ICT STRATEGY2014 / 2018

LOWER OPERATIONAL COSTS INCREASE REVENUE REDUCE RISK

32

‘BUILDING TRUST THROUGH FACILITATION’

USING IT AS A BUSINESS ENABLER

Guided by its vision and mission, revenue reforms and administration programme, and strong government support over the last decade, Kenya Revenue Authority (KRA) is acknowledged as a tax authority that has progressed to a customer centric institution. This has ensured that we remain at the forefront in exploiting technology to provide enhanced services to citizens and businesses, to deploy improved compliance programmes and maximize revenue collection, and to drive organizational culture change.

As set out in this document, our ICT strategy will maintain the operational fabric to help minimize customer contacts, to provide effective self-service and electronic options for our customers, and to support our business operations with appropriate and evolving set of tax administration applications and productivity tools. We will continue to develop business intelligence and data mining capabilities to support KRA’s focus on using risk-based approaches to tackle non-compliance in all its forms.

This second ICT strategy aims at achieving excellence in revenue administration through organizational renewal, innovation, and enhanced staff productivity geared towards customer focus. The key initiatives will include putting in place a business continuity management plan; embracing emerging smart technology investment decisions that will enable realization of strategic business objectives that embrace analytics to obtain knowledge and insights that will grow the internal culture of fact-based decision making.

As more taxpayer services are provided over the Internet and Mobile technologies, either directly through our own channels or indirectly via service provider platforms and other government sites, their continued availability, security and performance are becoming increasingly critical to both the running of the Authority business and public perception.

Our ongoing business initiatives will require the evolution of our ICT governance mechanisms to better manage all

aspects from core business operations, administrative support functions through to project selection, implementation and review.

The dynamic environment in which we operate, coupled with advances in technology means that we must continue to innovate and adapt our business processes while delivering predictable and reliable day-to-day services. We will continue to leverage on emerging technology trends while embracing change management for best practices, and hence make whatever adjustments are necessary to ensure we remain at the forefront of technology in the public sector.

It is my hope that this strategy will make the interaction with the Authority pleasurable for all stakeholders with a view to improving compliance, and ultimately enable achievement of the government development agenda by mobilizing the much needed resources.

JOHN K. NJIRAINI, MBS COMMISSIONER GENERAL JUNE 2015

Foreword by the Commissioner General

This Second ICT Strategy 2014/15–2017/18 sets out an overall vision and defines the key IT principles, policies and processes for the four-year corporate plan period. It will be used as the blueprint for future KRA service delivery programmes, while providing a framework to exploit and leverage on existing and emerging technologies and best practices to transform business processes through simplification and agility, to achieve full electronic customer service as set out in the Authority’s Vision 2018 corporate strategic goal.

The vision of ICT Department is ‘To achieve fully integrated electronic customer service’, while the mission is ‘To transform tax administration by providing innovative technology solutions and quality ICT services’. The theme of the second strategy is ‘Building trust by enabling customers through enhanced business value of ICT’. The strategy focuses on the following eight strategic themes that need major revision and expansion with the stated objectives:

1. Business Systems - Increasing efficiency and effectiveness of business systems operations: KRA’s business approach is to offer integrated on-line services and self service to our customers in an efficient and effective way.

2. ICT Infrastructure - Increasing availability of business systems: Our goal is to enhance availability of business systems and ensure continuity of business operations.

3. Enterprise Information Infrastructure - Establishing a managed enterprise information infrastructure: To improve the quality of information, we shall establish a managed enterprise information infrastructure.

4. Business Enablement through Technology - Leveraging on ICT to enhance business capability: To improve our ability to deliver services and enhance taxpayer compliance, KRA shall continue to leverage on existing and emerging technologies and innovations.

5. ICT Project Management - Improving project portfolio management: To enhance value from project investments, KRA shall institutionalize professionalism in ICT project selection and management.

6. ICT Risk Management - Enhancing integrity of ICT infrastructure, systems and information: KRA is committed to proactively identifying and mitigating ICT risks.

7. ICT Service Delivery - Improving efficiency of ICT service delivery: Our goal is to make working with and within ICT Department enjoyable by re-engineering the way the department does business under the ‘Trust and Facilitation’ approach to service delivery, supported by outsourcing of professional services as necessary.

8. IT Governance - Enhancing IT governance: We shall improve IT governance in KRA to enhance compliance with best practice frameworks, standards, procedures and governance policies.

Other elements from the previous ICT Strategy are revised appropriately to take account of new business landscape, environmental changes, priorities and fresh thinking. These include Workgroups and Collaboration, Application Development, the KRA Portal, Data Warehouse and Business Intelligence, and Enterprise Service Bus.

The key strategies and action points to be implemented over the strategy period are given for each theme.

This strategy was refreshed during the first year to align it with the Sixth Corporate Plan, which was finalized in the 2015/16 financial year. Through prudent selection, innovative use, and effective administration of information technologies, KRA will continue to realize gains in effectiveness, productivity, staff development and job enrichment to better meet the needs of our customers.

This strategy shall be the basis of all automation initiatives in the Authority, and will therefore be the main reference for strategic ICT initiatives as well as operational ICT plans.

EZEKIEL K. SAINA, HSC DEPUTY COMMISSIONER, INFORMATION & COMMUNICATION TECHNOLOGY JUNE 2015

Highlights by the Head of ICT

554

Table of Contents Acronyms and Abbreviations

Foreword by the Commissioner General 4Highlights by the Head of ICT 5Table of Contents 6Acronyms and Abbreviations 71. Introduction 8

1.1 Overview of Kenya Revenue Authority 81.1.1 Purpose of KRA 81.1.2 Organization 8

1.2 ICT Overview 91.3 Implementation of the 1st ICT Strategy 9

2. Vision, Mission, Theme and Core Values 142.1 Vision 142.2 Mission 142.3 Strategy Theme 142.4 Core Values 14

3. Situational Analysis 173.1 Internal Environmental Analysis 173.2 External Environmental Analysis 183.3 IT as a ‘Strategic Business Enabler’ and the ‘Game Changer’ 20

4. The Strategy 244.1 Business Systems 24

4.1.1 Strategic Objective, Strategies and Outcomes 244.2 ICT Infrastructure 25

4.2.1 Strategic Objective, Strategies and Outcomes 254.3 Enterprise Information Infrastructure 26

4.3.1 Strategic Objective, Strategies and Outcomes 274.4 Business Enablement through Technology 27

4.4.1 Strategic Objective, Strategies and Outcomes 274.5 ICT Project Management 28

4.5.1 Strategic Objective, Strategies and Outcomes 284.6 ICT Risk Management 28

4.6.1 Strategic Objective, Strategies and Outcomes 294.7 ICT Service Delivery 29

4.7.1 Strategic Objective, Strategies and Outcomes 304.8 IT Governance 30

4.8.1 Organization and Governance 304.8.2 Strategic Objective, Strategies and Outcomes 30

4.9 The 2nd KRA WIDE IT STRATEGY AT GLANCE 315. Strategy Implementation 34

5.1 Implementation Plan 345.1.1 Internal Consistency 345.1.2 Annual Planning 345.1.3 Budget 345.1.4 Communication of the Strategy 34

5.2 Monitoring and Evaluation 345.2.1 Setting Performance Targets 345.2.2 Monitoring Performance 355.2.3 Performance Evaluation 35

5.3 List of Stakeholders Consulted 35

BET Business Enablement through Technology

BPR Business Process Reengineering

BYOx Bring Your Own anything

CAC Change Advisory Committee

CCC Change Control Committees

CMMI Capability Maturity Model Integration

CRM Customer Relationship Management

DWBI Data Warehouse and Business Intelligence

EDMS Enterprise Document Management System

ERM Enterprise Risk Management

ERP Enterprise Resource planning

ESB Enterprise Service Bus

iCMS Integrated Customs Management System

ICT Information and Communication Technology

ICTA Information and Communication Technology Authority

IPR Intellectual Property Rights

iTax Trade Mark for the Integrated Tax Management System

ITIL Information Technology Infrastructure Library

KRA Kenya Revenue Authority

LAN Local Area Network

MIS Management Information Systems

PaaS Platform as a Service

RCoE Requirements Centre of Excellence

SCT Single Customs Territory

SMEs Small and Medium Size Enterprises

SOA Service Oriented Architecture

TIMS Tax Invoice Management System

WAN Wide Area Network

WOA Web Oriented Architecture

76

1.1 Overview of Kenya Revenue AuthorityThe Kenya Revenue Authority (KRA), herein referred to as the Authority, was established by an Act of Parliament, Chapter 469 of the Laws of Kenya, which became effective on 1st July 1995. The Authority is charged with the responsibility of collecting revenue on behalf of the Government of Kenya. A Board of Directors, consisting of both public and private sector experts, makes policy decisions to be implemented by KRA Management. The Chairman of the Board is appointed by the President of the Republic of Kenya. The Chief Executive of the Authority is the Commissioner General who is appointed by the Minister for Finance.

