<div dir="ltr">Thanks for the thought Muraya,,,,</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 19, 2017 at 12:37 PM, S.M. Muraya <span dir="ltr"><<a href="mailto:murigi.muraya@gmail.com" target="_blank">murigi.muraya@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">James, <div dir="auto"><br></div><div dir="auto">Would be very interested in an IFMIS "outsider event" moderated by Walu and yourself. </div><div dir="auto"><br></div><div dir="auto">Straight forward fellows are hard to come by in this day and age.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Jan 19, 2017 12:32 PM, "James Muritu via kictanet" <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>> wrote:<br type="attribution"><blockquote class="m_4366437408340265137quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Interesting conversations going on here. In simple terms, what IFIMIS lacks is a Governance Framework. The "software component" of an ERP is just one drop in the ocean. People+Processes+Operating Procedures+Decision Rights are the bigger drops. Am currently reviewing a similar system in a Kenya based corporation and for almost 2 years, the system had been blamed for all the wrong reasons. The ultimate results, revealed more loopholes outside the actual software.</div><div class="gmail_extra"><br><div class="gmail_quote"><div class="m_4366437408340265137elided-text">On Thu, Jan 19, 2017 at 12:01 PM, waudo siganga via kictanet <span dir="ltr"><<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>></span> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="m_4366437408340265137elided-text">
<div><div style="font-family:Arial;font-size:medium" dir="ltr"><div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932defangedMessage">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426">
<div>Thank Walu. I'll wait fro the coffee...</div>

<div>W.</div>

<div> </div>

<div>On Thu, Jan 19, 2017, at 11:33 AM, Walubengo J wrote:</div>

<blockquote class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426QuoteMessage" type="cite">
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_120149">@Daktari Siganga,</span></div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_121514">I was the ICT Director for our university for 5yrs and managed both the University Network &  ERP </span>- but I dont say :-)</div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856">We switch between the classroom and ICT operations like that. So I kinda have both the academic and practical view of these things  </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_117485">Anyway, you are right in that the IT expert(Superuser) should NOT  be a normal  'Finance' /'HR'/Procurement/ or other regualr user of the ERP.  However, the IT guys still assign these roles and privileges to the various functional users. i.e. they must grant rights to the Finance/HR/ and other Directors to execute their work within the ERP.</span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_118215">Different implementations (company policy) maybe that this is delegated to the various functional heads who can then subsequently grant privileges/access rights down through their departments.  </span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_122663">But this is NOT ideal since you lose the segregation of duties where you want the Functional heads(e.g. Finance Director) to make the access-rights requests IN WRITING, and have SOMEONE ELSE implement that request.</span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_118680">This is the 'control' auditors are looking for when auditing the information system later on - in terms of checks and balances. Such a control is what leads to the questions like:-</span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_121979">a) Who within the ERP system has privileges that were not formally requested for in writing? Or </span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_122031">b) Who within the ERP system has more privileges than what was formally requested for? </span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_122141">c) Who within the ERP exists but has no supporting access request from the Functional head?</span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856">d) etc, etc.</div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_119993">Even if the IT expert abused his/her superuser privileges by granting themselves some user rights within the Financial module, they will be outed by the above audit process.</span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_119942">Denying the IT expert the ability to grant access rights within the ERP and passing the same to the functional heads does not solve the problem of abuse. The functional heads can simply become the new kingpins. Only segregation of duty cures the problem of abuse.</span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_120358">But we can meet over coffee and share the pros and cons of the various  implementations :-)</span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span>walu.</span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116856"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_119114"> </span></div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426qtdSeparateBR" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116857"><br>
 </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yahoo_quoted" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116861" style="display:block">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116860" style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116859" style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_116858">
<hr id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_118006" size="1"><span style="font-size:small;font-family:Arial"><span style="font-weight:bold"><span style="font-weight:bold">From:</span></span> waudo siganga <<a href="mailto:emailsignet@mailcan.com" target="_blank">emailsignet@mailcan.com</a>><br>
<span style="font-weight:bold"><span style="font-weight:bold">To:</span></span> Walubengo J <<a href="mailto:jwalu@yahoo.com" target="_blank">jwalu@yahoo.com</a>>; KICTAnet ICT Policy Discussions <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>><br>
<span style="font-weight:bold"><span style="font-weight:bold">Sent:</span></span> Thursday, January 19, 2017 10:36 AM<br>
<span style="font-weight:bold"><span style="font-weight:bold">Subject:</span></span> Re: [kictanet] ICT Authority, not Treasury, should oversee IFMIS</span></div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426y_msg_container" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_117942"> 
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970">

