By firewalling the treasury network, which is pivotal to about 10 lakh monthly transactions, and initiating functional, performance and security audit, the Treasury Department has bolstered its preparedness to thwart misappropriation of funds in future.
Finance Department sources told The Hindu that a seven-point note furnished by high-level panel that probed the ₹2 crore financial fraud committed by a senior treasury accountant in Thiruvananthapuram has helped to evolve an action plan to stave off such attempts.
An internal audit team of the department would probe whether similar instances had occurred earlier. Detection of the unbridled authority being enjoyed by the Treasury Director and the supervisory lapses committed by him as well as other officers in implementing basic security precautions, mainly deactivation of passwords even after the transfer and retirement of employees, would be rectified. Delegation of powers for officers at different levels is expected to address the supervisory lapses to a considerable extent.
Multi-tier authentication, including biometrics, will be incorporated soon. Adoption of dynamic password is being considered as yet another sound option to check malpractices. Provisions would be incorporated in the software for restricting the privileges of transferred and retired personnel and employees placed on deputation. A systems manual detailing the procedure would be drawn up. National Informatics Centre (NIC), the software solution provider, had recommended ISO 27001 for the Integrated Financial Management System that manages the entire system. This process would be expedited.
Application and security audit would be entrusted with an agency empanelled by the Indian Computer Emergency Response Team which is a government-mandated information technology security organisation that responds to computer security incidents, reports vulnerabilities and promotes effective security practices all over the country. The Standardisation, Testing and Quality Certification Directorate that has been entrusted with the security audit would be directed to expedite the process.
The NIC has also constituted two teams to probe the functional and security aspects of the software. An internal audit of transactions in treasuries under the Treasury Department for the past one year is progressing. The entire process is expected to be completed in six months, sources said.