Functional and Technical

Assessment for Scale-up

of COPOMIS
Department of Cooperatives
18 October 2019
Agenda

1. Introduction
2. Infrastructure Assessment
3. Software Technical Assessment
4. Functional Assessment
5. Summary
6. Other Recommendations

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 2
Introduction
Background
• Cooperative and Poverty related Management Information System (COPOMIS), a web based system to capture details of
Cooperatives along with their financial data, was developed to assist the Ministry of Land Management, Cooperatives and
Poverty Alleviation (MoLMCPA) and Department of Cooperatives (DoC) in performing their monitory, supervisory and
regulatory functions
• After the country transitioned to a federal structure, DoC envisaged COPOMIS as a tool to aggregate data from over
34,000 existing cooperatives at all 3 levels of the government, for performing its functions effectively
• Currently, less than 10% of the cooperatives are using COPOMIS to submit their financial and operations reports
• Moreover, the Annual Maintenance Contract of the implementing partner expired in August, 2019 and hence DoC is
seeking another vendor for regular maintenance as well as enhancement of the current system
• Considering the low adoption levels of COPOMIS, DoC requested PwC to conduct an assessment of the system and
provide recommendations on the way forward. Also, after the expiry of the contract of the existing vendor,
• In this context, PwC has performed an assessment of COPOMIS for scaling up the service and provided
recommendations along 3 lines:
1. Functional Review of the system
2. Software Technical Review of the system
3. Infrastructure assessment of the system

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 4
Our Approach
• We have approached this assignment by identifying all the stakeholders involved and have evaluated the current implementation basis the
data captured vis-a-vis the functions of the DoC
• Based on the data collected from available documentation, interviews and discussions with DoC staff and other stakeholders, we have
identified some gaps and vulnerabilities of which some are very critical in all 3 areas and have documented them as recommendations
in the subsequent sections of this report
• A detailed explanation on the findings, their impact and recommendations are provided in the Annexures section of the report
• All the findings were identified with the following severity ratings and colour coded as below:

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 5
 Infrastructure Assessment
• Summary
• Current State
• IT Infrastructure Deployment
• Network & Security
• Connectivity
• DR Infrastructure
• Infrastructure Documentation
• IT Organization
• End User Readiness

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

6
IT Infrastructure Assessment – Summary

Domain Key Findings and Recommendations

Infrastructure Deployment • Current COPOMIS deployment has adequate resources allocated. However, DoC should have a
formal Agreement with the Service Providers and should have measures taken for high
availability
Network & Security • COPOMIS environment has adequate Network security level controls and data protection
through site encryption
• COPOMIS server should be protected with anti-virus and HIDS solutions
• The access privileged accounts to the servers should be restricted and the access for the
functionalities related to DoC operations should only allowed from DoC office network

Connectivity • COPOMIS servers have adequate capacity for network connectivity, However end users from
rural cooperatives may require special provisions to connect to COPOMIS
• It is recommended that COPOMIS to have a mobile app on popular mobile platforms and the
governing institutions of cooperatives may provide service desk or kiosks for the cooperatives

DR Infrastructure • The architecture of DR infrastructure is adequate however the DR Location, the DR activation
mechanism and data backup process are not adequate
• The DR should be shifted to a location away from primary location
• Recovery objectives should be agreed with the service provider
• DoC should assess its data backup requirements and implement a comprehensive back up
process

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 7
IT Infrastructure Assessment – Summary (contd…)

Domain Key Findings and Recommendations

IT Infrastructure • IT infrastructure documentation is not maintained

Documentation • DoC should ensure that adequate level of documentation is maintained for IT infrastructure
through out its life cycle

Internal IT Organization • Significant improvement is required for DoC IT organization and its processes and there are no
system monitoring tools used by DoC
• It is recommended that, DoC should organize a formal IT function staffed by empowered staff and
ensure their capability through adequate capacity building programmes
• DoC should also implement a adequate system monitoring tools

End User Readiness • Readiness of end users at grass root level cooperatives seems to be not adequate due to
infrastructure and capacity limitations
• It is recommended that, DoC may extend the required functionality on popular mobile platforms
through apps and provide assistance through service desks and kiosks at governing institutions
level