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_117946">
<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_117945" style="font-family:Arial;font-size:medium">
<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970defangedMessage" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_117944">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_117943">Hi Walu - I can see from your comments that you have never worked in a finance environment. For secure setup there is no way "IT guys must then translate x, y & z function into the appropriate access levels for that accountant within the system". Simply put a person who is a trained IT expert knows too much about how the system works and therefore cannot be assigned access administration. The overall person for access admin is a "super-user" or "Chief Security Officer"or a title in that direction. This super user assigns access rights to users, such as ability to add,delete, update, edit, view, etc records. To assign these rights in practically all IT systems the super user must himself have those same rights, otherwise he/she cannot assign them to other users. A system where a super-user is an IT expert is a very weak system. The IT expert should never have ability to enter a system and change records. If you analyse the IFMIS problem you will realise that it is not a problem of IT experts infiltrating the system. It is just password misuse by ordinary users. At least I agree with you on one thing - IT expertise role and password administration must never be put in the same office. In most banks and finance environments the super-user function is undertaken by the CEO or a very senior executive who is OUTSIDE the IT function.</div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_120381"> </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_120379">THERE IS NO PROBLEM WITH IFMIS. The users, as is normal in any IT system, are the weakest link. It is like having pilots who are busy with corruption to fly a plane then when the plane crashes we say there was a problem with the plane.</div>

<div> </div>

<div>W.</div>

<div> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970yqt7364225366" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970yqt84060">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_120371">On Wed, Jan 18, 2017, at 02:54 PM, Walubengo J wrote:</div>

<blockquote class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945QuoteMessage" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_120369" type="cite">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yui_3_16_0_ym19_1_1484803299618_120368" style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904">@Dr Siganga, my comments below:</div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904"> </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904"><span style="font-style:italic"><span style="color:#9d1811">>>1. <span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_116044" style="font-family:Arial;font-size:medium">Hi Walu - I do not agree with you that access administration (passwords) is a technical function. In most cases passwords just mimic authorization structures that pre-exist in a manual system.</span></span></span></div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904"><span style="font-family:Arial;font-size:medium">>>></span></div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_116256" style="font-family:Arial;font-size:medium">Response:Yes and NO. </span></div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_116670" style="font-family:Arial;font-size:medium">Yes passwords and their access levels are controls that mimic the authorization levels of the manual system. However, their implementation in an ideal environment should be segregated.   E.g the finance director should say in writing: 'I need my accountant to do x, y & z function' .  The IT guys must then translate x, y & z function into the appropriate access levels for that accountant within the system. </span></div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904"> </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117186" style="font-family:Arial;font-size:medium">Finance retains the administrative oversight in terms of triggering the password request and profiling the access levels desired. IT retains the technical function of implementing the same. Never put these two roles in one office. Shida mingi inajiletea.</span></div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115904"> </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117301" style="font-family:Arial;font-size:medium"><span style="font-style:italic"><span style="color:#9d1811">>>2. I also differ with your suggestion that it is the work of technical people to enforce, check or review system controls. That should be the function of an independent auditor.</span></span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117302" style="font-family:Arial;font-size:medium">>></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117302" style="font-family:Arial;font-size:medium">RESPONSE: Yes and NO.</div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117302" style="font-family:Arial;font-size:medium">Yes, independent or external auditors (hopefully Information System Auditors) do review the  technical controls. But this is often an annual exercise. So serious organisation do not wait for a year to be told their controls were not effective. They have INTERNAL information system auditors (who are technical) to continuously  monitor/enforce that these IT controls are in place, working and/or need to be updated. Other organisation may allocate this role to the Information Security Officer, either way these are ICT technical chaps.</div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117302" style="font-family:Arial;font-size:medium"> </div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117302" style="font-family:Arial;font-size:medium">walu.</div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117302" style="font-family:Arial;font-size:medium"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945qtdSeparateBR"><br clear="none">
 </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yahoo_quoted" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115909" style="display:block">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115908" style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115907" style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115906">
<hr id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_118959" size="1"><span style="font-size:small;font-family:Arial"><span style="font-weight:bold"><span style="font-weight:bold">From:</span></span> waudo siganga <<a href="mailto:emailsignet@mailcan.com" target="_blank">emailsignet@mailcan.com</a>><br clear="none">
<span style="font-weight:bold"><span style="font-weight:bold">To:</span></span> Walubengo J <<a href="mailto:jwalu@yahoo.com" target="_blank">jwalu@yahoo.com</a>>; KICTAnet ICT Policy Discussions <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>><br clear="none">
<span style="font-weight:bold"><span style="font-weight:bold">Sent:</span></span> Wednesday, January 18, 2017 1:55 PM<br clear="none">
<span style="font-weight:bold"><span style="font-weight:bold">Subject:</span></span> Re: [kictanet] ICT Authority, not Treasury, should oversee IFMIS</span></div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945y_msg_container" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115913"> 
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544">