1.1.1 Purpose of KRAThe purpose of the Authority is assessment, collection, administration and enforcement of laws relating to revenue.

1.1.2 OrganizationThe Authority is a Government agency that runs its operations in the same way as a private enterprise. In order to offer better single-window services to taxpayers, KRA is divided into Five Regions as follows: Rift Valley Region, Western Region, Southern Region, Northern Region and Central Region. KRA is divided into the following nine main departments (see Figure 1.1): a. Customs & Boarder Control (C&BC), b. Domestic Taxes (DTD), c. Investigations & Enforcement (I&E), d) Strategy, Innovation & Risk Management (SI&RM), e. Corporate Support Services (CSS), f. Kenya School of Revenue Administration (KESRA), g. Internal Audit (IA), h. Ethics & Integrity (E&I), and i. Legal Services & Board Coordination (LS&BC).

The role of KRA in the economy includes:

a) To administer and enforce written laws or specified provisions of written laws pertaining to assessment, collection and accounting for all revenues in accordance with these laws;

b) To advise on matters pertaining to the administration or/and the collection of revenue under written laws;

c) To enhance efficiency and effectiveness of tax administration by eliminating bureaucracy, procurement, promotion, training and discipline;

d) To eliminate tax evasion by simplifying and streamlining procedures and improving tax payer service and education, thereby increasing the rate of compliance;

e) To promote professionalism and eradicate corruption amongst K.R.A. employees by paying adequate salaries that enable the institution to attract and retain competent professionals of integrity and sound ethical morals;

f) To restore economic independence and sovereign pride of Kenya by eventually eliminating the perennial budget deficits by creating organizational structures that maximize revenue collection;

g) To ensure protection of local industries and facilitate economic growth through effective administration of tax laws relating to trade;

h) To ensure effective allocation of scarce resources in the economy by effectively enforcing tax policies thereby sending the desired incentives and shift signals throughout the country;

i) To facilitate distribution of income in socially acceptable ways by effectively enforcing tax laws affecting income in various ways; and

j) To facilitate economic stability and moderate cyclic fluctuations in the economy by providing effective tax administration as an implementation instrument of the fiscal and stabilization policies and Being a ‘watchdog’ for the Government agencies (such as Ministries of Agriculture, Health, Finance, etc.) by controlling exit and entry points to the country to ensure that prohibited and illegal goods do not pass through Kenyan borders.

1.2 ICT OverviewInformation and Communication Technology Department in KRA operates in an environment that demands significant reliance on automation as a result of advances in IT and telecommunication that is facilitated by an enabling legal and regulatory framework in the country. The mandate of ICT in KRA is to support KRA business objectives and play the role of a ‘change enabler’ in the modernization of business operations and support systems.

KRA has a centralized IT infrastructure platform with a primary and secondary Data Center. The regional offices are connected to the Data Centers through a Wide Area Network (WAN) infrastructure. The main IT applications in KRA include the Simba system for Customs operations and the Integrated Tax Management System (iTax) for Domestic Taxes operations.

1.3 Implementation of the 1st ICT StrategyThe first KRA ICT strategy was developed in November 2005 as a modernization roadmap for the transformation of the Management Information Systems (MIS) Department in line with the technology trends and to re-align the KRA operational systems along the business strategic direction. Various projects were identified for implementation over a period of five years starting from December 2005. The current plan came to an end in December 2010, although its implementation has continued until 2014. The in-house SWOT analysis revealed a number of lessons. The key lessons have been summarized in Table 1.1.

Figure 1.1: The Organization Structure of KRA

Introduction1/

Table 1.1: Lessons from Implementation of the First ICT Strategy

ORGANIZATIONAL ICT MANAGEMENT ASPECT

LESSONS

Systems Implementation �Need for thorough BPR, requirements definition, acceptance and QA approach �Need to undertake change management among the staff to minimize resistance �Avoid scope changes and creep �Importance of a comprehensive and tested roll out and roll back strategy �System performance greatly hampered by several integration points

998

Board of Directors

Commissioner General

Customs & BorderControl (C&BC)

Internal Audit

Kenya School ofRevenueAdministration(KESRA)

Ethics & Integrity(E&I)

Legal Services &Board Coordination(LS&BC)

DomesticTaxes (DTD)

Investigations & Enforcement (I&E)

Corporate SupportServices (CSS)

HumanResources Corporate Risk

Management

Marketing & Communication

Corporate TaxDispute Resolution

ResearchKnowledgeManagement &Corporate Planning

Finances

Procurement &Supplies Services

Regional Offices

Administration& Logistics

Security

ICT

Strategy, Innovation & RiskManagement (SI&RM)

ORGANIZATIONAL ICT MANAGEMENT ASPECT

LESSONS

�Remove option of reverting back to manual system �There is need to include security risk analysis in project planning and implementation

Project Management �Projects should be well conceptualized, adequately resourced & with proper criteria (entry/exit) for starting and closure �Proper testing of delivered products is cardinal �It is important to have an institutionalized project management and communication framework in place �Need for permanent and dedicated project teams for implementation and roll out �Internal and external stakeholder management, communication and sensitization should be given priority �Contractors - Need for proper contractor management, to avoid contractor driven initiatives, to stick to the contract terms, and not to allow contractors to sit at decision organs �Need for institutionalization of an ICT strategic management process �There should be a long-term automation and IT infrastructure architecture and plan �Need to build capacity in business analysis and institutionalize Requirements Centre of Excellence (RCoE) to ensure that requirements are adequately defined

Human Resources �Need for early knowledge transfer �Open source requires more technical support �There should be proper structures for knowledge transfer �Need for improved literacy and uptake of ICT

Corporate Management �Adequate corporate management support is important for the project – in terms of funding and attention �Organizational political goodwill is crucial in implementing reforms

Infrastructure �Proper assessment of infrastructure requirements should be carried out �There is need for infrastructure capacity planning �Include infrastructure requirements in business requirements �Plan for retirement of obsolete infrastructure components

Maintenance & Support �Maintenance should be included in the procurement requirements �Improve strategies on contractor support/maintenance

Leadership �Demonstrated leadership in use of IT in the public sector �Influenced other government agencies in the use of technology

Culture �Having higher appetite for timelines than quality �Bad planning culture (non-existent) �No respect of non-disclosure of information in projects

1. Objective of the Second ICT Strategic Plan

Kenya Revenue Authority through Information and Communication Technology Department is committed to the provision of customer-focused services by effective management of ICT services in the Authority. ICT is a critical enabler to improvement of business processes and operations of the Authority. The key aim of ICT Department is to achieve efficiency and effectiveness in ICT service delivery. The objective of this document is to present the second KRA ICT strategy that incorporates lessons learnt from implementing the first ICT strategy and effectively responds to changes in KRA’s internal and external environments.

2. Alignment with the Corporate Plan

KRA has institutionalized strategic planning and is currently implementing the fifth corporate plan, whose life ends in June 2015. In developing this second ICT strategy, it was therefore necessary to ensure alignment with the sixth corporate strategic plan. The sixth corporate plan views ICT as game changer in revenue administration. This is observed from the corporate strategic plan’s strategic priority four, which addresses ICT directly and is stated as: ‘Enabling business by leveraging on technology to achieve full electronic customer service and enhance operational efficiency and service delivery in line with best practice, to achieve high customer satisfaction levels”. This strategic goal has the following objectives of making KRA:

a) Fully automated single collector: this requires an expansive and expensive ICT programme to be implemented. There will be need to seek innovative ways of meeting the ICT development requirements.

b) Full electronic customer service provider: whereas KRA is approaching the technical requirements for full electronic service, the country’s ICT development index (IDI) will constrain the private sector’s ability to take up the services requiring a considerable effort to promote uptake.

c) Make ICT a ‘Game Changer’ in Accountability and Integrity (allowing us to plug the leak instead of continuously bailing out water) and to exploit technological advances to improve service delivery (e.g. cloud computing to reduce capital costs, attend to security concerns and reduce impact of limited ICT staff), mobile platforms, etc). The Corporate Plan envisions IT as a ‘strategic business enabler’ and

the ‘game changer’ in support of KRA’s business departments to increase efficiency by simplifying, standardising, automating work procedures to enhance transparency in taxpayer transaction leading to overall operational excellence.

The ICT outputs and performance targets in the fifth corporate strategic plan that had not been realized by June 2014 will either be implemented or facilitated by the strategies set out in this document.

