By Nthambeleni Gabara
The Office of Standards and Compliance (OSC), which became operational in April 2020 will initiate enforcement processes aimed at improving compliance and service delivery in selected government departments with effect from next month.
This emerged at the Department of Public Service and Administration’s OSC two-day workshop that kicked off on Thursday in Pretoria.
The national promotion and campaign workshop aimed at exploring solutions that will enhance compliance and institutional resilience in the public service space is also expected to initiate a structured and supportive engagement between the OSC, participating policy owners from the respective DPSA branches and the selected national departments.
Acting Head oof the OSC, Mr Kuben Govender speaking on strategies to promote compliance said: there is a need for a new approach…as the OSC, we will initiate an enforcement process in selected government departments in the next quarter.
“We need to move from traditional command and control strategies to a more holistic approach towards regulations. There is also a need to use the effectiveness of mixes of regulatory strategies that will utilise the complexity and variety of motivations underlying compliance.”
Objectives of the workshop
To provide the Office of Standards and Compliance as well as the OSC regulations, 2022.
Discuss key concepts, strategies for promoting compliance for implementation in the province.
Highlight awareness of the directive on Information and Communications Technology Security.
Highlight the key areas of non-compliance in the department and establish reasons for non-compliance.
Explain the process and approach that the OSC will follow when it initiates the enforcement process.
Culture of compliance in the organisation
Mr Govender further said to successfully elevate compliance management to a strategic advantage, compliance with norms and standards must be embedded in organisational culture and form part of the core business model of the department.
He strongly believes that embedded culture in government departments or entities can both foster and enhance compliance or it can impede or render compliance efforts meaningless.
“A positive culture of compliance is embedded in setting and having a strategic vision and the setting of strategic goals, which need to be internalised,” he said.
How to develop a culture of compliance
Govender further said there is a need to identify the specific people responsible for managing each compliance element, focusing on ensuring the compliance and reporting value chain.
“Transgressors must account for non-compliance…compliance culture must be encouraged by the organization’s structure, processes, and management style.
“There is also a need for an alert risk management system, which addresses the risks that arises in each strategic area. Establish control points for the risk elements and ensure controls are well documented for internal and external purposes,” he said.
Deputy Director: Compliance and Enforcement in OSC at the DPSA, Frankling Links said: “The responsibility of OSC is to foster a culture of compliance with the public administration norms and standards, while the DPSA policy units monitors compliance by departments with the various norms and standards.”
DPSA Information Security Deputy Director, Ms Tebogo Kabai said: “To ensure effective governance, section 9 of the DPSA’s Directive on Information Security on compliance monitoring advises that the head of the department must delegate an official to serve as the Department’s Information Security Officer (DISO).
Currently, only 42.61% of departments have appointed a designated information security officer (DISO), indicating that a considerable 57.39% of departments lack this critical function.
“The main reason for non-compliance in this area is that departmental structures do not have this role. In most cases ICT security responsibility is placed on the official infrastructure.
“Some departments responded fully compliant, however, did not submit evidence to support their responses, or submitted irrelevant evidence.”
However, Kabai said the DPSA is in the process of developing guidelines for the functions and responsibilities of DISO aimed at defining the DISO’s governance role in overseeing the implementation of security operations in protecting the department’s information assets. She said Departmental ICT steering committees must ensure active and continuous oversight on ICT security matters.
According to Kabai, the DPSA is also in the process of developing training that will assist the department’s steering committee members on the execution of their duties.
“Departments must ensure that background checks or vetting is conducted on third-party individuals granted access to sensitive departmental information.
“The SCM pre-checks that are done are for the companies before appointment; however, the individuals who are given access are not checked by Supply Chain Management (SCM). Departments need to improve in this area as it poses a significant risk to departments,” she said.
Chapter 5 (16A) of the Public Service Act briefly outlines the steps to deal with the failure to comply with the provisions outlined in the Act.
It also outlines issues of reporting non-compliance to Cabinet, Parliament, and its committees.
Section 16A also outlines a set of instructions (for executive authorities, heads of departments, and the MPSA) regarding the disciplinary steps that may be taken.
This provides the Minister of Public Service and Administration with the statutory authorisation to monitor and enforce compliance and alludes to the Minister’s internal oversight capacity within the public administration.
The Auditor-General has also found that the failure to comply with legislation is one of the root causes of material instances of non-compliance in audit findings.
Non-compliance to rules and regulations has a particularly significant impact on service delivery.