Bureaucratic reluctance in adopting a management protocol, including dynamic password and biometric access, prescribed for insulating the online treasury management platform from fraudulent practices is reported to rendered it vulnerable.
Finance Department sources told The Hindu that while envisaging the Integrated Financial Management System (IFMS) since 2007-08 successive Secretaries who oversaw the project execution had mooted adequate precautions to plug all loopholes. The online treasury management system that handles around 10 lakh transactions a month is just one of the components of the IFMS.
Since the Secretaries are burdened with too many responsibilities, micro-managing the system is not easy for them either. This lacuna offered the officials down the line sufficient leeway to function at will.
On switching over to the new system, directives given for having a biometric system for users, dynamic password and multi-layer management that are integral to ensuring the security of the system, software and network, were not complied in the strict sense.
The entire system is said to be operating without a clear manual and principles. Dynamic password, the system of changing the password periodically is a major deterrent to check irregularities, but it was not experimented.
Even retired officials retain their password and mail ID and hence have the convenience to manipulate the data and payments without any hassles.
While the password of the Service and Payroll Administrative Repository of Kerala (SPARK) a database of the employees, is being periodically changed, this has not yet been attempted at the treasury that transacts substantial sums.
All crucial functions related to the system management are being directly controlled and monitored by the treasury director. A discreet delegation of privileges to key officials at different levels, including senior accountants who function as district coordinators of the system, would have eased his burden and helped to check irregularities.
The problem is not endemic to the treasury alone, it could happen in any financial institution, including banks, that do not resort to such safeguards, the sources said.
Time has come to review whether the present software solution provider has the capacity to meet all the current demands and taller challenges when more transactions are routed through the treasury in future, they said.