The second ICT strategy is also aligned to the second medium-term plan of Vision 2030, the KRA Vision 2018 Corporate Strategic Goals, as well as the National ICT Master Plan (2014-2017). It’s also aligned to the sixth corporate strategy of 2015.

3. Methodology

The methodology that was used to develop this strategy used a framework from popular strategic management literature that adopts a planning perspective whilst at the same time flexible enough to allow for multiple stakeholders participation. The framework used is summarized in Table 1.2.

1110 1110

Key Questions Outline Description Methods Used Output (Result)1. Where are we? Appraisal of both the

internal and external environments of KRA, with respect to ICT (SWOT Analysis)

Data collected from internal and external stakeholders in consultative meetings.

Critical ICT environmental analysis

2. Where do we want to go?

Establishing the strategic direction of KRA with respect to ICT (ICT Vision, Mission and Core Values)

Workshop with ICT personnel.

• Common vision for ICT

• ICT mission

• Theme for strategy

• Core values

3. How do we get there? Developing ICT strategy (Strategic Themes, Strategic Objectives, Strategies and Expected Outcomes)

Workshop with ICT personnel.

• Strategic Objectives

• Strategies

• Outcomes

• Strategic interventions or initiatives

4. How do we know whether we are getting there or not?

• Developing implementation plans for the ICT strategy (KPIs and targets)

• Monitoring and evaluation framework for the implementation of the ICT strategy

Workshop with ICT personnel and selected KRA business managers.

• Implementation plan

• Monitoring and evaluation plan

The methodology was designed to be highly participatory, as is evident from Table 1.2. In addition to the workshops indicated in Table 1.2, the draft ICT strategy was presented to business and ICT managers, KRA Top Management, the Procurement & Disposal and Information & Communication Technology Oversight Committee of the Board, and the KRA Board of Directors.

The next chapter presents the vision, mission and core values of the ICT function in KRA. It also provides the theme for the second ICT strategy. Chapter three analyses both the internal and external environments and identifies the strengths, weaknesses, opportunities and threats. The following chapter describes the strategy in terms of strategic objectives, strategies and expected outcomes for each of the eight strategic themes identified from the situational analysis in chapter three. The final chapter outlines how the strategy will be implemented. This includes the implementation plan, prioritization of the strategic initiatives to be implemented, monitoring and evaluation, ICT organizational structure, the financial implications of the proposed strategic initiatives, project implementation roadmap and the critical success factors. VISION, MISSION,

THEME & CORE VALUES1312

The vision, mission and core values of the KRA ICT function have been developed and aligned to those of the corporate. In addition, we have provided the theme that will guide the implementation of the second ICT strategy.

2.1 Vision

The KRA corporate vision is:

TO FACILITATE KENYA’S TRANSFORMATION THROUGH INNOVATIVE, PROFESSIONAL AND CUSTOMER-FOCUSED TAX ADMINISTRATION

The vision of ICT Department is:

TO ACHIEVE FULLY INTEGRATED ELECTRONIC CUSTOMER SERVICE

2.2 Mission

The KRA corporate mission is:

BUILDING TRUST THROUGH FACILITATION SO AS TO FOSTER COMPLIANCE WITH TAX AND CUSTOMS LEGISLATION

The mission of ICT Department is:

TO TRANSFORM TAX ADMINISTRATION BY PROVIDING INNOVATIVE TECHNOLOGY SOLUTIONS AND QUALITY ICT SERVICES

Vision, Mission, Theme and Core Values

The figure below illustrates how the various strategic initiatives converge to define the overall ICT vision.

The strategy envisions a technology architecture that provides a secure interface to the various service delivery channels including offline batch (uploading offline files, e.g. Tax Returns in iTax), third party systems and facilitates data abstraction from various data sources to KRA applications systems via an enterprise service bus.

2/ 2.3 Strategy Theme

The KRA corporate theme is:

BUILDING TAXPAYER TRUST THROUGH FACILITATION FOR ENHANCED TAX COMPLIANCE

The theme of the second ICT strategy is:

BUILDING TRUST BY ENABLING CUSTOMERS THROUGH ENHANCED BUSINESS VALUE OF ICT

2.4 Core Values

We adopt the following corporate core values:

a) Competence: We ensure competency, efficiency and achieving excellence.

b) Trustworthy: We uphold highest standards of trust and honesty.

c) Helpful: We are committed to effective empowerment and facilitation.

d) Ethical: We commit to treat everyone with dignity, esteem and fairness.

151514

Situational Analysis

Internal and external environmental analysis is critical in understanding the conditions within which organizations operate. These conditions can either be facilitating or hindering the organization towards excellence performance. Further, such a strategic environmental analysis provides an appreciation of the capabilities of an organization and the external factors that affect it. Therefore the analysis results in the identification of strengths, weaknesses, opportunities and threats (SWOT), which provide a good indication of what the future strategies will be.

3.1 Internal Environmental Analysis3.1.1 Existing Business Systems

There are 35 different business systems in KRA, categorized as follows: 11 support Customs and Boarder Control, 5 supports Domestic Taxes Department, 11 support Corporate Support Services, 5 support Road Transport and 3 are general in nature. From the investments above, it can be observed that a key strength is that the Authority has made substantial investment in business systems. However, there have been weaknesses in the processes of implementing ICT enabled and supported business systems in the following areas: Development and Deployments, Project Management, Change Management, Obsolete & Legacy Platforms, Integrations, Enterprise Information Architecture and the Portal.

3.1.2 Existing ICT Infrastructure

In terms of LAN/WAN communication links and end user equipment, KRA has invested a lot, including: Data Centre – Servers, Server Operating System Platforms, Application Platforms, etc. running critical databases;

Shared Government Facility, Communication Links with major redundancy links to the primary and backup site. Adoption globally, of IPv6, structured and tiered network at Data Centre (Access, Distribution and Core layers, each with fail-over redundant configuration). End user equipment - Access to LAN and wireless access points and Variety of user owned devices. The key on-going ICT infrastructure project includes supply, installation, testing and commissioning of the necessary physical infrastructure

From the above account, KRA has substantial investment in ICT infrastructure, with 90% of KRA stations having ICT infrastructure. This strength enables adoption of new technology, supports faster automation of services, and has resulted to increased PC to Officer Ratio to enable easier access to IT services. KRA however faces weaknesses including lack of technology infrastructure architecture framework and standards, poor infrastructure capacity planning, poorly developed applications, inadequate maintenance arrangements, as well as poor vendor management and inadequate clean power. These weaknesses can hamper delivery of quality services to users and stakeholders, including reduced availability of services.

3.1.3 Existing Policies and Standards

Currently, only Information Systems Security policies has been developed and approved as a corporate policy, whilst other policies and standards are in the form of work instructions or procedure manuals. To ensure that there is continued and professional governance of IT services in the Authority, policies and standards governing service delivery, service support and development, amongst others, need to be to be completed. This will enable ICT and the Authority, as a whole, to improve service delivery and support, avoid duplication of roles/processes leading to high cost of IT delivery, enhance business continuity and enhance the quality of application software products. A related weakness is poor IT service support, largely

3/

SITUATIONAL ANALYSIS

171716

due to low maturity level of IT service management and inadequate business continuity and data recovery. This needs to be addressed in order to provide better quality of service delivery, enhance customer satisfaction and increase ICT credibility with business

3.1.4 Existing Organizational Structure and Human Resources

A key strength is that KRA has a large number of highly skilled and competent ICT staff. This enables the Authority to easily adopt best practice standard and technology without much training, easily adapt to technological change, quickly implement tasks and assigned initiatives, and reduce dependency on consultants. Despite this strength, there is inadequate staff skills development. This weakness has arisen because of inadequate skills and knowledge transfer from vendors, inadequate skills development program, and workload imbalance amongst staff. This can lead to poor service delivery, high staff turnover, lack of initiation and innovation and inadequate motivation.

3.1.5 Vision 2018 Initiative

The Authority has formulated a Vision 2018 initiative under the Sixth Corporate Plan with the strategic objective to leverage on technology and best practices to transform business processes, through simplification and agility, to enhance governance and achieve fully electronic customer service. It is therefore imperative that ICT initiatives in the second ICT strategy must principally support the above strategic Vision.

3.2 External Environmental AnalysisThe following is an outline of KRA’s external environment, summarizing the opportunities available to the Authority and the threats.

