PARLIAMENTARY QUESTIONS
QUESTION NO.: 413
Mr L Ramatlakane (Cope) to ask the Minister for the Public Service and Administration:
Whether, with reference to the Auditor-General’s report on governance issues in her department, she intends to ensure that appropriate risk management activities are implemented in the information technology environment to prevent fraud and corruption; if not, why not; if so, what are the relevant details?
NW553EREPLY
The Auditor-General’s report contained in the Department of Public Service and Administration Annual Report of 2012/11 indicated, “the Department has not implemented appropriate risk management activities in the information technology environment to ensure that regular risk assessments including consideration of risks and fraud prevention are conducted and that a risk strategy to address the risks is developed and monitored”. To address the AG’s concerns, we have put measures in place to prevent the commission of fraud and corruption in the information technology environment and these include:
- Access controls are being implemented i.e. access to the server room has been tightened. Over and above the biometrics and video surveillance there is an access register for accessing the server room.
- A draft IT Governance Framework, which includes Risk management that is specific to the DPSA, has been developed. The Department is also currently finalising the Government wide IT governance which, once adopted, will be implemented by all departments;
- An IT risk register has been developed as part of the enterprise risk management register.
- Risk Assessments on IT environment are conducted routinely with the assistance of internal risk management unit.
- IT risk management framework draft is being developed to address IT risk department wide.