CAG flags serious lapses in Keralas Integrated Financial Management System

THIRUVANANTHAPURAM: The Comptroller and Auditor General (CAG) of India has unearthed major deficiencies in the implementation of the Integrated Financial Management System Kerala (IFMS-K), a key e-governance project meant to modernise the states financial administration. The audit watchdog's report exposed weak planning, poor documentation, and several system-level lapses that undermined the objectives of transparency and efficiency in financial management. According to the CAG, the absence of a Service Level Agreement (SLA) between the government and the implementing agency weakened the projects foundation. Critical documentation related to change requests and actions taken was unavailable, making the government dependent on the system integrator. The report also found that, contrary to the envisaged Software Development Life Cycle (SDLC) model, the National Informatics Centre (NIC) developed modules in a piecemeal manner over eight years, with review meeting decisions being the only reference for further development. The audit revealed that the department lacked essential records related to data migration, including pre- and post-migration reports, exception reports, and confirmations from treasuries. No acceptance test plan was prepared, there was no secure testing environment, and no professional third-party agency was entrusted with final testing. Out of 251 functional requirements, 100 were not developed. The CAG noted that the Kerala Treasury Code, Kerala Financial Code, and Budget Manuals were not amended to align with the re-engineered processes. The Budget 2.0 application lacked adequate validation controls, allowing additional authorisation of funds beyond savings and failing to reflect expenditure revisions made by the Accountant General. Similarly, the system lacked mechanisms to restrict reappropriation of excess savings or to analyse probable savings within grants. Serious flaws were also observed in the Expenditure Module and the Human Resources application (SPARK). Due to the absence of sanction orders in the system, treasuries continued to rely on physical documents. SPARK contained inconsistent and invalid data, undermining its purpose. The Accounts and Audit Module allowed unprofessional backend access that enabled manual editing of stored procedures, while the systems inability to reconcile GST transactions led to unreconciled balances. The Core Treasury Savings Bank (TSB) module was found to have critical deficiencies, including non-migration of accounts, lack of controls for closing inoperative accounts, and negative balances in 3,136 accounts. The absence of KYC data and weak signature verification processes increased the risk of errors and possible malpractices. Other serious findings included the use of an unlicensed version of DB2 for the State Budget application, the lack of a Database Administrator, and the absence of a Business Continuity or Disaster Recovery Plan. The system also permitted multiple logins across applications, creating security vulnerabilities. The CAG made 46 recommendations to strengthen IFMS-K. It urged the government to fix timelines for completing pending functionalities, develop a Requirement Traceability Matrix and Performance SLA to monitor progress, and introduce automated tools to calculate and claim interest and damages from banks for delayed credit of government funds. The report concluded that the IFMS-K, launched to improve financial discipline and transparency, continues to suffer from weak project governance, inadequate documentation, and poor system controls issues that must be urgently addressed to safeguard public financial management in the State.