Upload
shanon-griffith
View
255
Download
4
Tags:
Embed Size (px)
Citation preview
WORKING GROUP ON PUBLIC DEBT
(JULY 2015 , LIVINGSTONE , ZAMBIA)
The Audit of the Debt Management and Financial Analysis System -
Zambia
Presenter: Mr. Francis MbeweDirector – Public Debt and Investments
Presentation Overview Introduction Brief Background of DMFAS Audit Objectives and Audit Areas
reviewed Significant Weaknesses and
Irregularities Observed & Progress in Public Debt Management-IT Systems
Challenges Encountered During Audit
Impact of Audit on SAI Composition of Zambia Debt &
IndicatorsLivingstone, Zambia
2
Livingstone , Zambia 3
Introduction
SAI Zambia took part in the International coordinated parallel audit of Public Debt Management Information System, coordinated by Ukraine. The audit was carried out in 2013, at the Ministry of Finance and National Planning.
Livingstone , Zambia 4
Brief Background of DMFAS The Ministry of Finance (MOF) has been using the United Nations
Conference on Trade and Development’s (UNCTAD) Debt Management and Financial Analysis System (DMFAS) since 1986.
The system was upgraded to DMFAS version 5.3 in 2006. The version can be installed and accessed on a standalone PC or on a networked environment and supports Oracle 10g RDMS.
At the time of audit, the DMFAS was managed by the Investment and Debt Management Department of the Ministry and contained only public external debt information.
This was the first time that the DMFAS was being audited.
Audit Objective(s) Assess the adequacy of general and application controls. Assess Change Management procedures . Assess the interface with other Critical systems. Assess the adequacy, reliability and integrity of data from the system. Ascertain the existence and adequacy of the Business Continuity Plan
(BCP) and Disaster Recovery Plan
Livingstone,Zambia 5
.
Livingstone , Zambia 6
Audit ScopeThe Public Debt Information System audit was conducted for the period January to December, 2012.
Audit Areas reviewed: IT System Strategy and General Management; Security and Environmental Controls; Operational Controls and Documentation; Application Controls.
Livingstone ,Zambia 7
Significant Weaknesses and Irregularities Observed
The weaknesses and irregularities highlighted in this presentation are not necessarily all the weaknesses or shortcomings in the management and operation of the DMFAS.
Livingstone , Zambia 8
Lack of Designated Server Room: The Ministry did not have a designated server room for DFMAS. As a result the computer room was used to house the DMFAS server. It was also used as a pool office and for storage of ICT Equipment .
Corrective Action : New servers for the Debt Management and Financial Analysis System have been relocated to the Data Centre which is managed separately.
Livingstone , Zambia 9
Lack of Continuous System Upgrade -Delays in upgrading to DMFAS 6.0: The Ministry had not upgraded to the DMFAS 6.0 which was launched over three (3) years ago.
Corrective Action: MOF has since implemented Debt Management and Financial Analysis System Version 6.0 and undertaken training of Staff in the use of the upgraded version.
Livigstone ,Zambia 10
Failure to Utilize DMFAS Grants Module – in house development of another system to manage grants: Despite the DMFAS having a grants module which can be used to record general and specific data relating to grants, the module remained unutilized.
Corrective Action :The Ministry is now using the module in the upgraded DMFAS 6.0.
Livigstone ,Zambia 11
Failure to Perform Data Validation Checks: The MoF did not perform data validation checks. As a result, data validation reports were not generated.
Corrective action: Data validation to be part of the routine checks and scripts to be run every month in the upgraded system
Lack of Segregation of Duties The DMFAS was operated and controlled by two (2) data entry operators’ one of whom was acting as the Programmer/Analyst for administrative convenience. The acting Programmer/Analyst performed the functions of Systems, Database, and Security Administrator on the system whereas the other Data Entry Operator was assigned user rights.
Corrective measure: Additional Officers seconded to DMFAS to
mitigate staff inadequacy.
Livingstone, Zambia 12
Lack of an Information Security Policy: The Ministry did not have a security policy in place for the DMFAS on which to base security related decisions on the management and administration of the system
Corrective action: Process of implementing an ICT policy
which includes the Information Security Policy began in May
2014 and has since been completed.
Livingstone, Zambia 13
Livingstone, Zambia 14
Lack of Change Management Procedures: The Ministry did not have documented or formalized change management procedures in place to guide the system administrator and users on making changes on the system and database which included the adjustments to loan parameters.
