This presentation outlines the progress report on the Government Printing Works' implementation of the Ministerial Review Panel recommendations to the Portfolio Committee on Home Affairs. It covers the background of the incident in February 2021, challenges identified, overall progress, progress per functional area, conclusions, and recommendations made. The report highlights historical organizational instability, lack of handover between senior managers, structural gaps in capacity, external dependencies on policy matters, ICT infrastructure issues, and more. Progress has been made in implementing the approved organizational structure, albeit affected by cost containment measures from the National Treasury.

• Government Printing Works
• Ministerial Review Panel
• Progress Report
• Home Affairs
• Challenges

maisie Follow

Uploaded on Mar 13, 2024 | 0 Views

Government Printing Works Ministerial Review Panel Progress Report Presentation

PowerPoint presentation about 'Government Printing Works Ministerial Review Panel Progress Report Presentation'. This presentation describes the topic on This presentation outlines the progress report on the Government Printing Works' implementation of the Ministerial Review Panel recommendations to the Portfolio Committee on Home Affairs. It covers the background of the incident in February 2021, challenges identified, overall progress, progress per functional area, conclusions, and recommendations made. The report highlights historical organizational instability, lack of handover between senior managers, structural gaps in capacity, external dependencies on policy matters, ICT infrastructure issues, and more. Progress has been made in implementing the approved organizational structure, albeit affected by cost containment measures from the National Treasury.. Download this presentation absolutely free.

Presentation Transcript

1. GOVERNMENT PRINTING WORKS MINISTERIAL REVIEW PANEL PROGRESS REPORT PRESENTATION TO PORTFOLIO COMMITTEE ON HOME AFFAIRS DATE: 05 MARCH 2024 1

2. Presentation Outline 1. Purpose 2. Background 3. Challenges Identified 4. Overall Progress 5. Progress Per Functional Area 6. Conclusion 7. Recommendation 2

3. 1. Purpose This presentation provides the progress report on GPW s implementation of the Ministerial Review Panel (MRP) recommendations to the Portfolio Committee on Home Affairs. 3

4. 2. Background The incident of the 4thof February 2021 The EVA hardware containing, servers and systems supporting critical functions at Government Printing Works (GPW) crashed, and resulted in the loss of critical data. Ministerial Review Panel (MRP) was appointed in 2021 to investigate the incident and associated challenges in GPW. The Panel s investigation focused on the following functional areas: Information and Communication Technologies (ICT), Human resources, Finance, Operations and Production and Security services. The report was finalised by the MRP and presented Minister of Home Affairs, and thereafter to the Portfolio Committee on Home Affairs on the 05thJuly 2022. 4

5. Background (cont.) Government Printing Works (GPW) Management received the report in September 2022. Immediately, GPW management developed actions plans in order to systematically and adequately respond to MRP recommendations. 5

6. 3. Challenges identified Historical organisational instability, has had a negative effect on organizational culture. Lack of handover between senior managers leaving the organization had a negative impact on business continuity. GPW has an inherent challenge in terms of institutional capacity due to structural gaps and vacancies. The approved organizational structure needed to be reviewed and the approved structure implemented to address these capacity gaps. External dependencies on policy and regulatory matters e.g. National Treasury on ERP Dilapidated ICT Infrastructure, systems upgrade and technological refresh Systemic institutional challenges e.g. SITA-GPW project management prescripts and SCM processes Cost containment measures imposed by National Treasury, and moratorium appointment of personnel, based on directive dated 01/10/2023. Legacy audit matters due to GPW sever-crash and data loss that occurred on the 4 February 2021 on . 6

7. Challenges identified, cont.. Implementation level: The approved organisational structure has been implemented since 01 April 2022 in response to this recommendation. Progress affected by the cost containment circular from National Treasury in 2023. Progress on certain recommendations is dependent on other departments or entities, outside GPW (i.e. Public Service Commission, National Treasury). OPSC has since closed its investigation and feedback provided to GPW. Investigations, although time frames are allocated, depends on complexity of matters being investigated. The forensic investigation report was presented to management in February 2024 and GPW was afforded an opportunity to provide comments. . 7

8. Progress Report 8

9. 4. Overall Progress Unit Total Completed In progress Percentage 21 16 5 Financial Services 76% 18 12 6 Security Services 67% 17 13 4 Human Resources 76% 32 29 3 Office of the Chief Executive Officer Information and Communication Technology 91% 61 41 20 67% 4 2 2 Manufacturing and Engineering 50% 5 2 3 Operations Management 40% 1 0 1 Internal Audit 0% 5 5 0 Facilities Management 100% 2 0 2 Legal Services 0% 167 120 47 Total 72% 9

10. Overall Progress, cont.. MRP Recommendations 48 119 Completed In Progress GPW had a total of 167 Recommendations. To date, 120 Recommendations have been completed (72%) To date, 47 Recommendations are currently in progress (28%) 10

11. Overall Progress, cont.. Unit In progress 0 - 6 Months 7 12 Months 12+ Month 5 2 3 0 Financial Services 6 4 1 2 Security Services 4 4 0 0 Human Resources Office of the Chief Executive Officer Information and Communication Technology 3 3 0 0 20 5 8 7 2 1 1 0 Manufacturing and Engineering 3 1 1 1 Operations Management 1 0 0 1 Internal Audit 2 0 1 1 Legal Services 47 20 15 12 Total 11

12. Overall Progress, cont.. MRP Recommendations 25% 43% 32% 0-6 7-12 12+ To date, 47 Recommendations are currently in progress A breakdown is as follows: Short term: 20 (43%) will be completed (0-6 months) Medium term: 15 (32%) will be completed (7-12 months) Long term: 12 (25%) will be completed (12+ months) 12

13. Overall Progress, cont.. The recommendations discussed below were completed in the last 6 months subsequent to the previous Portfolio Committee presentation. Presentation per Branch follows: 13

14. 5. Progress per Functional area Presentation per functional area follows: 14

15. Financial Services 15

16. 5.1. Financial Services 25 21 20 16 15 10 5 5 0 Recommendations Total Completed In Progress 16

17. Financial Services, cont.. Recommendation Progress Devise a well-researched, comprehensive costing and pricing strategy with clear performance indicators to be included in the MTEF. The Pricing Strategy was approved on 02ndMay 2023. The Costing workshop was held on the 19thOctober 2023. It was agreed through the Fiscal governance committee that the Pricing Strategy will be reviewed annually, starting in March 2024 (2 months before expiry of current approved strategy). Draft a well-researched costing policy supported by clear SOP, including a detailed structured costing model that is linked to pricing. The Costing Policy and SOP s were approved on the 17th August 2023. The Costing workshop was held on the 19thOctober 2023 It was agreed through the Fiscal governance committee that the Costing Policy will be reviewed annually, starting in June 2024 (2 months before expiry of current approved policy). 17

18. Financial Services, cont.. .. Recommendation Progress Draft a detailed, comprehensive pricing policy in which prices are at least break-even to improve revenue collection The Pricing strategy was approved on 02 May 2023, in line with the Costing Policy. Following the Costing workshop held on 19 Oct 2023, it was agreed through the Fiscal governance committee that the approved Costing Policy will be reviewed annually and new amendments will be effected during the review period in June 2024 (2 months before expiry of current approved policy) Ensure that all revenues and costs are ring fenced within the entity s trading account so that profitability can be ascertained. To support this, GPW should implement an effective system of inventory management or stock control. Ring-fencing of items has been completed in the trading account of GPW. GPW has ring-fenced prices for security products like passports and identity documents through pricing agreements with the Department of Home Affairs. The setting of tariffs takes into account the cost of manufacturing and production to ensure sustained revenue base and profitability. Inventory management system in place. Monthly stock counts are being conducted across GPW s offices. TORs for the appointment of a service provider to develop a long-term inventory management systems over a period of 3 years was approved by BSC. Probity audit completed. Implementation will start in the next financial year. 18

19. Financial Services, cont.. Number of Contracts Number of Standard contracts Number of Sole Suppliers Number of Single Source Number of Long- Term Contracts (Evergreen) Number of Month to Month Contracts 105 45 56 4 0 0 The above data is based on active and valid contracts/SLA s The long standing (evergreen contracts) have been regularised through SLA s The contracts were regularized through addendums and converted to fixed term signed contracts 19

20. Security Services 20

21. 5.2. Security Services 20 18 18 16 14 12 12 10 8 6 6 4 2 0 Recommendations Total Completed In Progress 21

22. Security Services cont.. Recommendation Progress Institute an electronic visitor registration system The visitor management system was installed, signed-off and handed over to GPW. They system is online and functional. For a National Key Point, visitor registration should be electronic and visitor identities captured and verified through passport, ID cards, licence cards, or employee cards. Finalise a project plan for implementation of the new security operating model The Revised Security Operating Model was approved and being implemented through the approved Security Management Plan with clear deliverables and time frames. The Plan is reviewed annually. General Manager; Corporate Services oversees the execution and review of the Plan. Security Committee has been functional and facilitates implementation of the Plan. The security management unit needs to draw up a project plan with clear deliverables and timelines and have it signed off by relevant stakeholders. The progress of this project needs to be monitored and reviewed continuously to completion. A dedicated project manager should be appointed to oversee the execution of the project to its completion. The Security Steering Committee, once established, could play a major role in spearheading the implementation of the project. 22

23. Human Resources 23

24. 5.3. Human Resources 20 19 18 16 16 14 12 10 8 6 4 3 2 0 Recommendations Total Completed In Progress 24

25. Human Resources, cont.. Recommendation Progress In particular, the senior management roles in Production and Operations, which have been vacant for too long, need to be filled as a matter of urgency Three (3) General Manager posts were filled in December 2023 GM: Manufacturing and Engineering GM: Operations Management GM: Corporate Services The Director Contract Management was appointed GPW management should urgently review and restructure the All posts in Directorate: Contract Management filled current contract management unit, recruiting an experienced, All employees in Contract Management attended and professional, and technically competent contract manager with completed the Contract Management training during high ethical standards to manage the unit. The proposed September 2023, to empower them to manage contracts restructured unit should be supported by a competent team to effectively. ensure that all contracts are managed efficiently. 25

26. Human Resources, cont.. Recommendation Progress GPW officials have been taken through the POPIA training, Implement systemic recommendations to address issues around the Ethics training course, as well as on Information information leakage Handling. Expedite implementation of systemic recommendations to address information leakage and culture of misinformation to The Communications Policy has also been approved to third parties manage communication channels, and dissemination of information to internal and external stakeholders. 26

27. Human Resources, cont.. Change Management Strategy and Plan GTAC has finalized the Change Management Strategy, which was presented to GPW management for input and buy in Change Management Plan has been approved and implementation will start on the 01st April 2024 Labour Relations cases based on MRP recommendations have been dealt with 27

28. Office of the CEO 28

29. 5.4. Office of the CEO 35 32 29 30 25 20 15 10 5 3 0 Recommendations Total Completed In Progress 29

30. Office of the CEO, cont.. Recommendation Progress AGSA should investigate all the deviations submitted to the office of the Procurement officer and approvals thereof. The investigation must determine if the office of the Procurement officer conducted its own business fairly, legally and professionally when deviations were approved. The investigation must also determine why approvals were made seemingly without a deeper analysis of GPW submissions from the office of the Procurement officer. The report must detail consequence management, if any. The same report must be shared with the Minister of Home Affairs and Minister of Finance. GPW shared the MRP Report with AGSA for this purpose. The GPW s audit based on RFI s raised, incorporates recommendations from the MRP Report and management has been responding to all RFI s. The findings from AGSA had been incorporated into the Management Report and Audit Report. A summary of these findings were also included in the Annual Report, which was submitted to Minister of Home Affairs and thereafter tabled to Parliament. Investigate allegations of impropriety involving the concentration of power in the former CFO s office against Messrs Mckie and Barnard through a forensic process. A Forensic Investigation Company was appointed to investigate this matter. A report which was presented to management in February 2024 is being considered. There must be a forensic investigation about the appointment of Intervate and DAC and to ascertain if the Constitution, PFMA, Treasury Regulations and other relevant pieces of legislation were bypassed and institute disciplinary action and launch a criminal investigation against those involved. A Forensic Investigation Company was appointed to investigate this matter. A report which was presented to management in February 2024 is being considered. 30

31. Information and Communication Technology 31

32. 5.5. Information and Communication Technology 70 61 60 50 41 40 30 20 20 10 0 Recommendations Total Completed In Progress 32

