SITA exposed

A risk assessment report on the State IT Agency (SITA) points to irregularities within the organisation and its procurement practices, involving not only several of the agency's employees, but also other high-profile figures.

The 613-page report, compiled earlier this year, reveals a seemingly total breakdown of the internal control environment, and leaves questions about how such widespread illegal practices could have escaped SITA management and its internal audit committee.

ITWeb initially exposed the existence of the report in July, when it was reported Bart Henderson, head of enterprise risk management firm Henderson Solutions, confirmed he had been commissioned by members of the SITA executive to carry out an investigation.

At the time, Henderson refused to comment on the report, saying it had been submitted to public service and administration minister Richard Baloyi. Baloyi's office confirmed, at the time, that the minister was studying the report and would, at a later stage, decide whether it would be released to the public.

The report has, subsequently, been made available to ITWeb by well-placed sources, and its authenticity has been confirmed by Henderson.

According to the report, Henderson Solutions received access to SITA's human resources database, vendor/supplier database, tender database and e-mail database. Additionally, Henderson Solutions requested access to the payroll and payables database.

The methods employed by the company in compiling the report relied on software technology to interrogate SITA's data. Consequently, the findings are based exclusively on raw data housed by SITA and are irrefutable, says Henderson Solutions.

Ultimately, the findings reveal evidence of apparent corruption, conflicts of interest, duplicate payments, and invalid identities of suppliers and employees.

The report uncovered:

* Multiple suppliers with different company names, using the same VAT number.
* Multiple suppliers with different company names, using the same company registration number.
* Multiple suppliers with different company names, using the same bank account number.
* Multiple suppliers with different company names, sharing the same physical address.
* Multiple suppliers with different company names, sharing the same telephone numbers.
* Multiple suppliers with different company names, sharing the same fax numbers.
* Multiple employee physical addresses that match supplier addresses.

In terms of duplicate payments, the investigation uncovered that there appear to be a large volume of low-value duplicate payments made to suppliers. There also appear to be large payments split into smaller payments to bypass authority levels, and either duplicate payments or one large payment split into smaller multiple payments to bypass authority levels, or a combination of both.

The investigation uncovered, from information interrogated, that there were 21 suppliers where multiple payments were made where the invoice numbers are different and payment was made to the same supplier, on the same day, for the exact same amount, using a different payment number.

There were also 150 suppliers where multiple payments were made, where the invoice numbers are the same and payment was made to the same supplier, on the same day, for the exact same amount, using a different payment number.

There were 36 suppliers where multiple payments were made where the invoice numbers are different and payment was made to the same supplier, in the same month, for the exact same amount, using a different payment number.

There were 232 suppliers where multiple payments were made, where the invoice numbers are the same and payment was made to the same supplier, in the same month, for the exact same amount, using a different payment number.

The report further stated that, using a formula to calculate the risk exposure in rand value, the total exposure to these “suspect” transactions exceeds a conservative R355.3 million.

Henderson Solutions also uncovered 10 invalid identities in SITA's supplier database and two in the human resources database, while 21 “white” employees have been classified as “African”, distorting the agency's equity numbers.

In four cases, employees' physical addresses matched supplier addresses, while eight employee telephone numbers matched supplier telephone numbers. In another five instances, SITA employees' spouses are listed in the supplier database as suppliers or supplier points of contact. In a further five instances, employees' children, or next of kin, have been found in the supplier database as suppliers or supplier points of contact.

In the report, Henderson Solutions also points out that there are serious discrepancies in the databases supplied by SITA for the investigation. For instance, the employee database had 3 673 entries, implying that this is the number of employees at the agency.

“This list contained virtually no personal information; information such as home address, postal address, telephone numbers, next of kin, etc. Further data was requested and received,” the report states.

The second set of data received was the agency's payroll database, containing 2 868 line items, implying that SITA has 2 868 employees. “This data contained bank account details and employee ID numbers, tax numbers, etc, but no personal information.”

Subsequently, a third set of data was received, in the form of SITA's HR database. This list contained 4 368 line items, implying that there are 4 368 SITA employees.

“While there may be reasonable explanations for what can only be described as widely divergent records, the consequence of such disparity is the following: A) Logic suggests the data supplied, which best reflects the number of SITA employees, is the payroll database. B) If this is so, then why are the other two databases so divergent? C) If, on the other hand, one or both of the other databases are accurate, then it is assumed that the payroll database is incomplete,” the report notes.

Similar discrepancies were found in the various vendor/supplier databases that were submitted for scrutiny.

SITA has refused to comment on the report, referring all queries to the Department of Public Service and Administration. A departmental spokesman, in turn, said the minister's office would comment at some stage, but was unable to give a more specific timeframe.

Related story:
Minister mulls 'sensitive' SITA report