South Africa’s digital transformation efforts have suffered a major setback after the Auditor-General revealed that billions of rand have been spent on government IT systems that either failed outright or delivered little practical value.
According to the Auditor-General of South Africa’s 2024/25 consolidated report on national and provincial audit outcomes, 41 ICT projects across government institutions were flagged with serious findings, representing a combined value of R12.1 billion.
The findings point to deep structural weaknesses in public sector technology planning, procurement and cybersecurity.
Out of 72 ICT-related projects reviewed across 44 auditees, more than half of the affected institutions recorded significant project failures.
Despite government spending R5.48 billion on ICT in the 2024/25 financial year alone, the report said there had been no substantial progress toward modernisation.
Unused software licences, delayed system rollouts and outdated infrastructure remain widespread across departments.
SITA under renewed pressure
A major portion of the blame has again been directed at the State Information Technology Agency (SITA), the state’s central technology service provider.
The Auditor-General described SITA’s procurement systems as outdated and inefficient, warning that its inability to meet service-level requirements has become a systemic risk to government operations.
Critical digital projects in departments such as Health and the Unemployment Insurance Fund have reportedly been affected.
Although SITA’s audit opinion improved from a disclaimer in the previous cycle to a qualified opinion, the agency remains under heavy scrutiny for governance and financial irregularities.
Cybersecurity vulnerabilities worsening
The report also raised serious concerns about cyber resilience.
Of 70 government entities assessed for cyber readiness, 45 were found vulnerable to cyberattacks, with 23 classified as high-impact targets.
The Auditor-General warned that insufficient backup systems and weak security perimeters leave critical departments exposed to ransomware and data breaches.
One major case cited was the South African Bureau of Standards (SABS), which suffered a ransomware attack in November 2024 that resulted in system shutdowns and major data losses.
The agency reportedly remained in recovery mode more than a year later.
Recent cyber incidents affecting Gauteng provincial systems and Statistics South Africa have further intensified concerns over public sector cyber resilience.
The latest findings are likely to increase pressure on the government to overhaul procurement systems, strengthen cyber defence capabilities and accelerate accountability for failed ICT spending.
Source: mybroadband
