National Treasury was called in to explain the 2015/16 internal audit report which was recently leaked to the media. It reported on its review of 2014/15 payments for the Integrated Financial Management System (IFMS) project and stated there were extremely poor financial and operating controls for the IFMS project - which aimed to integrate all human resource and financial management systems across government.
After spending R1.2bn on Phase 1 of the Integrated Financial Management System, its proposed architecture was changed in 2013 with Cabinet approval due to technological challenges and delays. National Treasury and the State Information Technology Agency (SITA) commissioned three independent reviews undertaken by the World Bank and Ernst & Young and Gartner. They all recommended that instead of the development and maintenance of bespoke software modules, commercial off-the-shelf (COTS) modules were a better alternative. They also recommended that a Programme Management Office (PMO) be established to manage all aspects of the IFMS project including procurement and risk. A panel of service providers was appointed to provide Programme Management Services to the IFMS Project.
Cabinet endorsed the proposed change to the IFMS Solution Architecture in November 2013 and noted the steps taken to promote governance and risk management by a Programme Management Office (PMO). The IFMS Steering Committee would oversee the procurement process in line with the revised project approach.
It was estimated at the time that the solution could still be delivered within the original estimated budget. The cost of the new off-the-shelf system would cost the original R4.3bn budget, including the R1.2bn spent on the abandoned Phase 1, and full implementation was envisaged for June 2021.
In July 2015, the Treasury Audit Committee requested the Internal Audit Committee to perform a review of the 2014/15 IFMS payments. Audit results indicated that no reliance could be placed on the internal controls to mitigate risks. The report had a total of 54 findings and 49 of the findings had a catastrophic risk rating while five findings had a high risk rating. The Audit Committee presented the results of the review to the then Director-General and formally requested the appointment of an independent forensic investigation. Deloitte was awarded the tender and started the investigation on 1 October 2016.
Members referred to the media report and asked how it is possible that a highly paid employee was able to secure a contract. Members said there is something “fishy” about Bitz doing work for Treasury while doing work for other state departments. They asked for the status of the investigation by Deloitte SA; if the rationale for the IFMS was to save money and provide efficiencies; where the aborted costs were hidden in the Treasury budget during 2005-2016; and total cost for the movement from IFMS1 to IFMS2.
It agreed that this would be discussed properly once Members had perused the report which it was seeing for the first time. The Committee asked Treasury to forward it all the Auditor-General reports from 2005 to 2016 to see if Treasury took note of the AG advice. Those documents should be accompanied by its internal audit committee reports and Public Service Commission report.
Ms Lindy Bodewig, Chief Director for Technical Support Services: Treasury, took Members through the challenges experienced with IFMS1. She said Phase I was completed as planned. However, significant project delays were experienced in Phases II and III due to a number of challenges
• All stakeholders faced institutional challenges (including SITA not being able to capacitate itself with suitable software development resources)
• Integration of the various disparate systems posed a formidable obstacle to the successful and cost effective implementation of the project
• Technological constraints in the hardware and development environment.
Three independent project reviews were commissioned: World Bank and Ernst & Young (commissioned by Treasury) and Gartner commissioned by SITA.
One of the elements considered during the reviews was the IFMS solution architecture. All the reviews essentially came to the same conclusion that the current hybrid solution architecture should be replaced by a solution architecture that consists exclusively of COTS modules. It was specifically noted that ongoing maintenance costs of the hybrid system would be prohibitive compared to those of a COTS-based solution. The development and maintenance of bespoke modules for IFMS require large numbers of highly skilled technical professionals who would have to be retained throughout the project life-cycle. With a COTS solution, module integration and ongoing updates are less of an issue, and unit costs and skills requirements are less onerous.
In August 2013, the IFMS Steering Committee adopted the recommendation to acquire a single COTS solution for IFMS where customisation changes to the system are kept to an absolute minimum (a so-called “vanilla” COTS). When considering the revised approach to IFMS, it was envisaged that:
• Neither the intention nor the intended outcomes of the IFMS project would be compromised
• All indications are that neither the project budget nor the implementation timeframes would be negatively affected in any material way
• Project maintenance, integration and upgrade costs would be reduced over the project life-cycle
• The capacity constraints would be addressed by the adoption of a single COTS solution.