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 8
IT Infrastructure – Current State

Domain Current State

Infrastructure Deployment • The COPOMIS application is hosted in the Government cloud (G Cloud) infrastructure owned by
DoIT
• The G Cloud infrastructure is based on VMWare virtualization platform and Dell servers
• The G Cloud owner is responsible for provisioning the virtual resources for COPOMIS Servers but
not managing the COPOMIS servers
• There are 4 virtual servers with a total of 30 vCPU, 56GB of memory and 2TB of storage is
provisioned for COPOMIS
• The G Cloud is hosted in GIDC which is owned by National Information Technology Centre
• GIDC have adequate capacity and redundancy provisions for Power supply and HVAC systems

Network & Security • The G Cloud is in an isolated network at GIDC. GIDC provides the space & physical infra for G
Cloud
• The Virtual servers are managed by DoC staff or its subcontractors
• The G Cloud network is protected by a Sonic Wall firewall, a virtual firewall and ESET security

Connectivity • The COPOMIS servers are connected to Nepal Internet Exchange (NPIX) through 10Gbps link
and to the Internet with 10mbps primary and 2mbps secondary common links of the G Cloud

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 9
IT Infrastructure – Current State (contd…)

Domain Current State

DR Infrastructure • DR instance of the COPOMIS is available in the DR instance of the G Cloud with same capacity as
that of Primary Instances

IT Infrastructure • DoC does not maintain adequate documentation for IT infrastructure

Documentation

Internal IT organization • DoC currently does not have an Internal IT organization, IT management system and Processes
• DoC internal IT infrastructure consists of 25 computers connected to a LAN covering 2 floors and The
LAN is established using a 24 Port switch.
• The Internet Service provider has established a Wi-Fi network as part of the internet service
provisioning

End User Readiness • Grass root level cooperatives requires basic IT infrastructure to access the COPOMIS application such
as a computer and internet connection.
• The extend of readiness of grass root level cooperatives on this aspect cannot be ascertained due to
lack of information

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 10
IT Infrastructure Deployment - Findings

Sub Domain Rating

• COPOMIS system is deployed in a government cloud (G
Cloud) owned by Department of IT (DoIT), hosted in Cloud Hosting
GIDC Deployment Architecture
• Department of Cooperatives (DoC) has access only to the
Computing Capacity Provisioning
provisioned virtual servers and does not have effective
control on the resources available to the virtual machines Storage Capacity Provisioning
as there is no formal agreement for the arrangement Physical and Environmental Controls

Capacity for Future Enhancements

• The production instance of IIS and Database are running on the same physical infrastructure. Thus there is no redundancy
measures implemented for the production environment

• Currently the provisioned computing and storage capacity is adequate

• DoC has limited control over the physical infrastructure and controls supporting COPOMIS system

• The capacity requirement for future enhancements and the ability of the cloud to meet the requirements cannot be ascertained
Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019
PwC 11
IT Infrastructure Deployment – Recommendations

• DoC Should have a formal Agreement with DoIT and NITC for the services with clearly defined quantifiable SLA
parameters

• DoC should establish review mechanism to ensure adequate level of services

• DoC / DoIT should consider modifying the production deployment by increasing the IIS and database server
instances to 2 each operating in clustered environment to ensure high availability

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 12
Network & Security – Findings
Sub Domain Rating

Network and Security Architecture

Anti Virus

Intrusion Detection

Access Control

Site Encryption

• The Network Level control measures for the G-Cloud and COPOMIS are adequate

• COPOMIS servers do not have reliable Antivirus controls / measures in place

• COPOMIS servers are not protected with HIDS (host Intrusion Detection System)

• The COPOMIS production servers are accessible through remote desk top from the internet with default administrator account and
the features of COPOMIS required for the DoC staff and management.

• DoC should restrict the access of the functionalities related to DoC operations from DoC office network only. To achieve this DoC
may implement a secured link using physical link or VPN over Internet to the GIDC where servers are hosted

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 13
Network & Security – Recommendations

• DoC should consider installing a reliable Antivirus solution for the COPOMIS environment

• DoC should consider installing a reliable HIDS for COPOMIS production servers as the COPOMIS application has limited auditing
and logging features

• DoC should restrict the access to the production servers using privileged accounts from secured networks/IP addresses/devices only

• DoC should restrict the access of the functionalities related to DoC operations from DoC office network only and to achieve this DoC
may implement a secured link using physical link or VPN over Internet to the GIDC where servers are hosted

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 14
Connectivity – Findings & Recommendations

Findings Sub Domain Rating

• The provisioned Server side connectivity for COPOMIS is
adequate Server Side

• The extend of readiness of grass root level cooperatives in

End User Side
terms connectivity cannot be ascertained due to lack of
information

Recommendations

• DoC and other governing institutions such as local governments may provision shared facilities such as service centres/desks or kiosks
for the grass root level cooperatives

• The COPOMIS may be extended to have a mobile app with limited functionality for cooperatives on popular smart phone platforms such
as Android and Apple

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 15
DR Infrastructure – Findings
Sub Domain Rating

Architecture
Location
Management & Activation
Back Up

• The overall architecture of Disaster Recovery infrastructure for COPOMIS is adequate

• The current location of DR infrastructure does not ensure successful recovery as it is housed in the same Data Centre

• The Management and Activation processes of DR is a DoIT responsibility and the Recovery Objectives and processes are
ambiguous

• There is no data back up of COPOMIS practiced by DoC

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 16
DR Infrastructure – Recommendations

• DoIT should ensure the shifting of DR instance of the cloud to Hetauda at the earliest as planned

• In case the relocation of DR instance of the cloud is getting delayed, DoC should identify alternate options for
Disaster Recovery

• DoC should work with DoIT to formulate acceptable Recovery Objectives (RTO & RPO) and should develop
internal Disaster response and recovery process for DoC and COPOMIS

• DoC should assess its data backup requirements and develop a comprehensive back up process in collaboration
with DoIT for COPOMIS data base and Virtual Machines

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 17
Infrastructure Documentation – Findings & Recommendations

Findings
Sub Domain Rating
• There is no reliable documentation of IT infrastructure deployment such as
Availability of Infrastructure
deployment architecture document, Network diagrams and LAN/WAN
Documentation
diagrams are available

Recommendations

• DoC should ensure that adequate level of documentation is maintained for IT infrastructure through out its life cycle

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 18
IT Organization – Findings

Sub Domain Rating

Overall IT Organization
IT Management Processes
Monitoring and Maintenance

• The Internal IT Organization of DoC requires significant improvement to Manage and Support the Current COPOMIS in
terms of number of staff and expertise

• There are no formal IT Management Systems and Processes followed in DoC IT Division

• There is no facility or tools available in DoC IT function to monitor the COPOMIS systems

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 19
IT Organization – Recommendations

• DoC should organize the internal IT function by defining the following

i. Overall IT organization structure within the DoC organization
ii. Identify the staff positions with clearly defined job descriptions with roles and responsibilities
iii. Provide capacity building support to the staff and ensure internal people capacity
iv. Appoint / contract required service providers to carryout specialised tasks

• DoC should develop and implement the management system and processes for the management and maintenance of IT systems and
underlying infrastructure based on proven frameworks such as ITIL or CoBIT

• DoC should identify and implement appropriate monitoring tools for the systems and underlying infrastructure. The processes
should be developed and implemented to utilize the tools

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 20
End User Readiness – Findings & Recommendations

Findings
Sub Domain Rating
• The extend of readiness of grass root level cooperatives on this aspect cannot
be ascertained due to lack of information End User Devices

End User Capability

• Though DoC is continuously investing in the capacity building for the
adoption of COPOMIS, the limitations in the functionality and inefficient User
Interface design are major impediments to the wider adoption of COPOMIS

Recommendations

• DoC and other governing institutions such as local governments may provision shared facilities such as service centres/ desks
or kiosks for the grass root level cooperatives

• The COPOMIS may be extended to have a mobile app with limited functionality for cooperatives on popular smart phone
platforms such as Android and Apple

• The application should be modified to improve the functionalities and user interfaces

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 21
 Software Technical Review

