GCIO2013_Summit_Summary
advertisement
1 DRAFT CONTENTS 1 INTRODUCTION.........................................................................................................3 2 GCIO SUMMIT OVERVIEW AND INTENT .....................................................................4 3 GCIO SUMMIT PROCEEDINGS AND STRUCTURE .........................................................6 4 ICT STRATEGY ...........................................................................................................8 5 FREE AND OPEN SOURCE SOFTWARE (FOSS) ............................................................ 16 6 ICT SKILLS ................................................................................................................ 22 7 GOVERNANCE OF ICT .............................................................................................. 25 8 CONCLUSION .......................................................................................................... 37 2 DRAFT 1 I NTRODUCTION The development and continuous refinement of a Government wide ICT strategy is critical in providing all spheres of Government with a clear direction and point of alignment for the development of individual ICT strategies. With the recent development and adoption of the National Development Plan (NDP), Government has created an inspirational vision and chartered a challenging course that will require significant changes and innovative approaches to improved citizen service delivery. The NDP will thus require that all Government departments and entities develop and execute programmes in a fully aligned and integrated way. These programmes will need to maximize synergies, cross-leverage skills and experience and make use of scarce financial and non-financial resources in a highly efficient and sustainable way. In today’s technologically advanced society, the role of ICT in supporting the achievement of these goals cannot be over-emphasised. ICT has a proven track record of revolutionising industries and Governments in countless ways across the globe and to ignore its potential in supporting the achievement of the goals outlined in the NDP is something that South African cannot afford. Thus, the role of a Government wide ICT strategy becomes even more important in the context of achieving the NDP’s objectives. In fact, while the NPD provides a vision for all facets of Government in our country, the Government wide ICT strategy must provide the roadmap and framework of the technical solutions that will support the achievement of these goals. This in itself makes the development and refinement of the Government wide ICT strategy a considerably more difficult and important task. If one considers the progress made to date, the Government Information Technology Officer Council (GITOC) has led the development of a draft Government wide ICT strategy. However, as with all strategies, this strategy must be updated to reflect not only the support of the long term goals of the country but also to consider learnings from previous implementations, developments in the industry as well as the short and medium terms challenges facing Government today. It is with this in mind that the theme for this year’s GCIO summit was developed: “Towards reducing cost of doing business in Government and contributing towards achieving clean audits” The challenge for CIOs within this theme is twofold. Firstly, the provision of ICT services must be done in a cost effective and audit compliant way, and secondly, CIOs must ensure that they provide solutions and services that directly contribute to the achievement of these goals within the businesses that they serve. 3 DRAFT 2 GCIO S UMMIT O VERVIEW AND I NTENT A significant motivation for the creation of the GITOC and OGCIO was to address the lack of a Government wide ICT strategy that could be used to align the individual strategies of various structures of Government. This requirement was highlighted in the 1998 presidential review and while progress has been made through the development of draft strategy, given the rapidly changing nature of technology however this strategy will constantly require refinement and alignment to changing needs within the business of government. Thus, in support of the objective of updating and refining the Government wide ICT Strategy, the third annual GCIO Summit, was held at the Cape Town Convention Center between the 27th and 30th of May 2013, and focused on 4 main topics which were deemed most relevant to Government wide ICT objectives. These topics were underpinned by the overall summit theme of: “Towards reducing cost of doing business in Government and contributing towards achieving clean audits” These topics are listed below and are illustrated in below: ICT Strategy focused on aligning the Government wide ICT strategy to the National Development Plan; Free and Open Source Software (FOSS) looked to understand the barriers facing the adoption of the FOSS policy and to highlight and learn from successes achieved both within the country and abroad; ICT Skills provided an opportunity to discuss the ICT skills challenges within the country and to identify mechanisms to address this; Governance of ICT looked not only to the adoption and implementation of the DPSA mandated ICT governance framework but also helped to further understand the role of ICT governance in the achievement of the objectives of reduced costs and clean audits. The overall theme and topics addressed provides a good balance between looking to the future as defined by the NDP, addressing the challenges of the present and finally, looking back and ensuring the learnings of previous policy development and implementations are taken into consideration. Thus, as shown in the figure below, this report provides at minimum a summary of the summit proceedings, but also seeks to capture the outcomes in a way that can serve as input into the improved Government wide ICT strategy. 4 DRAFT Figure 1 Role of GCIO Summit in shaping the Government Wide ICT Strategy 5 DRAFT 3 GCIO S UMMIT P ROCEEDINGS AND S TRUCTURE The development of a relevant ICT Strategy must take a number of factors into account. In simple terms the ICT Strategy should consider past experiences and lessons learned address current challenges being experienced and understand the business direction and develop policies and plans for ICT to support them. In order to achieve these objectives, the summit organisation team assembled a mix of Government, Industry and Academic experts to present leading practices and lessons learned as well as facilitate commission sessions which provide delegates an opportunity to express their views. Both plenary sessions and commissions were centred around the themes illustrated below. Figure 2 Contributing organisations at the 2013 GCIO Summit Over a period of 3 days, the summit followed the following structure: Firstly, plenary presentation were held to provide context for each topic; Plenary sessions were also supported through facilitated panel discussions which also provided delegates an opportunity to ask questions through real time electronic challenges; and Finally, commission breakouts were conducted which allowed delegates to express their views in an open discussion based format. The plenary session presenters, panel discussion members and commission facilitators are shown in the figure below. 6 DRAFT During the summit, the use of modern technologies was also highlighted in supporting the summit proceeding. The following technology enablement mechanisms were used: Live commentary of the proceedings was captured on Twitter which also provided delegates with an opportunity to comment; Delegates made use SMS and a local portal to post questions in real time; Access to presentation material was provided on the portal; Bulk SMS was used to inform delegates of conference proceedings and Biometrics fingerprint data was used to track attendance. 