Q: Why the need to revise the Corporate Governance of Information and communication Technology Policy Framework (CGICTPF) version 1?
A: As part of the ongoing monitoring process by the DPSA and AG, ICT governance in Departments had significant weaknesses. In the main, AG findings continuously reported:
- Inadequate support from EXCO on matters of ICT governance.
- Lack of knowledge / experience of those charged with ICT governance.
- Poor ICT projects oversight; and
- Lack of performance monitoring processes.
The direct consequence of these repeat findings include:
- Weak ICT governance.
- Weak IT controls.
- IT Projects failures; and
- IT Contracts failures.
Q: What is the purpose of the recently issued Determination and Directive?
A: Primarily, it is developed to address the ICT governance performance shortcomings, as highlighted by the Auditor-General of South Africa (AGSA) over the years of implementation. It directs the strategic leadership of the departments (executive management) to take responsibility for the governance of ICT equivalent to the other functions, including but not limited to finances and human resources. It also sets out the structures that must be identified as a minimum, including assigning roles and responsibilities and minimum practices. This approach will assist departments to understand what governance of ICT is and how it should be implemented to improve performance.
Q: What are the key roles and responsibilities and governance structures necessary for the implementation of the issued Determination and Directive?
A: The key roles and responsibilities are:
- the Head of Department - as the governance champion accountable for the corporate governance of ICT must establish the corporate governance of ICT system and monitor its performance.
- the Head of ICT - develop and manage the implementation of the ICT plan aligned to the MTEF, provide regular executive summary reports to the ICT steering committee and oversee and to continuously seek new methods and approaches to digitalize the department’s services.
The key governance structures are:
- the Executive Committee (EXCO) - provide support the functioning of the ICT Steering Committee and monitor and evaluate its performance, recommend approval of the ICT plan and relevant ICT policies for approval by the Head of Department and review and ratify quarterly ICT Steering Committee reports.
- the ICT Steering Committee - responsible for evaluating the use of ICT to enable the department’s business and to oversee ICT service delivery, thereby ensuring continuous service delivery improvement.
Q: What is expected from the national and provincial departments and their components?
A: As departments differ in purpose, function, complexity, and size (culture, goals, risks, compliance requirements, etc.), there is no one-size-fits-all solution. As a result, departments are expected to assess their existing ICT governance practices to determine aspects that require adjustments to achieve the requirements of the Determination and Directive. The determination and directive prescribes the development or review of the following minimum requirements:
- Departmental corporate governance of ICT policy;
- Information security policy;
- ICT service continuity plan;
- ICT project management framework;
- Business case for ICT projects exceeding R10 million Rands;
- ICT end-user policy (acceptable use); and
- IT service management policy.
Q: Why the need for a business case and the stipulated threshold?
A: Despite Government’s significant ICT investments over the years, there is no evidence of significant benefits that impacted service delivery positively. Moreover, many ICT projects don’t meet business expectations or are not aligned to the strategic objectives of the organization. As a result, it is now requirement that ;
- Before an ICT investment exceeding R10 million is made, the Head of Department must ensure that there is an approved business case.
- Where a department’s annual ICT expenditure does not exceed the R10 million threshold, the Head of Department must define an appropriate trigger for a business case. Departments are however encouraged to develop a business case for all significant ICT expenditure items.
Q: When are the departments expected to achieve the requirements of the Determination and Directive?
A: The departments are required to achieve the requirements of the Determination and Directive within 12 months of approval. The Determination and Directive was approved on 17 November 2022. Therefore, all the requirements must be achieved by 16 November 2023.
Q: What instrument will the Auditor-General of South Africa (AGSA) use to audit the Corporate Governance of ICT in the departments?
A: AGSA will use the Determination and Directive issued by the Minister under section 3(1) of the Public Service Act to audit the Corporate Governance of ICT in the departments as an appropriate legal instrument for this circumstance. The Policy Framework serves as the foundation for the corporate governance of ICT in the public service with broad principles and practices. Changes or enhancements to this policy will be dealt with through determinations and directives addressing specific subjects.
Q: When will the Department of Public Service and Administration (DPSA) measure or assess the implementation of this Determination and Directive?
A: The DPSA will conduct an annual assessment using a balanced scorecard approach focusing on both ICT governance compliance and performance measurement levels, effective from the 2024/2025 financial year. Further guidelines will be provided to the departments.
Q: Can the department appoint an external resource as the Chairperson of the ICT steering committee?
A: The Determination and Directive directs that a member of the executive committee (EXCO), other than the head of ICT or Government Information Technology Officer (GITO), must chair the ICT steering committee. The GITO provides technology leadership expertise to the committee and participates in developing the digital transformation strategy focusing on the department's optimization and transformation of ICT.
Q: What are the contact details for enquiries on implementing the Determination and Directive?
A: Contact us at
- firstname.lastname@example.org / 012 336 1034
- Nomawethu.email@example.com 012 336 1093