• Software Architecture

• Coding & Design

• Data Access

• Performance

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

22
Software Architecture – Findings & Recommendations

Sub Domains Rating

Application Layering
Single Responsibility
Code Maintainability

Domain Key Findings Recommendations

Software The application architecture as a multi-layered architecture is not • Refactor the code to implement proper
Architecture robust because: structuring

• The implementation has a 2 tier architecture and does not • Refactor the code with SOLID principle
have a separate Database access Layer, Service and/or
business layer
• There is no clear separation between different layers of the
application and violates Single responsibility principal

Code duplication is observed as the same logic has been

implemented in many places, making code maintenance
difficult

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 23
Coding & Design – Findings & Recommendations
Sub Domains Rating
Comments in Code – Readability
Dead, Duplicate & Commented Code
Exception Handling
Code Optimization
Missing Unit Test Cases
Indexing of Database Tables

Domain Key Findings Recommendations

Coding & Design The Coding and Design of the application has significant • All classes and methods should have proper comments
weaknesses such as:
• Refactor application code to remove commented and
• Inadequate Exception and Error Handling dead code

• Optimization gaps resulting in high CPU utilization • Use VSTS indentation

• Absence of Indexes in Database • Application should display friendly error message to the
end users
• Improper Indentation of the code
• Add unit test cases in the code
• Absence of adequate comments
• Add proper indexes in all tables
• Presence of dead code

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 24
Data Access – Findings & Recommendations

Sub Domains Rating

Number of Database Requests
SQL Injection
Caching

Domain Key Findings Recommendations

Data Access • The Data Access approach used in the application is

inadequate as there is minimal use of caching of • Implement caching for frequently used data
frequently used data, resulting in more than required
number of database calls • Use SQL parameters and procedures

• The database calls during page loading is not • Change the design and approach
optimized

• The methodology of using SQL in the application code

is not secure and may lead to exploitation through
SQL injection

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 25
Performance – Findings & Recommendations

Sub Domains Rating

Memory Leakage

Domain Key Findings Recommendations

Performance The methodology of using SQL in the application code Use string builder to avoid memory leakage
may lead to memory leakage and frequent garbage
collection

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 26
 Functional Assessment

• Registration Related Functions

• Functions Related to Submission of Information

• Functions Related to Supervision

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

27
Registration Related Functions

Cooperatives can submit an application to register themselves online in the current implementation. However there is no
provision to update the application once it is submitted. Even DoC staff are not provided with a feature to update the
information. Any such changes can only be done at the database level

Domain Functionality and Workflow

Registration of Existing The details of cooperatives which are established and registered before deployment of COPOMIS are
Cooperatives entered manually by the supervisors from the past records
Registration of New A cooperative which is being formed newly can do the registration process online by entering all the
Cooperatives details onto the COPOMIS system. The responsibility of validating and verifying the details is assigned
to a concerned supervisor internally, after the cooperative submits its details

Know Your Member (KYM) A one time entry of all the members of a cooperative has to be entered into the system through an excel
file. Subsequently details of new members joining the cooperative can also be entered into the system on
a monthly basis

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 28
Registration Related Functions – Key Findings

Domain Rating
Registration of Existing Cooperatives

Registration of New Cooperatives

Know Your Member (KYM)

Domain Key Findings

Registration of Existing
Cooperatives The function is working well through manual entries. However, there is no provision to upload
registration certificates or other digitized documents of existing cooperatives

Registration of New The details of cooperatives which are being formed newly can be entered by the cooperatives
Cooperatives themselves onto the system. After entering and submitting the details, cooperatives have no way track
their registration status

Know Your Member (KYM)

There is an excel sheet to upload the members of a cooperative. The validation of errors and their
display is not being done properly after the excel sheet is filled and uploaded.

