The lack of adequate IT systems across government has been cited as a key obstacle to service delivery, and the reason behind several adverse findings in the auditor-general's (AG's) latest general report, on National Audit Outcomes, by a risk management consultant.
According to the report, of the 38 national departments audited all had “findings” related to IT service continuity; 92% did not fully comply with user-access management controls; 81% did not have full security management systems in place; and 79% did not have a complete IT governance framework.
In addition, of the 77 public entities that were subject to the audit, 83% were lacking in IT service continuity, 95% in terms of user-access management, 92% did not have complete security management in place, while 75% fell short on IT governance.
The AG notes public sector departments and public entities are “heavily reliant on IT systems to perform their statutory financial management, reporting and administrative functions. These systems enable the automation of business processes and transaction processing, which contributes to effective internal control at departments and public entities.”
Information processed and stored on IT systems is seen as a “strategic asset that is vital to the accuracy and reliability of the financial and performance information used by management during the planning, monitoring and reporting phases”, the report says.
Systems lacking
Bart Henderson, CEO of risk management consultancy Henderson Solutions, says the report indicates that government has a problem with service delivery, and one of the “biggest weaknesses” is a lack of adequate IT systems. “Everything is affected by IT.”
Henderson says proper IT systems are “crucial for emerging and developing economies”. He points out that if there are problems with IT, it affects aspects such as supply chain management, human resources, financial statements and general oversight.
“To have a situation where billions have been spent on ICT and to still experience such high levels of inefficiency, ineffectiveness and circumvention of supply chain management policies and procedures and procurement is untenable.”
Only 8% of national departments received clean audit outcomes, compared to the 39% of national public entities, AG Terence Nombembe wrote in the foreword of the recently-released report, which covers the year to March 2011.
Nombembe says he is “concerned about the continuous decreasing trend of departments and public entities receiving clean audits”. While 34 entities improved, 61 regressed, which means the “administration as a whole is not making progress towards the desired audit outcomes”, he says.
Not up to scratch
Despite the importance of IT systems, the majority of public entities and national departments are lacking in several vital aspects.
Among the AG's findings was that 79% of departments did not implement some IT governance aspects, such as executive management oversight of IT activities, IT risk management processes, IT strategic planning, service level agreements and delegation of key IT responsibilities.
Information security controls, which aim to stop unauthorised access to networks, operating systems and application systems that prepare financial information, were inadequate at 81% of the departments, says the report.
Over 90% of departments did not implement user account management controls, which led to processes such as user access not being formally approved, as well as system controller activities access not being monitored and reviewed.
The AG picked up control weakness at all departments relating to IT service continuity. Deficiencies vary between backups that were not performed, business continuity plans and disaster recovery plans that were not established, and data that was not stored off-site to enable connection to SITA for the resumption of business operation in the event of a disaster.
The report says 75% of public entities did not implement all IT governance aspects, while information security controls were inadequate at 92% of the public entities audited. Half of the public entities do not have IT security policies.
In addition, 95% of public entities had not implemented user-account management controls, and 83% of public entities had not adequately implemented controls around IT service continuity.
---
Autor(en)/Author(s): Nicola Mawson
Quelle/Source: ITWeb, 20.01.2012
Bitte besuchen Sie/Please visit:
