2.

INFORMATION TECHNOLOGY SYSTEMS IN

THE KERALA STATE CIVIL SUPPLIES
CORPORATION LIMITED

Highlights

Due to partial computerisation of outlets/depots, the Company could not

derive the intended benefit of accurate and timely report on sales and
stock despite spending Rs. 2.65 crore.
(Paragraph 2.2.8)
Absence of uniform coding procedure led to 20 per cent of sales, valuing
Rs.497.10 crore, escaping commodity-wise accounting during the period
from 1999 to 2003 which rose to 33 per cent in the year 2004.
(Paragraph 2.2.12)
Sharing of login IDs and passwords defeated the very purpose of control
as accountability, confidentiality and integrity of data and program would
be affected.
(Paragraph 2.2.13)
The system in the Regional office did not capture the short collection of
Rs. 28.70 crore and short remittance of Rs.21.73 crore for appropriate
follow up. Cash balances recorded in outlets, showed a difference of
Rs. 35.41 crore with the figures of short collection/remittance in the
database.
(Paragraph 2.2.17)

35

Audit Report (Commercial) for the year ended 31 March 2005

Introduction
2.2.1
The Company was incorporated in June 1974 with the objective of
procurement and distribution of food grains and other essential commodities
so as to ensure their easy availability to the public at reasonable prices.
The Company was also engaged in distribution of petroleum products, tea,
medicine, sugar, etc., as well as public distribution of rice, levy sugar and
wheat, distribution of rice and pulses to schools under the Mid Day Meal
Scheme.
The Company with its headquarters at Ernakulam has five Regional Offices,
supported by 1,050 outlets (August 2005). There is a separate EDP section.
Computerisation
2.2.2
The Company in 1987 started computerisation of its applications
and initiated in-house development of software for Payroll, Financial
Accounting, Sales Accounting, Sugar Transportation Accounting and
Purchase Accounting. Development of software for Depot Management, Super
Market Billing and Stock Accounting was outsourced. While the in-house
applications were developed using Oracle and Developer 2000, others were
developed using FoxPro. The Company had so far spent Rs.2.65 crore (2004)
towards computerisation.
Objective of computerisation
2.2.3

Computerisation was taken up with the following objectives:

To implement an effective database management system

To increase efficiency in :
sales accounting/analysis of outlets by producing accurate and
timely reports on sale and stock ;
evaluation of stock by determining its age ; and
installing a perfect Management Information System (MIS).

Scope of audit
2.2.4
The audit conducted during February-July 2004 covered the
functioning of the Financial Accounting System (FAS) and Sales Accounting
System (SAS) at Head Office and two* Regional Offices, Depot Management
System in three depots**and Supermarket Billing System in six Super
Markets/Labham Markets.

Audit objectives
2.2.5
Information Technology (IT) Audit was taken up to ascertain
whether the system was designed to ensure data integrity, reliability of inputs
and outputs, IT security and adequacy of controls.
* Ernakulam and Thiruvananthapuram
** Thrippunithura, Valiathura and Beypore
Supermarkets at Sadanam Road, Panampally Nagar, East Fort, and Kozhikode
Labham Markets at Peroorkada and Thrippunithura

36

Chapter II Reviews relating to Government companies

Audit methodology
2.2.6
Data available in Head Office, Regional Offices, Depots, and
Supermarkets were analysed using CAAT@ namely IDEA (Interactive Data
Extraction and Analysis).

Audit findings
Audit findings are discussed in the succeeding paragraphs.

General IT Controls
2.2.7
A review of the general IT controls revealed that controls were
weak in respect of IT access, software acquisition, development and
maintenance. As can be seen from succeeding paragraphs, many controls were
either inadequate or non- existent.
Non-achievement of intended IT benefits due to partial computerisation
2.2.8

