Although the South African government invested a whopping R13.26 billion in IT, the status of IT controls in complex environments remains inadequate.
That’s according to the Auditor-General (AG) Kimi Makwetu in his 2018-19 general report for national and provincial government and their entities.
The report shows massive irregular spending in IT by various government entities.
Makwetu reveals irregular expenditure by national and provincial departments, including the expense of state-owned entities, increased from just under R51 billion in 2017/2018 to R61.3 billion for the 2018/2019 financial year.
His report: “Act now on accountability”, reveals “disappointing” audit results for 2018-19, and “slow progress” over the five previous financial years.
Makwetu attributes the stunted growth towards the desired audit outcomes largely to those charged with governance being slow to implement, or totally disregarding, audit recommendations made by his office.
He notes IT controls ensure the confidentiality, integrity and availability of state information, enable service delivery and promote national security. The AG believes good IT governance, effective IT management and a secure IT infrastructure are therefore essential.
Application of controls
According to the AG, automating preventative controls such as building checking and approval processes into IT systems can be very effective, as it ensures the consistent application of the controls.
“Our audits again identified that in spite of spending approximately R13.26 billion on information technology, the status of information technology controls in complex environments remains inadequate, as 63% of these auditees had weak information technology governance practices, and a staggering 88% still had weak information technology general controls,” says Makwetu.
The AG says most departments use transversal IT systems (namely the Basic Accounting System, Personnel and Salary System, and Logistical Information System) to capture their transactions, while the National Treasury provides specimen financial statements and detailed guidance to support the preparation of financial statements.
Among other IT-related irregularities, the AG says the Gauteng Department of Health’s IT infrastructure was procured without inviting competitive bids, resulting in a financial loss of R148.9 million, as cheaper alternatives were available in the province.
On action being taken, the AG says its accounting officer investigated the material irregularity. Based on the outcome, the accounting officer referred it to the National Prosecuting Authority and the office of the state attorney for criminal charges and possible civil claims against the officials. Disciplinary action will also be taken.
For the Northern Cape’s Department of Health, the AG says payments were made for radiology services, but the contract contained a mathematical error that resulted in overpayments.
Payments were also made for mammogram services, even though the hospital where the services were rendered did not have a mammogram machine. On this, the accounting officer did a preliminary investigation. Based on the outcome, a full-scale investigation was instituted on 23 August 2019.
The KZN health department’s contracts for radiology equipment were awarded to bidders that did not score the highest points in the evaluation process, says the AG, adding the prices were higher than those of the bidders that should have been awarded the contracts.
On the KZN case, the accounting officer did a preliminary investigation. Based on the outcome, the accounting officer referred the material irregularity to the provincial treasury for a formal investigation.
According to the AG, further plans are to take action against any officials found to be responsible, as well as to quantify and recover losses.
Cancelled contract
The AG also says the Department of Education in Limpopo entered into a contract with a supplier of IT services.
He adds the contract was cancelled during the period that the department was placed under administration (from 2011).
According to the AG, the required goods and services were received from the supplier before the contract was cancelled, but the invoices were not paid. Litigation resulted in the supplier successfully claiming the outstanding payment plus interest. The interest paid in January 2019 amounted to R85.2 million.
The accounting officer performed a preliminary investigation, which determined that different public sector institutions played a role in the material irregularity.
The matter was referred to the Limpopo premier’s office in June 2019 to be dealt with as an intergovernmental relations dispute.
Also red-flagged is the education department in KZN for the construction of La Mercy mathematics, science and technology academy.
The project, with a contract value of R223 million, was awarded on 24 May 2016 and had a planned completion date of 22 January 2018. The project was delayed by more than 15 months, and the total project cost has escalated to R235 million.
The AG says the delay was due to inadequate project planning and monitoring by management to ensure proper contract management and that timely payments were made to the contractor.
In addition, various quality defects were identified during the site visit and reported to the department to rectify.
The delay in construction resulted in the department not meeting its objective of improving the mathematics, science and technology results in the province.
In the Eastern Cape, says Makwetu, the IT controls in the province also remained a concern, as the risks in the IT environment that had been reported for a number of years had still not been adequately addressed.
Making headway
In Gauteng, he says, the overall IT audit outcomes remained stagnant due to senior management’s non-implementation of necessary controls.
Despite the stagnation, the AG says the province made headway with the implementation of e-strategies across various departments.
At education, significant strides were made in rolling out the e-education strategy; however, concerns were noted as the ICT classroom infrastructure supporting the initiative was not adequately rolled out to some schools, and devices were not adequately maintained in some instances.
At e-government, he notes, phase one of the roll-out of the Gauteng broadband network was completed; however, delays in the supply chain management process for phase two may have an impact on the successful implementation of the project.
“This points to a lack of oversight by the leadership of the information technology systems and processes. The weak information technology and internal controls could continue to hamper the progress towards producing credible financial and performance reports,” says Makwetu.
In Mpumalanga, the AG says notwithstanding the improvements in the IT environment, the shortcomings identified at 11 auditees (65%) should not be ignored, as poor controls in this environment increase the risk of breaches in cyber security, which can affect the credibility of information used for decision-making.
He notes that contracting and managing IT services is also an area that needs close attention in Mpumalanga. “We raised concerns about how the provincial contract relating to the case management system centralised at the premier’s office was structured and whether the intended value was derived.
“We will observe closely to see how the accounting officer addressed these concerns, including the resultant estimated fruitless and wasteful expenditure of R5 million that had to be raised in the premier’s office with regard to the system. The provincial leadership is urged to monitor the information technology environment closely, as it could slow down the province’s journey towards clean administration.”
In the North West, the AG says although relations with the State Information Technology Agency were re-established, it remains concerned about IT – which is the responsibility of the premier’s office.
Share