Apparently, Harare City Council employees may have swindled City of millions of dollars by simply introducing unregistered POS machines and proceeding to collect revenues which they did not submit to the council.
The city council is said to have only discovered this during a recent audit. They realised that a significant number of POS machines -19 to be exact- were not linked to their bank accounts whilst they were collecting revenue.
A statement in the audit minutes reads:
percentstock count on the 43 district offices and other council revenue collecting centres revealed a total of 188 POS machines. There were 19 POS machines that were located at district offices but could not be found on the bank list.
It was also noted that there was a …
POSID which had dual identification codes hence the risk was that it was open for abuse and manipulation.
It was noted that some of the banks did not have corresponding BIQ cash books, hence audit could not extract the BIQ cash books of such banks.
Because of the lack of BIQ cashbooks, transactions made from such bank accounts were being posted into cashbooks in use on the day.
This is not the first time this has occured and it’s reported that a similar thing happened when an audit was taken last year. This doesn’t seem like something belonging in the realm of cyber crime (of it does but…) and instead it appears as if this is just negligence on the council’s part. It’s made worse by the fact that this was something the council knew was an issue as the minutes of the previous audit acknowledged the issues:
The POS devices are a particular area of vulnerability to HCC because it does not appear as if the finance department was in full control of their deployment across council premises.
Findings into the audit were that there was a mismatch between HCC register of POS devices, their physical count and the banks’ register of POS devices deployed. The city’s POS devices were not integrated with the BIQ system.HCC Audit Minutes