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 29
Functions Related to Submission of Information

• Cooperatives are required to upload information as per the below mentioned frequencies

• However, the frequency of submission of information can vary according to the local and provincial laws

• System currently has the provision to capture all the below mentioned information online

MONT
ANNU
ALLY

HOC
HLY

AD-
1. General Meetings 1. Financial Reports 1. Bylaw Amendments
2. Elections 2. Summary Report 2. Change in area of
3. Committee 3. New Members details operations
4. Sub Committee 4. Change in Shareholder pattern
5. Cooperative Unions 5. Produce Export Details
6. Produce Cooperative Services
7. Agri Produce Purchase reports
8. Loans taken by Committee
members

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 30
Functions Related to Submission of Information – Recommendations

Key Recommendations

• System should have a dashboard to display all the recent information collected and have certain parameters to assess the health of a
cooperative based on information received from cooperatives
• General Meeting (GM), First GM and Special GM forms can be clubbed into one single form with customized detailing for each type
of General Meeting
• By-Law Amendments and Change in Geographical Working Area forms can be combined to a single form
• System should have a new feature to capture details of a cooperative member whose savings exceed AML limit through a form

• System should have search and pagination features for all the types of information collected. A list of approved and rejected returns
should be shown separately
• System should only accept information in non editable formats like PDF or else Access control must be ensured to not allow the
supervisors to tamper with the reports submitted

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 31
Functions Related to Supervision and Administration – Overview

Domain Functionality and Workflow

Approval of Reports The various reports which are submitted by cooperatives come to the respective supervisors, which
they can approve or reject. The approved reports are sent to the DoC staff to update the records and
the rejected reports are sent back to the cooperatives for making the necessary changes and
resubmission
Staff & User Management Certain staff members of the local supervisory units can be assigned responsibilities by the DoC
administrators. The communication after assigning the responsibility is communicated in an offline
manner currently

Revenue Supervisors are authorized to levy certain fines for non-compliance with Cooperative Act 2075,
Cooperative Subsidiary Legislature 2075 and Money Laundering Act
Communication Supervisors have to communicate certain information to the cooperatives like IT Maintenance of
COPOMIS, Corrections in any of the submitted information, fines imposed, etc.

Password Distribution Administrators have to send username and passwords to both the existing and newly registered
cooperatives

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 32
Functions Related to Supervision – Key Findings
Domain Rating
Approval of Reports
Staff & User Management
Revenue
Communication
Password Distribution

Domain Key Findings

Approval of Application Currently the respective supervisory units can approve or reject the reports. The
workflow after approval of reports is missing and all the necessary changes to be
made are communicated by the supervisors to the DoC
Staff & User Management System is used by DoC administrators to assign responsibility to the Supervisory staff. However,
supervisory staff are not aware about the responsibility assigned to them, without offline
communication from DoC
Revenue System currently displays a record of all the fines imposed in a single page. A report is missing to
display the total amount of fines imposed and collected in specific time periods

Communication System currently lists all the notices sent by the supervisors on a single page. Only the IT
Maintenance notices are presently functional
Password Distribution Passwords are currently sent to the cooperatives in the form of physical letters
Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019
PwC 33
Functions Related to Supervision – Recommendations

Domain Key Recommendations

Approval of Reports • System should allow the subnational supervisory units to enter, edit and make changes to the database after
the approval of reports and amendment requests
Staff & User Management
• System should send an SMS to the staff after assigning a responsibility
• System should also be sending password creation links to the staff for password creation and do away with
the common password (12345) practice

Revenue • System should generate a report to display the total amount of fines collected in time periods like a month,
quarter or a year
• A search and pagination for the list of fines imposed must be added
Communication
• System should have visual cues for the supervisors to see which cooperatives have read and not read the
notices for the supervisors to follow up on the notice sent

Password Distribution • System should be sending links through email or OTPs through SMS to cooperatives, for creating passwords
• System should also have a password reset button for cooperatives at the supervisor’s end

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 34
 Summary

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

35
Summary of Findings - Overall

1. Based on the functional assessment, it was found that while most of the activities are provisioned to be
done online, gaps in functionality of most features has led to the low adoption levels of COPOMIS
2. For the system to support the core supervisory and regulatory functions of the DoC, the system requires
significant enhancements over the current state
3. In the Software Technical Review, it was found that the existing code does not follow international coding
and design guidelines . Thus, it is not feasible to scale up the current system as it may not support
significant changes to the code and software functionality
4. In the IT Infrastructure assessment, it was found that while computing infrastructure is adequately
provided, IT infrastructure service related agreements need to be formalized. Security of the application,
Internal DoC IT organization capacity and IT Infrastructure documentation were found to be weak and
needing significant improvements
5. Considering all the above assessments, DoC may look forward to developing a completely new system
by comprehensively defining their requirements end-to-end with professional help.
6. PwC recommends an international competitive bidding for selection of a vendor to develop a new
COPOMIS to assist DoC in regulation and supervision of cooperatives