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115918">
<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115917" style="font-family:Arial;font-size:medium">
<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544defangedMessage" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115916">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_115915">Hi Walu - I do not agree with you that access administration (passwords) is a technical function. In most cases passwords just mimic authorization structures that pre-exist in a manual system. It is very important that the access of technical people to a system, especially a financial one, be as inhibited as possible. Those who access the system should only be capable of doing the functions they would perform in a manual system. To enhance security of the system, access administration should be overseen by a most senior person who is NOT trained to do technical work on the system.</div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117289"> </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117296">I also differ with your suggestion that it is the work of technical people to enforce, check or review system controls. That should be the function of an independent auditor.</div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yui_3_16_0_ym19_1_1484709864560_117297"> </div>

<div>Overall I think there is much misunderstanding about IFMIS. The problem is not technical; it is administrative. Specifically access administration (passwords).</div>

<div> </div>

<div>W.</div>

<div> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544yqt2831824611" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544yqt69540">
<div>On Wed, Jan 18, 2017, at 01:06 PM, Walubengo J via kictanet wrote:</div>

<blockquote class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275QuoteMessage" type="cite">
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95053"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95074" style="font-family:Arial;font-size:small">Grace B via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>> wrote>>></span></div>

<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95053"><span id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95064" style="font-family:verdana,sans-serif;font-size:13px">Second, the problem with IFMIS, it appears is a lack of commitment to simple values such as integrity and prudent stewardship of public funds. What guarantee wold we have that ICTA would be different from Treasury? </span></div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067">>></div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067">Segregation of duties solves this.  Treasury continues being the Process owner, but surrenders the Technical leadership of the system/ERP to ICT Authority. So if it is a case of passwords and their use, expiry amongst other technical issues, we know it is ICT Authority to manage (and take blame).</div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067">It is often a confusing and thin line. The line between Administrative and Technical authority.  </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067">But you can look at it in terms of the President's Security detail.   The President maybe the (Administrative) boss of his security detail, but the President can never tell his security detail HOW to guard him or what weapons to use or how many guards he needs, where to position them etc. </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067">These are TECHNICAL issues that the President cannot and should never pretend to be dictating on since they lie squarely within the NIS/Inspector General domain. The moment NIS start taking technical instructions from the President, is the moment our security system will collapse.</div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067">If we get this seperation of authority right, we solve the IFMIS puzzle.</div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067">walu.</div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275qtdSeparateBR" dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95067"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yahoo_quoted" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95058" style="display:block">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95057" style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95056" style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95055">
<hr id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95319" size="1"><span style="font-size:small;font-family:Arial"><span style="font-weight:bold"><span style="font-weight:bold">From:</span></span> Grace B via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>><br clear="none">
<span style="font-weight:bold"><span style="font-weight:bold">To:</span></span> <a href="mailto:jwalu@yahoo.com" target="_blank">jwalu@yahoo.com</a><br clear="none">
