ICT governance framework in two years
The Department of Public Service and Administration (DPSA) is set to implement the government-wide ICT governance and minimum information security standards frameworks by March 2015.
Last February, National Treasury Estimates of National Expenditure indicated that an ICT management framework and draft implementation guidelines, as well as a minimum information security standards framework, would be developed for the public service by March 2013.
However, according to this year's Estimates of National Expenditure, these vital frameworks are now only set to be implemented two years later. The estimates document was handed out to coincide with the annual budget speech today.
A Corporate Governance of ICT (CGICT) policy framework has been issued by the DPSA, which maps out how governance of ICT within government entities are to be applied, structured and implemented.
"The development of the CGICT policy framework was primarily as a result of the assessments conducted by the auditor-general over the last couple of years. In 2010/11, the auditor-general concluded that only 21% of departments had implemented adequate governance controls, and that 79% of institutions didn't have an ICT governance policy framework," says a statement by ISACA SA, the local chapter of the international professional association focused on IT governance.
"The CGICT policy framework depicts the COBIT Governance Framework as the core reference for the governance of ICT. COBIT is the internationally recognised business framework for the governance and management of enterprise IT, and is published by ISACA."
The root cause of the lack of security and IT governance systems among government departments was the DPSA's delay in rolling out frameworks, the AG found.
The AG noted public sector departments and public entities are "heavily reliant on IT systems to perform their statutory financial management, reporting and administrative functions". It said the DPSA must roll out IT governance and security frameworks so they can be implemented by departments, and make sure they have the necessary implementation skills.