SITA 2020/2021 Annual Report; with Deputy Minister

Meeting report

Deputy Minister’s overview

Mr Philly Mapulane, Deputy Minister of Communications and Digital Technologies, provided Members with an overview of the State Information Technology Agency's (SITA’s) performance for the 2020/21 financial year.

The staff turnover rate of SITA had been positive when compared with the previous years due to there being more appointments than terminations. Its financial performance had been good, as its revenue had increased by 11.43% to R5.83 billion when compared to the previous financial year. Although the revenue had increased, it was still 5.73% below the budget target of R6.18 billion. The net surplus before tax of R398 million against the budgeted figure of R50.54 million also increased by 65% compared to the previous financial year. The entity was sustainable and financially stable.

SITA had received a qualified audit opinion, with matters of emphasis on property, plant and equipment, intangible assets and capital and operational commitments. Management would elaborate further on this during the presentation.

There were two items that the Auditor General reported as part of material irregularities. A lot of work had been done to avoid such irregularities. These were payments that had been made for licences that were not used, and the non-compliance was likely to result in a material financial loss of about R12 million. Management would elaborate on the issue of licences and the work that had been done to ensure that this would not be repeated.

There was also an issue of payment for services that were not rendered, and this was likely to result in a material financial loss of about R1.2 million. This referred to the broadband rollout that did not take place, but the entity would elaborate on the steps that had been taken to resolve this matter.

The Ministry was pleased with the turnaround that had been achieved. SITA had been repurposed and it had established a good financial standing.

SITA on its 2020/21 annual report

Mr Luvuyo Keyise, Managing Director/ Interim Chief Executive Officer, SITA, took Members through the presentation and said he would focus on areas where the entity had not performed as well as it would have wished to. The presentation covered performance information, human capital management, governance and financial information.

SITAs’ preliminary annual performance results reflected an achievement of 72.22% on its annual targets. While it did not achieve 100% performance on its predetermined objectives, the following key successes had been registered:

It had commenced with the deployment of multiple e-government services and established its e-Government portal that serves as a single point of entry to the government's electronic services. The portal currently had more than 55 e-services available.
It had successfully deployed two big data analytics use cases -- one for SITA's internal use as part of its supply chain efficiency programme, and another within government to integrate data and systems.
It had reduced the backlog of Department of Higher Education and Training (DHET) certificates, which dated back to 1992, thereby supporting government service delivery, satisfying the needs of deserving candidates and silencing complaints that had surfaced on multiple platforms.
SITA was instrumental in enabling government during the pandemic by providing seamless and secure communication and remote access solution services to 8 336 officials.
It had exceeded its planned target of 90% performance against measured contracted service level agreement (SLA) metrics. A performance level of 95.57% was registered, thereby positively impacting the management of service-level expectations and contracts, amongst others.

SITA had received a financially qualified audit report, with findings on compliance with applicable legislation. The root causes for the audit qualification were the useful life and impairment assessment of property, plant and equipment (PPE); the useful life and impairment of intangible assets, and the incorrect calculation of commitment balances, which was a new finding.

During the 2020/21 financial year, SITA reported irregular expenditure of R820 million (R560 million continuing from prior years, and R260 million detected during the current year), and R18.6 million in fruitless and wasteful expenditure. In addition to this, R1.5 billion had been incurred in the previous years and condoned. Irregular expenditure from the prior year was mainly related to access links as a result of a complicated engagement module and the volume of the contracts to be managed. An action plan to simplify the engagement model had been developed and was in the process of being implemented.

Discussion

Ms Z Majozi (IFP) said that when the Committee received the SITA report last year, it had been concerned about the entity’s direction. However, she acknowledged the improvement that had taken place at the entity and welcomed the incoming board. She asked if SITA had an internal audit committee that would sit with management and an independent audit subcommittee to assist in avoiding the concerns that had been raised by the Auditor General (AG). A risk management and audit committee would normally foresee some of the issues that could have been avoided. She emphasised the issue of having independent auditors in the entity.

Concerning irregular expenditure, several contracts had been poorly managed. If people were given responsibility, they must be able to account for those responsibilities. There was no mention of consequence management, and how irregular expenditure would be managed.

Mr Z Mbhele (DA) said that there was not much new in today’s engagement compared to previous ones, but focused on the issue highlighted about one of the root causes for the adverse findings, which was stated as information technology (IT) controls not being adequately designed or implemented to have an IT control environment. This was a glaring concern. What was the nature of the shortcomings or deficiencies around that key mechanism? Was it a case of financial constraints to improve and refine controls effectively, or a badly designed product given by a service provider in the first place? If it was a case of controls not being effectively implemented, did this suggest that there was a skills issue in-house?

Ms N Kubheka (ANC) was pleased with the performance in the fourth quarter and the finances because there was movement and things were shaping up. However, they were still having big challenges with the programmes on security, modernisation of the network, and modernising the data centre facilities. She hoped SITA would push to improve on these programmes, because there were targets that had not been achieved.

She asked SITA to confirm that it would ensure that the R1.5 million in funding for the conference were recovered.

SITA's responses

Mr Keyise said that SITA would recover the funds and it would be looking into broadening this process by not only recovering the R1.5 million or the R12 million for the software asset management tool licenses, but by using the same tool to look into all licenses that were used by the government, to ascertain whether we were paying for what they were using. One might see more on the licence side, but it was a deliberate decision by SITA because it wanted to ensure that what government paid for was being utilised.

There were a lot of governance structures around audit and risk management, starting from the board committee of audit and risk, which reviews all the work of management and other committees. This committee was comprised of independent experts. The new board would reconstitute an audit committee. They were pleased that the previous chairperson of the audit committee had been elevated to the board level, which helped with continuity. The expertise in the new board would assist the entity greatly. There were a lot of people with a technical background who would interrogate the work of the executive for greater accountability.

In management, there were a few different committees that were focusing on different matters, including the loss control committee. They were meeting on monthly basis, and their reports were integrated into the audit report of the board to show progress on what SITA was doing. The work it did in terms of the audit action plan was approved at the board level, and even the current audit action plan had been approved by the AG. He confirmed in the presence of the AG that a lot of improvement had taken place in the audit outcome compared to the previous financial year.

Mr Keyise said the qualification areas were not the IT control deficiencies, but they were also focusing on them to avoid their being a qualification concern. The issues that had been raised included mechanisms such as the IT steering committees that they needed to have, and reviewing all the IT policies and practices. There were legacy systems that they were trying to get the government to do away with because there was no value in automating them. They were also old, and the skills were very scarce. SITA was taking these IT control deficiencies very seriously, and management was working very hard to ensure that mitigating measures were implemented.

Further discussion

Ms Majozi said that she now understood the organogram, but the Committee still needed to put pressure on SITA. It had a lot of committees and governance structures, but there was no optimal outcome. They needed to ascertain whether these structures worked closely together to ensure that all the concerns of the AG were addressed. The Committee was going to pay more attention to SITA, which had come and told it about the measures that had been put in place to eradicate the issues that had been raised by the AG. What measures were being implemented to ensure that the responsible people for the irregular expenditure took accountability?

Ms Kubheka said that Members were aware of the achieved targets, and this was duly noted. She appreciated the fact that SITA had managed to implement the three digital platforms, but there must be an improvement. It had also managed to exceed its target of 90% on the issue of SLAs, so the Committee would ensure that it supported the entity

SITA's response

Mr Keyise said that when SITA began the previous year, it did not even have a person responsible for contract management, so a head of department (HOD) had been appointed, which was similar to a deputy director general (DDG) in government. SITA was managing more than 500 contracts for both itself and other government departments. It had started implementing measures since the last financial year, including ensuring that finance did not pay anything until there was a valid contract. It had also ensured that people were responsible for the contracts that they were managing, and there was accountability. If a contract was exceeded, SITA held those responsible people accountable. It had implemented a proper end-to-end contract management process, including the last leg of contract management, which was delivery management.

There was also work that was being monitored daily, and finance -- as the last line of defence -- did not effect payment for any contract that had exceeded its time or the value of the contract. Immediately this information was picked up, it went to the loss control committee to implement consequence management on the failure of the delivery manager and the contract manager for that contract. This was also being automated to ensure that each manager got a warning eight months before a contract expires, which pushes the contract managers to put together a plan to have a new contract if the service was still required going forward. This allowed SITA to also start putting processes in place to ensure that it did not pay unnecessary cancellation fees when it terminated a contract.