7 DRAFT 4 ICT S TRATEGY The first sub topic addressed within the summit proceedings was that of the ICT Strategy. While the GITOC, DPSA and other parties have made substantial progress to produce a draft strategy, the development and adoption of the NDP has raised the question on how this strategy should be updated to support the achievement of the vision outlined for the country. 4.1 S UMMIT P ROCEEDINGS AND O BSERVATIONS The NPD was released in early 2013 and outlines a vision for the country as well as measurable targets to be achieved by 2030 for example economic growth and reduced unemployment. The NDP, as with all strategies is a living document, and as such it is expected to be updated at regular intervals during its implementation. The same applies to the Government wide ICT strategy. Strategies should always be considered as dynamic as they seek to guide the direction of various parties within an environment that is constantly in a state of flux. Within the technological domain, this concept is even more important due to the rapid changes occurring within this field. South African Government today finds itself in a time of unprecedented technological change. Trends such as social media, mobility, analytics and Cloud are developing at a dramatic rate and are changing the way societies function. Thus, pressure is increasing on government to improve performance and provide their citizens the tools to do so. E-government has raised the expectations of the types of services that should be delivered and how they should be delivered to the citizens and businesses. In line with these trends a number of technological challenges have been identified as shown in the figure below. Figure 3 Technological challenges 8 DRAFT Governments across the world must address these challenges to meet citizen expectations: Interoperability from a technical standards, business practices include best practice and policy development and compliance; Information access to business and citizens with an integrated user experience and seamless services; Digital divide. The goal of governments is to reduce the digital divide. People who do not have access to the Internet will be unable to benefit from online services. Additionally, the groups in society with lower levels of access tend to be those that are already disadvantaged; Productivity focus to increase efficiency, reduce waiting time and simplify processes; Integration of a large number of systems and applications: legacy systems, purchased applications, outsourced and ASP applications, e-business applications; and Privacy and Security including controlled authentication and authorization access and secured data transfer and storage. Also, concerns from citizens due to transborders and trans-services exchange of data must be address. All of these factors affect the willingness of businesses and citizens to use, or adopt, electronic services. The failure to respond to an ever-changing environment and expectations can result in barriers to the implementation of e-Government initiatives. To further illustrate the journey the South African Government must embark on, refer to the figure below: Figure 4 Journey to e-Government enablement According to Zaid Aboobaker, Chief Director for E-Government at the Department of Public Services and Administration, South African systems are mostly manual based with some 9 DRAFT departments and entities moving towards service islands as modernisation programmes are completed. For Government to provide the services at the levels of efficiency and effectiveness that the enablement of the NDP will require, the transition to seamless service will be required. This can only be achieved through addressing the challenges defined above. It was further proposed by Mr Aboobaker, that Government adopt a set of initiatives to address these challenges and achieve seamless service divided into two categories: Enabling initiatives establish a baseline maturity level that allows for an improvement of services to the citizen; and Value initiatives have a direct impact on service delivery to citizens and business’. The initiatives can be loosely coupled to achieving outcomes within the conceptual framework below: Figure 5 Conceptual framework for value based and enabling initiatives As can be seen from the framework, the citizen facing components are typically where perceived value is realised however these must be supported by core systems and enabling architectures. Achieving this target state however will require significant cross-governmental collaboration and alignment as well as clear architectural guidelines and effective monitoring and governance of solutions to align to a common objective set. To achieve the target state defined, Mr Aboobaker proposed a set of initiatives which were linked to the themes of: Productivity; Reducing the cost of doing business in Government; and Achieving a clean audit. 10 DRAFT The following table outlines these initiatives accompanied by the recommendation that these be used to prompt debate and discussion amongst the GITO council members. Theme Alignment Productivity – Enabling Initiatives Initiative Description/Comments Establish the Government electronic ID Provide a common method to identify and authenticate Government workers online Integrated Public Key Infrastructure (PKI) Strategy Underpinning the Government e-id. Data Centre Consolidation Conduct a feasibility study on the consolidation of government data centres with a view to create central and provincial cloud based hubs IT Service Desk Consolidation - Establish SITA service desk as the national ICT call centre for ALL departments. A transversal offering Provides a single collection point for the "ICT Health Check". Provide the ability to establish the government configuration management database Fast track the Schools Connectivity Blueprint development and rollout Connecting Schools is about more than just “Internet Access”. Connectivity enables increased central management Improve the capacity and quality of the Government core and access network There have been many challenges with the network including costs, capacity and quality of last mile and security Develop catalogue/register of Public Services across all spheres of government Include supporting the business in BPM, catalogue of services, standard operating procedures and information requirements E-Services Catalogue - Identify Citizen facing Public Services that are candidates for electronic service delivery Purpose is to identify existing online services and services that are candidates for quick win online presence Establish a common or standardised submission (workflow & document management) system for the public sector This initiative must automate the current manual paper-based submission process that is common amongst all public service departments Develop and deploy e-disclosure system for all public servants This system must include the automated checks, balances and reporting against various databases, CIPRO, SARS etc. Common integrated register of projects Key to reducing duplication of effort and supports better planning. Integrated Financial Management System Modernise and improve the back-office functions of government. School of Government ICT faculty Objective to train the end user on Government ICT usage, security, procedures, best practices and ICT Governance 11 DRAFT Theme Alignment Initiative Description/Comments Establish the government E-mail directory Improve communications. When enabled with government e-id, provides for the primary platform to move away from paper-based communication Productivity – Value Initiatives Towards reducing cost of doing business in Government Contribute towards a clean audit Consolidation of all transactional services into a unified (www. gov.za) portal. Aggregate all Already online services onto the current services.gov.za portal Make all government forms available online for quick download Project where ALL forms are made available on the e-services portal for download, completion and submission Extend track and trace system - SMS notification of service status to all government departments as a transversal offering or as a standard offering. The successes of DHA and others using this technique have been proven. Citizen confidence improved. This initiative will show a more responsive government. Establish e-services centre of excellence / Innovation Centre Purpose is to scan government for opportunities to quickly replicate eservices successes Establish single government (OneGov Portal) front end processing prototype e-forms processing, E-services portal, workflow, document and records management and CRM system Purpose is to establish the feasibility of creating a single platform where an application form for any service is completed online and routed to any dept as a case file for either manual or automated processing Review and amend the government ICT procurement model Revisit the establishment of the central procurement agency concept and taking into account lessons learnt Negotiate enterprise agreements covering ALL of government with all major software vendors Microsoft, Novell, Oracle, SAP etc. Establish the “e-read it" programme Designed to reduce the costs of printed paper Develop the government ICT configuration management database Supported through the centralisation of the ICT service desk. Allows for the identification of duplication of ICT systems. Common integrated Register of Projects Key to reducing duplication of effort and supports better planning. Implementation of Corporate Governance of ICT Governance Framework All Depts to develop their ICT policy and Charter by FY end 2013/14. Strategic Alignment completed by end of 2014/15 Establish a Central Large Projects Authority to scrutinise ICT projects over a certain monetary threshold Establish Cabinet/ FOSAD mechanism to prioritise major ICT projects and monitor its execution and expenditure Review the Government Wide ICT Service Model Revisit the Central IT Agency concept and understand how we strengthen it 12 DRAFT Theme Alignment Initiative Description/Comments Review and amend the Government Wide Enterprise architecture Framework and Guidelines Understand how we harmonise and guide ICT planning with the broad Government planning cycles. Establish the Central Government Wide ICT Architecture Board Purpose to oversee major technological changes in government ICT. To approve the broad technology choices made by Government. Develop the Minimum Information Security Standards Framework and associated standards Purpose is to establish a common Security Posture Finalise and obtain approval on the Public Service Information Security Policy Purpose to provide a common set of information security policy objectives for all government agencies in the sphere. Improve the security posture of Government ICT Work with the Cyber Security Response Being able to respond to ICT risks and Committee (SSA - DOC) to ensure the threats implementation of the Government CSIRT 4.2 F INDINGS AND R ECOMMENDATIONS The ICT strategy alignment was discussed in detail within the commission sessions to develop a view of the current state as well as develop proposed solutions. The commission topics were as follows: 1. Sector ICT Strategy gap analysis against the NDP 2. ICT Procurement in the Public Sector 3. Impact of ICT on service delivery Within the commissions, the following issues and solutions were discussed: 13 DRAFT Current State Potential Solutions Commission 1: Sector ICT Strategy gap analysis against the NDP Most CIOs are not empowered to make a contribution to enabling their individual departments and consequently the broader government agenda. CIOs are treated as back-office as a cost centre. Their budgets are minimal and restricts their ability to contribute There is no “super ministry” for ICT to enable a coordinated and empowered role of ICT in government Government is quite prescriptive in how it engages with its citizens. We do not collaborate with them, we are reactive Departments still tend to work in silos, preventing delivery of cohesive and seamless services to citizens. We need to come together as clusters, working alongside and with other delivery entities such as SITA CIOs do not understand strategic business issues of their departments – this poses a key limitation to their ability to contribute to the initiatives being driven out by their department We do not full understand what innovative technologies are and will become mainstream in the delivery of services in future. Consequently, we do not have the skills we need to appreciate and leverage these technologies in leapfrogging our solutions that will enable business requirements As CIOs, we have still have not got a handle on the vast data and information at our disposal. This information could be a powerful enabler to business decision making and elevate the role of the CIO Government has not maximised the potential value that industry can bring to service delivery. Industry can bring tried and tested solutions to government to fast track service delivery A clear and powerful mandate for ICT must be created with a champion for its role in government service delivery. This intent should consequently put in place or revise national, provincial and local structures to enable CIOs to play a greater role in government service delivery CIOs need to set shorter term, manageable and measurable goals to build out the capabilities we will need as ICT, whilst driving out value for government CIOs need to evolve their roles by focusing on industrialising their service delivery and freeing up their time to focus on understanding their business and the role that ICT that can play in enabling service delivery. The focus should shift to information provision and enablement A commitment needs to be made on SITA’s role in ICT service delivery, working with the agency in delivering services We need to find a procurement mechanism (that aligns to the PFMS) that allows government to partner with industry to leverage their experiences in delivering proven solutions in a cost effective manner. This will allow ICT to do more with its limited resources 14 DRAFT Current State Potential Solutions Commission 2: ICT Procurement in the Public Sector The process currently lengthens the time frame where it was meant to reduce the timeframe Departments have found that they can get better pricing if they engage with vendors as opposed to going through SITA SITA feels they have no obligation to perform, the act does not stipulate any penalties for SITA if they do not deliver on its commitments Current model does also duplicate certain processes and effort Central model a single point of failure Review the current procurement act and mandate as well as the current engagement model Consider the benefits of smart sourcing Consider an online e-bidding process like some departments have implemented SITA should focus on its services as mandated and not extend beyond that Implement consequence management for vendors that are not delivering as per contracted terms Measurement of service delivery must be a common measurement between customer and vendor Look at making more use of transversal contracts Commission 3: Impact of ICT on service delivery Limited understanding of ICT’s role as a service delivery enabler When basics are not in place and operational, ICTs credibility as a strategic enabler is damaged Need improved change management and engagement from ICT functions ICT not structured in such a way as to respond to business needs. Best practices for this are required Gap between National/Provincial and Local Government in the