33. Information and Communication Technology, cont.. Recommendation Specialist services maintenance agreements signed Ensure that all specialist services to support key applications, as well as necessary maintenance agreements, are signed with immediate effect Progress Service Level Agreements for specialist services have been signed Microsoft Enterprise Agreement is signed. Professional Services Acquired for 36 months. SITA Business Agreement with GPW signed Several meetings with between GPW and SITA Executives and management to address critical ICT matters affecting GPW. SITA engaged on the Ten- year strategy and consultative sessions held between technical experts Engage SITA as an active ICT partner GPW management should immediately engage with SITA as an ICT partner and address all technical issues of the past. They should together develop a ten-year strategy with an implementation plan to ensure that the GPW functions optimally SITA Business Agreement with GPW signed Memorandum of Understanding (MoU) with SITA Within two months of receiving the report, management should draft a Memorandum of Understanding (MoU) with SITA to attend to all procurement matters relevant to both parties, including setting out a practical working model for both parties. This should be done in accordance with the SITA Act, the PFMA and its regulations, and all other relevant NT Practice Notes. On access to GPW information systems The Panel could not independently verify if accounts that accessed the administrative tools performed expected duties and/or were authorized. A further investigation in this regard can be considered. Professional Services Acquired for 36 months. ICT Security Strategy Approved 33

34. Information and Communication Technology, cont.. Recommendation Consequence Management Disciplinary actions must be considered against the Deputy Director: Infrastructure Specialist and the Deputy Director: Database Specialist for not regularly testing and ensuring that the backup and restores procedures of the backup solutions that they had made available for the lost data are functional. Though specific to backup tapes, the GPW ICT Backup and Recovery policy requires that tests be performed regularly and preferably, monthly, and the incumbents had roles to play in the data backup process. Progress Disciplinary process completed by the Labour Relations. Disk scrubbing process and procedure has been established, approved and incorporated into the ICT maintenance policy Disks procured from any service provider other than the OEM Disks procured from any service provider other than the OEM, should be scrubbed off foreign data and formatted to ensure that only one version of data is stored. Servicing of UPS units ICT should take full responsibility of managing the ICT Environmental controls. This includes ICT taking responsibility for the management and services of the ICT Environmental controls, that is, UPS, Air conditioning etc. The Service Provider for the Maintenance of the UPS and the air-conditioner is appointed, and UPS are maintained. Appoint a short-term contractor to stabilise the ICT environment Procure the services of a contractor with knowledge of and experience in working with VMWare Hyper- converged infrastructure technology to work hand in hand with the loaned resource from the Department of Home Affairs (DHA) until the ICT infrastructure and ICT service offerings are stabilized and appropriately qualified staff members are appointed. Professional Services Acquired for 36 months. 34

35. Information and Communication Technology, cont.. Recommendation Progress 1. ICT Procured Microsoft Azure platform which will be utilised for migration of workloads whilst ICT engage in procurement of infrastructure. Temporary co-located server host for the corporate component DR site Identify a temporary co-located server host for the corporate component DR site. A temporary server host could be SITA, which is currently hosting a mainframe for the GPW, where the mainframe SLA is for PERSAL services and batch printing (for the printing of Payslips) (Annexure B25 and Annexure B26); or CSIR DC (separate from the GPW DR site); or DHA. 2. Servers copied to BCX Datacenter implemented. 3. Test data backup and restore conducted. Whichever option is pursued, SITA will need to be involved, as it is mandated by the SITA Act through Paragraph 4.1.2 of Part A of the SITA Regulations, 2005 to prepare a comprehensive disaster recovery strategy and business continuity plan for government departments Contingency plan for procurement of critical skills Professional Services The GPW should put a contingency plan in place, including the procurement of the critical skills through a SITA Transversal Tender for Professional Services, until the approved ICT posts are filled. 1. SITA Business Agreement with GPW signed. 2. Professional Services Acquired for 36 months. 1. SITA Business Agreement with GPW signed. Ensure adequate resources and capacity needed for ICT to deliver Ensure that the ICT Strategy and Plan include the resources needed to enable ICT to deliver on the multi-year technology roadmap. Resources should include human capital and a structure that can deliver and manage, through digitization, an ICT environment that will support the work of the GPW. (P.O.E to be provided, of service providers. 35