<span style="font-weight:bold"><span style="font-weight:bold">Cc:</span></span> Grace B <<a href="mailto:nmutungu@gmail.com" target="_blank">nmutungu@gmail.com</a>><br clear="none">
<span style="font-weight:bold"><span style="font-weight:bold">Sent:</span></span> Wednesday, January 18, 2017 7:11 AM<br clear="none">
<span style="font-weight:bold"><span style="font-weight:bold">Subject:</span></span> Re: [kictanet] ICT Authority, not Treasury, should oversee IFMIS</span></div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275y_msg_container" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95068"> 
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610">
<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95222">
<div dir="ltr" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95221">
<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_default" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yui_3_16_0_ym19_1_1484709864560_95220" style="font-family:verdana,sans-serif">Interesting discussion. There are those who would look at IFMIS as a public finance management issue as opposed to an ICT one but this is not really count when giving management mandate to either Treasury or ICTA as long as the objectives of PFM (Article 201 of Katiba) are met. </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_default" style="font-family:verdana,sans-serif">One of the issues voiced about IFMIS since devolution/new Constitution has been the problems experienced by county governments and other independent organs eg commissions in accessing funds in a timely manner. (We assume that Executive has not had too many problems assessing funds and may have indeed been facilitating leakage) </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_default" style="font-family:verdana,sans-serif">One issue with transferring the responsibility of maintaining IFMIS to ICTA, it seems would be that there could be few differences between ICTA and Treasury. First, both are Executive institutions that may support devolved and independent structures in line with the soft policy direction of the government of the day. Second, the problem with IFMIS, it appears is a lack of commitment to simple values such as integrity and prudent stewardship of public funds. What guarantee wold we have that ICTA would be different from Treasury? </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_default" style="font-family:verdana,sans-serif"> </div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_default" style="font-family:verdana,sans-serif">Regards</div>
</div>

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_extra"> 
<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_quote">2017-01-18 5:54 GMT+03:00 Ali Hussein via kictanet <span dir="ltr"><<a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>></span>:

<blockquote class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610yqt6690131182" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610yqt53588">
<div>
<div>Barrack</div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610m_3159820653716726412AppleMailSignature"> </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610m_3159820653716726412AppleMailSignature">We are saying the same thing really.. Let's assume that the ICTA is the ICT Department of the Government (which I doubt it is equipped to execute that mandate) then 'managing' here really means providing support to the system. </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610m_3159820653716726412AppleMailSignature"> </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610m_3159820653716726412AppleMailSignature">I think it's time the Government considers the role of Chief Information Officer to really manage the strategic thrust of all ICT initiatives across ministries. The CIO can then be held accountable for overall efficiency and security of all Government ICT Systems. This CIO needs to report directly to the Chief Executive Officer (President) of the country. Now, that person could be seconded or be a part of the ICTA with a doted line responsibility to the CS, MOICT...</div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610m_3159820653716726412AppleMailSignature"> </div>

<div id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610m_3159820653716726412AppleMailSignature">Ultimately the overall responsibility of how well our Government ICT Systems work lies squarely on the CEO's desk. Look no further.<br clear="none">
 
<div><span><span style="font-weight:bold">Ali Hussein</span></span></div>

<div><span><span style="font-weight:bold">Principal</span></span></div>

<div><span style="font-weight:bold">Hussein & Associates</span></div>

<div style="font-family:Helvetica;font-size:medium"><a shape="rect">+254 0713 601113</a> </div>