3.2.1 National Policy and Legal Framework

Kenya has undergone some recent changes at the national level which led to the creation of the ICT Authority in 2013, and whose mandate is to rationalize and streamline the management of all Government of Kenya ICT functions. Further, the ICT Authority has recently developed and launched a National ICT Master Plan (2014-2017). The National ICT Master plan is aligned to the second MTP of Vision 2030 and other national policies and strategies, providing a basis for ensuring alignment with national policies and strategies. Additionally, the ICT Authority has also developed national standards on ICT. These developments at the national level provide KRA with opportunities to leverage on the national initiatives such as national data hubs, digital payments, shared services, and national ICT standards that provide for integration and interoperability with other government agencies. In addition, the current Government’s drive towards a digital government and the implementation of devolution as outlined in the Kenya Constitution (2010) offer opportunities for reforms in tax law and regulations, thereby creating avenues that can enhance revenue collection.

3.2.2 Broader E-Government and Other Government Initiatives

There are increased developmental activities at the East Africa regional level such as the development of regional integration that has given rise to ICT initiatives to facilitate trade among the countries of East Africa. The following are some of the projects resulting from the initiatives: Single Customs Territory (SCT), Real-Time Monitoring System, Cargo Control System (RTMS/CCS), One Stop Border Post (OSBP), sponsored by JICA, Regional Revenue Authorities Digital Data Exchange (RADDEx), sponsored by USAid and Kenya National Electronic Single Window System (KNESWS), developed and operated by KenTrade.

Likewise, at the national level, there are some efforts towards automation by several Government agencies. These national initiatives provide opportunities for KRA, and include the following: Integrates Population Registration Data System (IPRS) which is a source of nominal taxpayer data for KRA systems (e.g. iTax) and the National Digital Registry Service (NDRS) that will see the implementation of a digital People Registry coordinated

by Kenya Citizens and Foreign Nationals Management Service. National Social Security Fund (NSSF) delegation of remittances collection to KRA and National Public Key Infrastructure – digital signing and authentication of digital documents e.g. Taxpayer transaction documentation.

The opportunities offered by these regional and national initiatives include capacity building through sponsored technical training and leverage on diverse skill sets among regional stakeholders, infrastructure upgrades (servers, storage and communication links), and less duplication of data, leading to consistency and efficiency in common processes. There are however threats, including divergence in technology and standards among stakeholders that may lead to ineffective and /or inefficient integration and data challenges, additional administrative overheads and information security challenges.

3.2.3 Economic Factors

The cost of ICT equipment and systems is high. It therefore means that it is costly to invest in ICT initiatives. This threat leads to low investment in ICT. This threat is made worse by the weakness of perennial inadequacy of financial resources in the Authority, based on the ICT budget to overall operational budget benchmark for tax administrations. It is also made worse by reliance on conditional external funding. In addition, there is a significant reliance on external funding. This may often not serve the interests of the Authority given the other interests that this funding has to serve.

3.2.4 Socio-Cultural Factors

According to the Communications Authority of Kenya (CAK) sector statistics for the January-March 2014 period, there is increased access to mobile telephone for the Kenya’s general public, which stands at 31.8 million subscriptions. Despite this positive development however, there is low public awareness and access to IT for business purposes especially for Government to Citizen (G2C), which requires adequate computing power that is not available on the typical mobile phones used by Kenyans to access Internet and web-based resources. However at the business levels, while access to the G2C services is available, there is observed resistance to change. If this threat is not addressed, there will be low levels of usage of systems, leading to low levels of

compliance. In addition, there is the increased insecurity, leading to possible disruption of services. If this threat is not addressed, the Authority will be unable to provide reliable services. There will also be the additional cost of investing in redundant systems and physical security. Finally, Kenya has increasingly become a litigious society. This threat means that more resources might be spent on litigation.

3.2.5 Technological Developments

In the recent past, there has been tremendous progress in information technology that can be said to be transformative. The technology space rapidly changes, bringing faster processing speeds, greater storage capacity, bigger volumes of data sets, new architectures for information and applications, and advanced software. Examples of these developments include big data, cloud computing, mobile telephony, capacity for complex computation, storage and networks, application development architecture (SOA and WOA), IT service management (ITSM), mobile technology and bring your own device (BYOD) concept, and business intelligence and data warehousing. All these provide different avenues for doing business and require organizations to carefully harness the opportunities provided by such expanding IT capabilities to create value to consumers, businesses and bring socio change.

The Authority needs to leverage on these emerging technologies and concepts to expand and widen the tax net, enhance tax compliance, improve service delivery and availability, enhance data integrity leading to better image and reduced corruption, reduce the total cost of ownership and maintenance of infrastructure, enhance corporate image and enable collaboration with partners.

There are however threats associated with the emerging technologies and concepts. These include increased number of vulnerabilities due to use of diverse devices, inability to cope with technological changes, unreliable third party managed network segments (up to last mile from service providers’ points of presence) and integration with partners that do not conform to standards.

Although outsourcing is one of the opportunities presented by developments in technology, it is deemed to be critical to the Authority and therefore treated separately below.

1918 1918

3.2.6 Outsourcing

Outsourcing application development depends on the type of service needed, complexity, urgency and the skills required. KRA has at the moment outsourced the following infrastructure-related services: wide area network services, internet services, maintenance services, commercial backup power, call centre services and security appliances. The Authority should take advantage of outsourcing opportunities to outsource more.

In addition, there are opportunities to outsource managed services, such as Infrastructure as a Service, Software as a Service and Platform as a Service. The key benefits include cost savings, ability to scale in response to demand (agility), speed of access and better quality of service provision. The potential threats of outsourcing include the high cost of IT outsourcing and potential for job losses.

3.2.7 National Infrastructure

The telecommunications infrastructure in most of the country, especially in rural areas is either unavailable or poor. This is due to poor national coverage, few players in the market and the high cost of the infrastructure. In addition, the commercial power supply is unstable or poorly available across the country. These two weaknesses imply that the Authority cannot rollout IT infrastructure to all regions and that the cost of running IT and redundant systems/infrastructure is high. Finally, the legal infrastructure or legislation is inadequate for data protection. This makes it difficult to adopt emerging technologies e.g. cloud computing.

3.2.8 Relevant Initiatives in Other Revenue Authorities

There are automation initiatives in other revenue authorities that KRA could benchmark with. For example, South African Revenue Services (SARS) has implemented mobisite, a mobile version for filing returns on mobile phones. A second initiative is the Help-You-eFile facility that provides taxpayers calling the Contact Centre with live assistance. This enables a SARS agent to view the same screen as the taxpayer to assist in identifying the problems they are experiencing. A further innovation is single registration, a facility that allows single registration

of tax payers across all taxes they are associated with. SARS is using a debt management case solution which has helped them seal loopholes in VAT refunds.

In Rwanda Revenue Authority, relevant initiatives include mobile telephone facility (M-Declaration), involving mobile declaration and payment of taxes. It is a USSD platform able to work with Rwanda’s MTN-Mobile money, Tigo Cash or Airtel Money to facilitate declaration and payment of taxes by SMEs. There is also the tax calculator facility, which makes all tax computations easy.

The Uganda Revenue Authority has implemented e-Services, involving the management of tax obligations online; Tax Assistant, an interactive process that answers tax related questions; and Tax tools, a set of tools that assists in calculation of tax obligations. The Mauritius Revenue Authority has implemented internet banking, where payments can be effected online; an SMS facility where taxpayers can pay their income tax dues by SMS using Orange Money Service.

3.3 IT as a ‘Strategic Business Enabler’ and the ‘Game Changer’3.3.1 Alignment to the 6th Corporate Plan

In order to ensure that ICT initiatives fully support the corporate strategic objectives under the Authority’s Vision 2018, the automation strategic initiatives were derived from the identified strategic objectives under the Vision, taking into account existing/ongoing ICT initiatives. These were then subjected to a priority evaluation matrix. This process ensured the required ‘business-ICT’ alignment. Based on the evaluation matrix, the identified ICT initiatives to be pursued were aligned to the strategic business objectives. The approach also aimed to improve implementation success through best practices, world class solutions and sound business cases.

3.3.2 Value Proposition Parameters

Realization of KRA’s Vision 2018 therefore envisions IT as a ‘strategic business enabler’ and the ‘game changer’ that will support KRA’s business departments in their relentless pursuit of operational excellence.

Whereas the first ICT strategy focused on reducing interactions with taxpayers and enhancing revenue collection, the second strategy focuses on enhancing governance, promoting insight-driven processing and quality customer service through innovative ways and best practices.

3.3.3 Realization of the Vision

In order to address the current business challenges, with the ever-changing business environment and evolving technologies, it was critical that a new ICT Strategy was developed to support KRA’s vision and business strategies as we seek to transform tax administration to realize the desired vision, thus:

Current State � 2nd ICT Strategy � Transformation � Realization of KRA Vision

Therefore, the 2nd ICT Strategic Plan, incorporating effective application of ICT to support KRA’s business objectives of becoming a fully automated single collector, and providing customer-focused services, aims to steer the Authority towards the desired vision over the three (3) year corporate plan period through well-orchestrated programmes and initiatives.

