Cibecs Releases App to Address Risk Assessment on the Back of Failed Government IT Audit Reports

Share Article

The latest SA auditor-general report (on National Audit Outcomes) cited the lack of adequate IT systems across government as a key obstacle to service delivery. Software company Cibecs has released an application that allows organizations and Government Departments to assess their level of data security risk and identify IT requirements.

One of the major reasons for the province’s
3 billion rand budget deficit is that its information technology systems are in a mess...

The latest auditor-general report (on National Audit Outcomes) cited the lack of adequate IT systems across government as a key obstacle to service delivery.

Cibecs Marketing Manager Brandon Faber believes that "this issue should be top of mind for all large organizations in 2012, and more specifically for Government Departments and Municipalities where data protection and Corporate Governance Compliance are paramount."

The recent Auditor General report illustrated how 90% of South African Government Departments have inadequate information security controls.

Failings highlighted include:

  •     a lack of IT service continuity planning
  •     inadequate controls in terms of user-access management
  •     insufficient security management systems
  •     a general lack of IT governance compliance

In short, the auditor-general (AG) found that practically none of South Africa’s national government departments and public sector entities have sufficient IT systems in place.

Cibecs saw a similar issue in businesses arising in the 2011 Data Loss Survey, which surveyed 350 IT managers from across the globe and highlighted that around 50% of IT Manager's are not happy with their current data protection solution.

"These statistics serve to illustrate a massive discrepancy between the risk and the adoption of solutions to prevent data loss and ensure data security. It takes a serious data loss incident or a failed Corporate Governance report, or worse, a huge financial penalty before organizations wake up to the importance of effective data protection," Faber states.

Faber further commented that when one considers how reliant individuals, businesses, and even whole industries are on their electronic data and effective management of this data, it becomes difficult to understand and in most cases, irresponsible, to ignore safeguarding this information.

The AG report highlights the fact that “public sector departments and public entities are heavily reliant on IT systems to perform their statutory financial management, reporting and administrative functions.”

The report then further laments the lack of adequate systems to protect vital organisational data*, stating: “Information processed and stored on IT systems is seen as a ‘strategic asset that is vital to the accuracy and reliability of the financial (and performance) information used by management during the planning, monitoring and reporting phases.”

Clearly the loss, destruction and inadequate management, of mission critical data are some of the major obstacles standing in the way of effective service delivery.

Lack of Accountability and Control

The impact of IT system failure on the South African government’s ability to perform and exercise prudent financial management is further highlighted by investigations into alleged irregularities and corruption in the Limpopo Province.

According to Finance Minister, Pravin Gordhan, “one of the major reasons for the province’s
3 billion rand budget deficit is that its information technology systems are in a mess, with gaping security holes and little controls in place to prevent access to (and tampering with) financial information.”

A fact not unique to the Limpopo Province it has to be said, with the AGs report finding that information security controls (which aim to stop unauthorised access to networks, information etc) were inadequate at:

  •     81% of audited government departments
  •     92% of audited public entities

Added to that the AG found control weakness at all departments relating to IT service continuity, with deficiencies varying between a failure to backup user and organisational data and a lack of business continuity, to effective disaster recovery planning.

Faber states that this report serves as a blinding case study to the importance of employing the correct solutions for data backup, data protection, data reporting and data recovery. "Without a solution in place businesses are standing in the firing line. The legalities around Data Protection are gaining traction and the risks include financial penalties and even jail time. Unless you can prove that you're protecting your business data properly, you could face serious consequences."

"One of the ways that Cibecs would like to assist with this is by providing our Data Risk Assessment app free on our website. You can download it, safely run it in your environment and in 20 minutes you'll have a full report."

Register here to download the Risk Assessment App that will help you generate a comprehensive Data Risk Assessment of your environment

Control, Compliance & Continuity

Faber believes that a starting point to quell government’s IT woes is the management and control of all mission critical data located on users’ endpoint devices, such as laptops and desktops.

An automated data backup and recovery solution will aid government departments to:

  •     Centrally control all aspects of critical user data backup
  •     Control access to data through encryption and management reporting
  •     Offer “version recovery” of data to obtain original copies of files
  •     Deliver quick and easy data recovery, including email PST files
  •     Prove business continuity and disaster recovery planning
  •     Prove adherence to Governance, Risk and Compliance protocols

The deployment of such a solution will have an immediate and favourable impact on rectifying Government ITs failings as pointed out by the auditor-general’s report.

With service delivery a key measure of government’s success, the importance of swift and decisive action cannot be stressed enough.

Visit our website for more information on Business Data Protection

About Cibecs:

Cibecs allows central control over user data, enabling IT to enforce an organisation’s data backup policy. In addition to quick and easy recovery of lost data, Cibecs offers key operational benefits, such as efficient reports to prove compliance with corporate governance requirements.

Cibecs is trusted by hundreds of thousands of business users worldwide, its clients include several leading South African financial institutions as well as public sector and parastatal organisations such as: The National Prosecuting Authority, the IDC, TCTA, the Gauteng Department of Education, SA Weather Services, DLGH-Gauteng, Department of Public Works, Roads and Transport - Mpumalanga, as well as several local municipalities.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Cibecs Marketing
+1 617 674 2437
Email >
Visit website