Sasra Ict Report22

The document summarizes challenges faced by a SACCO after migrating to a new IT system, including issues with interest and demand generation, salary processing, and generating financial reports. It provides recommendations to address these problems, conduct an audit of the new system, improve data reconciliation between systems, upgrade outdated hardware and improve cybersecurity practices. The SACCO also needs to establish reliable backup systems and training to address single points of failure and security vulnerabilities.

Uploaded by

dee

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

40 views

Sasra Ict Report22

Uploaded by

dee

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 3

SASRA ICT REPORT

New system
We recently migrated to a new system by E&M. Some of the challenges include

1. Demands & interest generation: The interest is loading twice and demand not correctly
generating which is leading to overdrawing accounts. It's crucial to have accurate demand
and interest generation in the loans department. Since the system providers are already
aware of the issue and working on a permanent solution, the Sacco is maintaining open
communication with them and following up regularly. Ensuring they understand the
importance of resolving this issue promptly, as it affects the core operations of the Sacco.
2. Coinage: This should be implemented in the new system as it helps when feeding in the
EOD data.
3. Salary processing instructions: there are challenges with salary processing instructions,
it's important to communicate this to the system providers and seek their assistance. They
should be able to help troubleshoot and resolve any issues with the system's functionality
related to salary processing. Timely and accurate salary processing is crucial for the smooth
operation of any organization.
4. Change of roles
5. Does not generate correct balance sheet, trial balance, profit and loss

Recommendation Regarding the new system

1. Audit of the new system: It's concerning that an audit of the new system was not
conducted, which prevents a comprehensive assessment of vulnerabilities and risks. It's
recommended to engage with a qualified third-party auditor who can evaluate the new
system's security, identify vulnerabilities, and propose necessary risk mitigation measures.
The audit should encompass both technical aspects (e.g., system architecture, data
handling, encryption) and operational aspects (e.g., access controls, user permissions).
2. There is also a need to conduct a governance, risk, and compliance (GRC) assessment
and document the findings to effectively manage risks and threats after the audit. This
involves establishing a governance framework, conducting a thorough risk assessment,
developing a risk management plan, and maintaining comprehensive documentation.
Ongoing monitoring and review are essential for staying proactive and ensuring the
security, integrity, and compliance of our operations.
3. We are Continuously monitoring and evaluating the system's performance as we
regularly review user feedback, monitor system usage patterns, and measure key
performance indicators. This ongoing assessment will help us identify areas of success and
areas that require further refinement.
4. Change roles- a physical form and a two-person approval process should be in place
especially when reshuffling roles. This ensures that role changes are subject to careful
scrutiny, reducing the risk of unauthorized access or potential misuse. This approach
enhances accountability, promotes proper segregation of duties, and helps maintain a
secure system environment.
DATA
There has been a recurring problem of data that has persisted from our very first service
provider. Data was never fully migrated to the Coretec system hence reconciliation was never
done. We have three systems that we refer data from.
Recommendation Regarding the data
1. Reconciliation: Cleaning up and merging data from different systems is essential for
accurate reconciliation. We are Working closely with our current system providers to
ensure all relevant data is migrated, and conduct thorough reconciliation checks to identify
any inconsistencies or errors. Data integrity is vital for reliable financial operations.

Mobile banking:
We had a mobile banking platform offered by our previous service providers. However, when
we migrated to the new system the mobile banking was stopped as the Sacco was and is
looking for a vendor who puts both the Sacco’s strategic plan and security in mind. In
addition, the following need to be implemented as we venture into mobile banking

SSL:
VPN: .
Penetration testing and hardening methods:
IPS/IDS

Single point of failure

We have a single point of failure since we do not have a proper back up plan in place, we also
don’t have a proper power back up plan.

Addressing the single point of failure:

I. Power backup plan: The Sacco should Invest in a reliable power backup solution such as
Uninterruptible Power Supply (UPS) or backup generators to prevent disruptions in case of
power outages. This ensures the availability and integrity of the servers and prevents data
corruption.

II. Data backup: Develop a robust data backup strategy that includes regular backups, off-
site storage, and periodic restoration tests. Consider implementing cloud-based backup
solutions or redundant storage systems to ensure data availability even in the event of
hardware failures.

Outdated hardware and cybersecurity

The SACCO is facing challenges with outdated PCs running on Windows 7, as their hardware
specifications are insufficient to support newer operating systems such as Windows 10.
Upgrading to Windows 10 has been attempted, but it has resulted in performance issues,
causing decreased productivity for users.

Recommendation Regarding outdated hardware and cybersecurity:

Upgrade hardware: It's essential to replace the Windows 7 PCs with newer hardware that
supports Windows 10. Outdated operating systems are more vulnerable to security risks, and
using unsupported software can expose your systems to potential exploits. Allocate the
necessary budget to upgrade the PCs and ensure they meet the system requirements for
Windows 10. The Sacco is in the process of resolving this.

Cybersecurity awareness training:

1. Recognizing that employees are often the weakest link in security, Sacco needs to
conduct comprehensive cybersecurity awareness training for all staff members. Educate
them about common threats, phishing attacks, password hygiene, and safe online
practices. Regularly reinforce the importance of security protocols to help prevent
breaches.

2. Duo Custody of Key Passwords: should be implemented in the new system where critical
passwords, especially those related to high-level access or administrative functions, require
dual authorization. This ensures that multiple authorized individuals are involved in
granting access, reducing the risk of unauthorized actions or breaches.
3. Password Logs and Trails: Maintain detailed logs and trails of password-related activities,
including password changes, resets, and access requests. This documentation helps in
tracking and auditing user actions, aiding in identifying potential security incidents or
unauthorized access attempts.

In conclusion
It's crucial to involve the relevant stakeholders, including the system providers, auditors, and IT
experts, to address these challenges effectively and ensure a smooth and secure operation for
the SACCO.