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 36
Summary - IT Infrastructure Assessment

1. Deficiencies in Infrastructure Deployment such single point of failures at server level, Network and Security
such as absence of Anti-virus and HIDS (Host Intrusion Detection System), DR Infrastructure being at the
same premise as that of production and Lack of Infrastructure documentation can pose a serious threat to the
security and availability of COPOMIS. Thus it is recommended to correct the deficiencies
2. Current deployment of COPOMIS has adequate resource allocation but DoC has no effective control over the
resource's availability and scalability. DoC should have proper contracts and SLAs with service providers
3. Servers can be accessed using Privileged accounts from the Internet and thus posing a serious security threat
to the COPOMIS. The access to the privileged accounts should be restricted from secured networks and
devices
4. IT Infrastructure documentation is currently not maintained, and this affects the maintainability of the system /
environment. DoC should ensure maintenance of required IT Infrastructure Documentation
5. DR location is same as the primary location which defeats the purpose of having a DRS. There are significant
deficiencies in the DR activation mechanism and data backup process. DoC should ensure the separation of
DR and production environments and should implement adequate data backup processes
6. End users may not have the necessary infrastructure to access the COPOMIS system, resulting in low
adoption of the system. DoC may consider extending the required functionality to mobile platforms through
apps and provide assistance through service desks and kiosks at governing institutions level

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 37
Summary - Software Technical Assessment

1. The current design and coding approach uses too many database calls to load a page and this shall result in
database bottlenecks, performance issues and scalability issues
2. The methodology of using SQL in the application code may lead to memory leakage and frequent garbage
collection affecting the application performance
3. Current architecture and code violates Single Responsibility principle as there is no clear separation between
layers (UI, Business and Data) impacting the architecture robustness and extensibility of the application
4. Same logic has been implemented in many places by duplicating the code. Thus, any changes should be made in
every place where the logic has been implemented which severely affects the maintainability of COPOMIS
5. In the current implementation, exceptions are not adequately handled and are displayed to the end user as error
dump rather than as functional error messages. This can be a potential security issue as such errors may reveal
the critical information about the application architecture and vulnerabilities
6. Database is not indexed adequately, and this can affect the performance of the application severely as this affects
the data access from database
7. Things like lack proper commenting (for classes and methods), dead code (code which is not used), improper
indentation are present in the current code which are affecting the readability and maintainability of the code
8. Standard developer practices were not followed while developing the code. Unit test cases are missing which
impacts the test coverage and time to market
Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019
PwC 38
Summary of Findings – Functional Assessment

1. Major functionalities covered in the COPOMIS are:

– Registration of Cooperatives,
– Capturing monthly and annual information of Cooperatives and,
– Regulation and Supervision of Cooperatives
2. Though all the above information is provisioned to be captured within COPOMIS, the system is not
generating any reports (for eg: reports related to Bad Loans, Anti Money Laundering directive and Risk
Assessment) which are critical for DoC to supervise, regulate and asses the health of a cooperative.
3. COPOMIS is expected to support in critical functions of DoC such as monitoring and regulation of
cooperatives however it lacks the basic validation features. System does not validate various other
compliances (detailed in main report) mandated by the law.
4. To validate the citizenship mandated by the law for membership in a Cooperative, DoC may request API
access to the Ministry of Home Affairs database. Similarly, to verify whether a cooperative paid the fines
imposed by DoC, DoC may look for API access to Revenue Department’s database
5. Cooperatives are majorly governed by local and provincial laws. In the current implementation,
COPOMIS cannot be customized to cater to these local and provincial requirements
6. Some features like password reset require manual workarounds as the current system doesn’t offer
online functionality, which poses a significant security risk

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 39
 Other Recommendations

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

40
 1 Provide a feature in DOC and other subnational supervisory agencies to set deadlines for financial reporting

Provide following changes in the financial report verification and approval:

2
• Add a feature to ask cooperatives to re-submit their financial reports with a resubmission deadline and retain
the earlier version of submitted report. Currently, when the cooperatives are asked to re-enter data, the
submitted report is updated. So, it is not possible to see the changes or compare two versions.
• The updated version of financial report submitted by cooperatives must be treated by COPOMIS as the final
version of the financial report for that period
Provide a feature for the cooperatives to request their supervisory agencies to extend their financial reporting
3
deadlines with a valid reason
Provide a feature to send automated or manual reminders on the approaching or passed deadline for regular or
4
extended submissions of financial reports
Add a feature for a cooperative to report total number of members who attended meetings and general meetings
5
Add a feature to report the monetary value of yearly collection of produces from the members for a production
6
cooperative

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 41
 7 Add a feature to report the monetary value of yearly sales to a cooperative member for a consumer cooperative

8 Add a feature to report the number of members who have taken a loan from the cooperative

9 Add a feature to report the total amount of wages paid to the members for a labour cooperative

10 Add a feature for Supervisory units to view report on indicators of harmony with members for individual
cooperative and average of all the cooperatives working under their jurisdiction as per the SACOOs supervision
and monitoring directives
11 Add a reporting feature on the Supervisory units’ login to allow view of the trends of value and ratio of the
indicators shown in table 1 for last 5 years, previous month and the same month of the previous year as shown
in per the SACOOs supervision and monitoring directives
12 Add a feature to predict the values of the indicators as follows by extrapolating the available indicator data as
per the SACOOs supervision and monitoring directives

13 Add a feature to assess and color codify the risk of a SACOO by categorizing it based on the 12 financial ratios
and 3 ratios to measure harmony of a cooperative with its member

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 42
 14 Update financial report analysis by providing the basic PEARLS indicators as per the SACOOs
supervision and monitoring directive’s

S.no Indicator Formula General Graced

Ratio Goal Ratio Goal

i. P1 Allowance for Loan Losses / Delinquency >12 months 100% >90%

ii. P2 Net Allowance for Loan Losses / Delinquency 1-12 35% >30
months(WOCCU Standard)

iii. E1 Net Loans/Total Assets 70 – 80% 60-90%

iv. E5 Savings Deposits / Total Assets 70 – 80% 60-90%

v. E6 External Credit / Total Assets Max 5% Max 7.5 %

vi. E7 Member Share Capital / Total Assets 10- 20% 7.5=25%

vii. E8 Institutional Capital / Total Assets Min 10% Min 7.5%

viii. A1 Total Loan Delinquency / Gross Loan Portfolio <= 5% <= 7.5%

ix. R9 Total Operating Expenses / Avg. Total Assets <= 5% <= 7.5%

x. R12 Net Income / Average Total Assets (ROA) >= 10% >=5%

xi. L2 Liquidity Reserves / Savings Deposits 10% 7.5-15%

xii. S11 Growth in Total Asset >=7.5% >= 5%

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019
PwC 43
 15 Add a form for reporting operational head office, service centres and any other offices of a SACCOS

16 Add a random cooperative selection tool to select random x number of cooperatives in their jurisdictions for
random sampling for cooperative monitoring
17 Add a feature to list the cooperatives in their jurisdictions which have not been monitored last three fiscal
years for basic monitoring and selection of at least 5 % of the cooperatives for detailed monitoring

18 Add a feature to include service centres and other offices of large SACCOS

19 Add alerts to the supervisory units until they have prepared the year plan for monitoring with a selection of
random 10 cooperatives, list of cooperatives which have not been monitored during last 5 fiscal years, at least
5% of the cooperatives for detailed monitoring working under their jurisdiction

20 Add a recording tool to add records of supervision and monitoring (basic and detailed) of cooperatives, their
service centres and offices as per the SACOOs supervision and monitoring directive’s

21 Add separate KYM forms to enter cooperative members’ details according to the nature of the business of a
cooperative

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 44
 22 In the current version of COPOMIS, details of an institutional member of a cooperative according to the Clause
30 of the Cooperative Act 2074 has not been incorporated. Add a feature (form) to enter the detail of an
institutional member of a cooperative as per the Annex 3 of the Cooperative Anti Money Laundering directive
2074
23 Add a feature to update the tenure details of the members of the management committee and other sub-
committees along with their KYM on a yearly basis in the cooperative’s panel