Cabinet endorsed the proposed change to the Solution Architecture in November 2013 and noted:
• the status of the IFMS project
• the steps taken to promote governance and risk management, with particular reference to the introduction of a Programme Management Office (PMO) for this purpose
• the IFMS Steering Committee would oversee procurement in line with the revised project approach
• the revised implementation time frames of the IFMS
• a request that the Minister of Finance consider closer collaboration with universities to strengthen South Africa’s innovation capacity, especially for software security development and the IFMS
• approved the revised approach and solution architecture of the IFMS.
Work on previous IFMS solution was paused soon after the Cabinet decision. The decision was taken in consultation with the IFMS Steering Committee to maintain current IFMS functionality at lead sites until the deployment of new modules. Engagements with service providers on the “old IFMS” to finalise existing agreements commenced. A process was initiated by the IFMS PMO to gather information on Public Service policies and procedures as well as information on the current IFMS blueprints. This information would be used to identify any policy or procedure that would have to be adapted for a “vanilla” COTS solution, and/or where the system has to be changed to accommodate the policy and procedure.
On their position on fruitless and wasteful expenditure, she stated the incurred expenditure on IFMS 1, prior to the change in direction, was done with the intention of completing the project as determined by Cabinet. All the development was halted as soon as Cabinet approved the change in solution in November 2013. The Department is still using IFMS 1 solutions that were developed to completion (Treasury & DPSA). It was estimated at the time that the solution could still be delivered within the original estimated budget (no additional significant costs would be incurred in delivering a COTS enterprise resource planning (ERP) solution). All developed artefacts / hardware procured under IFMS 1 were assessed for re-deployment elsewhere.
On the procurement of software licences, she reported the original RFP 1182 was published in March 2014, inviting service providers to bid for the provision of a COTS ERP solution, and its implementation at lead sites, with maintenance and support thereof for 12 months. An objection was raised by a prospective service provider against some elements of the process such as response times, identified lead sites, and partner restrictions. Legal advice was sought and it was concluded the RFP should be cancelled and be started afresh. RFP 1282 for the procurement of software licences was published in November 2014. The contract was concluded in April 2016. They have received request for information under the Promotion of Access to Information Act by an unsuccessful bidder. All information has been submitted for consideration. Software licenses have been procured from the Oracle Corporation (South Africa) for the entire public service. On Enterprise Perpetual licences, there is no further capital investment, only annual maintenance and support fee payable.
In terms of implementation approach and timelines, Phase 1 has been completed with a contractual agreement with Oracle (software only). Phase 2 focuses on the development of the Generic Template, and its implementation in Pilot and Lead sites: Design and Template Development (18 Months until November 2018), Pilot Site Implementation (12 months until November 2019), and Lead Site Implementation (18 months until end June 2021). The planning for Phase 3 would be done at a later stage but this depends on the strategy and resourcing. There would be a standardised roll-out of generic template to departments. Additional requirements are to be considered through a formal change process. The implementation and hosting approach for the differentiated departments is to be clarified. The Generic Template would be expanded to accommodate the differentiated departments’ legislative requirements, culminating into a revision of the Generic Template. The Generic Template would be locked down and formal change management processes would be put in place.
