South Africa’s municipalities have improved their internal IT systems, with some even migrating to cloud computing, but there’s a still a lot of work tp be done before they’re fully operating in the 21st century digital era.

This is according to the Auditor General SA (AG) which released its audit results of South Africa’s municipalities for the 2015/16 financial year, revealing how local governments are performing in terms of utilising public funds to deliver services.

The AG looked at municipal IT governance, underpins the overall well-being of a municipality’s IT function and ensures that the municipality’s IT control environment functions well and enables service delivery.

The audits included an assessment of the IT controls in the areas of security management, user access management and IT service continuity

Overview of the status of IT focus areas

The AG’s assessment’s found that only 18% (47) of 262 municipalities across the country had good IT controls in place. This is an increase of 8% from 10% in the 2014/15 financial year.

“The improvements were generally due to the capacitating of, and increase in support to, municipalities by coordinating departments,” the AG said.

Fifty-two percent of municipalities’ IT controls were rated “of concern” and 30% required intervention.

Municipalities performed best in the area of security management, with 39% rated as having good security controls in place.

“Although municipalities were moving in the right direction and there had been an improvement over the two years in all areas, a number of municipalities still had not adequately defined and implemented basic IT controls in the security management, user access management and IT service continuity areas,” the AG stated.

“Some municipalities experienced security breaches as security controls were compromised, resulting in fraudulent activities. Some municipalities were still highly dependent on IT service providers and in many instances their performance was not monitored to ensure the agreed-upon level of quality was delivered.”

“Furthermore, the management of backups remained a challenge, as most of the municipalities did not test their backups to ensure that they could be restored when required.”

Support from coordinating departments

Another key factor in poor IT governance performance in some municipalities was how well different departments catering to municipalities coordinated their efforts to improve IT systems.

These departments are Cooperative Governance and Traditional Affairs, Provincial Treasury and the Offices of Premiers.

“Coordinating departments play a pivotal role in capacitating and supporting municipalities. The roles of each coordinating department are interlinked, but with a clear indication of the support to be provided,” the report said.

The table below shows which departments had provided support in each province.

The AG recommended  that the coordinating departments that have not supported municipalities as should strengthen their capacity to effectively support the municipalities in all provinces and share their supporting strategies across provinces so that they can leverage on each other’s success.

Using IT as an audit tool

Only 31% of municipalities were effectively using IT tools for auditing, while 36% were assessed as concerning as they had the capacity to perform IT audits, but were not yet performing this function and 33% performed no audits using IT.

Thirty-two municipalities used the cloud  to store and process their data, of these 63% had adequate internal controls to manage this environment, while the remaining municipalities were concerning or required intervention.

You can see the full findings on IT governance and controls in the AG’s report on its website.

[Image CC BY-SA]