The strategic objectives of the 2nd ICT Strategy are:

�To enable KRA to be a fully collaborative government agency that co-creates and connects with both Kenyan Citizens and other government agencies, and county governments.

�To enhance KRA’s capability to consistently deliver value nationally, regionally across its borders, and internationally, and hence contribute to the Government’s goal of global competitiveness and digital economy under the Vision 2030 initiative.

The Strategy therefore focuses on application of IT best practices to support the five strategic objectives identified above, as elaborated below.

3.3.3.1 Increase Voluntary Compliance

According to best practice, it is essential that the public must perceive: That there is equity and the notion of fairness in taxation, and the tax system is administered

in keeping with the highest value of honesty, uprightness, integrity and impartial application of the law. On the one hand, it must be shown that the public machinery with regard to taxation and application of privileges is exempt from corruption. On the other hand, the same machinery must endeavor to punish the taxpayer’s evasive behavior in an upright and fair manner. Above all, measures should be in place for reducing discretion and evasion. The Authority will apply technology to achieve these goals by ensuring transparency, accountability, integrity and effective social communication to the public; to not only keep them informed but to also participate in public activities that affect them.

3.3.3.2 Enhance Transparency and Fairness in Tax Administration

Greater transparency in Government-to-Business interactions can dramatically improve investor confidence, spur economic growth, provide better public services to the population, and increase public confidence in democratic institutions. In support of KRA corporate strategic objectives on enhancing transparency and fairness, the ICT strategy will seek to: Promote openness in designing and implementing public policy, Provide accountability (Promote trust/confidence in the integrity of systems and sets standards for conduct), Deter corruption/bribery and Influence taxpayer behavior, and present incentives for compliance and deterrents for non-compliance.

3.3.3.3 Enhance Operational Efficiency and Service Delivery

It is critical that the 2nd ICT strategy enables efficient and effective service delivery in order to create a globally competitive environment in such areas as: Ease of doing business, Ease of trading across borders, and Ease of paying taxes. These goals will be achieved through the ICT strategy in the following ways:

a) Efficient and effective service delivery to create a globally competitive environment in such areas as, Ease of doing business, Ease of trading across borders and Ease of paying taxes. Efficacy is increased mostly by standardisation and uniformity of procedures; to the extent this is feasible. Improve access to more services channels for payment of taxes.

2120 2120

b) Analytic and customer relationship capability to assist the Authority to manage vast amounts of structured and unstructured data, make sense of it and generate insights that enable it to connect with taxpayers at every touch point effectively, thus maximizing value with each interaction.

c) Integration capability within core applications to empower users to view and advice taxpayers on queries regarding their transaction status and related queries. Self-help capabilities integrated with business applications to ensure taxpayers have self-service without calling to KRA.

d) Simplification of (or making it easy to use) the most frequently used features in tax systems for taxpayers, such as filing returns, Obtaining supporting documentation, Querying tax status, Paying taxes, among others.

e) Use of the Internet, Mobile and other Technologies. This modality allows for instrumentation of massive consultation and reach mechanisms for taxpayer groups.

f) Leveraging/exploitation of emerging technologies and concepts to enhance business capability to innovatively grow application of technology to enhance business capability to better serve taxpayers, and embrace change in tax culture, while optimising IT/telecommunications investment.

g) Trade facilitation through accelerated cargo clearance and monitoring across borders using non-intrusive means. High system availability with continuity arrangements in line with the Authority’s enterprise risk management policy. Regional trade and Integration. Deploying ICT-enabled applications at critical points along the supply chain e.g. customs, ports and border crossings; and implementing a national single window system for data management.

h) Application of geographic information systems (GIS), satellite technologies and decision-making tools. Effective administrative support and improved level of automation for enhanced operational efficiency and service delivery. Application of ICT solutions with transformative power (high impact) in each of the business areas and with potential for replication or scaling-up, and Corporate Performance Management. Effectively manage corporate operational performance management to improve KRA’s performance and to improve employee productivity (key driver of corporate performance).

3.3.3.4 Combating Tax Evasion and Fraud

Combating tax evasion can be done by creating tax awareness, thus raising the level of compliance. ICT will be employed to achieve these objectives, including through:

a) Identification of Taxpayers, to adequately know and identify the taxpayers. Differentiation of Taxpayers and applying risk profiling to apply strategies on the basis of aspects related to the concepts of reliability and tax risk, to treat taxpayers according to their tax risk profile. Segmentation of Taxpayers, to stratify taxpayers based on some specific characteristics such as economic activity, amount of revenues, taxes under which they are registered, withholding agent status, etc. which allows for the establishment of equitable and specific rule treatments.

b) Collaboration with other government agencies and county governments on practical aspects of exchange of information with key partner organisations to leverage on 3rd party information for compliance purposes. Provision of a single source of compliance information, for decision making both at operational and strategic levels.

c) Tax intelligence and analytics, to facilitate business intelligence and data mining capabilities to support KRA’s focus on using risk-based approaches to tackling non-compliance to detect fraudulent behaviour and potential tax evasion, and to provide analytic capability to users for better decision-making and revenue growth. Enhance IS Security with electronic signatures for the required level of trust and confidence in tax information.

3.3.3.5 Business Enablement through Technology

Under the 2nd ICT strategy, KRA will grow and innovate information technology (IT) while managing IT spend and agility trends, driven by the following emerging technologies: mobile devices, cloud services, social technologies, and big data/analytics, to support, enable and optimize the Authority’s business operations, to promote agility and improve business capability to deliver business, including lowering costs, increasing revenue and reducing risk.

The cloud gives speed, ‘lowers’ operational costs, and is transformative. Big data will facilitate data-driven (including 3rd party data) decision-making; transforms business, increases revenue, increases customer intimacy, and improves business operations, resulting in agility, i.e. efficiency, control and choice.

With the increasing business expectations and the need to get ahead of the curve in order to assure business value, as part of implementing the strategy under this theme, we shall transform and redefine the ICT function, embracing outsourcing, to bridge the gap between business and ICT.

THE STRATEGY

232222

The ICT strategy adopted a thematic approach that consists of identified themes together with associated strategic objectives, strategies and expected outcomes. The strategic ICT themes are the key issues that the Authority needs to address if it is to improve its performance over the plan period. The themes, which are derived from the situational analysis presented in Chapter 3, drive the strategy and failure to adequately and satisfactorily address the challenges associated with them will adversely affect realization of the strategic objectives. After a comprehensive analysis of the current and future business automation needs in the Authority, eight strategic themes were identified for action:

1. Business systems

2. ICT infrastructure

3. Enterprise information infrastructure

4. Business enablement through technology

5. ICT project management

6. ICT risk management

7. ICT service delivery

8. IT governance

The other elements of the strategy are strategic objectives, strategies and expected outcomes. The following sections outline why each strategic theme is important and state the strategic objectives and specific strategies to be pursued to address the challenges in the thematic area, as well as the key outcomes to be realized.

4.1 Business SystemsThere is compelling need to offer integrated online services and self-service to KRA customers for increased

efficiency and effectiveness of business operations in a cost effective way. In this regard, there is need to integrate business systems; to replace and retire non-value-adding application systems; to contain the high cost of maintaining the existing business systems; to effectively enforce existing standards and IT change procedures; to adopt formalized business requirements, system and infrastructure design standards; to ensure business continuity in case of disruption; and to enhance capacity in procurement, contracting and vendor management. In addition, there is need for segregation of roles in business systems; adequate involvement of business users in requirements elicitation and user acceptance testing; adoption of an appropriate systems development methodology; adoption of a technology life cycle management policy; and adequate and friendly service offerings/channels and self-service interfaces.

4.1.1 Strategic Objective, Strategies and OutcomesIn respect of business systems, the Authority will pursue the following strategic objective:

STRATEGIC OBJECTIVE 01: To offer integrated online services and self-service to our customers in an efficient and effective way

In order to achieve the above objective, the Authority will pursue the following set of strategies:

S1.1: Develop and implement a clearly defined business application architecture, which ensures that all business products work transparently as a unified service offering

S1.2: Review and improve standards on development, acquisition, integration and maintenance of business systems in growing our applications portfolio as set out in the Corporate Plan and annual business plans, applying appropriate CMMI standard to ensure better quality and more repeatable processes

The Strategy S1.3: Develop and/or acquire quality information systems to effectively support business using commercial off-the-shelf approaches (where practical and affordable) as well as using cross-departmental and government shared services

S1.4: Maintain existing information systems to effectively support business by using the impetus of new business programmes and technology opportunities to move the bulk of our applications to the functionally and technically ‘safe’ quadrant of our portfolio assessment matrix

S1.5: Review existing business systems and retire those that do not deliver value or are obsolete

S1.6: Institutionalize a requirements management function in the Authority

S1.7: Build capacity in procurement contracting and vendor management to ensure effectiveness in lead-time planning for procurement

S1.8: Review and implement the application development/acquisition strategy

S1.9: Skill up the development teams and migrate towards more flexible service oriented architecture (SOA) approaches, including adoption of an Enterprise Service Bus (ESB), based on an illustrative ESB framework/architecture

S1.10: Maintain the Java standard and the open source Eclipse toolset as the IDE of choice, as well as Subversion as the primary platform for software management and version control.

