‘Weak’ govt IT systems enabled COVID-19 corruption, says auditor-general

Read time 6min 30sec
Auditor-general Kimi Makwetu released the findings of the COVID-19 relief funds audit yesterday.
Auditor-general Kimi Makwetu released the findings of the COVID-19 relief funds audit yesterday.

The implementation of SA’s COVID-19 relief initiatives happened in some “significantly weak” environments, with a lack of agile IT systems, creating opportunities for fraudulent behaviour.

This is according to the auditor-general’s (AG’s) report into the financial management of government’s multibillion-rand COVID-19 relief initiatives.

The report, which is the first of a series of reports, was compiled by the audit office at the behest of president Cyril Ramaphosa amid a flurry of allegations of abuse of COVID-19 relief monies.

This particular audit report covers 16 of the key COVID-19 initiatives introduced by government and the management of R145 billion of the overall R500 billion COVID-19 relief package. Government announced the half-a-trillion rand package in response to the social and economic distress caused by the measures to contain the spread of the virus.

The AG’s COVID-19 audit focused on payments of the Temporary Employer/Employee Relief Scheme (TERS) and R350 Social Relief of Distress (SRD) grant, relief of economic and social distress, and the procurement of personal protective equipment.

The audit work of the report is for all expenditure up to and including 31 July 2020. Out of the R145 billion, AG Kimi Makwetu revealed that government has spent a total of R68.8 billion, of which R37 billion was for the Unemployment Insurance Fund (UIF) and close to R20 billion for social relief grants.

Makwetu states: “We found across all of these categories that the rapid implementation of the initiatives in already compromised control environments created significant risks that most auditees were not able to address. Processes, criteria, needs and controls were not well considered and in the haste of implementation, mistakes were made and opportunities created for abuse.

“The information technology systems used in government were not agile enough to respond to the changes required. The lack of validation, integration and sharing of data across government platforms resulted in people, including government officials, receiving benefits and grants they were not entitled to and applicants being unfairly rejected as a result of outdated information.

“We are concerned about the indicators of the high risk of fraud and abuse we observed – not only in the areas that we were able to audit – but also where information for auditing was not forthcoming, which could be a deliberate tactic to frustrate our audit efforts. This report can serve as a guide for the agencies that have been tasked by the president to investigate allegations and indicators of abuse of the COVID-19 funds of the main areas of risk they can focus on.”

TERS headache

The UIF is a public entity of the Department of Employment and Labour, whose mandate is to provide short-term relief to workers who qualify for benefits.

Due to the COVID-19 outbreak, the fund was charged with capturing and disbursing TERS benefits.

During this time, it faced numerous challenges. In June, it revealed that shortcomings with its IT system used to disburse COVID-19 relief funds made it vulnerable to fraud and corruption by employees and employers.

The AG’s report points out that the UIF had paid just over R37 billion in TERS benefits, while the South African Social Security Agency (SASSA) had paid R19.6 billion in social grants.

“The information technology systems across government carry data on almost everyone in the country; for example, there is information on the home affairs databases on identity numbers and deceased people, the South African Revenue Service databases include information on the earnings of people, the details of grant recipients are on the social pension systems, and the salary systems of public sector entities carry information on government employees. But this rich data is not integrated, shared across government or effectively used by the UIF and SASSA, and similar entities, to check if people applying for benefits and grants qualify for these.

“In addition, the UIF and SASSA had to make significant changes in their processes and systems within a very short period to enable these pay-outs, without ensuring that good preventative controls are in place.

“All of this increased the risk of payments to beneficiaries that are not eligible, overpayments, underpayments, the invalid rejection of beneficiaries, fraud and double-dipping.”

Expenditure findings

In terms of the audit findings, Makwetu noted that overpayments were identified in the UIF environment [TERS payments] for the first lockdown period, which was from 27 March to 30 April.

This, he said, is because the period of inactivity was not taken into account in determining the payments that were supposed to be made to the employers.

“We’ve given this to the UIF people and asked them to scrutinise the lists that we have extracted from their databases and give us explanations for why the amounts they have paid are the way they are.

“We’ve also done some recalculations which identified a combination of overpayments, underpayments, duplicate payments and discrepancies, such as payment approvals made before the date of application.

“A compromised internal control environment does not only create an opportunity for people in the external environment to try their chance, it also creates an opportunity internally for those that process transactions to fiddle around.”

Turning to the R350 SRD grant, the AG said without a doubt, it needed to be scrutinised.

This is mainly because people were required to submit their identity numbers via multiple mediums, including SMS, because there was no system in place at SASSA to determine the beneficiaries.

“We identified that somewhere around 30 000 beneficiaries require further investigation. For example, among these are people working in government and recipients of UIF payments, and other social grants and government pension that also picked up a benefit in respect of this R350.

“The databases that SASSA used are also outdated and could have led to the rejection of applicants that should have received the grant.”

In addition, “changes to the information technology system to enable the payment of the top-up grants [extra R500] could not be completed in time for the May grant payment and a manual workaround was used with little controls to prevent mistakes. This resulted in duplicate payments and some beneficiaries not receiving their grants – these issues were subsequently corrected.”

Responding to the AG’s findings, labour minister Thulas Nxesi said although there was a 10-fold increase in operational activity, it does not justify the lack of basic controls.

“The gaps and the risks which have been identified across the government departments being audited, which include failure to coordinate across the government databases, leading to double-dipping, is an issue of coordination.

“The inadequacies of the IT systems, the weak internal controls, which provide for an opportunity for fraud and corruption, and the weak supply chain processes, are the issues we have to deal with.”

Nxesi concluded that his department has already begun a wholesale restructuring process of the UIF and compensation fund, adding that it is now looking for an overhaul of the two funds. “National Treasury is already assisting the DG to identify suitable providers to assist with reengineering the business model and processes of those funds.”

Login with