implementation of ICT standards Need free access to common databases across departments and ensure proper access. No universal access and interoperability with critical Government systems Skills development needs to be addressed from basic education up. Skills definitions must practical and applicable Regulations inhibiting technology adoption Need to work better with service providers such as SITA Need to structure internal ICT capacity in such a way as to enable business value delivery through appropriate business engagement ICT needs to be included in strategic forums such as the organisations Exco. CIOs need to be appropriately profiled and positioned within the organisation Appropriate Governance is key to elevating ICT within the organisation. This will also assist in audit findings Service level agreements need to be in place and monitored to address operational performance issues. Engagement with the business on service levels is essential Open Government Partnerships and other mechanisms need to be put in place to share information and best practices ICT needs to improve applications and solutions that directly enable business services and improve ICT relevance 15 DRAFT 5 F REE AND O PEN S OURCE S OFTWARE (FOSS) In 2007, South Africa developed and adopted a FOSS policy to reduce the reliance on vendors and return benefits to the country including: Reduce licensing costs in favour of developing a local FOSS industry which would contribute directly to the economy The use of FOSS solutions would create new jobs and contribute to reducing unemployment within the country; and Provide the ability to leverage FOSS solutions being used in other countries. Despite these benefits and the policy being in place, adoption has remained sporadic. Furthermore, FOSS projects such as IFMS have experienced significant delays and increased costs. Thus, the focus of the topic was to identify challenges and review leading practices to support improved FOSS uptake 5.1 S UMMIT P ROCEEDINGS AND O BSERVATIONS South Africa’s FOSS policy has five key statements to predicate FOSS implementation: Choose FOSS: o The South African Government will implement FOSS unless proprietary software is demonstrated to be significantly superior o Whenever the advantages of FOSS and proprietary software are comparable FOSS will be implemented when choosing software solution for a new project o Whenever FOSS is not implemented, then reasons must be provided in order to justify the implementation of proprietary software Migrate to FOSS: o The South African Government will migrate current proprietary software to FOSS whenever comparable software exists o Where it doesn’t exist, development/ enhancement using the FOSS model will be considered Develop in FOSS: o All new software developed for or by the South African Government will be based on open standards, adherent to FOSS principles, and licensed using a FOSS license where possible Use FOSS/Open Content licensing: o The South African Government will ensure all Government content and content developed using Government resources is made Open Content, unless analysis on specific content shows that proprietary licensing or confidentiality is substantially beneficial o Universal access to information is important for promoting wellbeing and wealth creation. It is seen as a basic human right Promote FOSS in South Africa: o The South African Government will encourage the use of Open Content and Open Standards within South Africa 16 DRAFT While the FOSS policy through its five statements provides the reasons to implement FOSS, there are still many challenges hampering large scale FOSS implementation in government. The following challenges were highlighted during the course of the summit: The Lack of a FOSS programme office The Loss of FOSS Political Champions Lock-in and a lack of interoperability between FOSS and proprietary software Lack of appropriate FOSS skills and training Change management FOSS user buy-in (decision makers / senior management) Mr Walter Mudau, Acting Deputy Director General at the Department of Public Services and Administration in his presentation at the summit mentioned that his department is busy with an impact analysis so that challenges linked to lack of implementation can be addressed in an integrated manner. The impact analysis will focus on the level of implementation, challenges, change management as well as look into hybrid migration strategy catering for different maturity levels. Mr Mudau indicated that the impact analysis should be concluded end of this financial year. Even though large scale FOSS implementation in government remains elusive, there are exemplary showcases within government and academia of how FOSS can be implemented and maintained. Mr Karel Joubert from the Limpopo Economic Development Agency (LEDA) provided insights on the many FOSS initiatives completed and underway within the Limpopo Province. A list of FOSS used within the province is provided below: Source: Karel Joubert Figure 6 FOSS products currently being used in the Limpopo Province Security is a key consideration when evaluating FOSS applications. The perception of many is that proprietary software offers better security functionality than FOSS counterparts. Mr Jason Ming Sun, Deputy Director of Academic Systems at Unisa presented a case study on Unisa’s FOSS Learning Management platform, myUnisa. The myUnisa platform runs on Community Source software called Sakai. Jason discussed how UNISA was able to liaise with 17 DRAFT the Sakai user community in order to identify what the key security areas were for the myUnisa project and how developing an approach that looks at certain aspects has helped Unisa to deal with FOSS Security concerns in a pragmatic manner. Community Advisory Protocol Trust the Source Active Code Review FOSS Security Keep abreast with security patches and updates Source: Jason Ming Sun Figure 7 FOSS Security Considerations Other governments have been successful in developing and implementing FOSS within their environments. Implementing a standard development framework, working with development partners and vendors are vital to ensure that FOSS software development within government produces the desired results according to Dr Cheung Moon Cho from the Korean Information Society Agency. Dr Cho shared his experience on how the Korean government was faced with the problem of different software development frameworks led to interoperability constraints and vendor dependence to provide certain ICT services. To address such concerns, in 2007 the Korean Government decided to develop a standardized software framework called “e-Government Standard Framework” so that the Korean Government could have applications developed using standard framework. This meant that vendors could develop e-government applications and that applications could be managed by any vendors. The framework that was developed by the Korean Government received many international awards and has also been used as a blueprint in countries like Bulgaria, Tunisia, Vietnam and Ecuador. 