<div dir="ltr">Ngigi,<div><br></div><div>Nothing less than Multi Factor authentication is required in Kenya.</div><div><br></div><div><a href="https://en.wikipedia.org/wiki/Multi-factor_authentication">https://en.wikipedia.org/wiki/Multi-factor_authentication</a><br></div><div><br></div><div>Negligence needs to be penalized (we know, in Kenya, prosecution never succeeds where looting succeeds).<br></div><div><br></div><div>This includes negligence of local talent, not just theft. Kickbacks are often deposited (invested) abroad. As such, foreign firms will always be favored by crooked officials. Developed nations penalize bribery because it compromises national pysche, skills and service delivery levels.</div><div><br></div><div>EACC should also look for good examples to publicize.</div><div><br></div><div>Public officials, organizations, who/which over a 24 month period, have sourced and provided MANNED (conversation recording) hotlines, e-mail addresses, feedback portals and CRM's to measure, and promptly provide citizen services.</div><div><br></div><div>Crooked officials have no problem with payment systems (which increase the funds they collect), but they neglect systems which measure, expose service delivery levels.</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>SMM</div><div><br></div><div><span style="line-height:13px;color:rgb(0,19,32);font-family:Trebuchet,Arial,Helvetica,sans-serif;text-align:justify;background-color:rgb(253,254,255)"><span style="background-color:rgb(253,254,255)"><span style="line-height:20px"><font size="1"><b>"Better a patient person than a warrior, one with self-control than one who takes a city." Prov 16:32</b></font></span><span style="font-size:14px;background-color:rgb(253,254,255)"><br></span></span></span></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Dec 2, 2016 at 9:45 AM, Waithaka Ngigi via kictanet <span dir="ltr"><<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto" lang="en-US" style="background-color:rgb(255,255,255);line-height:initial"> <div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Ali,</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">It's also time to put professional blame squarely where it lies.</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Any system tasked with moving *huge* sums of money and that does not come with at least Two-Factor authentication be *default* is either:</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">1. A very, very bad implementation</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">2. Intentionally left unsecure to allow looting.</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Blaming users & ethics in our users is just looking for scapegoats. Citibank, Stanchart & other Financial Institutions do not rely on user ethics when using their online banking platforms. You key in your password, for every transaction, you confirm using your 2FA Code, ensuring it's only you, or someone you gave your physical 2FA card that can authenticate that transaction.</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">And that's before you put in anti-laundering functionality, which should catch most of those transactions dead in their tracks if well implemented. E.g before payment of sums above KSH 100m cross-check on company registration date, if less than 1 year, flag! Common addresses, Directors btn different firms.</div> <div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div> <div style="font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Online payments in Kenya have been with us since the early 2000s, why is it we've never heard complaints from the Banks that billions are being lost through basic identity fraud similar to IFMIS. </div><div style="font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Don't blame the Kenyan people, blame lies squarely with the Systems we have put in place. </div><div style="font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Waithaka Ngigi<br><br>Alliance Technologies<br><a href="http://www.at.co.ke" target="_blank">www.at.co.ke</a> </div> <table width="100%" style="background-color:white;border-spacing:0px"> <tbody><tr><td colspan="2" style="font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> <div style="border-style:solid none none;border-top-color:rgb(181,196,223);border-top-width:1pt;padding:3pt 0in 0in;font-family:Tahoma,'BB Alpha Sans','Slate Pro';font-size:10pt"> <div><b>From: </b>Ali Hussein via kictanet</div><div><b>Sent: </b>Friday, December 