A performance audit that was conducted by the Office of the Auditor-General of the Federation has revealed that the Integrated Payroll and Personnel Information System (IPPIS) may be subject to internal sabotage.
This is as a result of findings that operators of the platform still have access to the backend of the platform; that gives them the leeway to manipulate the system at will.
Former auditor-general of the Federation, Mr. Ukura Tyonongo said the good intention of the government for introducing the IPPIS has been defeated due to the antics of the operators.
“The intention of the government was good but the operators messed it up,” the immediate past AGF revealed in an interview.
According to the specialised audit, “some contractors from Soft Alliance Ltd have access to the database and the ability to set up new users and to change live data and could not easily be identified.”
IPPIS is a unified platform for payment of salaries and wages directly to Government employees’ bank accounts with appropriate deductions and remittances.
The report further showed that application controls have not been activated in IPPIS.
For example, gross pay is input from salary and allowance tables; rather than the actual amounts being input directly. Completeness checks are not activated to ensure that all necessary data has been entered; for example, bank account number, grade level, and job title and duplicate checks to check, for example; that bank account numbers or employee numbers are not used by more than one payee.
“Reasonableness checks are not activated so that an officer of age less than 18 years; or more than 60 years can still be paid,” the report said.
“User profiles are not adequately restricted, so for example; an officer in one MDA can amend the payroll date for other MDAs.
“The ability to create new users on the system is not adequately protected and restricted to a few; ‘Superusers’. Changes to the date of birth and date of the first appointment are not adequately controlled.”
As a result of these deficiencies in the controls, the audit identified a series of potential overpayments.
The findings of the AGF audit showed that passwords do not expire after 90 days; so officers could use their password after leaving the service.