5.2 F INDINGS AND R ECOMMENDATIONS There were three commission sessions held at the summit dealing with various Free and Open Source Software (FOSS) topics. The commission topics were as follows: 4. FOSS Landscape Challenges 5. FOSS Security 6. FOSS Change Management Within the commissions, the following issues and solutions were discussed: 18 DRAFT Current State Potential Solutions Commission 4: FOSS Landscape Challenges 19 DRAFT Current State Potential Solutions A lack of sponsorship and accountability at the higher levels in government No coordination and support to drive and promote adoption of FOSS GITOC standards possibly still have gaps in it around FOSS No progress and performance measurement strategy /monitoring and evaluation to promote the use and adoption of FOSS. Measurement should extend to the business and not just the CIO A need to move from the 2007 policy to the next level of regulations, strategies and policies - the lack of sponsorship and enforcement of the policy is the challenge. Failure to comply should have negative consequences for the department and / or individual... Concern that you cannot regulate without an Act being in place A political champion is needed to show commitment to FOSS. Maybe find someone will support the conversion of applications under their control Create clear standards and frameworks for selection and promotion of FOSS A central project office is needed to drive standards, training, policies, procurement around FOSS vendors The role of Auditor General needs to be finalized in ensuring compliance to FOSS using the GITOC standards Re-establish the FOSS Programme office at SITA Identify the low hanging fruit in our environments that will show value to business. Target departments or entities that are largely manual. The value will immediately be noticeable and there will be limited complexity in delivering value (green field environments) SITA should look to include training for its resources and departmental resources to skill up on FOSS. SITA to consider partnerships with the key FOSS vendors Find a department that can be an example for FOSS Clarify SITA’s role in implementing FOSS. They need to be central to in the delivery of FOSS Get industry to buy-in to the technology direction of government. They will then be part of a partner ecosystem Focus on marketing, awareness, business case education to government departments Create an innovation fund to subsidies and promote uptake of FOSS Commission 5: FOSS Security 20 DRAFT Current State Potential Solutions Concerns around how secure is personal information when it comes to FOSS as compared to proprietary software How does data privacy and FOSS work together? Training in new technologies is a problem. This poses additional security risks as users are not familiar with the new software solutions Patching of current FOSS systems can be disparate Application security and code libraries have no consistent means to notify users when there are patches released FOSS adoption is being hampered by the lack of a framework which can be used to ensure that the appropriate applications are chosen in the FOSS space vs proprietary software Look at developing specific policies around patching FOSS systems in the environment Look at making use of external parties to conduct audits on security capabilities in deployed FOSS systems A central body or center of excellence (perhaps within SITA) to look at setting a security framework when it comes to FOSS. This can provide guidance to CIO’s when considering FOSS Adopt a top down approach to security in FOSS with buy-in at a Senior Level and filter that down toward the CIO level Align to other international standards (eg. ISO) Commission 6: FOSS Change Management When FOSS was presented there seemed to be a stronger focus on the risks rather than the rewards Concerns around adopting something that is not perceived as mainstream Support structures around FOSS are not clear FOSS can be a tedious exercise when CIOs are under pressure to deliver within timeframes Given the learning from programmes such as IFMS, if Government had spent this on proprietary solutions we may have been a lot further down the road Government does not have the capacity to take on large scale FOSS implementation No motivation for public sector FOSS specialists to pursue the career FOSS has potential to complicate reporting and audits if different solutions create different reporting and difficulty in consolidating information Policy creation does not translate into execution Effort needs to be focused on services development rather than underlying technology. Reuse what is there A common middleware layer will contribute to reducing effort taken to develop functionality Promote employment for FOSS skills at university and school level Need to create partnerships with the private sector to promote FOSS skills Government CIO structures need to be geared towards supporting FOSS Environment needs to be created where FOSS can be successful including architecture, skills, structures Change management needs to focus on providing people the skills to adapt to FOSS rather than just adopt FOSS solutions 21 DRAFT 6 ICT S KILLS In order to enable government to deliver on its target for the NDP, ICT needs to be agile and provide robust solutions. A key component to being able to do deliver this is having the right skillset within the government. 6.1 S UMMIT P ROCEEDINGS AND O BSERVATIONS Government departments and entities will need to develop and execute ICT programmes in a fully aligned and integrated way in order to deliver on the NDP. These programmes will need to cross-leverage skills and experience in a highly efficient and sustainable way. The challenge today in achieving this is that there is no clear understanding of the current ICT skills and capabilities within the various government departments and entities. Coupling this with aging ICT infrastructure and a national shortage of ICT Skills in South Africa has resulted many GCIO’s having limited to no internal skills in critical areas and having to make use of external parties at a higher cost to provide the required skills. When using external parties, the opportunity to conduct knowledge transfer and training of the local ICT staff is not being maximised. Although there are government ICT Skills development initiatives in place, these initiatives are developing a broad ICT skillset within individuals while there is a need for specialist ICT skills within the public sector. Trends such as social media, mobility, analytics and Cloud are maturing at a rapid rate and require a different set of support skills. These skills exist in South Africa; however the major challenge is that they are often attracted to the private sector due to better remuneration and incentives. The South African Revenue Services (SARS) faced similar challenges a few years ago. Mr Pheko Masebe, Human Resources Operations Executive discussed how SARS was able to overcome their challenges and become a government organisation that attracts the best talent available. Mr Masebe described how SARS was able to identify seven key focus areas in order to ensure they were able to drive the required behaviour and performance while installing a passion within their employees. When it came to recruiting highly sought after skills, SARS partnered with specialist third party sourcing services. Mr Masebe shared how SARS uses technology in the form of an internal talent management database and an online graduate recruitment process to ensure that they can identify prospective employees with the right skills as and when needed. Attracting talent is only a part of SARS approach. Retaining these highly skilled employees in the public sector was dealt with at SARS by adopting a remuneration practice within the Technology division that provided an equitable, transparent and market based pay model as well as a focus on career growth while at SARS. 22 DRAFT Figure 9 Competency & Capability Building Blocks at SARS 6.2 F INDINGS AND R ECOMMENDATIONS While there were no commissions that dealt specifically with the ICT Skills challenge faced in South Africa, several key points were raised in plenary discussions and other commissions. The challenges and prospective resolutions are listed below: 23 DRAFT Current State Potential Solutions There is no clear indication of what the current capabilities are within the government from an ICT perspective. This means identifying where the gaps are from an ICT skills perspective is extremely difficult Highly sought after skills are very difficult to secure in the public sector as the private sector offers better remuneration and