AGSA warns R12.1bn losses as Sita IT projects unravel across South Africa
South Africa’s government technology landscape is taking a hit, and a new assessment from the Auditor-General (AGSA) suggests the damage is structural—not just accidental. In its latest consolidated audit outcomes for 2024/2025, the auditor has described the State IT Agency (Sita) as a “systemic risk” to government IT, linking the problem to billions spent on projects that failed to deliver.
While officials have pushed ahead with modernisation plans for years, the AGSA report paints a troubling picture of governance decline. Instead of stabilising, parts of the public ICT ecosystem appear to be weakening, with leadership churn, procurement failures and project rollouts falling short of intended outcomes.
At the centre of this is Sita, the agency tasked with supporting government departments and public entities with shared technology services. The AGSA says that, in practice, Sita has struggled to deliver on its mandate effectively—raising questions about whether the model is working as intended.
## Focus keyword: Sita systemic risk and failed government IT projects worth R12.1-billion
The numbers in the AGSA report are stark. Across the period reviewed, the auditor assessed the IT control environments of 191 government entities. The overall trend was negative, with more auditees regressing than improving in how they manage and control information and communication technology.
One of the clearest governance red flags was staffing. Among 191 established CIO roles across national and provincial government, 27 positions—about 14%—were vacant. Even more concerning, 18 of those vacancies had lasted longer than six months.
The shortages were not limited to CIO posts. The AGSA also found that an additional 156 IT positions remained unfilled across departments and public entities during the same audit window. In effect, technology oversight and delivery capacity were stretched thinner at the very point where disciplined project management is most needed.
Sita and government departments were also judged on ICT implementation projects. The AGSA examined 72 ICT implementation projects across 44 departments. Of those, 23 projects—accounting for 52% of those assessed—did not meet key performance objectives. Several of these were classed as high impact.
The combined value of the failed or underperforming projects was put at R12.1-billion, with shortcomings tied to timelines, budgets, quality and business outcomes. The auditor’s framing is blunt: projects did not fail only because of technical glitches, but because delivery systems were not working.
AGSA’s findings on Sita point to procurement as a major fault line. The report says Sita’s processes were not aligned with current ICT requirements, contributing to delays and weakening departmental effectiveness and service delivery.
In AGSA’s words, Sita did not effectively deliver on its intended mandate, and its procurement practices were described as inefficient and poorly matched to what government needed at the time. That matters because when procurement is out of step, delivery schedules slip—and the downstream impact is felt in public services.
Leadership gaps intensified the pressure. The AGSA report indicates that Sita has operated without a permanent CIO for more than three years. It also reports an executive vacancy rate of 54% during the audit period.
Until recently, Sita reportedly had no permanent board and no permanent managing director either. The AGSA links this lack of stable leadership to disrupted strategic continuity and weaker accountability inside the institution—problems that can easily cascade into missed deadlines and poorly governed contracts.
Operational failures also showed up in service performance. The AGSA says Sita failed to meet service-level agreements for virtual private networks (VPNs) used by state entities. In North West, the gap between targets and actual performance peaked at 50.5% in December 2024, and remained above 25% for multiple months during the audit period.
The auditor also pointed to capacity and monitoring challenges, including strained network bandwidth due to high usage and insufficient monitoring. Put simply, even where contracts exist, the infrastructure and governance needed to deliver reliably were not keeping up.
Beyond Sita, the AGSA says flawed ICT project implementation practices are widespread across the public sector. In the same review, the auditor found evidence of poor project management in 39% of audited entities.
It also flagged a governance paperwork problem: 26% of projects were missing or had unapproved project charters and business cases, and 48% showed evidence of missed timelines and milestones. The report adds that internal audit involvement in ICT projects was largely absent, while scope changes were sometimes approved informally—or not at all with proper oversight.
The AGSA included case studies to illustrate how these weaknesses translate into tangible harm. Three examples were highlighted: one involving Dirco, another tied to the department of health, and a third involving the Unemployment Insurance Fund.
In the Dirco case, a five-year global wide-area network refresh was launched in 2021 to modernise network infrastructure across South African missions worldwide. The budget was reported at R1.1-billion, with completion initially expected in 2026.
From the start, delays compounded. A security proposal required approval before deployments could begin was first submitted by the service provider only in October 2023. After multiple revisions, the department approved it in April 2025—an 18-month delay.
That gap had a direct operational consequence: IT equipment bought earlier could not be deployed and remained idle, tying money up without delivering capability when it was needed.
AGSA also reported serious procurement and governance issues. The auditor found indications that the appointed service provider may have submitted “potentially fraudulent documentation” and still received the contract despite not meeting mandatory bid criteria.
Further contract variations related to the security solution—valued at R292.8-million—were reportedly approved by the director-general without a competitive bidding process. AGSA also noted that legal and national treasury consultation was not obtained, even though internal audit recommendations had pointed to the need for it.
The auditor attributed the project’s underperformance to inadequate project governance, lack of accountability and insufficient oversight, including consequences—or the lack of them—for accounting officers and ministers.
Finally, AGSA said ICT is critical for modernising public services but is still often treated as a support function rather than a core driver of service delivery outcomes. As strategic plans repeatedly fail to align with organisational objectives, the auditor recommended repositioning the IT function within public entities to improve clarity, responsibility and delivery discipline.
Government technology failures can be expensive in more ways than one: budgets get drained, systems remain outdated and service delivery suffers. With Sita described as a systemic risk and R12.1-billion linked to failed high-impact projects, the message from AGSA is clear—public ICT governance needs far more stability, accountability and procurement discipline before the next cycle of spending is signed off.