The Company, initiated steps, in 1987, to computerise sales

Only some of the retail

outlets and depots have accounting of all retail outlets and depots, to produce accurate and timely
been computerised so far reports on sales and stocks and to introduce scientific inventory management,

but the progress of computerisation has been slow. As on 1 January 2004, 33

out of 60 depots, three out of 17 super market godowns, 41 out of 102 Labham
markets, nine out of 10 Petrol Bunks and 23 out of 38 Maveli medical stores
were still not computerised (August 2005). Moreover computerisation has not
Due to partial
computerisation the
so far been extended to any Maveli stores (858) and Sub-depots (10). Thus,
objective of accurate and due to partial computerisation, the Company could not fully achieve the
timely reporting was not objective of timely rendition of accounts for efficient management decisions
achieved
and generation of accurate and timely reports, despite investing Rs 2.65 crore.
The Management stated (April 2005) that a proposal for strengthening the
MIS wing of the Company has been approved by the Board of Directors
(November 2004) and 56 Depots would be computerized in the first phase
with facility for daily transfer of data to Head office/Regional Office.
All Medical stores and Labham Markets would be computerized in the
2nd phase. No time frame has, however, been fixed for the purpose.
Government replied (August 2005) that the Company had to ensure sufficient
technical support for the computerisation process, the request for sanctioning
support officers for computerisation was being examined and the Company
had taken steps to identify its own staff to do system support activities.
Lack of systems development controls
Delay in development of software
Essential modules of
software yet to be
developed.

2.2.9
Despite having an in-house software development team, all modules
of FAS and SAS were yet to be developed. Thus, MIS reports on age-wise
analysis of stock of commodities, sales analysis of retail outlets and
commodity-wise analysis could not be generated as planned, and hence could
@ Computer Assisted Audit Technique

37

Audit Report (Commercial) for the year ended 31 March 2005

not facilitate the decision making process. As the Company failed to set up a
proper network, the transfer of data from retail outlets to Regional Offices and
Head Office needed for timely generation of reports, was affected. A proposal
(January 2004) to develop a network through CUSAT* also did not yield
results and hence was dropped.
Network connections
essential for timely
transfer of data to be set
up.

The Management stated (April 2005) that steps have been taken to develop
software, for web enabled data transfer and that more technical persons would
be recruited as System Support officers. The Government also stated
(August 2005) that computers had been provided in all 56 depots and the
software for inventory maintenance was being implemented and the depots
were using the internet facility.
Lack of systems development methodology
2.2.10
Organisations implementing IT Projects should decide upon a
standard methodology to design and develop a system. There should be proper
documentation on various processes involved in systems development,
indicating, inter alia, personnel authorised and responsible to manage
application development and its implementation. Audit scrutiny revealed that
no such documentation existed in the Company. Further, documents such as
User Requirement Specification, System Requirement Specification, User
Manual and logs of tests made and acceptance of software relating to the FAS
and SAS developed in-house were not available with the Company.

Documents such as user

requirement
specification, user
manual, records of
testing were not
available.

In the absence of the above, Management could not ensure that all
requirements have been incorporated in the system developed in-house.
Government stated (August 2005) that these would be taken care of in the
software being developed and implemented in depots and in the future
software developments.
Instances of deficient system development process reflected in the functioning
of the software noticed in audit are discussed in paragraphs 2.2.11 and 2.2.12
infra.
Improper design of retail outlets/depots codes.

The Company has not

adopted a uniform
scientific coding system.

2.2.11
The Company assigned 4-digit codes for outlets/depots, the first
digit indicating the region, the second digit indicating the district and the next
two digits identifying the outlets under a district. No uniform and scientific
system of coding was, however, followed and there was a mix up of numerical
codes and alphanumerical codes.
The system at Tea division, however, accepted the first four alphabets of the
depot names as depot codes, which were entirely different from the codes
adopted for the sales accounting system.

* Cochin University of Science & Technology

38

Chapter II Reviews relating to Government companies

The Government stated (August 2005) that the 7-digit outlet code had been
introduced in 56 depots and would be incorporated in other outlets, after
re-designing/developing the software.
Absence of uniform commodity codes
2.2.12
The commodities dealt with by the Companys outlets are broadly
classified as Maveli items* and Non-Maveli items**. The non-Maveli items
are procured centrally, regionally or locally. They may include consignment
items, which are not taken to stock, but sales are billed.
As per the system of coding for commodities, Manager of an outlet could allot
any code number below 9999 to any item including the consignment items.
Common commodity
codes were not designed. Thus, there was a mismatch of codes given by various outlets. While the
Commodity code for a
Supermarket at Sadanam Road, Ernakulam classified the commodities into
particular item varied
five categories of 65 groups, the Supermarket at Panampally Nagar,
from outlet to outlet.
Ernakulam had 10 categories of 47 groups. The categorisation and grouping
had no basis and there were cases of overlapping/ duplication. The depots and
supermarket godowns followed their own system of coding for the
commodities.