Mr Lesego Siperepere, Chief Audit Executive: Treasury, explained the IFMS payments review. The independent reviews by Ernest & Young, Gartner and the World Bank also recommended that an enterprise Programme Management Office (PMO) be established to manage the overall scope, time, cost, quality, integration, resource, procurement and risk aspects of the IFMS project. In January 2014, a panel of service providers was appointed to provide Programme Management Services to the IFMS Project. These are the IFMS PMO service providers:
• Apex Advisory Service
• Bitz Technologies cc t/a Abacus Advisory
• Edward Nathan Sonnenbergs Incorporated
• KPMG Services Pty Ltd
• Letsema Consulting and Advisory Pty Ltd
• Nihka Consulting Services
• PriceWaterhouseCoopers Incorporated; and
• Sekela Xabiso (Pty) Ltd /Entsika Consulting Services
From an oversight perspective, the National Treasury Audit Committee on a quarterly basis monitors the progress of the IFMS project. IFMS has been a standing agenda item on the Audit Committee Agenda since 2008. During the Audit Committee meeting held on 25 March 2015, when the quarterly IFMS progress report was presented by the IFMS PMO Head, the Audit Committee requested Treasury Internal Audit to perform a review of 2014/15 IFMS payments. Internal Audit received the official request letter to do the review from the then Chair of Audit Committee, Mr Joe Lesejane, on 17 July 2015. The engagement letter was submitted to the IFMS Project team on 27 July 2015.
The review did not include the following:
• Detailed contract reviews of service provider contracts (review limited to aspects relating to payments)
• Supply chain processes for the appointment of services providers
• Quality assurance of deliverables associated with the payments made to service providers
• Payment to service providers within 30 days to ensure Public Finance Management Act compliance
• IFMS payments prior to 1 April 2014 and after 31 August 2015.
Audit results indicate that no reliance could be placed on the design and operation of internal controls to mitigate the risks to which the activity under review was exposed. Findings point to:
• Inadequate management of the process being reviewed.
• Primarily “Catastrophic” risk findings.
• Actions likely to bring the National Treasury brand and reputation into disrepute.
• Non-existent financial and operating controls.
• Non-compliance to laws and regulations.
The Report had a total of 54 findings and 49 of the findings had a Catastrophic Risk Rating while five findings had a High Risk Rating. Catastrophic Risk Rating indicates a catastrophic level of residual risk exposure due to extreme inefficient and ineffective operation of controls which needs excessive effort and urgent and immediate attention for improvement. High Risk Rating indicates a high level of residual risk exposure due to inefficient and ineffective operation of controls which needs major effort and urgent attention for improvement.
In March 2016, Internal Audit presented the final report to the Audit Committee after having discussed and obtained management comments from the management. The Audit Committee presented the results of the review to the then Director-General. On 29 March 2016 the Audit Committee through its chairperson formally wrote a letter to the Director-General reiterating their concerns after discussing the report with him and formally requesting appointment of an independent forensic investigator under the direction of the Audit Committee. The letter requested that an independent quality and value for money assessment of all IFMS related payments be done. It requested that management implement all of the Internal Audit recommendations. The Audit Committee committed to holding special sessions with the IFMS Team for feedback on progress on the project at least quarterly. Several of these have since been held.
The then Director-General formally agreed to the commissioning of a forensic investigation on 10 April 2016. Through the Office of the DDG Corporate Services, the supply chain management (SCM) was requested to initiate the process to appoint a forensic firm. The invitation to Bid RFQ16-2016 was then issued with a closing date of 24 May 2016. Initially the bid was advertised on an 80/20 principle which was later changed to 90/10 and bidders were asked to resubmit their bids which caused a bit of a delay. The Bid Evaluation Committee eventually sat on 4 August 2016 with the Audit Committee Chair sitting in as an observer. Six bids were received and Deloitte South Africa was recommended as the successful service provider. An SLA was signed with Deloitte SA for them to commence work on 1 October 2016.
On 12 July 2016 the Audit Committee convened a special Audit Committee meeting with the IFMS team to discuss progress on the project. It is at this meeting where management also tabled their updated management comments and progress they had made in implementing the Internal Audit findings.
Management had in their revised comments accepted the majority of the Internal Audit findings and had already begun implementing all of the recommendations. The next special IFMS Audit Committee meetings were held on 28 September and 21 November 2016 where progress on how the Internal Audit Recommendations were being implemented was shared. The forensic investigation was started and is currently ongoing. Once concluded the results would be shared with all the relevant stakeholders.
