ISLAMABAD: In a security breach concerning the data of Pakistani nationals, Nadra procured 30 million smart cards without obtaining security clearance of the final selected bidder from government intelligence agencies.
Audit report for the year 2022-23, recently released by the Auditor General of Pakistan, said, “During the scrutiny of procurement file regarding 30 million smart cards, it was observed that management was required to get security clearance from security agencies of government of Pakistan of the final selected bidder.”
Record pertaining to security clearance of smart cards from any government intelligence organisation concerned was demanded vide requisition dated 29.09.2022 by the auditors but the same was not made available to audit.
“This showed that no security clearance was obtained from security agencies,” the report said, adding that bids submitted by bidders were also reviewed and it was found that no verification of bidding documents/allied reference letters was carried out by the management to ensure the authenticity and veracity of these documents.
Nadra’s smart card is a smart national identity card with an addition of a chip inside the card that helps log information. The smart card contains personal information of the cardholder’s name, date of birth and gender. The card contains biometric data including fingerprints and facial recognition. It also contains the electronic signature of the cardholder. The card contains multiple security features, including holograms and micro text, to prevent counterfeiting and ensure the cardholder’s identity is protected. It is said that the smart card also contains multiple security features to prevent counterfeiting and ensure protection of the cardholder’s identity.
Nadra’s top management, when approached, said it had told the AGPR in in it reply, “In accordance with clause 11.6 of the bidding document, the security clearance of the selected bidder was not mandatory. Additionally, the selected bidder is also the current supplier of smart cards.” The audit report about Nadra’s smart card is part of 4,566-page voluminous “CONSOLIDATED AUDIT REPORT (FEDERAL GOVERNMENT) FOR THE AUDIT YEAR 2022-23” and apparently belongs to the tenure of Shehbaz Sharif-led PDM government as the year under assessment of the audit department was 2022-2023.
According to the AGP report, audit held the issuance of purchase order for 30 million smart cards without obtaining security clearance from security agencies and non-confirmation of bidding documents/allied reference letters was irregular.
The report said that the issue was shared with management on 29.12.2022 but the response was still awaited. No DAC (Departmental Audit Committee) meeting was arranged till finalisation of this report. Audit recommended to explain the reasons for not obtaining security clearance from security agencies and non-verification of bidding as required under clause 11.6 of bidding documents besides fixing responsibility thereof.
The report said that the procurement of 30 million smart cards in violation of Nadra smart cards procurement SoPs also resulted in excess procurement of smart card valuing $4.5 million. According to procurement of smart ID cards SoPs, a minimum stock level of smart cards equivalent to six-month consumption will be maintained in order to avoid any unforeseen situation. The demand for procurement of smart cards shall commence well before time in order to ensure uninterrupted production operation. “During audit of Nadra for the years 2020-21 & 2021-22 it was observed that the management of Nadra had issued purchase order for procurement of 30 million smart cards to M/s SELP on 26.04.2022 for $29.700 million.”
It said that record showed that the procurement was made without determining the re-order quantity and re-order level of stock as per their own SoPs. Further the management placed an order of 30 million smart cards whereas management was required to issue a purchase order equal to re-order quantity 25,463,830. Procurement of 4,546,170 smart cards valued at $4.5 million was made in excess.
The report also mentioned that at the time of initiating and issuance of the purchase order for procurement of 30 million smart cards, sufficient quantity 16.673 million smart cards were available. It was also noted that average consumption of smart cards from the last 19 months is 898,584 smart cards per month. Keeping in view that average per month consummation, 19 months stock was available with management.
“Hence initiation of above procurement was made without definite requirement. Keeping in view the average consumption, the ordered quantity was sufficient for more than three years. Audit was of the view that the procurement of smart cards was made in haste by violating the rules and SoPs. Further sufficient stock for 19 months was available at the time of initiating the procurement process and this showed that existing controls were compromised which is also tantamount to mala fide intention of management,” said the report.