20 per cent of sales

escaped commodity
wise accounting

Commodity-wise
consolidation of sales
and stock not possible

The Regional offices conducted monthly consolidation and annual physical

verification of commodities whereby the value of all the items other than
Maveli items were consolidated and classified under one code
105-supermarket items. As the coding for non Maveli commodities was not
uniform it led to 20 per cent of sales, valuing Rs 497.10 crore out of
Rs 2400.40 crore, escaping commodity-wise accounting for the five year
period (April 1999-March 2003). The sale of supermarket items escaping
commodity-wise accounting during 2003-04 was 33 per cent of total sales.
Absence of uniform codes, affected consolidation of the sale and stock of all
commodities at Regional/Head Office necessitating re-entry of data at
Regional Office. Thus, one of the main advantages of any computerisation
project i.e. transparent processing of transactions to serve as an MIS aid to
management to effectively monitor procurement, pricing and storing materials,
could not be derived by the Company.
Government stated (August 2005) that the 6-digit commodity codes were
already in use in 56 depots, and would be introduced in other outlets after
re-designing/developing the software.
Lack of segregation of duties and poor access controls in EDP section

Duties of EDP staff are

not clearly defined and
properly segregated

2.2.13
In any major IT system, the duties of various IT staff are required to
be properly defined and segregated, with clear responsibilities. Audit analysis,
however, revealed (June 2004) that the IT staff in the Company did not have

Essential commodities and their product derivatives most of which are procured centrally
and marketed in the companys brand.
** All other items such as provisions, stationeries, bakery items, meat product, vegetables,
etc

39

Audit Report (Commercial) for the year ended 31 March 2005

well defined job specifications and responsibilities with clear demarcation of

duties.

More than one person

shared same password

Moreover, in order to control authorised access to data and systems, the duties
and responsibility of the users of the system need to be decided by the
management, based on which the required modules are provided to the
individual users/sections. It was noticed in audit that though user level
passwords were provided but these were common for the same group. Thus,
the passwords were not unique and were shared by the staff. For example, to
access the Financial Accounting module, user name and the password were
common for the Finance clerk and the Managers. In effect, the sharing of login
ids and passwords defeat the very purpose of control as accountability,
confidentiality and integrity of data and programs would be affected.
Maintenance of a unique user id and password is required for the purpose of
fixing responsibility for unauthorised access to data.
Government stated (August 2005) that once MIS division was adequately
strengthened, there would be clear definition of works handled by each staff.
It further said that proper password maintenance and back up procedure had to
be implemented by unit managers. Frequent changes of staff in each level was
a bottleneck in this respect, which would be solved when system support
officers were appointed. The reply clearly shows that the Government has not
yet grasped the importance of segregation of duties and access controls in an
automated system controlling a turnover of more than Rs. 400 crore per year.
It is important for the Government to realise that in a computerised system
segregation of duties is as important as defining duties and responsibilities in
conventional system. As in a manual system it is inconceivable that a clerk
will have the same financial powers and responsibilities as a manager,
similarly in a computerised system appropriate differentiation has to be
enforced albeit by technology enabled methods such as assigning privileges
according to the user profile and access controls by passwords, etc.
Absence of Business Continuity Plan

No documented back up
procedure

2.2.14
The Company did not have documented procedures, operating
manuals and a disaster recovery plan. Though daily backups were reportedly
taken, absence of a disaster recovery plan had the risk of potential data loss,
with consequent disruption of business, in case of any disaster.