Pursuing the above strategic objective and strategies will realize the following outcomes:

Oc 1.1: Reduced cost of acquisition and maintenance of business systems

Oc 1.2: Increased efficiency and effectiveness of business operations

Oc 1.3: Simplify the construction, integration and flexible re-use of technical business components using a standards-based service-oriented approach.

4.2 ICT InfrastructureThere is need to evolve IT infrastructure in order to ensure good performance, scalability, and continuous availability of business systems while protecting corporate data, and thus ensure continuity of business operations. This will be achieved by implementing appropriate technologies, based on flexibility, simplicity and standards-driven reference enterprise technology architecture, for evolution to continuous availability of IT systems, integrated backup and recovery of data. In this regard, it is imperative:

�To have adequate funding for sustaining and refreshing ICT infrastructure,

�To create a clear equipment refreshment and retirement strategy, minimizing disparate/non-standard ICT infrastructure and platforms

�To strictly enforce support and maintenance contracts

There is need to stop the habit of each initiative having its own infrastructure/servers, which leads to inefficient utilization of resources. There is also need to deal with challenges of unreliable power and inadequate coverage of infrastructure, particularly power and telecommunication services. In addition, it is important to have in place appropriate arrangements for better vendor management and for skills and knowledge transfer from vendors.

4.2.1 Strategic Objective, Strategies and OutcomesIn this respect, the Authority will pursue the following strategic objective:

STRATEGIC OBJECTIVE 02: To enhance availability of business systems and ensure continuity of business operations

This objective will be achieved by pursuing the following set of strategies:

S2.1: Upgrade and maintain ICT infrastructure while exploiting virtualization and consolidate technologies, and taking advantage of the government-wide shared services framework

S2.2: Continue with the current Operating systems mix and database management system mix of commercial

4/

252524

Oracle and DB2, and open source SQL Server, Postgres and MySQL, maintaining a reasonable balance between business requirements and economic considerations.

S2.3: Incrementally implement Virtual Desktop Infrastructure (VDI) as a tactical solution for mobile access and to extend the life of older PCs and applications, and to implement the Bring Your Own anything (BYOx) concept

S2.4: Maintain the current mix of open system hardware platforms, as a flexible, reliable, scalable and value for money combination, and retire legacy server environments

S2.5: Develop and implement vendor relationship and support and maintenance framework for ICT infrastructure

S2.6: Manage technology infrastructure life cycle and capacity

S2.7: Expand LANs and WANs in new stations, evolving the network offerings to include the widespread use of wireless technologies and address related security issues

S2.8: Continue the transition to shared voice, video and data networks and the exploitation of Voice over Internet Protocol (VoIP) and Video Conferencing technologies for cost savings and business opportunities

S2.9: Outsource services that are more effectively performed by third parties using appropriate outsourcing models

The outcomes of pursuing the above strategic objective and strategies are:

Oc 2.1: Continuous availability of business systems

Oc 2.2: Improved response times in service continuity

4.3 Enterprise Information InfrastructureThe need for enterprise information infrastructure is driven by the need to shift emphasis from ‘operational’ business activities to ‘compliance’ activities based on risk analysis and intelligence-led decision-making. We need to become more proactive in our response to data received, relating data from one source to another, with our systems automatically reacting to any anomalies detected. Our information management strategy also needs to address challenges in the management of a growing volume of unstructured data. The typical layers in enterprise information management are as depicted below.

Typical Layers in Enterprise Information Management

4.3.1 Strategic Objective, Strategies and Outcomes

There is thus need to establish a managed enterprise information infrastructure by pursuing the following strategic objective:

STRATEGIC OBJECTIVE 03: To improve the quality of information by establishing a managed enterprise information infrastructure

In order to achieve this objective, the Authority will pursue the following set of strategies:

S3.1: Build a centralized master information/data source of related information for use in multiple systems

S3.2: Continue the implementation of the data warehouse and business intelligence (DWBI) project

S3.3: Implement tools to maintain quality enterprise information and to transfer data from operational systems and other sources to the data warehouse

S3.4: Implement a metadata project with supporting policies, and adopt XML as the definition standard

S3.5: Consider the latest portal technologies in the redesign of the current KRA website and Intranets

S3.6: Continue to enhance and upgrade the existing Knowledge Management capabilities

S3.7: Liaise with other government agencies to introduce Unique Universal Identifier to standardize taxpayer entities

S3.8: Leverage on the National ICT Master Plan to improve interfaces with third party sources

S3.9: Make collected information more accessible via metadata or data about data

The outcomes of pursuing the above strategic objective and strategies are:

Oc 3.1: Reduced cost of acquisition and maintenance of business systems

Oc 3.2: Enhanced quality of service delivery to internal and external stakeholders

Oc 3.3: Make data, information and intelligence better understood by the business

Oc 3.4: Enhance KRA Web presence

4.4 Business Enablement through TechnologyTo improve its ability to deliver services and enhance taxpayer compliance, KRA will need to leverage on existing and emerging Information Technologies (mobile devices, cloud services, social technologies, and Big Data/Analytics) to support, enable and optimize the business; to promote agility and improve business capability to deliver business, and to spend more on innovation through growth and innovation of IT while managing IT spend and agility trends, and thus ‘lower’ total cost of ownership (TCO) of ICT services.

4.4.1 Strategic Objective, Strategies and OutcomesFrom the foregoing, the Authority thus needs to upscale the leveraging on ICT to enhance business capability by pursuing the following strategic objective:

STRATEGIC OBJECTIVE 04: To improve service delivery and taxpayer compliance by enhancing and leveraging on existing and emerging technologies and innovations.

2726 2726

In order to achieve this objective, the Authority will pursue the following set of strategies:

S4.1: Institutionalize Business Enablement through Technology (BET)

S4.2: Implement a Customer Relationship Management (CRM) solution, and upgrade the existing contact centre solution

S4.3: Continuously identify and adopt emerging technologies and concepts to enhance business operations

S4.4: Benchmark against best practice technologies in other administrations

S4.5: Develop and implement a framework for managing emerging technologies

S4.6: Develop and implement an infrastructure architecture using RFID technologies, GIS technologies, Smartphones and PDAs, among other emerging technologies and concepts

The pursuit of the above strategic objective and strategies will realize the following outcomes:

Oc 4.1: Increased Taxpayer compliance

Oc 4.2: Widened tax base

Oc 4.3: Reduced cost of ownership

Oc 4.4: Bridge the gap between business and ICT

4.5 ICT Project ManagementICT project management is critical to the enterprise to ensure projects are initiated or implemented within the project management framework in order to effectively enforce change, project management procedures, and discipline in planning, prioritization and selection of ICT projects, and projects closure. The pillar will facilitate a corporate and departmental mechanism for vetting and accepting ICT projects; adequate skills and knowledge transfer from vendors; adequate projects documentation while interfacing with stakeholders. There is also need for coordination of project based Change Control Committees (CCC) and Change Advisory Committee (CAC).

In implementing the strategy in this theme, the Authority shall adopt project implementation best practices. This will require transition from traditional waterfall model to an agile project execution approach of prioritizing project products and subjecting them to requirements, design, integration, testing and deployment one at a time and making decisions based on realities during execution.

4.5.1 Strategic Objective, Strategies and OutcomesThe Authority therefore needs to urgently institutionalize ICT project portfolio management. In order to do this, it will pursue the following strategic objective:

STRATEGIC OBJECTIVE 05: To enhance value from ICT project investments by institutionalizing professionalism in project selection and management.

In order to achieve this objective, the Authority will pursue the following set of strategies:

S5.1: Institutionalize structural mechanisms for vetting and selecting automation projects

S5.2: Review and enforce ICT Project Management Standards

S5.3: Review and enforce ICT project monitoring and evaluation in line with best practice

S5.4: Implement knowledge transfer programmes

S5.5: Develop and implement a framework for managing vendor and partner relationships

The pursuit of the above strategic objective and strategies will realize the following outcomes:

Oc 5.1: Improved ICT project portfolio planning

Oc 5.2: Enhanced attainment of ICT project objectives

4.6 ICT Risk ManagementKRA recognizes that risks are caused by people, systems and external events. These causes of risks trigger risk events, which may include fraud (internal or external), work place health and safety, environment, business disruption and system failure, or damage to assets.