<div style="font-family:Helvetica;font-size:medium"> </div>

<div>
<div style="margin:0in 0in 0pt"><span>Twitter: @AliHKassim</span></div>

<div style="margin:0in 0in 0pt"><span>Skype: abu-jomo</span></div>

<div style="margin:0in 0in 0pt"><span>LinkedIn: <a href="http://ke.linkedin.com/in/alihkassim" shape="rect" target="_blank">http://ke.linkedin. com/in/alihkassim</a></span></div>
</div>

<div><span>"We are what we repeatedly do. Excellence, therefore, is not an act but a habit."  ~ Aristotle</span></div>

<div> </div>

<div> </div>
Sent from my iPad</div>

<div>
<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610h5">
<div><br clear="none">
On 17 Jan 2017, at 11:27 PM, Barrack Otieno via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a> > wrote:<br clear="none">
 </div>
</div>
</div>

<blockquote type="cite">
<div>
<div>
<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610h5"><span>Hi Ali,</span><br clear="none">
<br clear="none">
<span>ERP grew from MRP (Material Resource Planning which was a means of</span><br clear="none">
<span>planning and allocating resources in Factories. The difference between</span><br clear="none">
<span>the two is that MRP's were stand alone systems whereas ERP's are</span><br clear="none">
<span>modular and have more functionality. From an evolution perspective ,</span><br clear="none">
<span>it would be ideal to manage IFMIS from Ministry of Finance since they</span><br clear="none">
<span>are the custodians of the treasury and normally allocate resources</span><br clear="none">
<span>through the budgeting process. From a Project Management perspective,</span><br clear="none">
<span>it would be ideal to manage IFMIS from ICTA since it is the</span><br clear="none">
<span>specialized agency meant to manage government technology investments.</span><br clear="none">
<br clear="none">
<span>Regards</span><br clear="none">
<br clear="none">
<span>On 1/17/17, S.M. Muraya via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a> > wrote:</span>

<blockquote type="cite"><span>Doubt Treasury economists and accountants are well placed to provide Cyber</span></blockquote>

<blockquote type="cite"><span>Security :)</span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span>We need the ICT Authority to configure enterprise wide data protection</span></blockquote>

<blockquote type="cite"><span>(limiting theft of passwords & access to IFMIS).</span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span>In 2016, the UN ranked the UK as # 1 in providing digital services.</span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span><a href="https://publicadministration.un.org/egovkb/en-us/Reports/UN-E-Government-Survey-2016" shape="rect" target="_blank">https://publicadministration. un.org/egovkb/en-us/Reports/ UN-E-Government-Survey-2016</a></span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span>The Government Digital Service (GDS) is part of their Cabinet Office, not</span></blockquote>

<blockquote type="cite"><span>their Treasury.</span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span><a href="https://www.gov.uk/government/publications/govuk-pay/govuk-pay" shape="rect" target="_blank">https://www.gov.uk/government/ publications/govuk-pay/govuk- pay</a></span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span>Their Treasury is consulted about the payment system  👆🏾  the GDS</span></blockquote>

<blockquote type="cite"><span>continues to build.</span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span>SMM</span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span>*"Better a patient person than a warrior, one with self-control than one</span></blockquote>

<blockquote type="cite"><span>who takes a city." Prov 16:32*</span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite"><span>On Tue, Jan 17, 2017 at 9:45 PM, Ali Hussein <<a href="mailto:ali@hussein.me.ke" shape="rect" target="_blank">ali@hussein.me.ke</a>> wrote:</span></blockquote>