Application controls
2.2.15
Application controls are included in the IT Systems to provide
assurance that all transactions are valid, authorised, complete, accurate and
properly recorded. Shortcomings in application control noticed during audit
are discussed in the succeeding paragraphs.
Deficiencies in Sales Accounting System (SAS)
2.2.16
The system was installed in Regional offices for consolidation of
monthly sales at retail outlets, wherein credit sales to schools for noon feeding

40

Chapter II Reviews relating to Government companies

programmes and to ARDs* were also accounted. The Region-wise data so

compiled is consolidated at Head Office using this application. A scrutiny of
the application revealed the following:
Discrepancies in accounting short collection/short remittance
2.2.17
The Companys outlets are required to remit the daily sales
realization into specified bank account the following day. Any shortage in
remittance should be made good against the next remittance. Regional offices
also work out independently the reported sales of outlets, based on rates on the
day of sale. Any difference between sale value due and sale value actually
reported would be shown as short collection.
A scrutiny of the database relating to the Regional office, Ernakulam, for
1999-2004 revealed
large-scale variation between total sales
(Rs 356.98 crore) and total collection (Rs 328.28 crore) as well as between
Short collection of
total collection and total remittance (Rs 306.55 crore). The system in the
Rs 28.70 crore and short
Regional office did not capture the short collection of Rs 28.70 crore and short
remittance of Rs 21.73
remittance of Rs 21.73 crore, for appropriate follow up. On this being pointed
crore not followed up
out, it was stated that the daily shortage in outlet-wise collection was duly
accounted in a different table in the database. It was, however, seen that the
figures of short collection and short remittance in the said database table had
Substantial difference
between short collection no relation to the corresponding figures derived from the table earlier
and short remittance as scrutinized by Audit or for that matter even the trial balance. Against a short
per electronic data and
collection and short remittance of Rs 28.70 crore and Rs 21.73 crore
accounts
respectively as on 31 March 2003, the corresponding figures in the trial
balance as on 31 March 2003 were only Rs 1.70 lakh and 0.64 lakh
respectively.

Cash balances of outlets

are negative

Further, cash balance of outlets recorded in the database showed a negative

balance of Rs. 35.41 crore as on 31 March 2004, which did not tally with the
figures of short collection/remittance in the database. This showed that the
logical data flow was not maintained in the system to ensure integrity and
reliability of the information processed through the application.
The Management stated (August 2005) that the problem would be addressed
in the new software being developed for depots and that the sales accounting
system would also become a part of the depot management system.
Absence of provision to adjust physical verification shortages

2.2.18
According to the instructions for stores verification, unit managers
should declare items as per book stock as on 31 March. The Stock verification
There is no provision for
accounting of shortage in officer would verify whether the declared stock and actual stock are the same.
Items verified as good stock will be carried over as opening stock as on
stock
1st April. If there is any difference between declared and verified stock,
disciplinary action will be taken against the unit manager. There is, however,

* Authorised Ration Dealers

41

Audit Report (Commercial) for the year ended 31 March 2005

no provision to generate MIS reports relating to outlet-wise shortage in stock,

for top management follow up.
For example, the value of stores found short during 2002-03 in Regional
Office, Ernakulam was Rs 14 lakh. There was no evidence of any action taken
against the officers in-charge of the outlets where shortages had been detected.
The system also lacked provision to account for the cost of bad/inferior
quantity and the sales realisation.
The Government stated (August 2005) that steps were being taken to develop
new integrated software to overcome the deficiencies.
Defects in Supermarket Billing and Stock Accounting System
2.2.19
The system was developed to account for counter-wise collection,
sales accounting and stock reports in Super Markets and Labham markets.
It also provided for generation of counter-wise sales summary, month-wise
collection report, periodical sales report, item-wise invoice details, item-wise
indent, stock register, reconciliation of stock and stock valuation report. Audit
scrutiny revealed the following deficiencies in the system:
Errors and Omissions in stock records

System stock and

physical stock did not
tally in 35 per cent cases

2.2.20
A test check of the computerised physical verification reports of the
super markets at Sadanam Road, Ernakulam; Panampally Nagar, Ernakulam
and Indira Gandhi Road, Kozhikode (as on 31 March 2003) revealed that the
stock declared by units based on the database was less than the physical stock
in 26 per cent cases and was more than the physical stock in 39 per cent cases.
Thus the system did not ensure complete accuracy in inventory management.
Government stated (August 2005) that steps would be taken to address the
deficiencies pointed out.
Display of minus balance in stock