Corrective Action: Procedures to be developed and incorporated in the ICT policy which has since been completed.
Failure to maintain an ICT Asset Register: The IDM unit did not maintain an IT Asset Register. The IT Inventory listing availed for audit was incomplete as it did not have important details such as: Date of acquisition, Status and Location.
Corrective action: MOF has implemented a Hardware
Inventory Management system.
Livingstone, Zambia 15
Livingstone, Zambia 16
Lack of Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP): MOF did not have an IT BCP and a DRP for the system during the period under review.
Corrective Action: The process of implementing a BCP and DRP commenced in 2014. It is yet to be finalized.
Livingstone, Zambia 17
Lack of Backup Policy: No Offsite Storage of backups or Testing
Corrective Action: Back up to be part of the BCP and DRP implementation.
Livingstone, Zambia 18
Poor User Account Management
The password for the system administrator and user were not set with an expiration period
Parameters, complexity, age and length of passwords were not defined on the Password security policy settings.
The automatic account lock-out duration, threshold and lock-out counter on system were not defined.
Corrective measure: Proper user account management to be done at Application and Database level.
Lack of an Updated Anti Virus: DMFAS operated without an up-to-date antivirus. The McAfee antivirus version 8.5.0i, 2008 version, which had been installed on the system, had the following shortcomings:
It was not updated with nineteen (19) security patches that were released by the supplier between 2009 and 2010.
It had reached its end of support (EOS) date in August 2010 and therefore the supplier would not offer any support for product from there on.
Corrective action:
MOF to ensure that an enterprise Anti Virus is deployed and checked regularly.
Livingstone, Zambia 19
Lack of Risk Assessment and Internal Audit of the System: The MOF neither carried out any risk assessment of the DMFAS nor was the system subjected to audit by internal auditors within the Ministry. As a result no risk register was maintained which would highlight the significant risks that the system was subject to and how those risks would be managed or mitigated.
Corrective action: MOF is developing a Risk Management Policy through the
Office of the Controller of Internal Audit and Internal Auditors will be
incorporated in training schemes.
Livingstone, Zambia 20
Challenges Encountered during the Audit of Public Debt Management Information System
Some of the challenges encountered during audits include: Poor Record keeping Delays/failure to respond to queries Delays to implement audit recommendations
21
Impact of the Audit on the SAI
Our participation has had the following impact: Capacity building within the Office in Audit of PDMISs. Shared experiences and Networked with other participating SAIs .
Livingstone, Zambia22
23
Composition of Zambia’s Total Debt (in million USD) 2008-2013
Source: Zambia Debt Sustainability Report June 2014
Year Public Domestic
Public External
Public & Publicly Guaranteed Debt
Private External
Total Debt
2008 2,139.15 1,188.57 3,327.72 909.65 4,237.36
2009 1,876.12 1,557.38 3,433.50 2,250.41 5,683.91
2010 2,071.04 1,675.10 3,746.14 1,721.00 5,467.14
2011 2,700.08 1,980.04 4,680.12 1,676.12 6,356.24
2012 2,793.33 3,473.21 6,266.54 921.20 7,187.74
2013 3,594.06 3,556.44 7,150.50 1,680.63 8,831.13
24
Composition of Zambia’s Total Debt 2008-2013
Source: Zambia Debt Sustainability Report June 2014
Year Domestic Public External Private External
2008 50.5 % 28.0 % 21.5 %
2009 33.0 % 27.4 % 39.6 %
2010 37.9 % 30.6 % 31.5 %
2011 42.5 % 31.2 % 26.4 %
2012 38.9 % 48.3 % 12.8 %
2013 40.7 % 40.3 % 19.0 %
25
Indicators of Public and Publicly Guaranteed External Debt
PV of Debt to GDP- Estimated at 22.3 percent in 2014PV of Debt/exports-Estimated at 48.6 percent in 2014PV of Debt/budget revenue-Estimated at 122.4 percent in
2014Debt Service/exports-Projected to be below 20 percentDebt service/budget revenue-Projected to increase from
average of less than 11 percent in 2014-2021 to 15.9 in 2022
Source: Zambia Debt Sustainability Analysis Report June 2014
Livingstone, Zambia 26
SAI Zambia wishes to express its profound appreciation for being accorded an opportunity to share its experience of auditing its Country’s Debt Management Information System.
Victoria Falls, One of the seven natural wonders of the world in Livingstone, Zambia
Thank You
27
Zambia 28
Questions and Comments