24 Add a feature to view the tenure details of the members of the management committee and other sub-
committees along with their KYM on a yearly to the supervisory unit’s panel

25 Add a feature in COPOMIS for the cooperatives to report AML report as per the Annex 6 of Cooperative AML
directive 2074

26 In the election reporting feature, add a feature to show distinction between fixed-term election and by-election.
The number of years of the term of a newly elected members of a by-election should automatically be updated as
per the fixed-term election. In the by-term election, there should be a field to mark the fixed-term election for
which the by-election was conducted
27 Add an alert system on both cooperative and supervisory units’ login to inform users about the need or deadline
of updating the KYM forms as per the article 9 of cooperative AML directive 2074

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 45
 28 Show tenure details of a member of the management committee or other sub-committee should be but not
limited to information like name, membership number, address, elected or appointed date, end of tenure and
position in supervisory users’ panel
29 Add a feature for subnational supervisory unit which allows them to automatically aggregate the AML reports
of the cooperatives under their jurisdiction and send the aggregate report to DOC

30 Add a feature for cooperative supervisory unit to update cooperative registration information. Such feature
must also ensure that the history of changes is visible to the cooperative, supervisory unit, DOC and
COPOMIS support unit
31 Add a feature in supervisory units’ panel to handle the workflow of information amendments as per the
application of the cooperatives as per the following steps
a.Cooperative sends an application for amendment of information
b.Officer at the supervisory units decides if such amendment is legally possible.
c. If amendment is not possible, deny the cooperative with a reason
32 Supervisory units will need to review and approve amendments in financial report, AGM report, election
report and committee / sub-committee report after the submission by cooperative

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 46
 33 It should be possible for the updated information’s history to be viewed by the cooperative, supervisory
unit and the COPOMIS support unit
34 COPOMIS should have the following BI features
i. Ability to validate membership of cooperatives
ii. Profile of cooperatives with details like growth of assets, savings, loans
iii. List of cooperatives with deliverables of the coops like AGM report, Committee, Sub-committee,
Election, Financial reports and status of the report: submitted, rejected, approved, late, not-submitted
iv. List of cooperatives by Pearls and indicators related to membership centric business and overall
rating, with suggestion if the cooperative needs to be monitored onsite
v. List of cooperative by fall or rise in assets (%)
vi. List of cooperatives who fail to submit reports by month, by year
vii. List of cooperatives who fail in indicators
viii. Analytical reports like AML reports
ix. Dashboard for all 3 levels of government and at cooperative level

35 Query Builder should be incorporated for wide arrays of reports which are necessary for stakeholders

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 47
 36 User-friendly Ticketing System for prompt support

37 Integration of New Co-operative Act, 2075, Cooperative Subsidiary Legislature-2075, Money

Laundering Act and other co-operative bylaws and standards

38 Configuration of Separate File server for the reports uploaded by the users

39 Regular Update system for Total Quality Management

40 To drive adoption, COPOMIS should be multilingual along with English as a language option

41 To enforce use of Unicode Nepali for storing textual data and Latin Numbers for storing numerical
data across the country

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 48
 • Considering that the current adoption levels of COPOMIS are low, DoC may
consider phase wise roll out of COPOMIS basis provinces or basis larger/high risk
cooperatives
• DoC may also consider collecting only basic information and financial information
to drive adoption. Once the system stabilizes, full features can be implemented
and more regulatory data can be collected

Functional and Technical Assessment for Scale-up of COPOMIS 17 October 2019

PwC 50
Thank you

pwc.com

© 2019 PwC. All rights reserved. Not for further distribution without the permission of PwC. “PwC” refers to the network of member firms of PricewaterhouseCoopers
International Limited (PwCIL), or, as the context requires, individual member firms of the PwC network. Each member firm is a separate legal entity and does not act as
agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its
member firms nor can it control the exercise of their professional judgment or bind them in any way. No member firm is responsible or liable for the acts or omissions of
any other member firm nor can it control the exercise of another member firm’s professional judgment or bind another member firm or PwCIL in any way.