HEXCO probe uncovers an alarming disregard for information systems controls

Nigel Gambanga Avatar

The recent government probe of the Higher Education Examinations Council (HEXCO) has been covered in the media as yet another portrayal of irregular practices that affect service delivery in a state entity.

The probe has also brought to the surface a huge disregard of information systems controls which is a cause for concern when considering the risks that the entire Council and Ministry of Higher Education was exposed to.

According to The Herald, with the approval of the Secretary in the Ministry of Higher and Tertiary Education Dr. Washington Mbizvo, a Francis Taivavashe was appointed to oversee the council’s exam database. Apparently, Taivavashe designed, installed operated and managed the database without any supervision.

While other voices have focused on how HEXCO appointed an unqualified person for the job as well as their lack of a complete grasp of their own roles, a big issue that is emerging from this is the absence of internal controls and measures to supervise the systems that HEXCO wanted to use.

The fact that a single person handled the design and management of a national examinations database without any supervision and carried out all tasks and duties without having to account for any of his actions is alarming. What is even more peculiar is how he is reported to have carried the database on flash drives and was the only person with the authority to handle password and access queries.

It would appear that there was no observation of information systems controls to mitigate risks such as systems breach, theft of data and continuity. This paints a bad picture of the Ministry of Higher and Tertiary Education and HEXCO and brings into question their seriousness when it comes to information systems procedures.

All parastatals and state affiliated bodies are subjected to audits from the Office of The Auditor General so one wonders whether the same audit procedures that failed to identify such a blatant disregard for risk and internal controls are used for other entities.

Do state enterprises that handle public finances where risks of corruption and fund misappropriation have better IS controls or does one person move around with sensitive information on temporary storage devices? What about central government and national security subsidiaries? Are the same weak internal controls being used at other state entities?

The Ministry of Higher and Tertiary Education has its own guidelines and objectives independent of The Ministry of Education Sports and Culture but it is easy to draw comparisons between the two. We have experienced cases where secondary schools public examinations administered by ZIMSEC have been leaked and it’s anybody’s guess if the same lax approach to internal controls was being used there.

We live in a world where technology should be used to create measures against unnecessary risks at every level of enterprise engagement. Local authorities need to step up not only in how they talk about tech but also how they implement it.

Enterprise-wide risk management is a big consideration even at a national level and there should be clearer efforts at initiating e-government practices as well as a stronger stance on transparency.

More efforts need to be made to address these issues of we are to come off as a nation that fully appreciates the importance of technology in service delivery and enterprise efficiency.


  1. Tapiwa ✔

    I bet this guy can hook me up with an HND in Nuclear Engineering; does anyone have his contact details? 🙂

  2. Drogo

    I am at the end of my rope with feeling sorry for Francis Taivavashe but HEXCO on their doorstep “Hard” work is required!

  3. Brad

    The thing is these guys benefit from these flawed systems. Everyone knows the reason why passport offices around the country aren’t brought abreast with modern technologies is because the workers there benefit from bribes to get your passport ready faster…….typical of our gvt’s organisations!

  4. Farai Sairai

    Whilst I applaud you Nigel for stating the obvious that should be done and not done, remember this is the Gvt. Nobody cares even if you expose the rot. From the passport office to the police and going further to salaries department for civil servants, who really checks/audits all these? And yes when irregularities are found, then what? How many ghost workers in all the various Gvt departments or parastatals? This is serious but we all know this HEXCO gentleman will be transferred to another department very soon . The Perm Sec will still keep his job. And we will all still move on……so let’s move on..

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed