The Auditor-General of South Africa has flagged the State IT Agency (Sita) as a “systemic risk” to government IT, citing R12.1-billion in failed public technology projects as evidence.
According to the Auditor-General’s consolidated general report on national and provincial audit outcomes for 2024/2025, South Africa’s public ICT governance ecosystem is in structural decline, with the central IT agency hollowed out by leadership instability and procurement dysfunction, departments haemorrhaging billions on systems that never go live, and a digital transformation agenda that exists largely on paper.
“Sita did not effectively deliver on its intended mandate,” said the report. “Sita procurement processes were inefficient and misaligned with current ICT requirements, resulting in delays and negatively impacting departmental effectiveness and service delivery.”
The Auditor-General (AG) evaluated the IT control environments of 191 government entities during the 2025 fiscal year and found there was an overall decline: more auditees regressed in this area than improved. Of the 191 established CIO positions across national and provincial government, 27 – or 14% – were vacant, with 18 of those vacancies extending beyond six months. A further 156 IT positions went unfilled across departments and public entities over the same period.
Seventy-two ICT implementation projects across 44 departments were also assessed. At 23 of these – representing 52% of those assessed, 15 of which were classified as high impact – 41 projects with a combined value of R12.1-billion failed to meet key objectives related to timelines, budgets, quality and business outcomes.
Centre of the turmoil
Sita’s governance woes sit at the centre of this turmoil. The agency has operated without a permanent CIO for more than three years. Its executive vacancy rate stood at 54% during the audit period. Until recently, there had been no permanent board and no permanent MD – a combination the AG described as having “disrupted strategic continuity and decision-making” and weakened accountability across the institution.
The gaps in leadership have translated to operational deficiencies. Sita failed to meet service-level agreements for virtual private networks with various state entities. In North West, unmet targets peaked at 50.5% in December 2024 and remained consistently above 25% across several months of the audit period. High bandwidth usage across provinces and significant monitoring gaps further strained network capacity, said the AG.
Read: The key technology takeaways from Ramaphosa’s 2026 Sona
Modernisation initiatives – including data centre upgrades and critical infrastructure for the Integrated Justice System – have experienced delays that the AG linked directly to Sita’s leadership instability, ineffective financial management and governance failures.
“These issues have contributed to incoherent strategies and inadequate institutional capabilities, undermining Sita’s ability to fulfil its mandate and deliver reliable services to government clients,” the AG said. (TechCentral has reached out to Sita with questions regarding the AG’s findings and will update this article if and when feedback is received.)
But even outside of Sita, poor ICT project implementation practices plague many public entities. The AG found evidence poor project management practices at 39% of those audited. More than a quarter (26%) were missing or had unapproved project charters and business cases, while 48% showed evidence of missed timelines and milestones. Internal audit involvement in ICT projects was largely absent, and scope changes were approved informally or not at all.
Three case studies in the report illustrate how those institutional failures translate into real harm: one at the department of international relations & cooperation (Dirco), another at the department of health and a third at the Unemployment Insurance Fund.
In the Dirco example, a five-year global wide-area network refresh project was launched in 2021. The project was meant to modernise network infrastructure at South African embassies, consulates and missions worldwide. The budget was R1.1-billion, with completion expected in 2026.
The project was plagued by delays from the outset. A security proposal, which had to be approved before any deployment could begin, was first submitted by the service provider in October 2023. After multiple revisions, the department only approved it in April 2025 – an 18-month delay that also meant IT equipment procured in prior years could not be deployed and sat idle.
The governance failures go further. The AG found indications that the appointed service provider may have made misrepresentations on its bid submission, including “potentially fraudulent documentation”. Despite not meeting mandatory bid criteria, the contract was awarded to the service provider.
Misaligned
Contract variations of R292.8-million relating to the security solution were subsequently approved by the director-general without a competitive bidding process and without the legal or national treasury consultation that internal audit had recommended. The AG attributed the project’s underperformance to “inadequate project governance, a lack of accountability and consequences by the accounting officer and inadequate oversight by the minister”.
Read: Promise of stability at Sita as agency gets full-time MD
With strategic plans frequently misaligned with organisational objectives, the AG flagged the repositioning of the IT function in public entities as one of its key recommendations.
“ICT is critical for modernising public services, but it is still treated as a support function,” said the AG. – © 2026 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.