ICT security risks have become a major challenge in the public service in Kenya. Firstly, there is need to address the key sources of risks through eliminating multiple user accounts by creating a single view of users; increasing enforcement and awareness of ICT policy and standards; and implementing effective application controls during systems design. Secondly, there is need to reverse the negative perception of business managers of the integrity of ICT personnel and ensure adequate risk assessment in ICT processes and adherence to Enterprise Risk Management (ERM).

KRA is committed to identify and mitigate business risks and to enhance information security and hence protect the perimeter of the IT platform while promoting trusted IT, by implementing Information Security Management System (ISMS), toward the implementation of a holistic approach to cyber security, projects management and best practices in IT governance to address both business challenges and technical issues.

Further, it is necessary to incorporate information security during project planning; adopt an ICT security and risk management framework; adopt a data governance framework, including data integrity and data classification; and ensure effective management of emerging technologies and concepts, e.g. BYOxs and Cloud Computing.

4.6.1 Strategic Objective, Strategies and OutcomesIn respect of ICT risk management, the Authority will pursue the following strategic objective:

STRATEGIC OBJECTIVE 06: To enhance the integrity of the Authority’s ICT infrastructure, systems and information by proactively identifying and mitigating ICT risks.

This objective will be achieved by pursuing the following set of strategies:

S6.1: Implement the state of the art security system

S6.2: Effectively manage infrastructure and system access

S6.3: Review and enforce ICT and information security policies and standards, embracing international standards

S6.4: Publish integrity index for all departments in a quarterly newsletter

S6.5: Support and assist in the development of the KRA Business Continuity Management strategy to agreed standards

S6.6: Establish and operationalize an Alternate Data Centre and Disaster Recovery plan in accordance with international standards and guidelines

S6.7: Only allow other agencies to access KRA data and processes, where appropriate, in a secure manner taking cognizance of data protection requirements

S6.8: Explore setting single-sign-on capability for our applications as a long-term objective

S6.9: Continue to implement PKI technology for sensitive applications/functions, and to track biometrics, smart cards and similar technologies to enhance security of our assets

S6.10: Address data loss prevention and in particular the USB security issue, where appropriate, and incorporate appropriate new rules in our IT usage policies and guidelines for staff

S6.11: Work towards formal ISO27001 security certification for our ICT services

S6.12: Appoint a security officer and bind IT security into the overall KRA enterprise risk management framework

S6.13: Perform an independent IS audit to provide an assurance about the state of the IT environment.

The outcome of pursuing the above strategic objective and strategies is:

Oc 6.1: Improved confidentiality, integrity, availability and accountability of KRA services

4.7 ICT Service Delivery With the increasing business expectations and the need to get ahead of the curve in order to assure business value, in the spirit of ‘IT as a Business Enabler’ (refer to Section 4.4.2), one of KRA’s goals is to embrace and institutionalize IT as a Service (ITaaS) model, and to make working with and within ICT Department enjoyable by transforming and redefining the ICT function to bridge the gap between business and ICT, and to improve ICT operations and

2928 2928

systems management for enhanced and efficient delivery of ICT services, while creating convergence of ICT staff and leveraging on outsourcing of services as necessary. This includes embracing the “Trust and Facilitation” culture to service delivery.

4.7.1 Strategic Objective, Strategies and Outcomes

In view of the foregoing, the Authority will pursue the following strategic objective:

STRATEGIC OBJECTIVE 07: To improve the efficiency of ICT service delivery by embracing SLA based best practice frameworks and recruiting, developing and retaining quality ICT personnel.

For the Authority to achieve this objective, it will pursue the following set of strategies:

S7.1: Review the ICT organizational structure in the spirit of getting ahead of the curve in order to assure business value

S7.2: Recruit experienced staff with relevant skills in line with best practice

S7.3: Develop, enhance and build ICT skills capacity

S7.4: Effectively deploy and manage human resources

S7.5: Develop and implement a strategic remuneration scheme for talented and highly skilled ICT staff

S7.6: Review processes of ICT in line with service orientation

S7.7: Implement framework contracts to allow sourcing of specialized skills on need basis

S7.8: Continue to use ITIL to frame the delivery, management and support of ICT services

S7.9: Adopt, build capacity in, develop and implement SLA based service delivery support framework as appropriate with internal customers and service providers

S7.10: Exploit the ITSM Tool for enhanced management of ICT services

The pursuit of the above strategic objective and strategies will realize the following outcomes:

Oc7.1: Business agile and flatter ICT organisational structure

Oc7.2: Increased retention of ICT staff

Oc7.3: Enhanced staff motivation

Oc7.4: Increased ICT HR capacity

Oc7.5: A holistic view of providing support and delivery of ICT services to business units to ensure and maintain a customer service focus.

4.8 IT Governance4.8.1 Organization and GovernanceIT governance is concerned about ensuring the effective and efficient use of ICT in enabling the Authority to achieve its business strategy. For example, there is need for the Authority’s ICT function to adopt IT best practices of standardization, simplification and automation, as well as Governance, Risk and Compliance (GRC) in order to reduce overall ICT costs, increase business impact, improve quality of service, manage risk, and provide transparency. In this regard, it is imperative to ensure that appropriate organizational and governance structures are in place.

4.8.2 Strategic Objective, Strategies and OutcomesThere is thus need to enhance IT governance by pursuing the following strategic objective:

STRATEGIC OBJECTIVE 08: To improve IT governance by enhancing compliance with best practice frameworks, standards, procedures and governance policies

This objective will be achieved by pursuing the following strategies:

S8.1: Adopt and implement ICT best practices, standards and governance policies

S8.2: Develop and implement an ICT policy

S8.3: Decentralize ICT support staff to business functions

S8.4: Increase the funding of ICT guided by the benchmark for tax administrations

S8.5: Improve communication within ICT and between ICT and top management

The outcome of pursuing the above strategic objective and strategies is:

Oc8.1: Enhanced compliance to best practices, standards, procedures and governance policies

4.9 The 2nd KRA Wide IT Strategy at GlanceSTRATEGY PILLARS FULLY AUTOMATED

SINGLE COLLECTORICT A “GAME CHANGER’ ICT A ‘ BUSINESS

ENABLER’

CORPORATE STRATEGY GOAL

ICT STRATEGIC OBJECTIVES

STRATEGIES/INITIATIVES 2014/ 2015

2015/ 2016

2016/ 2017

2017/ 2018

Enhancing Service Delivery by providing Fully Electronic Customer Service to increase Efficiency and Effectiveness Of Business Operations (Fully Automated Single Collector)

(1.) To offer integrated on-line services and self service to our customers in an efficient and effective way

1.1 Integrated Tax Management System (iTax)1.2 Integrated Customs Management System (iCMS)1.3 Enterprise Resource Planning (ERP)1.4 Contact Centre Upgrade (CC)1.5 Queue management solution. (QS)1.6 Quality Management Solution (QMS)1.7 Develop and implement a clearly defined Business Application Architecture (BAA)1.8 Review and improve standards on Application Development, Acquisition, Integration and maintenance of business systems (ADAI)1.9 Develop and/or acquire Quality Information System (QIS)1.10 Maintain Existing Information Systems (MEIS)1.11 Retire Obsolete Systems (ROS)1.12 Institutionalize RCOE1.13 Build Capacity In Procurement Contracting And Vendor Management (BCPV)1.14 Review and implement Application Development/Acquisition Strategy (AAS)1.15 Maintain the Java and open source standard

Enhance availability, continuity and response times of business systems

(2.) To enhance availability of business systems and ensure continuity of business operations

2.1 Primary Data Centre/Alternate Data Centre (PDC/ADC)2.2 Upgrade and Maintain ICT Infrastructure (IU)2.3 Implement Virtualization and Consolidate Technologies (IVC)2.4 Implement OS Standards (OS) 2.5 Implement Hardware Platform Standardization (HS)2.6 Implement Vendor Relationship Management2.7 Manage technology /Infrastructure Capacity and Life Cycle (ILC)

3130 3130

CORPORATE STRATEGY GOAL

ICT STRATEGIC OBJECTIVES

STRATEGIES/INITIATIVES 2014/ 2015

2015/ 2016

2016/ 2017

2017/ 2018

Establishing a Managed EnterpriseInformation Infrastructure

(3.) To improve the quality of information by establishing a managed enterprise information infrastructure

3.1 Data Warehouse and Business Intelligence3.2 Support implementation of an Integrated Board Management Solution (iBS)3.3 Enterprise Document Management System (EDMS)3.4 Enterprise Service Bus (ESB)3.5 Service Oriented Architecture (SOA)3.6 Build a centralized Master Information/Data Source (MDS)3.7 Implement Tools to Quality Data to DW (DWT) 3.8 Support Knowledge Management System (KMS)3.9 Liaise with other government agencies to; Implement Unique Universal Identifier for entities (UUI)

Exploit Technological Advances to improve service delivery (Make ICT a ‘Game Changer’)

(4.) To improve service delivery and taxpayer compliance by enhancing the leveraging on existing and emerging technologies and innovations.