incentives Current government initiatives to provide skilled ICT individuals are not producing candidates fast enough The proportion of male to female ICT workers in the public sector is very worrying. The current ICT skills shortage and inability to hold on to highly skilled public sector workers has resulted in a dependency on consultants. While many GCIO’s agreed that a close working relationship with external providers and consultants are needed, they feel that there are no opportunities to develop the ICT skills needed internally FOSS and other new technologies are constantly changing the skills required by ICT workers in government today, the absence of internal training programs and a lengthy approval process for external training compounds the ability to get skilled up on these new technologies Government training programs need to be accelerated and focus on teaching skills that are currently lacking within government departments Closer working relationships need to be put in place between government and academia in order to identify talent early on Ensure that there is extensive knowledge transfer if consultants or external providers are used to deliver projects Look at setting up Centers of Excellence to up skill current staff in new and emerging technologies so that they are able to support them once they become mainstream 24 DRAFT 7 G OVERNANCE OF ICT If one considers the recent King III and Cobit 5 frameworks and recommendations, the role of ICT has been elevated to a board level agenda. The reason for this is that the role of technology has moved from being a back-office function to a strategic enabler within the organisation. While many definitions can be used to define ICT governance, the following two were used within the summit context: 1. ICT Governance is the ability to make, sponsor and enforce the right ICT decisions; and 2. The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation. Based on these definitions the wide reaching scope of ICT Governance becomes apparent as decision making and guidance activities span the entire organisation including strategic, tactical and operational ICT decision making. 7.1 S UMMIT P ROCEEDINGS AND O BSERVATIONS The topic of ICT Governance was explored using multiple lenses during the summit proceedings including: Implementation of FOSS; Achieving a clean audit; Reducing the cost of doing business; Legislation requirements; and Implementation of the Government wide ICT Governance framework across all Government departments. In the sections that follow, the input provided by the speakers as well as the commission session discussions are summarised. 7.1.1 I MPLEMENTATION OF FOSS In section Error! Reference source not found. Error! Reference source not found., the challenges experienced in the implementation of FOSS have been outlined. While islands of success can be found within Government and academic institutions, Government has not been able to broadly execute and achieve alignment with the FOSS policy. Dr Derek W. Keats from Kenga Solutions provided an opinion of the current state of ICT governance in the implementation of FOSS policies using the framework shown below and then provided a ranking based on the following scale: 0 = non-existent 1 = ad hoc 2 = repeatable 3 = defined process 4 = managed and measured 5 = optimise 25 DRAFT A A committee reporting to the highest level governance structure exists, and FOSS features strongly on its agenda 2 B ICT forms a standard component of the work of highest level governance structure, it is taken seriously, and FOSS features strongly on its agenda 1 C Independent ICT knowledge, with a deep understanding of FOSS, is available within the highest level governance structure 1 D The implementation of policy with respect to FOSS is audited and the audit taken seriously 0 E A strategy exists and serves as the basis for estimating value of achievements with respect to FOSS in government 0 F Regular reports with 'score sheets' received, measured against SMART strategic goals 0 G A formalised ICT enterprise governance framework (e.g. COBIT) is used effectively , and includes FOSS as a key element 0 H Accountable person for ICT across government as a whole who has FOSS as a key performance indicator 0 Figure 2View of current ICT governance framework maturity as proposed by Dr Keats It is the opinion of Dr Keats that Government needs to take intervening actions to improve the ratings shown to the target level shown in Figure 3 below: A 5 B H C 0 G Actual Maximum D F Target E Figure 3 Proposed ICT Governance current and target state 26 DRAFT Internationally however, FOSS implementation and Governance has been highly successful, most notably in Korea which has been recognised as Number 1 in the 2012 UN eGovernment Survey. The summit was privileged to have Dr. Cheung Moon Cho from the National Information Society Agency join the summit and provide some insight into the critical factors that helped Korea achieve success in this area. Firstly Dr. Cho outlined the importance of defining a clear framework for both Government and the private sector in the use of ICT as shown in the figure below: Figure 4 Role of Government and the private sector in ICT development As can be seen, the Government of Korea mad the strategic decision to own the planning and Governance of ICT and leveraged the private sector to develop and maintain the systems. Dr. Cho further noted that the key constraint within this model is Governments ability to build and maintain the capacity and capability to effectively complete strategic planning and architectural governance activities. To address this issue, the Korean Government made the decision to create the National Information Society Agency (NIA) which served as a central strategic ICT function with the country. The NIA has the following mandate: Development of National ICT Plan (including e-government); Implementing the all major ICT projects Monitoring and Evaluation of all ICT projects (beyond procurement) Focus on providing planning and project management assistance services Dr Cho noted that the NIA itself was not financially self-sustaining but the benefits to the various Government agencies very clear in the limitation of project failures and the promotion of reuse across Government. The role of the NIA was also clearly outlined within 27 DRAFT Article 10 (Establishment of National Information Society Agency) of National Information Basic Act. An extract of the act is provided below: 1. The Government shall establish the National Information Society Agency ("NIA") as an organization assigned to assist State organs and local governments ("public organs") in the promotion of informatisation and to support their development of policies related to the informatisation. 2. The NIA shall be a body corporate. 3. The NIA shall provide assistances falling under each of the following subparagraphs: a. Specialized technical assistance in formulating and implementing the basic plan and other plans of national informatisation; b. Assistance in managing and operating information and communications networks in the public organs; c. Assistance in building and operating Information Systems and in the standardization of IT service for the public organs; d. Assistance in managing the information resources in the public organs; e. Assistance in assessing the information projects in the public organs; f. Other assistances as prescribed in the Presidential Decree for the promotion of informatisation in the public organs. 4. The public organs may financially contribute to meet costs incurred by the establishment, the installation of facilities and operation of the NIA. The Government may rent State-owned properties free of charge to the NIA for its establishment and operation. 5. The NIA may ask the public organs eager to get assistances from it to bear part or whole of costs necessary for such assistances. 