This article draws on a broader qualitative study of Indonesia’s SPAN–SAKTI treasury platforms and translates selected findings into policy-relevant lessons.
Public sector innovation is often judged by deployment.
A new platform goes live, users migrate, and transactions become digital. While that story is attractive, it is incomplete since it only looks at the technology and not the processes that are required for successful deployment.
Even mature digital systems need human governance, process discipline, and active oversight.
This is the key lesson gleaned from the experience of Indonesia’s SPAN–SAKTI, which sits at the centre of Indonesia’s central government financial management functions.
SPAN focusses on the national treasury system while SAKTI supports agency-level budgeting, execution, accounting, and reporting.
Together, they form an integrated financial management information system that connects agencies, treasury offices, supervisors, and system managers.
A qualitative study of 14 treasury officials found that SPAN–SAKTI has strengthened public financial control.
The systems’ embedded rules, restrict access, separate duties, validate transactions, and record audit trails. These audit trails link actions to user identities, timestamps, and approval stages. They make transactions more traceable and harder to deny.
Risks still exist
Digital control, however, is not the same as risk elimination.
The study found residual risks in procedural non-compliance, credential sharing, weak process literacy, data latency, and shadow routines during disruption.
These risks do not mean the systems have failed.
They show at which inflexion point digital transformation enters its hardest stage.
The first lesson is that automation changes where risk lives. Strong systems can close many old loopholes.
Budget ceilings can reject transactions beyond approved limits. Role-based access can prevent unauthorised processing. Segregation of duties can reduce single-person control.
Yet risk can move into exceptions, workarounds, and user behaviour.
Indonesia’s case clearly shows this movement.
Normal transactions are easier to govern because the system can validate them.
Exceptions are more difficult.
Returns, corrections, voids, budget revisions, and service disruptions require interpretation. Control becomes fragile when users must act quickly under pressure.
The second lesson is that audit trails must be analysed, not merely stored.
A log can show who acted, when, and at which approval point. It cannot ask why the action happened. It cannot judge whether a pattern is suspicious.
Accountability begins when managers and auditors systematically review those records.
Risk-based audit trail reviews a must
Risk-based audit trail review should, therefore, become a routine public sector capability. Unusual access times, repeated corrections, dormant account reactivation, frequent transaction returns, and role conflicts deserve attention.
The goal is not surveillance for its own sake. The goal is to detect early before small anomalies become institutional problems.
The third lesson is that access governance is a public finance issue.
A role-based system is only reliable when the named user is the real user.
Credential sharing weakens audit evidence by breaking the link between action and responsibility. Effective governance, therefore, requires disciplined credential management, monitoring of dormant accounts, multi-factor authentication, and clear segregation of duties.
Periodic access recertification should become standard practice. Agencies should verify active users, dormant accounts, conflicting roles, and high-risk permissions.
These reviews should not be treated as routine IT administration. They protect the integrity of public financial decisions.
Process literacy a must
The fourth lesson is that users need process literacy, not only system training. Many digital transformation programmes teach officials how to navigate screens.
Few help them understand the fiscal logic behind each step. Weak process literacy can leave transactions suspended, create overlapping processes, and trigger repeated corrections.
Scenario-based training can close this gap.
Users should practice budget revision, fund-availability checks, payment validation, return handling, asset recording, and audit trail responsibility. Training should use real cases studies, not just manuals. Public servants need to understand the consequences, not only menus.
The fifth lesson is that data lineage matters.
Integrated systems do not always update every dashboard at the same time. Monitoring platforms may use different refresh cycles, cut-off points, or data transformations. Without clear metadata, users may dispute numbers that differ due to timing rather than error.
Public agencies should show data sources, refresh times, cut-off points, and transformation rules. This small design choice can reduce confusion.
It can also improve trust in dashboards. Data visibility becomes more useful when users understand where the numbers come from.
The sixth lesson is that transparency has layers.
SPAN-SAKTI strengthens internal transparency by enabling authorised officials to trace transactions and monitor their status. Public transparency requires a different design. Sensitive fiscal data needs aggregation, classification, and explanation before disclosure.
More data does not automatically create better accountability.
Useful transparency requires information that is accurate, understandable, timely, and safe to disclose. A mature digital government should distinguish internal visibility from public communication. Both matter, but they serve different purposes.
A practical reform agenda follows from these lessons.
Governments should move beyond asking whether a digital system exists. They should ask whether its evidence is reviewed, its access rights are current, its users understand processes, and its exceptions are governed.
The reform agenda should begin with five actions.
First, define risk indicators for audit trail review. Second, conduct periodic access recertification. Third, train users through process scenarios. Fourth, publish metadata for monitoring dashboards. Fifth, formalise protocols for exceptions and service disruptions.
These actions do not require governments to rebuild systems from scratch.
They require stronger governance around systems already in place.
This is the central lesson from Indonesia’s SPAN–SAKTI experience. Digital public finance becomes more credible when control is not only embedded in software but also activated through people and routines.
———
The author is a civil servant at the Directorate General of Treasury, Ministry of Finance of the Republic of Indonesia, and holds a master’s degree in accounting from Universitas Airlangga. The views expressed in this article are those of the author and do not necessarily reflect the official position of the organisation.
Leave a comment