Alert (IPPD Major Risks)

8/10/2019 Alert (IPPD Major Risks)

1/4

P.M.S CT208 Cantonments Accra-Ghana

T:233 . 21. 786093 F: 233.21.782615

Email: [email protected] Website: www.softtribe.com

Software Solutions for a Growing Africa

12th February 2010

The Controller

Accountant General

Controller Accountant Generals Department

Ministries

Accra

Dear Sir,

Re:

PP

Major Risks

SOFTtribe has completed training and is ready to formally handover the IPPD3 system to CAGD.

This therefore seems an appropriate time to highlight a few of the challenges we experienced in the

execution of the project.

The single most challenging aspect ofthe project was the migration of data from IPPD2 to IPPD3.

Given the major issues we observed during the execution of this task, we think it only fair to bring

our decades of local industry experience in payroll computerization to the table.

We therefore think it is only prudent to make sure-these issues are documented and well-known.

It i;; important that this information be included in the nandover documentation. as it is essential

knowledge required for anyone assuming responsibility for the day-to-day operations of AKATUA

IPPD3.

Additionally, CAGD might have to engage in data migration from IPPD2 to IPPD3 periodically in the

future.

The detailed Issues to do with IPPD2 data handed to IPPD3 team are as follows:

1)

Absence of audit trail in data structure:

The data that was handed to us from IPPD2 did not contain information about who put that

data in and when it was entered.

This is a serious issue whic.h could result on the following:

a) In the event that fraudulent data is entered into the system, nobody can be held

accountable. (ghost names, undue allowances ...).

. Hypotheticall,, if it was shown that, in the IPPD2 system, certain staff were being promoted

before the pavroll run, paid accordingly to their new, higher grade, and then brought back to

their true grade after the payroll run; all this could happen without a hope of eve, catching

the responsible user unless by sheer luck.

Directors: Herman Chinery-Hesse Tetteh Antonio David Bolton Steve Antwi-Asimeng_


2/4

/f.:... .= ---- ---

Essentially, as things stand today, if payroll fraud is identified and can be demonstrated to have

originated from the computer system, there would be no way to pinpoint the culprit and'

therefore, no staff member can be indicted for the crime. The guilty party will essentially be

walking away scot-free.

2) Original amounts of loans are not kept; therefore no loan history is available. This means that:

a) Loans may not be recovered fully.

b) In the event of a loan dispute with a staff member, there is no basis for GOG to counter the

staff member's refusal to repay the loan.

c) Additionally, loans payments can be paid out against non-existent loans and the payment

records destroyed after the fact.

3) Calculation of arrears is a major problem which results in many employees not getting back pay

over time. This is evidenced by the fact that the IPPD3 team's first task was to fix major

problems regarding IPPD2 arrears resulting in having to recalculate all arrears from 2003 to date.

4) Staff deleted and re-inserted into IPPD2 payroll without any documented justification or audit

trail within the system or database:

This is a complete violation of fundamental payroll rules and would fail any system audit. Payroll

data is never to be deleted.

5) Sometimes the amount on the pay slips does not match the amounts going to the banks: this is a

very strong indicator of system malfunction or the presence of fraudulent activities and should

trigger alarm bells every time it happens.

6) Some employees above 60 years are still present in the payroll and are being paid. They are

active on the system but are not on Contract. They seem to have escaped the system

automatic flagging mechanism:

This should have been caught easily by the system's validation facilities as those employees may

well be ghost staff.

7) We observed strange invalid characters in employee codes handed to us. These normally

suggest severe source data corruption. It could result in inconsistent reporting and could

generally serve to make a software system inaccurate and unreliable.

We had to resort to writing unique and complicated ad-hoc programs to rectify this anomaly in

order for AKATUA to accept it r processing.

8) There were major misassignments between staff and their relevant employment agencies. For

example some employees of MOH were stored in the data as MOE workers.

This is a major issue and could totally misrepresent organizational reporting. That this situation

can exist may suggest weak procedures and validation protocols.

9) We observed duplication of employees. Some employees existed multiple times in the data.

This is a serious issue which could cause double pay. It may also suggest the existence of ghost

workers.

It is exactly the kind of thing a computerized payroll system should be designed to eliminate.

It should easily raise red flags in any audit.


3/4

10) We observed staff at the same level with different salaries. These differences were not justified

by their grades. In some cases staff had been assigned grades that did not exist, in the

organizations in which they worked.

This could also be a major cause of general inaccuracy in a payroll system.

11) We observed that the currency-related data (Ghana Cedis) contained both re-denominated and

un-denominated amounts.

This could cause an accounting / mathematical disaster assuming the same program is

processing all of GaG's payroll.

If however different programs or processes are being used to run different parts of IPPD2 then it

is an even more serious problem, since there can be no consistency, predictability, fidelity or

reliability on any payroll run.

12) We observed many names of staff members that had no IPPDl staff numbers.

This resulted in additional delays as we matched IPPD1 and IPPD2 data for arrears processing.

13) We observed that active staff that were on the payroll but were not being paid.

It is more likely these individuals were left on the system after termination but this issue may

provide opportunity for fraud as an unscrupled user can reactivate payment which results in

new ghost names.

It must be noted that all of the observations made were derived from the data we received.

There may be legitimate reasons that explain some of observations made.

Best industry practice, however, dictates that all relevant payroll data reside within the system.

In conclusion, IPPD3 was brought in as a backup for IPPD2. IPPD3 is being handed over to the staff of

CAGD.

Given the obvious weaknesses in processing arrears that exist in IPPD2, and the resultant difficulties

encountered while migrating the data to IPPD3, we deem it important to alert CAGD about the

complications caused by the above discrepancies especially considering the above list is not

exhaustive.

If these issues are not tackled, in the event of a switch to the IPPD3 in a given month, confusion may

be created among the civil service staff by the significantly different payroll output. numbers that

may emerge.

We would like to urge CAGD to immediately rectify these major issues that exist in data emanating

from IPPD2 to eliminate the potential for payroll fraud.

Additionally, it is our opinion that a system used to process wages and salaries totalling

approximately One Billion United States Dollars per annum should not be saddled with such basic

issues.


4/4

F

As always, we want to assure CAGD of our continued commitment to provide first class se rvi ces to

support your goal of administering an efficient payroll system.

SOFTtribe will be available to answer any questions regarding the

ove

observations and to provide

the requisite backing data where applicable.

Furthermore, we stand ready to assist with the solution if required.

cc: The Honourable Minister- MOFEP

The Deputy Minister - MOFEP

The Chief Director - MOFEP

Deputy Controller Accountant-General (FA)

Deputy Controller Accountant-General (FMS)

IPPD3 Project Coordinator

Documents

Alert (IPPD Major Risks)