6. The Civil Code's provisions concerning the incorporated foundation shall be applied mutatis mutandis to the NIA except as prescribed by this Act. 7. No one other than the NIA shall be permitted to use the name of the National Information Society Agency. 8. Other matters necessary for the NIA to assist the public organs shall be stipulated by the Presidential Decree Dr. Cho further elaborated on the NIA structure as shown in Figure 5 below. The NIA consists of highly specialised and experienced individuals across its 250 strong team. With 20 resources holding a PhD degree and 50 resources holding a Masters degree, the NIA represents a highly concentrated skills base performing the functions below: 28 DRAFT Figure 5 Organizational Structure of National Information Society Agency The NIA also operates within a clear governance framework as shown below in Figure 6 below. The NIA serves as a coordination mechanism between the national oversight committee as well as procurement. During execution, the NIA serves the role of coordinating activities between the relevant Ministry and the private sector implementation partner. This concept is not dissimilar to the SITA Prime Systems Integrator Figure 6 Implementation Mechanism In support of this structure, the NIA developed an implementation framework to support Government project delivery. This highly detailed document provides all relevant parties with a clear outline of the following components 1. 2. 3. 4. 5. Development of Project Plan; Procurement of ICT Project; Selection of Provider and Contract; Project Implementation; Software Secure coding; and 29 DRAFT 6. Audit and Operation. A further enable of FOSS success was the development of a FOSS application framework. This concept is very similar to the Jig construct currently developed within SITA and provides a common set of application functionality to support Government projects. This framework is shown below: Figure 7 Functionalities of eGovFramework 7.1.2 A CHIEVING A CLEAN AUDIT The topic of achieving a clean audit can be considered in two ways: 1. Audit of the ICT function itself 2. ICT contribution to a clean audit within the business On the first topic of the CIOs responsibilities of achieving a clean audit within the ICT department it is important to note that the Auditor General will audit the function based on alignment to leading practices. Thus, CIOs can take action to make use of industry standard models such as CMMI, COBIT 5 etc. Professor Barry Dwolatsky from the Johannesburg Centre for Software engineering provide a view that the use of the CMMI model will allow for increased ICT department performance and also contribute to introducing controls and monitoring activities. Prof Dwolatsky used the model shown in the figure below to illustrate the scope of CMMI areas that can be used. 30 DRAFT Figure 8 CMMI framework As can be seen from the figure, the implementation of CMMI can occur through a number of specific models including: People CMM improves the capability of the workforce, workgroups and teams; CMMI (DEV, ACQ, SVC) improves the capability of processes; and PSP/TSP improves the capability of individuals and teams focused on quality. In the implementation of these model however should always focus on the achieving the objectives of improved quality rather than focus on the implementation itself. Prof Dwolatsky provided the following observed benefits that illustrate the desired outcome. Figure 9 Benefits observed resulting from CMMI implementations As can be seen, the CMMI implementation directly resulted in reduced costs as well as improved quality. Improved quality would also then have a direct impact on the ICT audit completed. 31 DRAFT From the perspective of enabling a clean business audit, ICT has a significant role to play in the introduction of enabling technologies that reduce manual processing through automation; thereby reducing the potential for audit deviations. A key component of this positioning is the elevation of the CIO within the organisation to be able to focus on business requirements and enablement. This alignment can be introduced through the alignment of ICT Governance standards to leading practices that steer towards an ICT role at the highest levels within the organisation. 7.1.3 R EDUCING THE COST OF DOING BUSINESS Within the context of the current economic climate as well as recent Auditor General findings around large costs associated with consultants, the concept of ICT cost reduction is highly relevant. While ICT costs are often the focus of cost reduction initiatives, the role that ICT has to play in reducing the cost of doing business must also be considered. Furthermore cost reduction must be done in a sustainable way as introduced by George Ambler from Gartner. Mr Ambler presented a view that two types of cost remediation can be taken: • • Cost Cutting • Reactive without taking into account strategic objectives; • Results in short-term results which are often unsustainable • Usually approached as a consistent rate across the board without adequate planning; and • Decisions often made in haste. Cost Optimisation • Strategically focused; • Decisions are tied to business value; • Cuts are made selectively and in a sustainable way; and • Longer-term initiatives are implemented resulting in longer-term benefits Mr Ambler provided insight into the Gartner IT Cost Reduction framework as shown in the figure below. In this model Gartner proposes that ICT cost reduction value is proportional to the difficult implementing the extraction initiative. This framework provides a general guideline that procurement is the easiest entry point followed by reducing costs in the ICT department. Thus the underlying hypothesis presented is that greater value can be created by focusing on the joint business-ICT cost savings and the business savings themselves. 32 DRAFT Figure 10 Gartner framework for IT Cost Reduction Mr Ambler also provided a set of typical cost reduction initiatives that could be considered within an organisation. It should be noted that the intention is not to initiate all the levers shown but rather to evaluate each on its merits on a set of standard criteria. Mr Ambler proposes that a Pain vs. Gain matrix should be used to determine the potential benefits as well the implementation cost and complexity. These factors will then assist in determining the cost reduction lever priority Figure 11 Gartner typical cost reduction levers 33 DRAFT 7.1.4 L EGISLATION REQUIREMENTS Within the South African ICT legislation landscape, there are a number acts that need to be considered by today’s GCIO. These include the following acts: Electronic Communications and Transactions Act (ECT Act) Regulation of Interception of Communication Act (RICA) Electronic Communications Act (EC Act) Promotion of Access to Information Act (PAIA) Protection of Personal Information Act (POPI) In addition to these pieces of legislation, ICT within Government is further regulated by the following legislation: Public Services Act and Regulations Public Finance Management Act Intelligence Service Act Electronic Communications Security Act (COMSEC) Protection of State Information State Information Technology Agency Act (SITA) The challenge for GCIOs is that the applicable legislation is contradictory in places and overlapping in others. In addition to complex legislation, there is no comprehensive legislation policy framework which distils the legislative requirement into a form that CIOs can digest and develop appropriate implementation plans. Furthermore, the legislative implications surrounding emerging trends such as Cloud and BYOD have not been fully analysed. This is particularly true for current policies such as FOSS where the situation is further complicated by copyright law within the already murky waters of open