involves capturing accounting transactions which were processed outside the system. Audit observed that some Ministries, in particular, Foreign Affairs and Home Affairs continued to post prior year (2014) expenditures in the SAP system up to as late as March 2015, two months after the stipulated 13th period of January 31, 2015. It was observed that the 13th period was reopened for the Ministry of Foreign Affairs after applying to Treasury. This was contrary to the standard 13th period of one month after the end of the financial year. Thus, at the time of Audit in March 12, 2015, Foreign Missions expenditures for October to December 2014 were still being captured at the Ministry’s Head Office.

The risk of this finding is that failure to close the 13th period by the due date will result in Ministries failing to submit accounts on time, others may also introduce new expenditures resulting in understating the Appropriation Accounts. The Accountant General advised the Committee that due to the number of Foreign Missions under Foreign Affairs, a dispensation was granted to the Ministry to account for expenditure for the previous year. He assured the Committee that going forward, all adjustments after the 13th period will be done in the 14th period, 15th period for internal audit adjustments and 16th for external audit adjustments.

In his view, this approach is an improvement in that for each period, a trial balance can be extracted without distortions to previous periods. Furthermore, he advised the Committee that they will extract cut-off periods to include 14th, 15th and 16th periods to enable them to extract a correct trial balance at each period end. The Authority to open after the year end rest with the Accountant General’s office and Ministries could not unilaterally input data relevant for the closed periods.

Continued next page

(994 VIEWS)

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *