THULAMELA MUNICIPALITY
Corporate Governance Information
Communication Technology Charter
DATE 1 July 2017
REVISION 1
Document ID ICT-006-7718
1 | P a g e T h u l a m e l a C G I C T C h a r t e r
Table of Contents GLOSSARY OF TERMS, ABBREVIATIONS & ACRONYMS --------------------------------------------------------- 1
1. CORPORATE GOVERNANCE OF ICT CHARTER --------------------------------------------------------------------- 5
1.1 OBJECTIVES OF THE MUNICIPAL CORPORATE GOVERNANCE OF ICT CHARTER --------------------- 5
1.2 DESIGN OF THE MUNICIPAL CORPORATE GOVERNANCE OF ICT CHARTER --------------------------- 6
2. MUNICIPAL IDP AND ICT STRATEGIC ALIGNMENT -------------------------------------------------------------- 7
3. CONTINUOUS IMPROVEMENT THROUGH THE USE OF ICT IN MUNICIPALITIES ------------------------ 7
4. Business and ICT Strategic Alignment ------------------------------------------------------------------------------ 7
5. THE DETAILED PHASED APPROACH --------------------------------------------------------------------------------- 8
6.Phase 1. --------------------------------------------------------------------------------------------------------------------- 9
7.RACI Chart ----------------------------------------------------------------------------------------------------------------- 11
8.Governance Structure -------------------------------------------------------------------------------------------------- 11
9. ICT Governance Structures at Strategic Level ------------------------------------------------------------------- 12
9.1 ICT Governance Structures at Operational Level ----------------------------------------------------------- 13
9.2 ICT Governance Structures at operational Level ----------------------------------------------------------- 13
9.3 ICT Governance Structures at Operational Level ----------------------------------------------------------- 13
10 Functions of Roles of Committees -------------------------------------------------------------------------------- 13
10.1 Strategic Level: Executive Committee (chaired by MM) ------------------------------------------------ 13
10.2 Strategic Level: Governance Champion --------------------------------------------------------------------- 14
10.3 Strategic and Operation Level: ICT MANAGEMENT ------------------------------------------------------ 15
10.4 Business Level: ICT Steering Committee -------------------------------------------------------------------- 15
10.5 Business level: Risk Committee ------------------------------------------------------------------------------- 16
10.6 Business Level: Audit Committee ----------------------------------------------------------------------------- 16
10.7 Business Level: ICT Steering Committee -------------------------------------------------------------------- 16
10.8 Operational level: Enterprise Architect --------------------------------------------------------------------- 16
10.9 Operational level: ICT Management ------------------------------------------------------------------------- 16
10.10 Operational sub-committee ---------------------------------------------------------------------------------- 17
10.10.1 ICT Architecture sub-Committee ---------------------------------------------------------------------- 17
10.10.2 ICT Project Sub-Committee ----------------------------------------------------------------------------- 17
10.3.10.3 ICT Procurement sub-Committee ------------------------------------------------------------------- 17
10.10.4 ICT change management Committee ---------------------------------------------------------------- 17
11 Establishment of Capacity and Capabilities -------------------------------------------------------------------- 17
12. ICT Risk Management ------------------------------------------------------------------------------------------------ 17
13. Implementation for the Policy ------------------------------------------------------------------------------------ 18
14. Implementation for the Charter ---------------------------------------------------------------------------------- 18
15. Conclusion -------------------------------------------------------------------------------------------------------------- 19
16. Signatures --------------------------------------------------------------------------------------------------------------- 18
2 | P a g e T h u l a m e l a C G I C T C h a r t e r
GLOSSARY OF TERMS, ABBREVIATIONS & ACRONYMS
GLOSSARY OF TERMS AND DEFINITIONS
AG Auditor-General of South Africa
Business The business of the municipality refers to the municipality’s service delivery and
internal support activities
CIO Chief Information Officer
M-CGICTP Municipal Corporate Governance of ICT Policy
COBIT® Control Objectives for Information Technology
Corporate Municipal Municipality level:
A group of related components that enables a municipality to achieve its
strategic mandate
For the purpose of this Framework, Corporate means the same as Enterprise
Corporate
Governance
“...The set of responsibilities and practices exercised by the board and executive
management with the goal of providing strategic direction, ensuring that
objectives are achieved, ascertaining that risks are managed appropriately and
verifying that the enterprise’s resources are used responsibly.” (IT Governance
Institute: ISACA [CGEIT] Glossary: 5 as amended)
Procedures and processes according to which an organisation is directed and
controlled. (Glossary of Statistical Terms – Organisation of Economic and Co-
operation Development www.oecd.org)
Corporate
Governance of ICT
The system by which the current and future use of ICT is directed and
controlled.
Corporate governance of ICT involves evaluating and directing the use of ICT to
support the organisation, and monitoring this use to achieve plans. It includes
the strategy and policies for using ICT within an organisation. (ISO/IEC 38500:
2008: 3)
DPSA Municipality of Public Service and Administration
Electronic
Government
The use of information and communication technologies in the Public Service to
improve its internal functioning and to render services to the public
EXCO Executive Committee (consists of Executive Management members of a
municipality)
Executive Authority
the executive and legislative authority of a municipality is exercised by the
council of the municipality.
Executive Authority means Executing Authority
Institution: The Chairperson of the Constitutional Institution
in relation to a Constitutional Institution with a body of persons, and in relation
3 | P a g e T h u l a m e l a C G I C T C h a r t e r
to a Constitutional Institution with a single office bearer, the incumbent of that
office;
For the purpose of the M-CGICTP the Executive Authority as defined in (a) above
will refers to the Ministers in the Presidency.
Executive
Management
Executive Management includes the Municipal Manager and the Managers
directly accountable to the Municipal Manager (See sections 56 and 57 of the
Municipal Systems Act, No 32 of 2000.).
GICT Governance of ICT
Governance
Champion (GC)
The Senior Manager in the municipality who is responsible to drive Corporate
Governance of and Governance of ICT.
Governance of ICT The effective and efficient management of IT resources to facilitate the
achievement of company strategic objectives. (King III Code: 2009: 52)
Is the responsibility of executives and the board of directors, and consists of the
leadership, organisational structures and processes that ensure that the
enterprise’s IT sustains and extends the organisation’s strategy and objectives
(ITGI 2005)
The system by which the current and future use of IT is directed and controlled.
Governance
Principles
The vehicle to translate the desired behaviour into practical guidance for day-to-
day management (COBIT 5 Framework Exposure Draft: 29)
GWEA Government-wide Enterprise Architecture
ICT Information and Communications Technology, also referred to as IT
ISACA® Information Systems Audit and Control Association
ISO/IEC International Organisation for Standardisation (ISO) and the International
Electro technical Commission (IEC)
ISO/IEC 38500 International Standard on Corporate Governance of ICT (ISO/IEC WD 38500:
2008: 1)
IT Information Technology , also referred to as ICT
ITGI™ IT Governance Institute
ITIL The Information Technology Infrastructure Library is a set of good practices for
ICT service management that focuses on aligning ICT services with the needs of
business
King III The King III Report and Code on Governance for South Africa
SAIGR: Wetgewinghandboek 2010/2011: Volume 3
MM-CGICTP Municipal Corporate Governance of ICT Policy Framework
M&E Monitoring and Evaluation
MPSA Minister of Public Service and Administration
4 | P a g e T h u l a m e l a C G I C T C h a r t e r
MTEF Medium Term Expenditure Framework
Municipal Manager Head of Administration and also the Accounting Officer for the Municipality
Policy Framework The Corporate Governance of ICT Policy Framework (M-CGICTP)
Responsible Refers to the person who must ensure that activities are completed successfully
SDBIP Service Delivery , Budget and Implementation Plan
Risk Appetite The amount of residual risk that the Municipality is willing to accept. (PSRMF
2010:15)
Risk Management A systematic and formalised process to identify, assess, manage and monitor
risks. (PSRMF 2010:16)
SANS 38500 South African National Standard 38500 adopted Form ISO/IEC 38500
SITA State Information Technology Agency
5 | P a g e T h u l a m e l a C G I C T C h a r t e r
1 CORPORATE GOVERNANCE OF ICT CHARTER Purpose Thulamela Municipality has a dependency of ICT to enable its business process, and as such, ICT not only enables but, also leverage the effectiveness and efficiency of the entire Municipalities services by Optimizing and Governing the ICT resources and services. ICT services are complex in nature, and are indispensable to business, therefore the need for IT Governance take a lead in making sure that ICT structure and services are aligned to business objective through all the required structures as per the Good Governance practices and Legislative framework. Thulamela municipality must analyse and articulate its requirements for the Governance of ICT and then develop, implement and maintain a related charter. This must guide the creation and maintenance of effective enabling governance structures, processes and practices and reflect how this Framework will be implemented. It must also clarify the governance of ICT-related roles and responsibilities towards achieving the municipality’s strategic goals. This document was benchmarked from Ba-phalaborwa Municipality.
