The Auditor General Mr. Edward Ouko has installed Oracle’s Audit Vault meant to collect and consolidate audit data online thus enabling the audit team to monitor transactions as they happen in real time. As Daily Nation reports, “the audit vault creates a central depository for securing data for any transaction made and has the ability to detect any deletion, any attempts to delete data and the source of such attempts” hence “address unlawful and irregular transactions in a continuous audit process and secure data for the same”.
The Audit Vault that has cost the tax payer shs 100 million will be linked to the Integrated Financial Management Information System (IFMIS) that drives both the national and county governments accounting systems. This means that the audit vault will be able to not only track and monitor, in real time, national government’s transactions across ministries but also provide proactive, preventive, and effective audit processes for the county governments that have been in the news lately but all for the wrong reasons.
But not everyone appreciates the step that has been taken by the digital government to install a digital audit tool. Arguments have been put forth citing two major set-backs to the audit vault. First, some have argued that the Auditor General is an external auditor to government’s accounts and should not monitor government’s transactions in real time. They reason that a system such as the audit vault intended to monitor transactions in real time should be implemented and executed by internal auditors.
Secondly, others are of the opinion that there is no system that can stop a corrupt society from executing their corrupt deals. They say that if the governors want to do any illegal transactions, they would only need to create power blackouts, withdraw whatever cash there is to withdraw, and take the system back online…or better still perform the corrupt transactions off the books. The solution, they say, is for the individuals themselves to change their attitudes on corruption. That is, people should ‘get saved’ or something.
On the issues raised by the first argument, I am not a constitutional expert neither am I an auditor so take my comments with a pinch of salt. What I know as a layman is that the Auditor General, though considered an external auditor, is technically an auditor employed by the same government hence works within the government cycles. I would consider the Auditor General the head of all government auditors even though they wouldn’t really be reporting to him. True external auditors would be the private firms like PWC and Deloitte that are occasionally hired by the government to do audit functions whenever there are issues to be investigated. Am I close to being right? Tell me in the comments.
On the second issue, I really don’t think we can change humanity from corruption broadly or narrowly. A man, like any other animal, is a self centered being who will exploit any weakness in a system to satisfy his greed first and give the left overs to the rest. If the system allows you to eat to your fill despite others dying of hunger, you surely will feast on that meat – changing our attitude on corruption is thus impossible. What we can do as a society is to implement laws (rules and regulations) that ensure majority have access to that meat. After implementing the rules and regulations we can also implement systems like the audit vault that ensure rules and regulations are not easily broken.
People may argue that the corrupt individuals in government cycles will collude with the Auditor General to by-pass the Audit Vault. That’s possible. But if the Audit Vault has been developed as a foolproof system, then I doubt if any collision between the vultures and the auditor will bear any fruit.
Personally I have faith in tech systems meant to prevent fraud or at least help in ensuring law and order. Systems that require multiple authentication have been used in private firms that prevent even the Managing Directors or even the firm owners themselves from accessing funds without authorization from the Finance Manager or any other authorizing persons. In Nigeria for instance, a tech solutions helped the country save $737 million (or shs 63 billion) that she used to lose on ghost workers. Is ghost workers a problem in Kenya too? Kenyans should also install the the Integrated Personal and Payroll Information System (IPPIS) that helped Nigerians that much. With Audit Vault in place, I doubt if we’ll ever hear of news such as “shs 338 billion cannot be accounted for“. When such systems are installed to control the accounting or payroll systems in the government, I’m sure those who always fail to take responsibility will no longer have excuse but to resign when malpractices are reported.
- First line of defense: Transparently detect and block SQL injection attacks, privilege escalation, and other threats against Oracle, Microsoft SQL Server, IBM DB2, SAP Sybase, and MySQL databases
- Faster response: Automatically detect unauthorized database activities that violate security policies, and thwart perpetrators from covering their tracks
- Simplified compliance reporting: Easily analyze audit and event data and take action in a timely fashion with out-of-the-box compliance reports
“Oracle Audit Vault and Database Firewall is not just an integration of two existing products,” said Vipin Samar, vice president of Database Security Product Development, Oracle. “This is a new product that provides a unified monitoring and auditing platform that goes beyond databases. Customers no longer have to choose between security and compliance – they can now have a product that lets them achieve both easier and at a lower cost.”
“We currently use Oracle Database Firewall to secure Oracle and SQL Server databases and ensure we protect sensitive data in our environment,” said John-Thomas Gaietto, manager, IT Security & Compliance, SquareTwo Financial. “We are excited to see Oracle merge the capabilities of two products into a single unified product that provides us the security intelligence platform we need to run our business.”
“Combining both Oracle Audit Vault and Oracle Database Firewall is a logical step – it combines the real-time analytics and the ability to do ex-post and forensic analytics on database activities,” said Martin Kuppinger, founder and principal analyst at Kuppinger-Cole. “Oracle also raises the bar with its broad support for heterogeneous database environments. We recommend evaluating this new offering as the baseline solution for database security