Mr A Shaik Emam (NFP) asked who the five people are who were supposed to take responsibility to monitor and ensure payments were made. He asked how possible it is that a highly paid employee was able to secure a contract.
Treasury Director-General, Mr Dondo Mogajane, admitted there were lapses in governance, especially in areas the report is outlining. The lapses are saying they must do something and take corrective and remedial measures. The report has been alive for a year and was produced in March 2016. It was given to the then Director-General. Corrective measures are in place to address the report. It is difficult to monitor a complex organisation like Treasury. He said they are not angels. Other cases are caused by human errors while in some it is corruption that has been dealt with. He stated it hurts to see something like this happening. It is through their robust monitoring efforts that they were able to find out the problems. They have information but they will not mention names until those people are proven guilty and the forensic report is finalised. The then Director-General and the Audit Committee indicated the matter had to be dealt with. Hence there is this forensic investigation. He informed the Committee he does not know of any employee involved in the contracts.
Mr Shaik Emam interjected and said the media stated there is an employee involved.
The Chairperson suggested Members wait for the completion of the forensic report and discuss it in the Committee. Treasury has undertaken the correct step by opening an investigation to validate media reports.
Mr N Gcwabaza (ANC) stated there is something worrying about Bitz Technology because it has been contracted by Treasury while it is doing work for some other departments.
The Director-General stated there is no full-time employee in Treasury who is doing contract work for Treasury. The only thing they could do is to forward the Committee a list of all contractors and directors of companies doing business with Treasury including contract values.
Dr M Figg (DA) said Treasury must not defend people and say there is no one in Treasury doing contract work for Treasury.
The Director-General reported that according to National Treasury regulations and policies he is 100% clear there is no employee doing work for Treasury.
Mr Shaik Emam asked if the Director-General is sure that a certain Mohamed Cassiem of Bitz is not working for a government department.
The Director-General said that he is not with Treasury but perhaps with another department.
Mr Shaik Emam pointed out that the information leaked to the media is the copy of the internal audit report that belongs to the Treasury and he doubted if they as a Committee could interrogate the report.
The Chairperson indicated that the Director-General is presenting what the Committee asked Treasury to report on to the Committee.
Mr Gcwabaza said there is something “fishy” about Bitz doing work for Treasury while doing work for other state departments. That is causing suspicion. Members should not confine themselves to things mentioned in the media.
The Chairperson said the forensic report is going to address suspicions and assumptions.
Ms S Shope-Sithole (ANC) indicated she is happy that Treasury has decided to do something about the problem. It is not good to see the name of Treasury being mentioned in the media for the wrong reasons because Treasury has specific functions. The country has not been down-graded to junk status because of this report. There is a rationale for the ratings. Outsiders would continue to look at the efficiency of the country through National Treasury.
Dr Figg remarked there have been substantial financial losses and a loss of taxpayers’ money has become public knowledge. He further stated the then Director-General did not have the right to refuse a forensic investigation because it appears he was the one implicated.
The Director-General reported that the then Director-General agreed to the forensic investigation. It was not up to him to decide. It had to happen whether he liked it or not.
Mr A McLaughlin (DA) asked if the rationale for the establishment of IFMS was to save money and provide efficiencies. He asked if Treasury has gone to the Standing Committee on Finance about the report. He asked where the money that seems to have been lost was hidden in the Treasury budget during 2005-2016.
The Director-General replied that the IFMS is there but is not a management tool. Persal was changed to IFMS to bring efficiencies. These systems should be connected to SARS and Home Affairs. They had to convince Cabinet to agree to this route. They are prepared to discuss the matter with the Finance Committee in order to be transparent, but that transparency has to be linked with the way Treasury is working. He noted the money is with Treasury. It belongs to one of Treasury’s programme. The Estimates of National Expenditure (ENE) would spell out Treasury programmes. It is a sub-programme.
Dr C Madlopha (ANC) asked if Treasury has received the Public Service Commission investigation report because the 2014/15 Annual Report pointed out irregular appointment of service providers. She requested Treasury provide a report on Bitz Technologies which must detail the nature of contracts given to the company, the total amount of the contracts, the list of its directors, and if it meets BBBEE requirements.
