Defend Truth


Service delivery is a direct casualty of government IT systems that often fail or are not up to the job


Sipho Ndaba is the head of specialised audits at the Auditor-General of South Africa.

The government continues to spend money on new and advanced IT systems to streamline its processes. However, due to significant system weaknesses, we could not rely on the transactions and data processed by many of these systems. These systems are vulnerable to misuse, abuse and fraud.

During his recent visit to Ghana, President Cyril Ramaphosa emphasised the importance of African governments investing in adequate, new information technology (IT) and upskilling their people as the world readies itself for the Fourth Industrial Revolution.

As the national audit office, we are encouraged by the President’s latest call, as it bolsters our message that the government needs to improve its IT systems to adequately meet the needs of citizens. This is reflected in the 2020-21 Public Finance Management (PFMA) audit outcomes that the Auditor-General tabled in Parliament this month.

Government departments and entities use information systems to process critical business transactions and report on operational and financial performance.

Inadequate and failing IT systems often impede service delivery at key points, such as the South African Social Security Agency (Sassa), the Department of Home Affairs, the Post Office and health facilities, to name a few. These are sites that citizens often arrive at very early in the morning and leave late in the day – sometimes without even having received the required service.

The most notable recent incident of citizens being affected by weaknesses in government’s IT systems was when the Department of Justice and Constitutional Development was hacked in September 2021, which led to critical services to citizens being suspended and rendered the department ineffective.

Our role as the national audit office is to assess the control environment of hosting systems that process business and financial information and data, and to evaluate whether this information can be relied on for audit purposes and whether the government has derived value from the investments in IT.

Over the years, we have identified significant control weaknesses in the government’s information systems. Some of our most prevalent concerns include:

* Government systems are supplemented by manual processes, which makes them vulnerable to intentional and unintentional manual-based delinquency and manipulation. Automated controls are far more reliable and can be applied more consistently;

* Government systems are vulnerable to cybersecurity attacks; and

* In a number of cases, IT expenditure was not justifiable or the government did not receive the intended value or benefits from money spent on IT projects or contracts. In some cases, this has given rise to fruitless and wasteful expenditure.

The urgency to address these weaknesses has been lacking, resulting in continued system vulnerabilities, project failures and financial loss.

Our audits have revealed that the root cause of the prevailing weak IT control environment is poor IT governance processes.

The 2020-21 PFMA report on the audit outcomes of national and provincial government reveals that the impact of these weaknesses was:

* The government continues to spend money on new and advanced IT systems to streamline its processes. However, due to significant system weaknesses, we could not rely on the transactions and data processed by many of these systems. These systems are also vulnerable to misuse, abuse and fraud;

* Many of government systems have weak IT security, and some of these systems have been successfully exploited by hackers;

* If a significant IT incident causes major business disruptions, auditees with inadequate or ineffective disaster-recovery capabilities cannot resume normal business operations timeously, resulting in a loss of services or revenue;

* Poorly managed IT projects resulted in auditees incurring costs that could have been avoided. We selected 39 IT projects worth R1.7-billion to audit, and 56% of these projects did not meet business expectations; and

* Auditees paid for software licences they did not need, resulting in expenditure that could have been avoided.

In the year under review, we identified 128 auditees (63%) out of 202 with ineffective IT governance processes. At many of the auditees, we noted that although they had adequate (and in some cases, well-defined) IT governance frameworks, these were not implemented or operating as intended.

Where IT steering committees were defined, they were not operating effectively. Either they did not have the required level of representation or they did not meet regularly to carry out their oversight responsibilities.

It is also worrying that IT budgets and plans were not well defined or monitored to ensure that they deliver the expected business value and intended benefits.

Accountability for effective IT governance ultimately resides with the accounting officers and authorities of departments and entities, and the current weak state of the IT environment is particularly concerning, as it shows that these role-players have not fulfilled their responsibility in this area for a number of years.

By effectively managing and improving the poor IT governance processes that lie at the root of the current weak IT controls, these role-players can strengthen the control environment to improve the accuracy and credibility of data collected and stored on these systems; prevent significant downtime caused by security breaches; and reduce unnecessary spending on systems that do not meet business requirements.

Ultimately, improved IT governance and a strong control environment will not only help departments and entities to carry out their primary functions, they will also have a positive impact on their ability to deliver services to the citizens of South Africa.

It is through deliberate effort that we can have an impact on the lived experiences of citizens and make their next visit to the service delivery point run much more smoothly. Or, even better, improve their service access through mobile devices that have a high penetration in our society. DM

[hearken id=”daily-maverick/8881″]


Comments - Please in order to comment.

  • Lothar Böttcher says:

    Why must one personally go to pay the fee for your learners licence after registering online on eNatis? Why can’t registration and payment happen efficiently and conveniently online?
    Totally inefficient over-convoluted system that is prone to corruption.

  • Katharine Ambrose says:

    The post office tracking system for parcels hasn’t worked for years. The phone numbers offered are not in service and the website is shockingly useless. This enables the post office to let their service collapse as there is no recourse for clients who then are driven(after a few lost items) to use extremely expensive alternatives.

  • Gerrit Marais says:

    No surprises here. We are suffering what is probably the most incompetent and corrupt government on the face of this planet. They have collapsed the economy, broken everything they ever touched and now we have to pay social grants to support the people most affected by this abomination. Why do we allow so few to have so much power and power that is so detrimental to us?

  • Heinrich Holt says:

    Dear Sipho. Allow me to correct your headline: “Service delivery is a direct casualty of government’s leadership that always fail and are not up to the job”. IT systems which fail are just a symptom of systemic leadership failure. You have articulated the reasons quite well and I sense your frustration. However, your article should have concluded by telling your bosses to do their jobs. To be encouraged by the President’s call will not help. Your bosses (read ministers, too many deputy-minsters, and cadre DG’s and deputy DG’s) can’t hear. Never could. This is the first requirement of leadership. The ability to listen. The second requirement is the ability to actually do something. Especially their jobs.

Please peer review 3 community comments before your comment can be posted