source software licences. The advice provided by Advocate Francis Cronje is that CIOs should work very closely with their compliance officer to navigate solutions aligned to the appropriate legislation. Further the implementation of leading practice frameworks such as the ones listed below will significantly advance the objective of legislation compliance: • MISS • MIOS • ISO 27001 • ISO 29100 • SAS 70 / SSAE 16 / ISAE 3402 • IT Governance Framework • COBIT • KING III 34 DRAFT Additional guidance around the implementation of these frameworks remain – implementation must support improved project delivery success and operational service improvement 7.1.5 I MPLEMENTATION OF ICT G OVERNANCE FRAMEWORK The view that ICT should be governed and managed at a Political Leadership and Executive Management level is supported by international accepted good practices and standards in the form of King III Code of Good Governance, ISO 38500 Standard for the Corporate Governance of ICT and COBIT, a comprehensive Governance ICT Process Framework. Since the publication of the PRC report, little has changed with respect to the governance of ICT in the Public Service. This was confirmed by the Auditor General’s (AG) information systems review of governance of ICT in government conducted in 2008/09 and again in 2009/10. In 2010/11, the AG found that little progress had been made as only 21% of departments had implemented adequate governance controls but even these governance controls were unsustainable because they had not been formally rolled out by the management and thus were not enforceable. To address the above mentioned concerns and to implement Corporate Governance of ICT, the Department of Public Service and Administration (DPSA) in collaboration with the Government Information Technology Officer Council (GITOC) and the AG, developed the Corporate Governance of ICT Policy Framework (CGICTPF). The purpose of the CGICTPF project is to institutionalise the Corporate Governance of as well as Governance of ICT as an integral part of corporate governance within departments. This CGICTPF provides the Political and Executive Leadership with a set of principles and practices that must be compiled with, together with an implementation approach to be utilized for Corporate Governance if ICT within departments. This CGICTPF is applicable to all spheres of government, organs of state and public enterprises. To enable a department to implement this CGICTPF, a three-phase approach will be followed: • • • Phase 1: Corporate Governance of ICT environment will be established in departments; Phase 2: Departments will plan and implement business and ICT strategic alignment; and Phase 3: Departments will enter into an iterative process to achieve continuous improvement of Corporate Governance of and Governance of ICT. All government entities will be required to implement Phase 1 by April 2014 and complete Phase 2 by April 2015. These deadlines will place significant pressure on CIOs to implement these phases within the stated timeframe. 7.2 F INDINGS AND R ECOMMENDATIONS Within the commission sessions the following findings were made: Current State Potential Solutions 35 DRAFT Current State Potential Solutions There are different maturity levels within different government organisations Process management and updating is not done adequately within government at the moment Current reporting lines for the CIO are problematic and do not provide the IT agenda the right platform within the orgnisation Although the IT Plan has been around since 2003, the current phase needs to be aligned to business value IT governance coming from an IT perspective where it should be driven from a business perspective in order to be more effective There must be strategic plans which inform IT plans. The current IT plans however are not taking into account from a strategic outcome perspective Some CIO’s would like a best practice example of departments so that they can have a view on where they need to improve prior to an audit No use in having great policy document but not having it implemented is a current problem Ensure processes are designed to easily adapt to cater for new technologies (eg. Cloud) Ensure controls are appropriate and can be practically implemented and measured taking into account the factors of cost, business value delivered and risk Ensure the project portfolio is prioritised to be able to make informed choices Better alignment of IT plans to business and strategic plans and take into account factors over and above technology like governance and compliance 36 DRAFT 8 C ONCLUSION The GCIO summit provides an invaluable opportunity for the Government CIO community to realign individual priorities to a common vision. With inputs and assistance from the private sector, academia and across government both local and international, the direction of ICT in Government can be debated, interrogated and refined through a process of sharing successes as well as understanding the causes for failure. In conclusion, the third annual GCIO summit has met these expectations and has produced a wealth of ideas and solutions which can subsequently be tested and introduced in the Government wide strategy. While not being exhaustive, the following summary seeks to provide a greatly distilled set of findings and observations: Theme 1: ICT Strategy • ICT has a role to play in the achievement of the NDP goals • The alignment of ICT strategies to the NDP must be on ongoing process and not an event • CIOs must earn their place at the strategic table while the business must also recognize the value of ICT and make room • ICT must focus on developing the right capabilities and relationships with the business level and structure the ICT organization accordingly • There is a need for centralised coordination and alignment to a common ICT strategic direction. The role of SITA must be reviewed as well as the service delivery model to achieve this end Theme 2: Free and Open Source Software • The FOSS policy was developed and adopted in 2007, however uptake and implementation has been slow • There are some examples of success in FOSS, however these are isolated incidences • FOSS is a journey however the right sponsorship as well as implementation guidelines and frameworks are essential • Skills remain a challenge and the way in which these skills are developed within education, industry and government itself must be addressed • Successes in countries such as Korea have been achieved through centralised direction and support as well as the creation of a FOSS software framework • Other successes in academia and other areas can also be leveraged within the Government Theme 3: ICT Skills • The lack of ICT skills remains as a significant obstacle to contributing to service delivery improvement • Capability maturity must also be addressed to increase productivity and reduce the cost of doing business 37 DRAFT • Value for money from the use of consultants is key and achieved through the development of quality requirements, effective management and building capability to accept work products essential to this end • Specific programmes and industry partnerships must be used to increase the size of the skills pool Theme 4: Governance of ICT • ICT Governance is key to achieving service delivery improvement in ICT • Clear milestones are in place for the implementation of the common ICT Governance framework, however this must be done in conjunction with achieving the desired outcomes of service delivery improvement, reduce costs and contribute to a achieving a clean audit • ICT Governance implementation will provide and opportunity for ICT to have a place at the table, however ICT enabled operational excellence must also be enabled through ICT Governance • ICT Governance is also key in the procurement process across the full contract lifecycle 38 DRAFT
