Valid reasoning, but if this were in Mars, and there were no people, you would come next year and find your bank vault open, and all the currency intact. Money doesn't steal itself. 

On Fri, Dec 2, 2016 at 9:56 AM, Waithaka Ngigi <ngigi@at.co.ke> wrote:

Colins,

There's a reason Banks have very well secured vaults.

You can't put Billions of Shillings, right outside CBK, then ask GSU to take a break and expect to find the money there after a couple of hours‎.

Leaving IFMIS without  any credible security is akin to opening CBKs vaults on Friday and then coming back on Monday to find it empty and then you blame people, people, people!

Waithaka Ngigi

Alliance Technologies
www.at.co.ke 

From: Collins Areba Sent: Friday, December 2, 2016 9:50 AM To: KICTAnet ICT Policy Discussions Cc: Waithaka Ngigi Subject: Re: [kictanet] KISERO: Kenya’s corruption tsars have perfected looting through Ifmis - Daily Nation

Dead wrong Waithaka.

Its always People people people!

Even the best designed systems assume a certain minimum threshold of human order and decency.

When the first order of business when a system is implemented is a discussion to brainstorm how to "beat the system", we are way below that threshold.

On 2 Dec 2016 09:45, "Waithaka Ngigi via kictanet" <kictanet@lists.kictanet.or.ke> wrote:

Ali,

It's also time to put‎ professional blame squarely where it lies.

Any system tasked with moving *huge* sums of money and that does not come with at least Two-Factor authentication be *default* is either:

1. A very, very bad implementation

2. ‎Intentionally left unsecure to allow looting.

Blaming users & ethics in our users is just looking for  scapegoats. Citibank, Stanchart & other Financial Institutions do not rely on user ethics when using their online banking platforms. You key in your password, for every transaction, you confirm using your 2FA Code, ensuring it's only you, or someone you gave your physical 2FA card that can authenticate that transaction.

And that's before you put in anti-laundering functionality, which should catch most of those transactions dead in their tracks if well implemented. E.g before payment of sums above KSH 100m cross-check on company registration date, if less than 1 year, flag! Common addresses, Directors btn different firms.

‎Online payments in Kenya have been with us since the early 2000s, why is it we've never heard complaints from the Banks that billions are being lost through basic identity fraud similar to IFMIS. 

Don't blame the Kenyan people, blame lies squarely with the Systems we have put in place.

Waithaka Ngigi

Alliance Technologies
www.at.co.ke 

From: Ali Hussein via kictanet Sent: Friday, December 2, 2016 5:33 AM To: Ngigi Waithaka Reply To: KICTAnet ICT Policy Discussions Cc: Ali Hussein Subject: [kictanet] KISERO: Kenya’s corruption tsars have perfected looting through Ifmis - Daily Nation

Listers

Related to to the discussion of 'reigning in' quacks in the ICT Sector how do you explain the fiasco that is IFMIS? 

Except from the article:-

In theory, the Ifmis system we have is based on Oracle E-Business Suite, an accounting package developed by Oracle of the USA. In reality, what is in place is a product of conspiracies between crafty government officials and local rent-seeking software merchants.

Through highly inflated and ill-conceived customisation and re-engineering projects, the merchants have colluded with public officials to create a mongrel of the original Oracle E-Business Suite.

This is the system at the heart of corruption in the public sector.

http://www.nation.co.ke/oped/Opinion/Kenya-corruption-tsars-have-perfected-looting-through-Ifmis/440808-3469632-kg5rbv/

So if we were to talk this discussion a step further:-

1. The customization of an Oracle E-Business Suite cannot be done by a 'quack' who isn't a Certified Oracle Software Engineer.

2. The customization must be approved by the client and mapped with the business processes mutually agreed by the vendor and the customer. In this case the government.

A pig is a pig even if you apply lipstick on it. Let's call this what it is - Corruption. Period. Perpetuated in this case by the client and using qualified IT Professionals. We in the industry must call out the ones who collude to fleece this country instead of chasing a red herring in the name of 'quacks'!

Ali Hussein

Principal

Hussein & Associates

+254 0713 601113 

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim

"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought".  ~ Albert Szent-Györgyi

Sent from my iPad

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/arebacollins%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

--

Regards,

Collins Areba, 

Kilifi, Kenya.

Tel: +254 707 750 788 / 0731534124
Twitter: @arebacollins.

Skype: arebacollins