General News of Sunday, 18 January 2015
Source: The Chronicle
Though numerals are used in creating account numbers, hardly would one come across ‘0’, ‘1’ and the plus and minus symbols such as ‘ +’ ‘-‘ as account numbers, but this is exactly what is happening on the payroll of the Government of Ghana.
According to KPMG, over 8,182 workers on the Controller and Accountant General’s payroll have these strange account numbers, which are used to siphon money from government coffers.
Last year, the Finance Minister, Mr. Seth Terkper, told the people of Ghana that over 74% of the revenue collected by the government is used to pay over 600,000 workers on the government payroll.
This leaves only 26% of the revenue, which are taxes paid by the ordinary man on the street to execute development that would benefit the totality of the population.
The KPMG, which was contracted by the Controller and Accountant General (GAG) to conduct studies on how to streamline the government payroll, noted in its report that “account numbers are not captured in Integrated Personnel and Payroll Database (IPPD) for all employees.”
There are also invalid account numbers like ‘+’, ‘-‘, ‘0’, ’00’, ‘000’, ‘1’ captured in the system.
“For instance, 8,182 employees have account numbers as ‘0’, 1,427 employees have ‘-‘ as account numbers. On analysis of how payments are processed for the above account numbers, it was found that certain rural banks do not credit salaries based on account numbers. They seem to be aware of the employees who have accounts with their banks, and credit salaries with employee name reference.”
The accounting and auditing giant noted in its report that the capture of valid account numbers in the system was mandatory, to ensure the accurate payout of salaries processed by IPPD2.
It also noted that the process where rural banks credit salaries based on the employees names was a huge risk, and that there could be chances of amounts getting credited to wrong or “ghost” accounts. “There is no report/validation in place in IPPD2 to check account numbers of new hires before running payroll,” it added.
KPMG, therefore, recommended that the capture of valid account numbers should be made mandatory in IPPD2, and “it is highly recommended that account numbers are sent out in the payment files to the bank. Report needs to be available in IPPD2, which details the bank, branch and account number information for new hires in a month.”
The report also had problems with the way taxes are deducted from the salaries of the workers.
It noted that income tax computation logic built in the payroll system could be bypassed by the IPPD2 user, and that any amount entered will be processed by the IPPD2 as income tax.
“Income tax to be deducted can even be set to 0, which will then bypass tax computation logic built in the system, and will not deduct tax. Access to modify entries is available to unauthorised users and whose details have been shared.”
KPMG warned that access to modify/bypass income tax computations built in the system was a major risk, and could have severe consequences. “The income tax calculated by the system can be overridden with the current configuration, which can result in employees not taxed during their entire service. Evasion of income tax can also have severe legal implications.”
It, therefore, recommended that access to bypass/modify income tax computations in the system should be disabled with immediate effect. “Input Value ‘Pay Value’ should not be available for update. This should be a non-editable input value.”
The objective of the KPMG assignment was to assist the management of the CAGD to determine whether and the IPPD2 production environment incorporates adequate and effective controls to ensure that any systems amendments, customerisation, manual workarounds, or other configurations do not invalidate these controls.
The scope of work was to determine whether the following key control areas were in existence and operating effectively:
Each payroll transaction is authorised, complete, accurate, and timely and input once, and only once;
An appropriate level of control is maintained during processing to ensure completeness and accuracy of data;
Control exist to ensure the accuracy, completeness, confidentiality and timeliness of output reports and interface;
A complete, robust and unalterable audit trail is maintained in real-time by the IPPD2 application, which allows an item to be traced from input thru to its final resting place, and final results to be broken down to its constituent parts; and arrangements exist for creating back-up copies of data and programs, storing and retaining them securely, and recovering application in the events of failure.