<blockquote type="cite"> </blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>I fundamentally disagree with this assertion.</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>First,y, the role of a CIO is to support the enterprise. I have never</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>heard in my life of an ERP Director. This is just adding a superfluous</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>layer of useless bureaucracy.</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>The owner of an ERP is the business with each department taking ownership</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>of their components:-</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>1. Financials - CFO</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>2. CRM (Commercial/marketing/sales)</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>3. Procurement - Procurement which sometimes comes under Finance</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Etc.</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>The CIO takes ownership to ensure that the company is well oiled to</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>execute on its mandate. This in my humble opinion goes beyond ERPs and</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>talks to aligning the Technology Strategy with the Business Strategy. For</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>example in the banking sector where increasingly the more savvy banks are</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>taking a 'Platform Thinking' approach. This allows partners to plug into</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>their core technology through APIs to enable them extend capabilities and</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>hence offerings to their customers.</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>The role of a CIO has fundamentally changed to speak to the need for</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>using</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Technology as an accelerator to successful business models.</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Secondly, I don't see how the ICT Authority would be better in managing</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>the monster that is IFMIS. Let them first learn the basics of</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>communicating</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>effectively with the community before taking on this elephant in the</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>room.</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>*Ali Hussein*</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>*Principal*</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>*Hussein & Associates*</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span><a shape="rect">+254 0713 601113</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Twitter: @AliHKassim</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Skype: abu-jomo</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>LinkedIn: <a href="http://ke.linkedin.com/in/alihkassim" shape="rect" target="_blank">http://ke.linkedin.com/in/ alihkassim</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>"We are what we repeatedly do. Excellence, therefore, is not an act but a</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>habit."  ~ Aristotle</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Sent from my iPad</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>On 17 Jan 2017, at 6:42 PM, S.M. Muraya via kictanet <</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span><a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a>> wrote:</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Interesting comments...</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>ICT Authority, not Treasury, should oversee IFMIS</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span><a href="http://www.nation.co.ke/oped/blogs/dot9/walubengo/2274560-" shape="rect" target="_blank">http://www.nation.co.ke/oped/ blogs/dot9/walubengo/2274560-</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>3520560-5j04aq/index.html</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>______________________________ _________________</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>kictanet mailing list</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span><a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" shape="rect" target="_blank">https://lists.kictanet.or.ke/ mailman/listinfo/kictanet</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Twitter: <a href="http://twitter.com/kictanet" shape="rect" target="_blank">http://twitter.com/kictanet</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Facebook: <a href="https://www.facebook.com/KICTANet/" shape="rect" target="_blank">https://www.facebook.com/ KICTANet/</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/" shape="rect" target="_blank">https://lists.kictanet.or.ke/</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>mailman/options/kictanet/info%<a href="http://40alyhussein.com/" shape="rect" target="_blank"> 40alyhussein.com</a></span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>for people and institutions interested and involved in ICT policy and</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>regulation. The network aims to act as a catalyst for reform in the ICT</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>sector in support of the national aim of ICT enabled growth and</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>development.</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>KICTANetiquette : Adhere to the same standards of acceptable behaviors</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>online that you follow in real life: respect people's times and</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>bandwidth,</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>share knowledge, don't flame or abuse or personalize, respect privacy, do</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"><span>not spam, do not market your wares or qualifications.</span></blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite">
<blockquote type="cite"> </blockquote>
</blockquote>

