SITA leaks sink govt ID management project


The Department of Home Affairs has cancelled a R5 billion smart identity card tender after leaks in the State IT Agency, (SITA) the government entity charged with awarding information and communications technology contracts, compromised the process.

Home Affairs spokesman Ronnie Mamoepa this morning told defenceWeb the tender had been withdrawn after

Business Day reported bidding consortiums had not yet been officially told about the development. Mamoepa said it is for SITA to inform the bidders.

A written Home Affairs answer to a Parliamentary question tabled last week states the department is currently “in discussions with National Treasury to possibly allow us to start the process from scratch.”

The answer adds that the smart ID card “remains one of the crucial plans of the department.”

ITWeb reported in March that SITA acting CEO Femke Pienaar had conceded that confidential information had been made public during the tender adjudication process that had started in June last year and that this had compromised the integrity of the process.

The tender for the production of about 50 million cards closed in May 2008.

“SITA subsequently had to reappraise its governance checks and balances, to ensure the process could withstand scrutiny from both a legal and governance perspective,” ITWeb quoted Pienaar as saying.

Home Affairs, in answer to a question by Independent Democrats MP JJ McGluwa added that SITA advised it in April 2009 that a forensic audit of the tender process was being carried out to investigate the apparent irregularities.

“As at the end of August 2009, the department had not been advised of the outcome of the forensic audit.”

High on wish list, low on action list

Smart ID cards has been high on government`s priority wish list for close on 15 years and a pilot scheme was originally scheduled for late last year, using pensioners as a sample group but this never happened.

The department`s 2009/10 budget subsequently earmarked R104 million for a 50 000-card pilot in “the first quarter of 2009/10”, April to June 2009, but that did not materialise either.

The cards would have replaced the notoriously-easy-to-fake bar-coded ID document in use since 1986.

It forms an adjunct to a controversial about R4 billion “Who am I” identity management security system that is currently also being implemented by a GijimaAST-led consortium as part of an effort to safeguard the National Population Register.   

Poor controls, bad leadership, corrupt officials and a paper-based system have combined to make a mockery of government`s handling of identity management, leading to Britain imposing visas on South Africans wanting to visit there.

This after multiple instances of finding valid but unlawfully issued passports and ID documents in the hands of third-country criminals – and in at least one case – al Qaeda terrorists.

Business Day adds irregularities included leaks about which company had won the deal, although Msimang says his department had not received a recommendation on which consortium the contract should be awarded to.

The paper says the alert was sounded by the Auditor General during an investigation of procurement practices at SITA, which has been dogged by accusations of corruption and incompetence since its formation 10 years ago.

The department asked to see the auditor`s report, which could have clarified the type of information that was leaked and who had leaked it to which bidders. But the report never seemed to be completed, Msimang said.

“When we didn`t receive any information as to what was happening we decided to cancel it.” Large IT companies, including Business Connexion, Dimension Data and GijimaAST, submitted bids for the contract.

Business Connexion`s public sector executive Isaac Mophatlane said malpractices and mismanagement at SITA were damaging the ICT industry. Although Msimang did not clarify how home affairs might proceed, Mophatlane said the Treasury might be asked to oversee the tender.

Rot reported at SITA

Meanwhile, ITWeb reports today that a risk assessment report commissioned by the SITA executive earlier this year confirms irregularities within the organisation and its procurement practices, “involving not only several of the agency’s employees, but also other high-profile figures.”

The 613-page report seemingly reveals the “total breakdown of the internal control environment, and leaves questions about how such widespread illegal practices could have escaped SITA management and its internal audit committee,” ITWeb says.

The report`s authors found evidence of apparent corruption, conflicts of interest, duplicate payments worth a conservative R355 million and invalid supplier and employee identities.
“In terms of duplicate payments, the investigation uncovered … a large volume of low-value duplicate payments made to suppliers. There also appear to be large payments split into smaller payments to bypass authority levels, and either duplicate payments or one large payment split into smaller multiple payments to bypass authority levels, or a combination of both.
“The investigation uncovered, from information interrogated, that there were 21 suppliers where multiple payments were made where the invoice numbers are different and payment was made to the same supplier, on the same day, for the exact same amount, using a different payment number.”

In four cases employees’ physical addresses matched supplier addresses, while eight employee telephone numbers matched supplier telephone numbers.

In another five instances, SITA employees’ spouses are listed in the supplier database as suppliers or supplier points of contact. In a further five instances, employees’ children, or next of kin, have been found in the supplier database as suppliers or supplier points of contact.

The report also points out that there are serious discrepancies in the databases supplied by SITA for the investigation. For instance, the employee database had 3 673 entries, implying that this is the number of employees at the agency.
“This list contained virtually no personal information; information such as home address, postal address, telephone numbers, next of kin, etc. Further data was requested and received,” the report states.

The second set of data received was the agency’s payroll database, containing 2 868 line items, implying that SITA has 2 868 employees. “This data contained bank account details and employee ID numbers, tax numbers, etc, but no personal information.”

Subsequently, a third set of data was received, in the form of SITA’s HR database. This list contained 4 368 line items, implying that there are 4 368 SITA employees.

Similar discrepancies were found in the various vendor/supplier databases that were submitted for scrutiny.