The Chairperson said that when the Committee started engaging SITA, there had been big challenges in the entity. It was important, whether it was referred to as irregular expenditure or otherwise, to provide comfort to the Committee it would not recur in the year under review, because a recurrence would mean that SITA had not learnt or implemented the action plans that had been submitted to rectify the situation and prevent future irregular expenditure.

He said the Minister had indicated she would come to the Committee to talk about procurement. In its presentation, SITA at some point had been quite excited about using technology and ensuring that there was an open or transparent tender system and clear accountability. Was the decentralisation just about ensuring that the departments were empowered, or was there a system in place that was seen as the way to go in ensuring the credibility of the procurement processes?

He also sought assurance from SITA on the matter of outsourcing during the process of getting skills back to the entity. What were the processes to ensure that talent was retained and the capacity was built up to ensure that there were adequate skills internally that could help sustain the stability of the entity?

Were there any parts of the audit action plan from the previous financial year that may be expected to be reported on again at the end of this financial year?

On cybersecurity and the strategies that had been developed, was SITA referring to an internal arrangement or did it also refer to the support given to the government?

Mr Keyise said that there was proper alignment on cybersecurity. The work SITA was doing was on behalf of continuous data protection (CDP) to empower government departments because the SITA Act puts the responsibility for the country's data security on SITA. Even though data security sat within the SITA’s Act, it holds the departments accountable for how they manage and secure their own data. There was alignment across all entities, and SITA would not be replicating, duplicating or developing separate data views or cybersecurity platforms, but was enhancing what the departments would do. Cybersecurity operation centres were being created to feed information to any cybersecurity security operation centre for defence intelligence, crime intelligence and for the State Security Agency (SSA) so that there was one source of information. SITA's aim was to prevent anything from getting to the network that might be malicious and give access to that information to the relevant bodies to ensure that there was alignment, including criminal justice. This had also been discussed with the cybersecurity response council, to which all cybersecurity entities reported.

SITA was in the process of implementing the audit action plan, even though it had been left with only a month to do so. On areas where it was worried, it might be found wanting again. The continuing irregular expenditure had come down by more than 69%, and the new irregular expenditure was R244 million, compared to R777 million in the previous financial year. It was managing more than R560 million of continuing irregular expenditure on the broadband side.

SITA was happy that Cabinet had agreed on the revised SA Connect broadband strategy, which would be rolled out as soon as possible. It was also happy that National Treasury had approved and extended the utilisation of Telkom lines where they already existed, so there would still be some elements of irregular expenditure on the data lines that it was managing until it concluded the procurement processes. SITA wished to have a partner with broadband service providers appointed for the government in every district, so that if a school or clinic needed to be connected it was well within range. It did not make sense to have to go on tender and not use the infrastructure that already existed. It was trying to monitor and manage it seriously and wanted to ensure that there was no duplication of infrastructure, but it used co-location. The Minister was publishing a policy around co-location so that SITA could appoint partners to work with per district.

The only thing it was asking the private sector for was to come as independent evaluators, auditors and experts in this space, and look into the formulas that SITA uses on the calculation of its intangible assets and PPE values so that the calculations it had done were reviewed. It did not agree with the simplistic view that the AG wanted it to implement. They could check and confirm the audit review, and the result of the work done could be shared independently with the AG. This had been agreed to with the AG. SITA had started this process already and was beefing up its capacity, with little dependence on external service providers. However, because it differed with the AG on the way it did this work, it advised having a separate alternative party that would review the formulas and the work that had been done, and this had been agreed to. If it was found that what SITA did technically made sense, then the AG would provide reliance on that basis.

Regarding the transparency of procurement using online tools, SITA was using these tools, but it had parked its system for two months to upgrade due to the large volume of tender applications received. It had received more than 4 000 responses on the computer procurement tender, which had really stretched and tested the architecture of that system, but now a new version would be released at the end of this month. SITA wanted to continue with the public online tender process which would allow people to log on to the G-Commerce platform to see the status of their application. SITA had not been created to deal with every little transaction, but to be a strategic player in ICT procurement. For now, it was dealing with volumes and because it was consumed by this work, it did not do the real strategic work and advise the government properly on the things that it procured.

The Chairperson thanked SITA for the comprehensive responses provided. He requested SITA to prepare and send its action plan.

Consideration and adoption of Committee programme

The Chairperson presented the draft Committee programme page by page for Members to comment.

The programme was considered and adopted without any substantive changes.

The meeting was adjourned.