Billing error leading to

negative stock items

No provision to prevent
billing when stock is nil

2.2.21
As per the existing billing system, bills are made, without reference
to availability of stock notwithstanding any wrong product code, thus resulting
in negative stock values. All the items declared as negative stock are treated as
excess stock under the presumption that each accumulated negative stock is
due to a billing error and compensating excess stock will be available
somewhere in the shop. This indicates deficient software development
whereby validation checks were not incorporated into the system.
Thus, the computerised system introduced to ensure accuracy in stores
management ended up posing a risk to the operations and was unable to
prevent possible covering up of theft, pilferage, inaccuracy and inefficiency,
as no steps had been taken to prevent the printing of bills when the quantity as
per stock becomes zero. Proper inbuilt controls are needed to prevent
generation of bills for an item whose stock is nil.
Government stated (August 2005) that steps would be taken to address these
problems.

42

Chapter II Reviews relating to Government companies

Deficiencies in the Depot Management System

2.2.22
The system, functioning in 27 of the 60 depots enables recording of
commodity transactions and had facilities to account purchase orders,
allotment of materials and receipt of materials. It was also capable of
generating stock register, daily transaction report, stock-cum-sales return and
details of issues to outlets. A test check of the system, at the district depot at
Beypore, Kozhikode and Pettah, Thrippunithura revealed the following:

Initially, the materials received in depots were entered in temporary

mode, in the system, so that quantity will not be included in the actual
stock till the entry is made permanent. Only after inspection and
approval by quality control wing, it would be made permanent.
The depot stock statement displayed minus stock, as the materials were
issued before making a permanent entry. This paved the way for issue
of possible sub-standard materials against sale through retail outlets.

Option for preparation of a category-wise consolidated sales statement

for a specified period was not available in the software.

Materials to Labham Markets and Maveli Stores were door delivered

in depot vehicles but no provision existed in the software to generate a
vehicle utilisation statement.

At Head office, due to lack of any module, reconciliation of receipts

and issues at the depot was done manually.

As 27 computerised depots were not networked to the Head Office,

commodity-wise stock in depots could not be ascertained.

Minus balances in stock

due to issue of materials
before inspection

Head Office could not

assess the commodity-wise
stock in Depots.

Government stated (August 2005) that the new software being developed
would take care of these problems.

Conclusion
The Company started computerisation in 1987 in order to increasing
efficiency in sales accounting/analysis of outlets by processing
accurate/timely reports on sale and stock, evaluation of stock by
determining its age and installing a perfect MIS, but failed to fully
achieve its objectives. Despite incurring substantial expenditure, it could
computerise only 162 out of 1110 outlets/depots till January 2004. The
present system has poor access controls and the database is plagued with
inaccuracies. This leaves the system at a risk of being manipulated to
cover up theft, pilferage and embezzlement.
In order to monitor speedy movement of commodities in the outlets and to
evaluate the age of stock, it is essential to capture commodity-wise stock
position in Outlets/Depots and plan procurement and distribution
accordingly, but the Company could not ensure development of all
modules of the software, networking of the outlets and installation of MIS
to facilitate decision making, on the basis of sales analysis and market
trends. As a result of non-uniformity in the coding of commodities
generation of meaningful MIS reports, even if desired, is not feasible.

43

Audit Report (Commercial) for the year ended 31 March 2005

Recommendations

The Company should review the status of computerisation and

identify priority areas for computerisation. The system of data input,
at Regional offices may be strengthened, with proper controls,
to collect weekly inputs from other outlets and generate required MIS
on sales and stock.
The Company may

Set up an IT Steering Committee comprising of process owners, EDP

manager and Senior Managers of functional Groups to oversee the
implementation of computerisation and to authorize modifications.

Strengthen EDP wing and adequately segregate the duties of staff

with documented procedure for change management.

Arrange to develop a module to capture required information for

monitoring of short collection, short remittance and shortage in stock
to minimize the process of manual reconciliation and to reduce
business loss.

Modify the Billing System in Supermarkets to prevent display of

negative stock items.

Develop suitable MIS modules for sales analysis, commodity-wise

stock review, reading market trends and forecast price movements.

Management agreed (April 2005) to consider these suggestions, while

developing the new software.

44