Ms Lindy Bodewig explained that the irregular appointment of service providers is still reflected in the Annual Report of 2015/16. There was a whistleblower that went to the Public Service Commission (PSC). Documentation and evidence were provided to the Commission. Whenever there is an investigation within a department, the Auditor-General has to reflect it in its annual report. Treasury got the report from PSC and it stated there was no irregular appointment of service providers.
Mr Shaik Emam asked about the total costs incurred for the movement from IFMS1 to IFMS2.
Ms Bodewig reported that Treasury has lost nothing. There was a set budget of R4.2 billion for the full project, from inception to end. The R4.2 billion is not an allocation but an indicative budget. IMFS1 cost Treasury R1.2 billion. The rest is for IMFS2.
Mr Gcwabaza asked for clarity on the budget for IMFS1 and 2 and where and how it was kept in the Treasury budget and reported on. He asked for the budget for IMFS2 for the 2016/17-2022 period.
In reply to Mr Gcwabaza asking if companies involved in IMFS1 are still contracted for IMFS2 or are gone, Ms Bodewig explained that a number of service providers provided different services. Treasury engaged them because it is promoting local services. For example, ICT Works provides work and licences. The company worked on IMFS1. It is a black empowered company and Treasury had discussions with them on continuing to provide services to Treasury. These contracts are legal. There was a principled approach in dealing with service providers to be discontinued and that was done within the legal framework.
On where the money has been kept, Ms Bodewig replied that the Treasury ENE document, especially Programme 5 states where the money is. The ENE document has a line item under Financial Systems, and that line item states the sub-programmes. They employed the Gartner Model when they changed from IMFS1 to IMFS2, and everything would fit within the R4.2 billion. IMFS2 would cost around R3 billion and is located in Programme 5 of Treasury.
Ms M Manana (ANC) asked about the status of the investigation undertaken by Deloitte. She remarked that it is disturbing to discover there were leaks from Treasury about internal audits without the final report from Deloitte.
Ms Bodewig elaborated that the Deloitte draft report indicates there is work done already. Between the Audit Committee and Deloitte there are some outstanding issues that are being handled. There is a draft report but it has not been tabled to the Office of the Director-General.
On the media leaks, the Director-General stated that Treasury does not know how the report got leaked to the media, but it would leave no stone unturned to find where the leak is. This whole matter is about people who do not care about the work they do. The manner in which these people do their work is anti-developmental. They acted as soon as this was in the news. Colleagues and chairpersons of committees met to find out about the leaked report. The legal department has been approached to come up with alternatives. The procurement office also met to find out about the appointment of the mentioned service providers in the report. He said there would be many questions as Treasury interacts with the Committee. Treasury is still intact and has not fallen apart. Senior managers will be briefed on the questions raised by the Committee.
The Chairperson asked why the deliverables were not monitored by the internal auditor because internal auditors are supposed to work with the monitoring and evaluation team. She asked if Treasury has a strong monitoring and evaluation team.
Mr Siperepere replied that the internal audit handles the strategic monitoring and it works closely with the monitoring and evaluation team. The internal audit evaluates the work, efficiencies and performance information of the monitoring and evaluation team.
Mr McLaughlin proposed Members should postpone the meeting with Treasury because it is the first time they are seeing the document. Members should unpack it and do their homework and then engage Treasury at a later stage.
Ms Shope-Sithole agreed with the proposal, but asked Treasury to forward the Committee all the reports of the AG from 2005 to 2016 to see if the AG had not advised Treasury earlier about this. Those documents should be accompanied by the reports of the internal audit committee and Public Service Commission report.
Dr Madlopha supported Mr McLaughlin’s suggestion with the amendment that Treasury brings all reports since it started IMFS1.
Dr Figg seconded the move and asked Members to submit their inputs in writing to National Treasury beforehand.
The meeting was adjourned.