<blockquote type="cite"> </blockquote>
<br clear="none">
<br clear="none">
<span>-- </span><br clear="none">
<span>Barrack O. Otieno</span><br clear="none">
<span><a shape="rect">+254721325277</a></span><br clear="none">
<span><a shape="rect">+254733206359</a></span><br clear="none">
<span>Skype: barrack.otieno</span><br clear="none">
<span>PGP ID: 0x2611D86A</span><br clear="none">
<br clear="none">
<span>______________________________ _________________</span><br clear="none">
<span>kictanet mailing list</span><br clear="none">
<span><a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a></span><br clear="none">
<span><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" shape="rect" target="_blank">https://lists.kictanet.or.ke/ mailman/listinfo/kictanet</a></span><br clear="none">
<span>Twitter: <a href="http://twitter.com/kictanet" shape="rect" target="_blank">http://twitter.com/kictanet</a></span><br clear="none">
<span>Facebook: <a href="https://www.facebook.com/KICTANet/" shape="rect" target="_blank">https://www.facebook.com/ KICTANet/</a></span><br clear="none">
 </div>
</div>
<span>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com" shape="rect" target="_blank">https://lists.kictanet.or.ke/ mailman/options/kictanet/info% 40alyhussein.com</a></span><br clear="none">
<br clear="none">
<span class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610"><span>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.</span><br clear="none">
<br clear="none">
<span>KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</span></span></div>
</blockquote>
</div>
</div>
<br clear="none">
______________________________ _________________<br clear="none">
kictanet mailing list<br clear="none">
<a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a><br clear="none">
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" shape="rect" target="_blank">https://lists.kictanet.or.ke/ mailman/listinfo/kictanet</a><br clear="none">
Twitter: <a href="http://twitter.com/kictanet" shape="rect" target="_blank">http://twitter.com/kictanet</a><br clear="none">
Facebook: <a href="https://www.facebook.com/KICTANet/" shape="rect" target="_blank">https://www.facebook.com/ KICTANet/</a><br clear="none">
<br clear="none">
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com" shape="rect" target="_blank">https://lists.kictanet.or.ke/ mailman/options/kictanet/ nmutungu%40gmail.com</a><br clear="none">
<br clear="none">
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br clear="none">
<br clear="none">
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</blockquote>
</div>
 

<div> </div>
--

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yiv8876933610gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>Grace L.N. Mutung'u<br clear="none">
Skype: gracebomu<br clear="none">
Twitter: @Bomu<br clear="none">
<br clear="none">
<<a href="http://www.diplointernetgovernance.org/profile/GraceMutungu" shape="rect" target="_blank">http://www.diplointernetgover<wbr>nance.org/profile/GraceMutungu</a><wbr>></div>

<div> </div>

<div>PGP ID : 0x33A3450F<br clear="none">
 </div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
 

<div class="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yqt6690131182" id="m_4366437408340265137m_6902799126024533509m_-5139904531183533932me10426yiv1426227970me13945yiv1931683544me45275yqt55755">______________________________<wbr>_________________<br clear="none">
kictanet mailing list<br clear="none">
<a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a><br clear="none">
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" shape="rect" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a><br clear="none">
Twitter: <a href="http://twitter.com/kictanet" shape="rect" target="_blank">http://twitter.com/kictanet</a><br clear="none">
Facebook: <a href="https://www.facebook.com/KICTANet/" shape="rect" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a><br clear="none">
<br clear="none">
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com" shape="rect" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/jwalu%<wbr>40yahoo.com</a><br clear="none">
<br clear="none">
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br clear="none">
<br clear="none">
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</div>
<br clear="none">
 </div>
</div>
</div>
</div>
</div>

<div><u>______________________________<wbr>_________________</u></div>

<div>kictanet mailing list</div>

<div><a href="mailto:kictanet@lists.kictanet.or.ke" shape="rect" target="_blank">kictanet@lists.kictanet.or.ke</a></div>

<div><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" shape="rect" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a></div>

<div>Twitter: <a href="http://twitter.com/kictanet" shape="rect" target="_blank">http://twitter.com/kictanet</a></div>

<div>Facebook: <a href="https://www.facebook.com/KICTANet/" shape="rect" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a></div>

<div> </div>

<div>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan.com" shape="rect" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/emails<wbr>ignet%40mailcan.com</a></div>

<div> </div>

<div>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.</div>

<div> </div>

<div>KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
<br clear="none">
 </div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
 </div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div></div>
<br>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet" rel="noreferrer" target="_blank">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/" rel="noreferrer" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a><br>
<br></div>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/james.muritu%40gmail.com" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/james.<wbr>muritu%40gmail.com</a><div class="m_4366437408340265137quoted-text"><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br></div></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet" rel="noreferrer" target="_blank">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/" rel="noreferrer" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.com" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/murigi<wbr>.muraya%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br></blockquote></div><br></div>
</blockquote></div><br></div>