THE Auditor General’s Report has revealed that an officer had unrestricted access to both the production and development environments, which would have exposed the officer to make unauthorised changes to the system that would not be possible to trace.
And the Auditor General has also revealed that the Examination Council of Zambia (ECZ) paid K90,000 towards medical bills for a council chairperson who was not entitled for the benefit.
Meanwhile, the Report has disclosed that the Council procured a personal-to-holder vehicle for a named director at K277,456, which was later offered to the same director at a purchase price of K22,729, rendering it massively under-priced.
According to the report, ECZ had one officer who was managing the users on the application and also in charge of system development and enhancements to in-house developed applications, which was contrary to best practice.
“ISO/IEC 27001: 2005 A.10.1.4 requires that development, test and operational facilities should be separated to reduce the risks of unauthorised access or changes to the operational system. In addition, best practice requires that developers should not have access to the production environment. Contrary to best practice, ECZ had one officer who was managing the users on the application and the officer was also in charge of system development and enhancements to in-house developed applications, such as Online Candidate Registration System (OCRS), Result Combination and Marks Entry Systems. The officer also had permission to perform all the activities on the system. This implied that the officer had unrestricted access to both the production and development environments. Such unrestricted access to the system exposed the OCRS information to unauthorised changes, which would not be possible to trace,” the Report disclosed.
It stated that the Council did not have a standard on the minimum number of examination-ready items per subject in the storage bank, a situation which would result in examination leakages.
“ECZ had systems for results management, online registration, marks entry and results combination. It was, however, observed that the four systems were not interfaced, and information had to be manually exported from one system to another, thus exposing it to the risk of manipulation in the transfer process. Item banking is the process of creating and maintaining a repository of test items from which examination questions can be drawn when need arises. Good practice requires that there be enough items per subject at any time in order that leakages may be minimised as any of the items has equal chance of being examined. A scrutiny of the status of the item bank in December, 2019, revealed that the Council did not have a standard on the minimum number of examination-ready items per subject in the bank. As a result, the actual numbers of banked examination items ranged from 1 to 6, which may lead to examination leakages,” it stated.
According to the Auditor General’s Report on the Accounts of Parastatal Bodies and other statutory institutions for the financial year ended December 31, 2018, payment of medical bills was irregular because the chairperson was not entitled.
“Section 23 (3) (b) and (c) of the Act states that there will be paid from the funds of the Council such reasonable travelling, transport and subsistence allowances for members or members of any committee of the Council when engaged on the business of the Council, at such rates as the Minister may determine; and any other expenses incurred by the Council in the performance of its functions. However, a review of payment documents revealed that from 12th February to 7th September, 2018, amounts totalling K90,000 were paid towards medical bills for the Council Chairperson. In this regard, the payment of medical bills was irregular in that the Chairperson was not entitled,” the Report disclosed.
And the Report disclosed that the Council procured a personal-to-holder vehicle for the director at K277,456, which was later found to have been offered to that director at a purchase price of K22,729, rendering it massively under-priced.
“Terms and Conditions of Service for employees on fixed-term contract state that, to arrive at the salel price of a personal-to-holder motor vehicle, the vehicle shall be depreciated using the reducing balance method at the rate of 20 per cent per annum and the sale price shall be the residual amount after depreciation for five years. In May, 2013, the Council procured a personal-to-holder motor vehicle for the director at a cost of K277,456. It was, however, observed that on 18th June, 2018, the director was offered to purchase the personal-to-holder vehicle at K22,729, which was 25 per cent of the residual value of K90,917 resulting in the under-pricing of the vehicle by K68,188,” stated the Report.
It also revealed that a total amount of K246,705 was paid as interest to a company contracted to print and package examination papers due to delayed payments of outstanding obligations totalling over K13.3 million, which resulted in wasteful expenditure.
“On 26th April, 2017, the Examinations Council of Zambia and Stephen Austin & Sons Limited domiciled in the United Kingdom signed a contract for the purpose of security printing, packaging and delivery of GCE, Grades 7, 9 and 12 examination question papers for the years 2017/2018 at a total contract sum of K41,805,847 (GB£3,132,110.17). General Conditions of Contract state that unless the two parties agree otherwise, the payment-delay period after which the procuring entity shall pay interest to the supplier shall be 60 days from the due date of the concerned invoice and the interest rate that shall be applied is 0.5 per cent per month of the invoice value. In February and March, 2018, a total amount of K246,705 (GB£18,388.51) was paid as interest to Stephen Austin and Sons Limited due to delayed payments of outstanding obligations totalling K13,301,041 (GB£996,556.62) resulting in wasteful expenditure,” stated the Report.