THE failure to implement effective compliance and accountability systems is costing the public sector dearly and making supply chains fertile ground for corruption
That’s according to Muhammad Ali, MD and Lead Auditor of South African ISO standards training and implementation specialist WWISE, who said that if South Africa hoped to turn things around, there is no choice but to bite the bullet and accept that the public sector will need a complete overhaul.
And that will necessitate strict controls and compliance with local and international regulations, he added. “It will be expensive, but making the investment now will save the country hundreds of billions of rand down the line.”
He said that for any public sector entity employing more than 1,000 people, the implementation of a compliance system that meets the criteria for quality standards and safeguarding against cyberattacks can be US$50-million (R688-million) at a bare minimum,.
“Costs can go up to US$100-million (R1.3-billion) depending on the complexity, technology and scope. However, the costs of cyberattacks, poor governance and fines issued for not meeting government legislation can far outweigh the costs of implementing these processes.”
He cited the example of state capture, “which has cost South Africa anywhere between R500-billion and R1.5-trillion, depending on who you ask, and that is without factoring in the cost of the Zondo Commission of Inquiry which is fast approaching the R1-billion mark”.
For the public sector to instill good compliance practices, it should take a leaf out of the book of private sector companies which have become accredited by the International Organisation for Standardisation (ISO).
Each standard within the ISO range indicates the tools required – policies, process flows, procedures, work instructions, forms reports and statistical analysis, for example – to guide the organisation to fulfill its goals, targets and objectives.
Ali identified several ISO standards he believes could prove extremely effective in government departments. These include:
- ISO 9001:2015 – An organisation-wide Quality Management System that focuses on each activity in the process and quality controls like verification, validation, monitoring and measuring;
- ISO/IEC 27001:2013 – An organisation-wide Information Security Management System that ensures systems are secure, with information being aligned with local information laws and general data protection regulation (GDPR).
- ISO 22301:2019 – Business Continuity Management, which tests and verifies contingency management systems, such as the ability for employees to work from home, and the effectiveness of the technologies they use;
- ISO 31000:2018 – Risk Management, which is the baseline of all the standards; and
- SharePoint online – This assists in securing the flow of information, data and records by using a secure intranet solution.
Ali noted that as the world places greater emphasis on reducing environmental impact, so public sector entities will need to step up their game to meet international requirements.
To this end, the ISO 14001 standard specifically addresses climate change developments and waste management programmes, while the ISO 50 001 standard focuses on energy management and how to reduce consumption through comprehensive data analysis.
He said the process for an effective ISO implementation can take up to between two and five years, depending on the scope, complexity of processes and commitment of top management.
“The most challenging aspect after implementation and certification is maintenance. The system needs to be installed in the fabric of the organisation, which means a shift in the culture of the organisation is required.”