1.1 OBJECTIVES OF THE MUNICIPAL CORPORATE GOVERNANCE OF ICT CHARTER In order to give effect to the Corporate Governance of ICT in Municipalities, the following objectives should be included in the municipality’s ICT Governance charter:
a) Identify and establish an ICT Governance Framework and implementation guideline for the municipality;
b) Embed the Governance of ICT as a subset of the municipal governance objectives.
c) Create Municipal value through ICT enablement by ensuring municipal IDP and ICT strategic alignment;
d) Provide relevant ICT resources, organisational structure, capacity and capability to enable ICT service delivery;
e) Achieve and monitor ICT service delivery compliance and quality to relevant internal and external policies, frameworks, laws, regulations, standards and practices;
f) Implement the governance of ICT in the municipality, based on the international best practise process frameworks.
g) The optimal investment be made in ICT , cost to be managed and Return on investment measured
h) Synergises between IT initiative are enabled and IT choices are in best interest of the municipality as whole and not those individual business
i) Information , IT assets and intellectual property contained in the ICT systems are protected and effectively managed and used
j) ICT services are sourced optimally and legitimately
6 | P a g e T h u l a m e l a C G I C T C h a r t e r
1.2 DESIGN OF THE MUNICIPAL CORPORATE GOVERNANCE OF ICT CHARTER
This charter should be approved at a strategic level in the municipality and should contain the following:
a) How the ICT strategic goals and their related service delivery mechanisms will be aligned with municipal IDP, monitored and reported on to the relevant stakeholders;
b) How ICT service delivery will be guided at a strategic level to create ICT value in the
municipality;
c) How the administrations ICT-related risks will be managed;
d) The establishment of structures to give effect to the Corporate Governance of ICT, and the management of ICT functions. The members of these structures and the roles, responsibilities and delegations of each should be defined. The proposed structures are as follows:
STRUCTURE MEMBERS MANDATE/RESPONSIBILITIES ICT STEERING COMMITTEE (Sub Committee of Management )
Designated Members of Management and the ICT Manager.
Has a specific delegated responsibility to ensure the planning, monitoring and evaluation, of the municipalities:
ICT structures. ICT policies. ICT procedures, processes, mechanisms and controls
regarding all aspects of ICT use (Municipal and ICT) are clearly defined, implemented and enforced.
ICT Performance Management. ICT Change Management. ICT Disaster Recovery Plans. ICT Strategy development. Management of ICT Security and Data Integrity. The establishment of the municipalities ICT Ethical culture. The evaluation, directing and monitoring of ICT specific
projects and processes. ICT Strategic alignment. ICT Governance compliance. ICT Infrastructure Management. ICT Security. ICT Application Management. ICT Value. ICT Data availability and integrity. ICT Vendor Management. ICT Contract Management
AUDIT COMMITTEE AND RISK COMMITTEE
Nominated members of the Audit and Risk committee/s of the municipality and the ICT Manager.
Has a specific responsibility to perform an oversight role for the Identification and Management of ICT audit and governance compliance, and ICT Risks.
7 | P a g e T h u l a m e l a C G I C T C h a r t e r
2. MUNICIPAL IDP AND ICT STRATEGIC ALIGNMENT
This accountability assigned to the leadership of a municipality through this ICT Corporate Governance Policy enables the municipality to align the delivery of ICT strategies and services with the municipality’s Integrated Development Plans and strategic goals. This is achieved through the development and adoption of and ICT strategy which is informed by the enterprise architecture plan which clearly outlines the roles, responsibilities and business processes contained in the IDP.
3. CONTINUOUS IMPROVEMENT THROUGH THE USE OF ICT IN MUNICIPALITIES
In this phase, all aspects of the Corporate Governance of ICT demonstrate measurable improvement Form the initial implementation phase 2016–20. In this phase, detailed measurable criteria for the implementation of and compliance against the approved Municipal Corporate Governance of ICT Policy and implementation plan are established and can be measured for compliance. In this phase the applicability of all elements of the Municipal Corporate Governance of ICT Policy is tested for efficacy and efficiency.
4. Business and ICT Strategic Alignment Strategic alignment of business strategy and ICT enablement of business provides a consistent
integrated approach to the planning of Municipal services delivery. The aligned strategy should
integrate into the MTEF. And it should further ensure that ICT enablement of service delivery is defined
and can be effectively and efficiently managed that monitoring and evaluation are performed in line
with MTEF and SDBIP targets and performance indictor. In order to achieve alignment , ICT planning
is performed parallel to the process describe in the framework for strategic Plans , MTEF , Risk
Management , SDBIP , Annual Performance Plan , Internal Audit Plan and the IDP.
However the Strategic alignment can also be achieved with assistance of an Enterprise Architecture
Methodology as prescribed in the GWEA framework. An Enterprise Architecture Pan reflect the
Municipal plan service delivery model showing its interrelated elements information and ICT.
The figure below depict the 5 year and annual planning and reporting cycle
ICT Business enhancement within National
Treasury Framework
Oversight
By Parliament, Provincial Legislator
Policy Development
Medium Term Strategic Framework
ICT STRATEGIC PLAN
(ICT Plan)
Business enablement
Vision and mission
Objectives
Outputs
Indicators
Annual Target
Business enabling ICT budget
Areas of service delivery
Plans
Performance indicators
Resource requirements
MUNICIPAL STRATEGIC
PLAN
Vision and mission
Strategic Measurable
objectives
Outputs
Indicators
MTEF Budget
Programme & sub-
programme
Areas of service delivery
plans performance
indicators
Activities
ANNUAL PERFOMANCE /ICT OPERATIONS
Budget programme and Sub-programme
Performance Indicators
Quarterly Report
Iteration
Continuous
Improvement
End –Year
Reporting
5 Year- Strategic
Plan
Operational
Plan and MTEF Budget
Implementation and
In-Year Reporting
8 | P a g e T h u l a m e l a C G I C T C h a r t e r
Figure 2 Alignment and Business and ICT
5. THE DETAILED PHASED APPROACH Implementation deliverables per financial year The governance off ICT enabling environment proposed by DPSA, therefore propose a three Phases
approached, which divides the activities to be undertaken by Municipalities into:
Phase 1 : Establish a Corporate Governance of ICT enabling environment ;
Phase 2 : Plan and Implement Business and ICT strategic alignment ;
Phase 3 : Continuous Improvement of governance and strategic alignment arrangement
The following Diagram depicts the approach adoption by DPSA and expends on the activities to be
undertaken within each Phase
External /Internal Context
ICT
Drive: House of ICT Value
ICT Strategic Plan (≥5 Year):
To enable Business Strategic Goal
Business
Drive: 12 Strategic Outcomes
Business Strategic Plan (≥5 Year)
Strategic Goal with 5-year targets and Projects
Enterprise Architecture Plan / Services Delivery Framework and Methodology
ICT Annual Performance Plan
Performance Indicators and Targets to effect
Migrations plan
ICT Migration Plan
How Architecture Plan will be implemented
Annual milestone
ICT Architectural Plan
Business Annual Performance Plan
Performance Indicators and targets to achieve
objective
Quarterly business reporting against
performance indicators and targets
Quarterly ICT reporting against performance
indicators and targets
9 | P a g e T h u l a m e l a C G I C T C h a r t e r
Figure 1 M-CGICT Implementation Phase
Phase 1 (Enablement Phase): To be completed by June 2017
1. Municipal Corporate Governance for ICT Policy approved by council;
2. ICT Governance Charter approved and implemented;
3. The following capabilities created in the municipality: Governance Champion designated and responsibilities allocated; An ICT Manager appointed and functioning at strategic level. Approved and implemented Municipal Risk Management Policy that
must include the management of ICT related risks; Approved and implemented Internal Audit Plan that must include ICT
internal audits; Approved ICT Disaster Recovery Plan informed by Municipal Business
Continuity Plan and Strategy. Approved Data Backup and Recovery policy. Approved ICT Service Level Agreement Management policy. Approved ICT User Access Management policy.
Approved ICT Security Controls policy.
Approved ICT Operating System Security Controls policy.
Approved Governance and Management of ICT Framework
(See Annexure A)
ICT
as B
usi
nes
s En
able
r
Planning, Implementation and Monitoring of M-CGICTP:
Municipal Manager and Executive Management (Including the ICT Management)
Phase 2: Strategic Alignment Implementation
ICT Operational Plan (APP) Ph
ase
3:
Mo
nit
ori
ng
info
rmin
g co
nti
nu
ou
s
imp
rove
men
t
CG
ICT
con
tin
uo
us
Imp
rove
men
t P
lan
Planning
Phase 1; Enabling Policy Environment
M-CGICTP and Charter
Other Policies, structures, processes, procedure, mechanism and
control
Phase 2: Strategic Alignment
ICT Plan
ICT Implementation
10 | P a g e T h u l a m e l a C G I C T C h a r t e r
Phase 2 (Strategic Alignment): to be completed by June 2020
1. Approved ICT Strategic Plan
2. Approved medium term ICT Strategy.
3. Approved ICT Implementation Plan with annual milestones linked to an enabling budget;
4. Approved SDBIP which includes annual ICT plans and linked budgets. Phase 3: (Continuous improvement of Corporate Governance of and Governance of ICT) To Commence June 2019 onwards The successful implementation of a Corporate Governance of ICT system leads to continuous improvement in the creation of value to the municipality. ICT delivery must be assessed on an on-going basis to identify gaps between what was expected and what was realised. Assessments must be performed coherently and encompass both:
a) The Corporate Governance of ICT (ICT contribution to realisation of Municipal value); and
b) Governance of ICT. (Continuous improvement of the management of ICT – international best practices).
RACI and Structures
Decision making and Accountability
The Municipal Manager has the responsibly to establish an ICT unit for Thulamela
Municipality
Council identifies the following DS Domain
a. Set and Maintain Governance Framework
b. Manage the ICT Management Framework
c. Manage ICT Strategy
d. Manage ICT Enterprise Architecture
e. ICT Governance , Risk and Compliance
f. IT Investments and projects
g. ICT Sources /Suppliers
h. ICT Portfolio
i. ICT Management /ICT Operation Committee
j. Business and IT Architecture
k. Application Management ; and
l. ICT security
m. Manage Continuity
n. Monitor , Evaluate and Assess Performance and Conformance
11 | P a g e T h u l a m e l a C G I C T C h a r t e r
7. RACI Chart ICT Decision Category
R Responsible
A Accountability
C Consulted
I Informed
Responsibility
Co
un
cil
EX
CO
Au
dit
Co
mm
itte
e
MA
NC
O
Mu
nic
ipal
Ma
na
ge
r
Go
vern
ance
Ch
am
pio
n
ICT
Ste
erin
g
Co
mm
itte
e
Se
nio
r M
ngr
Co
rpo
rate
Se
rvic
es
ICT
Ma
na
ge
me
nt
Strategic Level Business Level
Operational Level
Set and Maintain Governance Framework
C C I C A C C\I|A\R A/R A/R
Manage the ICT Management Framework
C C I C A C C\I|A\R A/R A/R
Manage ICT Strategy C C C C A C C\I|A\R A/R A/R Manage ICT Enterprise Architecture C C I C A C C\I|A\R A/R A/R ICT Governance , Risk and Compliance C C C C A C C\I|A\R A/R A/R IT Investments and projects C C C I A C C\I|A\R A/R A/R ICT Sources /Suppliers C C I I A C C\I|A\R A/R A/R ICT Portfolio C C I I A C C\I|A\R A/R A/R Information C I I A C C\I|A\R A/R A/R ICT Management C C C C A C C\I|A\R A/R A/R Business and IT Architecture C C C C A C C\I|A\R A/R A/R Application Management ; and C C I I A C C\I|A\R A/R A/R ICT security C C C I A C C\I|A\R A/R A/R Manage Continuity C C C C A C C\I|A\R A/R A/R
Monitor , Evaluate and Assess Performance and Conformance
C C I C A C C\I|A\R A/R A/R
A RACI Chart Model is tool used for identifying roles and Responsibilities
8. Governance Structure
The ICT Governance Structure forms the Basis in executing ICT governance
activities and consist of interrelated governance forum that enables the organisation
to fulfil the Following:
Recognise value of ICT Investment consistently across the organisation ;
Review and Approve ICT strategy with key stakeholders within the
organisation ensuring buy-in and sponsorship ;
Plan and execute the ICT strategy to improve overall Organisation operations
and services Business Unit ;
Ensures appropriate ICT capabilities to drive efficient ICT operations ad
optimal utilization of resources ;
Manage and build consistent focus ICT related risk ;
Deliver ICT systems that are strategically fit and in line with business needs;
Manage ICT expenditure to ensure sufficient tracking of cost throughout the
project lifecycle ;
Ensures operations efficient to ensure quality services are delivered to ICT
customer
12 | P a g e T h u l a m e l a C G I C T C h a r t e r
9. ICT Governance Structures at Strategic Level
At the strategic Level, a governance structure ensure that IT is aligned with the state vision and
strategies , it provides visibility to stakeholders and a forum for decision making related to
investment planning and portfolio management. It also ensures that ICT priorities are aligned to
Municipal priorities, and investment spend on IT systems and infrastructure is properly
communicated to the organization and is consistently with the industry’s spend on IT and priority
areas.
Oversees the Enterprise Architecture vision and capability by ensuring that there is buy-in From
EXCO. As articulated in the Ba-Phalaborwa M-CGICT policy, the ICT steering Committee is the
proposed governance structure to give oversight on IT investment planning and portfolio
management amongst other things:
Manage Executive relationships and expectations
Optimize IT investments and ensure alignment to business priorities
Approve business cases and ensure benefits realization
Manage conflict in priorities
Monitor IT expenditure
Advise the MM matters relating to ICT strategy and report on such matters
To make recommendations to the MM on plans, policies, structures and investment
requirements which:
Council
Strategic level
MANCO-
Chaired by MM:
Members: Executive Management
Strategic level
Risk Committee:
Members: Business unit
Business level
ICT Steering Committee
Chaired by Director: Corporate Services
Business level
ICT Operational Committee: Chaired by Assistant Director
Members ICT Unit
Business Level
ICT Project Committee:
Members ICT and Business Units
Operational Level
EA Committee
Members: ICT and Business Units
Operational Level
ICT Procurement:
Members ICT Business units
Operational Level
Audit Committee
Chaired by: External member
Members: External
Business level
13 | P a g e T h u l a m e l a C G I C T C h a r t e r
o Are related to the development and maintenance of a communication and
information technology infrastructure and information service provision at a
leading level within the Municipality; and
o Represent a Ba-Phalaborwa-wide approach achieved through advice and
consultation.
To review and revise ICT policies as required over time
9.1 ICT Governance Structures at Operational Level The goal of the committee is to ensure that Ba-Phalaborwa investments in ICT generate
business value, and mitigate the risks that are associated with ICT.
9.2 ICT Governance Structures at operational Level At goal of the committee is to ensure that Ba-Phalaborwa investment in ICT generate
business value, and mitigate the risks that are associated with ICT.
9.3 ICT Governance Structures at Operational Level At the Operational Level, governance structure ensure an operational strategy and
mechanisms that provide control and efficiency to the design, development, and
maintenance of IT services. Ensures project and change management capability. Ensures
governance and architecture management capability amongst other things:
Identify and prioritise customer needs;
Maintain alignment of the Enterprise Architecture;
Execute IT capital expenditure through proper monitoring of projects
Manage and approve all changes
Manage, Review and Approve Standard
Monitor and manage service delivery performance
Ensure that service are delivered within set targets
Oversight of day-to-day operational and service management functions.
10 Functions of Roles of Committees
10.1 Strategic Level: Executive Committee (chaired by MM) This committee is chaired by the MM and includes members of Executive Management, the
Government Champions and ICT MANAGEMENT.
The committee functions are to:
Evaluate the Municipality strategic plan, internal and external in order to:
Identify stakeholder needs and how it should be realised
Determine value ICT is expected to create through its enablement of the business
Define the benefits ICT is expected to realise in its enablement of business
Articulating ICT risk appetite and how it should be managed within the risk
management system of the Municipality
14 | P a g e T h u l a m e l a C G I C T C h a r t e r
Facilitate the establishment of sufficient ICT organisational structure, resources,
capacity and capability
Evaluate and monitor significant ICT expenditure
Determine the monitoring criteria and reporting requirements
Broadly understand the implications of the ICT prescriptive environment
Evaluate the change management requirements for the implementation of CGICT
Conceptualise and direct business enablement by ICT arrangements:
Ensure integration of CGICT into the agenda of the Executive Committee;
Approve CGICT Policy and Charter, ICT Plan, ICT Implementation Plan (MTEF), ICT
Operational Plan (APP) and other related plans and policies;
Approve portfolio of ICT projects and its related expenditure;
Provide direction for the change management requirements for the implantation of CGICT;
and
Guide implementation of the Framework and related policies and strategies
Monitor that implementation conforms to the criteria:
Conformance, performance and assurance oversight and monitoring; and
Ensure that risk is managed and the ICT is Audited internally and independently
The Delegations are as follows:
The delegation of authority, personal responsibility and accountability to the ICT Steering
Committee with regards to the governance of ICT;
The provision of appropriate ICT capability and capacity and the appointment of the suitably
qualified and experienced ICT MANAGEMENT; and
The ICT MANAGEMENT should have access to and regularly interact on strategic ICT matters
with the Accounting Officer (MM) and EXCO, and monitor and evaluate the effectiveness of
the governance of ICT.
10.2 Strategic Level: Governance Champion
The appointment of the governance champion is informed by the DPSA M-CGICTP, and the
incumbent will be responsible for the following:
The champion is to ensure the coordination of the development and implementation of the
Municipality Corporate Governance of ICT;
Facilitate the alignment process between business and ICT Strategy and plans;
Oversee that the governance of ICT system, as a subset of Corporate Governance of ICT, is
developed, implemented and maintained;
Must be supported by a cross-function team, which must include representatives Form
business and the ICT MANAGEMENT;
Have a clear understanding of the Municipality’s core functions;
Be responsible for the communication of CGICT policies, structures, processes; and
Procedures to the rest of the organisation
15 | P a g e T h u l a m e l a C G I C T C h a r t e r
10.3 Strategic and Operation Level: ICT MANAGEMENT
The appointment of the Chief Information Officer / ICT Manager is informed by the DPSA M-CGICTP
The ICT MANAGEMENT is responsible for:
The alignment of the Municipality’s ICT strategic goal with its business strategic goal
considering both business and ICT processes;
The development and implementation of a governance of ICT Charter and management
policy for the management of ICT;
The management of ICT functions.
10.4 Business Level: ICT Steering Committee
This committee is chaired by a member of Executive Management and includes members of
Executive and Senior Management, the Governance Champion and ICT MANAGEMENT.
Evaluate:
Coordinate development of M-CGICT policy ;
Coordinate planning base on direction received From the Executive committee
Determine , prioritise and recommend plans , policies , strategies , resources /capacity
requirements , portfolios of ICT projects and risk management to executive committee and /
MM ; and
Oversees the identification of the ICT prescriptive environment
Direct
Oversees the implementation of approved plans , policies , strategies , resources /capacity
requirements , risk management , benefits realisation , portfolio of ICT projects , internal
and External audits;
Determine the monitoring criteria and related reporting requirements and processes for
conformance , performance and assurance
Provide direction to all ICT related decisions that may have an impact on the business
operations and culture of the Municipality that is escalated to the Committee ; and
Determine the change management requirements for the implementation of M-CGICT Policy
Monitor
Conformance , performance and assurance monitoring and reporting to the Executive
Committee ; and
Oversee and report on the change management implementation for the implementation of
M-CGICT policy
Delegations:
The responsibility for the implementation of the Governance of ICT is delegated
and communicated to the relevant management ( Senior business and ICT
management )
16 | P a g e T h u l a m e l a C G I C T C h a r t e r
The necessary ethical culture , structure ( including outsourcing ) ,policies ,
procedures , processes , mechanisms and controls regarding all aspect of ICT use (
Business and ICT ) are clearly defined , implemented , enforced and assured through
independent audit .
10.5 Business level: Risk Committee
This Committee is chaired by an external appointee who has knowledge about risk management and
include Business and ICT management.
10.6 Business Level: Audit Committee
This Committee is chaired by an external appointee who is qualified charted Accountant and
Includes business and ICT management
10.7 Business Level: ICT Steering Committee
This committee is chaired by the Chief Financial Officer and include Business and ICT management
Provide input into the development of ICT plan , ICT implementation Plan , ICT operational
Plan , Governance and Management of ICT framework and ICT project , Programme Portfolio
Coordinate Implementation of ICT Plan , ICT Implementation Plan , ICT operational Plan and
ICT Programme and Portfolio Management
ICT risk management
Conformance and performance reporting to ICT Steering Committee
10.8 Operational level: Enterprise Architect
A person knowledgeable in the business of the Municipality, who will be responsible for the
structure planning to articulate the business and related process of the municipality in am
interrelated and standardised way.
10.9 Operational level: ICT Management
The ICT structure outlines the division managed by the Assistant Director: ICT.
17 | P a g e T h u l a m e l a C G I C T C h a r t e r
10.10 Operational sub-committee
10.10.1 ICT Architecture sub-Committee The ICT Architecture sub-committee support Ba-Phalaborwa objective to improve productivity and
service delivery. This committee will lead effort enable and support business, to efficiently and
effectively architect, invest and implement solutions to improve municipality’s performance.
10.10.2 ICT Project Sub-Committee The ICT project sub-committee is responsible to apply project principles and Methodologies to ICT
projects. This committee further need to ensure that the high level deliverables re strategically
sound and that integration issues are tracked and follow through
10.3.10.3 ICT Procurement sub-Committee The role of the ICT procurement is to ensure that Ba-Phalaborwa has and maintains an appropriate
ICT procurement and provisioning system which is fair, equitable, transparent, competitive and cost-
effective
10.10.4 ICT change management Committee The ICT change management committee ensure that all changes are approved and recorded
accordingly, and that test are performed after and before any changes. The committee also made
ensures that any changes is done on the test environment to avoid service disruptions.
11 Establishment of Capacity and Capabilities There is a WSP that is developed every year and the issues of ICT are also considered and prioritised.
The Human Resources are always identified to attend training on different skills, based on the
training needs, there is a reviews that conducted to check effectiveness of the training undertaken.
12. ICT Risk Management The role of the ICT Risk Management is to make sure that the organisation has identifies and
appropriately address ICT risks , including the mSCOA Risks , that the Municipalities is expose to as
part of its business operations . This process prescript that management of ICT Risks must focus on
the key areas and Activities
Figure 3: Risk Management Process
Monitoring and
Review
Risk Assessment
and Prioritization
Risk
Identification
Risk
Treatment
18 | P a g e T h u l a m e l a C G I C T C h a r t e r
13. Implementation of the Policy Policy Requirements Municipal Time
frame DPSA Time frame
Municipal Corporate governance of ICT policy Approved and Adopted by Council
May 2016 June 2017
Governance of ICT Charter Approved by council May 2016 June 2017
Adoption and Implementation of ICT Management Framework
July 2016 June 2017
Approved ICT Strategic Plan 31 July 2015 June 2017
Approve ICT Strategic Plan Implementation Plan 30 September 2015 June 2017
Approved and Implementation of Municipal Portfolio Framework that Include ICT programmes and Project (SDBIP)
June 2016 June 2017
Approved first iteration of Enterprise Architecture informing the ICT Architectures
September 2016 June 2017
Approved ICT Migration Plan with annual milestones linked to an enabling budget , that include mSCOA
May 2017 June 2017
Approved ICT Procurement Strategy for adhering to the ICT House of values.
September 2016 June 2017
Continuous Improvement Plan Continuous improvement of M-CGIST is achieved through ongoing Monitoring , evaluating and directing
June 2017
14. Implementation of the Charter Charter Requirements Municipal Time frame DPSA Time frame
Appointment of Governance Champion June 2016 2017 June
Establishment and Functioning of ICT Steering Committee
June 2016 June 2019
Appointment of ICT Manager June 2013 June 2019
Appointment of Enterprise Architecture June 2017 June 2019
Development of Enterprise Architecture June 2017 June 2019
Risk Management Policy July 2016 June 2019
Audit Plan July 2016 June 2019
ICT Management Framework June 2016 June 2019
Portfolio Management Framework June 2017 June 2019
Information Security Strategy June 2016 June 2019
Establishment of Change Management Committee
June 2016 June 2019
ICT Security Policy July 2016 June 2019
Business Continuity Plan : Disaster recovery Strategy and ICT Continuous Improvement Plan
September 2017 June 2019
Report on Implementation of M-CGICTP (Phase 1)
June 2016 June 2017
Report on Implementation of M-CGICTP ( Phase 1,2and 3)
19 | P a g e T h u l a m e l a C G I C T C h a r t e r
15. CONCLUSION
This Municipal Corporate Governance of ICT Policy has been designed for the exclusive use and alignment of Municipalities. The Implementation thereof had been phased over a longer period to provide municipalities with the time required to implement this Municipal Corporate Governance of ICT Policy effectively. This Municipal Corporate Governance of ICT Policy will be supplemented with an implementation plan that will give guidance to the practical implementation of the framework.
Annexure A
GOVERNANCE AND MANAGEMENT OF ICT FRAMEWORK Governance of ICT is performed at the lowest level of the governance system. It sets the governance and management system for the office of the Chief Information Officer and contains the following essential elements:
o Business enablement alignment planning: To establish a long-term plan or roadmap for the
enablement of business through ICT, determining the medium term budgetary requirements (resources impact) and how it translates into implementation in the current financial year;
o Programme and Project Management: To establish a programme and project management practice according to which business enabling ICT projects will be planned and managed, this must be aligned to the methodology used in the business;
o Management of ICT Suppliers: To assure that supplier engagement risks are minimised, the output of the engagement is adequately defined, that suppliers are appropriately contracted, managed, monitored and evaluated.
o The Management of ICT Risks: To assure that ICT related business risks are managed within the risk management culture and appetite of the institution;
o The Management of ICT Security: To ensure that the information of the electronically stored institution is protected according to its classification scheme;
o Management of ICT Continuity: To ensure that the business required ICT infrastructure, systems, capacity, capability and resources are available to recover the ICT enablement of business service delivery in the event of internal or external interruptions;
16. Signatures Thulamela CGICT Charter
□Approved
□Not Approved
____________________________________________________________________________ ____________________________________ ______/_________/20_____ The Speaker Date