4.1 Institutionalize Business Enablement through Technology (BET)4.2 Mobile Applications (MA)4.3 Socio-Media (SM)4.4 Customer Relationship Management (CRM)4.5 Content Management System (CMS)4.6 Virtual Desktop Infrastructure (VDI)4.7 Geographical Information System (GIS)4.8 Payment Gateway (PG)4.9 Mobile Payment4.10 Voice of IP (VOIP)4.11 Video Conferencing (VC)4.12 Multivendor system (MVS)4.13 Benchmark Against Best Practices Technologies In Other revenue Administrations (ITIG)4.14 Leverage Emerging Technologies Standards (ETS)4.15 Implement ICT innovations (INO)4.16 Develop and implement an Infrastructure Architecture

Improving Project Portfolio Management

(5.) To enhance value from ICT project investments by institutionalizing professionalism in project selection and management

5.1 Implement Project Portfolio Management Strategy (PPM)5.2 Review and enforce ICT Project Management Standards (PMS)5.3 Review and enforce ICT Project Monitoring and Evaluation in line with Best Practice Implement Project (M&E)5.4 Implement Knowledge Transfer Programmes (KT)5.5 Develop and implement a framework to Manage Vendor and Partner Relationships (SLA)

CORPORATE STRATEGY GOAL

ICT STRATEGIC OBJECTIVES

STRATEGIES/INITIATIVES 2014/ 2015

2015/ 2016

2016/ 2017

2017/ 2018

Enhancing Integrity of ICT Infrastructure, Systems andInformation by use of IT System Based Tax Risk Profiling

(6.)To enhance the integrity of the Authority’s ICT infrastructure, systems and information by proactively identifying and mitigating ICT risks through a holistic approach to cyber security.

6.1 Intelligence Gathering System (IGS)6.2 Tax Management System (TIMS)6.3 Undertake an independent IS Audit (ISA)6.4 Manage Infrastructure And System Access (IMA)6.5 Review and Enforce ICT and Information Security Policies and Standards (ISS)6.6 Implement Secure Access KRA data and information (SAD) 6.7 Implement Single-Sign-On Capability (SSC)6.8 Develop policies and guidelines USB usage and security (USBS).6.8 Work towards formal ISO27001 security certification for our ICT services (ISO27)6.9 Integrate IS security to Enterprise Risk Management framework (IERM)

Improving Efficiency of ICT Service Delivery

(7.) To improve the efficiency of ICT service delivery by embracing SLA based best practice frameworks and recruiting, developing and retaining quality ICT personnel.

7.1 Review the ICT organizational structure in the spirit of getting ahead of the curve in order to assure business value Review IT structure (STRU)7.2 Recruit experienced staff with relevant skills in line with best practice (REC)7.3 Develop, enhance and build ICT skills capacity (EBC)7.4 Effectively deploy and Manage Human Resources (EDS)7.5 Review processes of ICT in Line With Service Orientation (SO)7.6 Implement framework contracts to ; Allow Sourcing Of Specialized Skills On Need Basis (OTS)7.7 Continue to use ITIL to frame the delivery, management and support of ICT services7.8 Adopt, build capacity to, develop and implement SLA based service delivery support framework, Implement (SLC)7.9 Exploit ITSM Tool for enhanced management of ICT services

Enhancing IT Governance

(8.) To improve IT governance by enhancing compliance with best practice frameworks, standards, procedures and governance policies

8.1 Improve IT Governance (ITG) by Enhancing Compliance IT Best Practices, Standards, and Governance Policies8.2 Review and update Procedures8.3 Adopt and implement ICT best practices, standards and governance policies8.4 Develop and implement an ICT policy, Implement IT policy (ITP)8.5 Decentralize ICT support staff to business functions, (DITS)8.6 Increase the funding of ICT 8.7 Improve Communication within ICT

3332 3332

Strategy Implementation5/5.1 Implementation Plan

An excellent strategy will deliver expected results if its implementation is good. Various activities ought to be done to ensure successful implementation of this strategy.

5.1.1 Internal ConsistencySuccessful strategy implementation requires congruence between the various internal dimensions of an organization. Key among these are strategy, structure, systems, style (leadership), staff (skills, number, attitudes) and shared values. These need to be aligned to support the strategy being implemented.

5.1.2 Annual PlanningThe ICT Department should develop annual work plans, derived from the four-year implementation matrix. They detail what will be done during the relevant year. Timelines are more specific (within the year) and more persons in the department (below the head of department) are assigned implementation responsibilities.

5.1.3 BudgetIt will be important to maintain a link between the annual budget, annual work plan and the ICT strategy. Annual work plans should be completed in time to inform the relevant annual budgets.

5.1.4 Communication of the StrategyMost staff in KRA will be involved in implementing the ICT strategy. There is need to sensitize them on key highlights of the strategy being implemented and what is expected of them. This calls for communicating the strategic plan to staff.

5.2 Monitoring and EvaluationMonitoring and evaluation (M&E) helps those involved in executing the ICT strategy to assess if progress is being made in line with expectations in the plan. Monitoring and evaluation of performance shall be the responsibility of those who are closely involved in the implementation of the strategy. In this regard, the ICT Department Head and associated stakeholders shall carry out quarterly self-assessment of performance and provide proofs of compliance. They will be expected to have the capacity to conduct self-assessment of performance and will be given the responsibility to undertake performance measurements and reporting. In addition, the Strategy & Modernization Division of ICT will assist the ICT Head of Department and the stakeholders in the role of monitoring and evaluation.

5.2.1 Setting Performance TargetsAt the beginning of the year, all the concerned units will set their performance targets in a schedule form, together with set timelines as part of their annual work plans as derived

from the second ICT strategy. In setting these targets, it is proposed that the performance framework in Table 5.1 below be used.

EXPECTED RESULTS

PERFORMANCE INDICATOR

SOURCES OF VERIFICATION

DATA COLLECTION METHODS

DATE COLLECTION FREQUENCY

RESPONSIBILITY ASSUMPTIONS

5.2.2 Monitoring PerformanceMonitoring involves establishing indicators; setting up systems to collect information relating to these indicators as shown in the framework above; collecting and recording the information; analyzing the information; and using the information to inform day-to-day management. The key reasons for monitoring can be summarized as follows:

�To establish if performance targets have been met and the explanations as necessary;

�To act as an early warning system and detect potential difficulties and help to address them during implementation; and

�To provide feedback to the next phase of implementation, reduce the cost and/or increase the efficiency of post evaluation studies.

The strategy will be implemented through performance contracts by the ICT Department and its constituent units. The ICT Department will monitor the implementation of the strategy on a monthly basis while the corporate will monitor the implementation of the strategy on a quarterly and annual basis.

5.2.3 Performance EvaluationPerformance evaluation shall be carried out quarterly and annually in all the strategic initiatives. The agreed performance indicators and targets at all levels will be used for benchmarking of this evaluation. The outcome of the annual evaluation will form a basis for the following year’s plan.

5.3 List of Stakeholders ConsultedSTAKEHOLDERS/ORGANIZATION1. ICT AUTHORITY (ICTA)2. KENYA BANKERS ASSOCIATION (KBA)3. CENTRAL BANK OF KENYA (CBK)4. KENTRADE5. COMMUNICATION AUTHORITY OF KENYA6. TAXPAYERS ASSOCIATION OF KENYA7. KENYA MARITIME AUTHORITY8. KENYA PORTS AUTHORITY (KPA)9. KENYA REVENUE AUTHORITY DEPARTMENTS HEADS10. KENYA REVENUE AUTHORITY BUSINESS AUTOMATION OFFICES11. KENYA REVENUE AUTHORITY ICT PROCESS MANAGERS12. KRA BOARD OVERSIGHT COMMITTEE ON ICT AND PROCUREMENT SERVICES13. LEAD CONSULTANT - PROF. TIMOTHY WAEMA14. REVIEWER - DR. AGNES WAUSI

353534

The Deputy Commissioner, ICT P. O. Box 48240 - 00100 Nairobi Tel: +254 20 310900