36. Information and Communication Technology, cont.. Recommendation Progress Electronic visitor registration system implemented Institute an electronic visitor registration system For a National Key Point, visitor registration should be electronic and visitor identities captured and verified through passport, ID cards, license cards, or employee cards. User management process in-place and approved ICT has put tighter controls in place to manage access and ensure that only authorized users gain access to the GPW network and systems. Implement time-sensitive electronic access control Given the limited resources of the security department, it can be difficult to track access that was granted previously but has been revoked. An automated system to revoke access through expiry or termination of a contract is needed. The security operating model is approved. ICT Security Policy approved Security Policies approved The approved ICT policies incorporates security provisions to protect organizational data, network and systems. Align security policies One of the key initiatives in the proposed security operating model is to develop baseline security policies, procedures and standards . In the implementation of the security operating model, this key initiative needs to organize policies hierarchically, starting with the highest-level policy, followed by the policies of each business unit. The ICT team would develop lower-level, implementable policies deriving from the highest-level policy. 36

37. Information and Communication Technology, cont.. Recommendation Progress Patch and upgrade software Software such as Windows Server 2008 R2, Microsoft IIS 7.5, Microsoft SharePoint 2010, and Net 2.0 need to be upgraded. Applications libraries that are misconfigured insecurely need to be reconfigured as detailed in the May 2021 penetration testing report (see Annexure F2). Software upgrade has been completed as follows: Windows server 2008 R2 is upgraded to 2019 version. Microsoft SharePoint 2010 upgraded to Microsoft SharePoint server 2016 and Share Point online Microsoft IIS 7.5 upgraded to IIS 10.0 Net 2.0 is upgraded to Net 3.5 Patch management is preformed monthly Vulnerability Pen Test conducted. The signed Business Agreement and SLA between GPW and SITA addresses disaster recovery support i.e whitespace proposal received by GPW to assist with remote back up. The disk scrubbing process has been approved and being implemented. GPW needs to involve SITA The GPW needs to involve SITA where appropriate and where SITA has the capability and capacity to ensure viable disaster recovery. Scrubbing of new disks Though proper procedures were not followed by Mr. Bezuidenhout when installing the disks, and the overseer of the function is the CIO, both the ICT personnel, Mr. Bezuidenhout and the CIO should take accountability for not following proper basic procedures and the ultimate non-recovery of GPW critical data from the disks. 37

38. Manufacturing and Engineering 38

39. 5.6. Manufacturing and Engineering 4.5 4 4 3.5 3 2.5 2 2 2 1.5 1 0.5 0 Recommendations Total Completed In Progress 39

40. Manufacturing and Engineering, cont.. Recommendation Progress The business continuity plan should include procedures for each operations and production sections as well as training of staff to execute disaster recovery plans 1. Assessed the disaster recovery requirements 2. Developed business continuity and disaster recovery procedures aligned to the approved plans for: i. Travel Documents ii. Identity Documents iii. Examinations iv. Security Certificates 3. Conducted training and issued the plans to relevant key individuals responsible for execution of procedures in the event of a disaster situation. 40

41. Operations Management 41

42. 5.7. Operations Management 6 5 5 4 3 3 2 2 1 0 Recommendations Total Completed In Progress 42

43. Operations Management, cont.. Recommendation Progress The GPW should evaluate which standards are the most appropriate to implement, over and above the mandatory standards required by customers and international requirements. The evaluation is completed. The most appropriate standards to implement are: ISO 22301:2019 (Business Continuity), ISO 9001:2015 (Quality), ISO 45001:2018 (Occupational Health and Safety), ISO 14001:2015 (Environment), ISO 27001:2022 (Information Security) and ISO 18788:2015 (Security Operations). 43

44. 5.8. Internal Audit 1 recommendation is allocated to Internal Audit and is in progress. The recommendation can only be completed once the International Standards of Operations (ISO) project is implemented by GPW. Then, the audit process will commence based on an approved audit plan. 44

45. Facilities Management 45

46. 5.9. Facilities Management 6 5 5 5 4 3 2 1 0 0 0 Recommendations Total Completed In Progress Outstanding 46

47. 6. Conclusion GPW management commits to implementing all recommendations in the short, medium term to long term, to ensure enhancement of operations and overall improvement of governance. 47

48. 7. Recommendation o It is recommended that the presentation be noted. 48

49. THANK YOU DANKIE NGIYABONGA ENKOSI RO LIVHUWA RE A LEBOGA HA KHENSA 49