2, 2016 5:33 AM</div><div><b>To: </b>Ngigi Waithaka</div><div><b>Reply To: </b>KICTAnet ICT Policy Discussions</div><div><b>Cc: </b>Ali Hussein</div><div><b>Subject: </b>[kictanet] KISERO: Kenya’s corruption tsars have perfected looting through Ifmis - Daily Nation</div></div></td></tr></tbody></table><div><div class="h5"><div style="border-style:solid none none;border-top-color:rgb(186,188,209);border-top-width:1pt;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"></div><br><div id="m_4527721598795419985_originalContent"><div><span></span></div><div><div>Listers</div><div><br></div><div>Related to to the discussion of 'reigning in' quacks in the ICT Sector how do you explain the fiasco that is IFMIS? </div><div><br></div><div>Except from the article:-</div><div><br></div><div><div><p style="margin:0px 0px 15.600000000000001px;line-height:25px"><span style="background-color:rgba(255,255,255,0)">In theory, the Ifmis system we have is based on Oracle E-Business Suite, an accounting package developed by Oracle of the USA. In reality, what is in place is a product of conspiracies between crafty government officials and local rent-seeking software merchants.</span></p></div><div><p style="margin:0px 0px 15.600000000000001px;line-height:25px"><span style="background-color:rgba(255,255,255,0)">Through highly inflated and ill-conceived customisation and re-engineering projects, the merchants have colluded with public officials to create a mongrel of the original Oracle E-Business Suite.</span></p></div><div><p style="margin:0px 0px 15.600000000000001px;line-height:25px"><span style="background-color:rgba(255,255,255,0)">This is the system at the heart of corruption in the public sector.</span></p></div></div><div><a href="http://www.nation.co.ke/oped/Opinion/Kenya-corruption-tsars-have-perfected-looting-through-Ifmis/440808-3469632-kg5rbv/" target="_blank">http://www.nation.co.ke/oped/<wbr>Opinion/Kenya-corruption-<wbr>tsars-have-perfected-looting-<wbr>through-Ifmis/440808-3469632-<wbr>kg5rbv/</a></div><div><br></div><div id="m_4527721598795419985AppleMailSignature">So if we were to talk this discussion a step further:-</div><div id="m_4527721598795419985AppleMailSignature"><br></div><div id="m_4527721598795419985AppleMailSignature">1. The customization of an Oracle E-Business Suite cannot be done by a 'quack' who isn't a Certified Oracle Software Engineer.</div><div id="m_4527721598795419985AppleMailSignature"><br></div><div id="m_4527721598795419985AppleMailSignature">2. The customization must be approved by the client and mapped with the business processes mutually agreed by the vendor and the customer. In this case the government.</div><div id="m_4527721598795419985AppleMailSignature"><br></div><div id="m_4527721598795419985AppleMailSignature">A pig is a pig even if you apply lipstick on it. Let's call this what it is - Corruption. Period. Perpetuated in this case by the client and using qualified IT Professionals. We in the industry must call out the ones who collude to fleece this country instead of chasing a red herring in the name of 'quacks'!</div><div id="m_4527721598795419985AppleMailSignature"><br><div><span><b>Ali Hussein</b></span></div><div><span><b>Principal</b></span></div><div><b style="background-color:rgba(255,255,255,0)">Hussein & Associates</b></div><div style="font-family:Helvetica;font-size:medium">+254 0713 601113 </div><div style="font-family:Helvetica;font-size:medium"><br></div><div><p style="margin:0in 0in 0pt"><span style="background-color:rgba(255,255,255,0)">Twitter: @AliHKassim</span></p><span style="background-color:rgba(255,255,255,0)"><font></font></span><p style="margin:0in 0in 0pt"><span style="background-color:rgba(255,255,255,0)">Skype: abu-jomo</span></p><p style="margin:0in 0in 0pt"><span style="background-color:rgba(255,255,255,0)">LinkedIn: <a href="http://ke.linkedin.com/in/alihkassim" target="_blank">http://ke.linkedin.<wbr>com/in/alihkassim</a></span></p><font><br></font></div><div><span><br></span></div><div>"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi</div><div><span><br></span></div>Sent from my iPad</div></div><br></div></div></div></div>
<br>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/<wbr>mailman/listinfo/kictanet</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.com" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/<wbr>mailman/options/kictanet/<wbr>murigi.muraya%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br></blockquote></div><br></div>