12 minute read
MEMBERS’
by MITA
Mr Tony Sultana - Chairman
Mr Anthony Borg
Inġ Saviour Baldacchino
Mr Joseph Noel Agius
Dr Helen Borg Muscat
Ms Rosana Piscopo (Appointed on 1 July 2022)
Board Secretary
Registered Address
Dr Aaron Mifsud Bonnici
Gattard House National Road
Blata l-Bajda HMR 9010
Malta
The board members of the Agency present their annual report and the audited financial statements for the year ended 31 December 2021.
Overview
Malta Information Technology Agency (MITA) is the central driver of the Government’s information and communications technology policy, programmes and initiatives. The Agency is responsible for the delivery and management of all programmes related to the implementation of information technology and related systems in Government with the aim of enhancing public service delivery.
MITA also provides information and communications technology infrastructure services to Government. Additionally, the Agency promotes and delivers programmes aimed at enhancing ICT education and the use of ICT as a learning tool. MITA is also involved in initiatives aimed at proliferating the further application and take up of information and communications technologies in society and economy.
Core ICT Services to Government
Throughout 2021, the provision of Core ICT Services to Government detailed by means of a contractual agreement between MITA and the Ministry for Economy and Investment, continued to provide the basis for the provision of the core ICT infrastructure to Government.
Projects and Programmes
The delivery of specific projects and programmes provided a significant portion of the Agency’s business during the year. Specific programmes and deliverables included:
Strategy and Governance
MITA supported the Data Governance Council in the definition of a Data Strategy. The Strategy aims at fostering data empowerment towards a more effective digital transformation.
MITA has also been commissioned, to work alongside other contributors, on Cyber Security, focusing on aspects such as policy direction, operations, awareness and education, and foreign cooperation.
MITA was also tasked to review a draft of Malta Digitali - the national digital strategy for the years 2022 - 2027. Malta Digitali is seen as a crucial instrument for the attainment of Malta’s Economic Vision 2021-2030, through a series of actions aimed at attaining digital transformation on a national scale.
Digital Infrastructure and Services
During this year, we have strengthened our internet bandwidth to improve connectivity and data transmission to optimise work-from-home user experience. We have also invested around €1M to upgrade our infrastructure to make our service more efficient and secure.
Procurement vehicles were made available for Ministries and Entities, which apart from facilitating the procurement process, also provided advantageous prices, for instance, for the procurement of networking equipment such as network access points.
As part of the continuous improvement initiatives, in September, a major network change was carried out to strengthen and simplify the core routing infrastructure in view of several significant projects which MITA would be working on over the next months.
The core service management processes, namely Change Management, Configuration Management and Problem Management, have undergone improvement initiatives to realign them with the current business needs, while further exploring agility concepts and practices in this regard.
Digital Security
The increased use of digital technology brought with it even additional challenges. To rise to this challenge, MITA made substantial investment both in the facilities and tools within its Security Operation Centre, for the monitoring and continuous protection of digital infrastructure. We also set up a digital forensics and malware analysis laboratory. This will aid us to strengthen our controls and respond to incidents more efficiently and in coordination with local and international partners regarding threat intelligence.
Throughout 2021, we continued to invest in having the best tools to make use of machine learning and Al. We have continued to strengthen the collection of intelligence related to digital attacks through international collaboration and have assisted in the protection of government systems.
MITA was also appointed by Government to fulfil the role of the National Cyber Security Coordination Centre on behalf of Malta, acting as the link with the EU counterparts in the chain to fight Cyber Security threats and attacks.
Digital security is not only the responsibility of Government but of each and every one of us. We therefore continued the national awareness and education campaign in our society including the public, private and public sector with the aim of increasing the level of digital security at national level.
Information Systems
MITA progressed with its programme to modernise IT systems, including Tax, Customs, Social Security, Health, Public Registry Systems, Justice, VISA and EU funding systems. This is being done to better address the needs of our clients and enable better service to the citizens and businesses, whilst also making better use of the investments being made in technology. Additionally, we have also provided consultancy services to other Ministries and Entities in modernising their systems to meet changing requirements, increase capabilities, and improve performance to meet today’s fast-changing needs. These include Police, social security systems, JobsPlus, the Transport Authority and Malta Enterprise, with the latter in relation to the Business Portal.
We also developed the website vaccin.gov.mt, the Rapid Antigen Test system, improvements to the myHealth portal to the Ministry for Health and provided consultancy on the implementation of the Digital Green Certificate.
Extensive work has also been done on Tax and Customs systems to adopt the EU One Stop Shop directive. We are also implementing Al and Machine Learning concepts in various systems, including the Commissioner of Revenue systems.
Digital consultancy and platforms
MITA provided consultancy services to the Public Administration on the Document Management system. We have invested to build a new platform based on the latest cloud technologies which will be used to host Government web sites.
An investment of around €100k was also committed for the implementation of a Content Management System, built in accordance with the GDPR and accessibility directives. The use of our Workflow Automation solution, which provides all the tools necessary for the creation of public and internal facing eServices, continued to facilitate the transformation of business processes providing increased quality of service delivery, as well as an optimised value chain that complements the resources available within government.
MITA Government Payment Gateway, is part of the horizontal infrastructure supporting the eGovernment services. We continued to invest in this service to ensure continuous stability and security of service provision.
This year we also worked on the Single Digital Gateway, to build digital services that can be used by citizens of other EU member states. Related to this, we have continued to support the EIDAS Node, which recognizes electronic credentials from European countries. All EU member states are now connected to use these services.
MITA also provided consultancy to Government on the proposal to build a European Digital Wallet for the electronic identity of European citizens. We also strengthened the elD solution, which among the available electronic services, has been used for the download of the digital Government Voucher eWallet and for the electronic COVID-19 vaccine certificate.
Recovery and Resilience Facility - EU Fund
MITA took a central role in the preparation of the business case to request EU funds through the Recovery and Resilience Facility. Malta was successful to receive a budget of €SOM for investment in the digital field, of which almost €23M will be used to improve the Government’s digital infrastructure. Two priority areas are Digital Security and remote working platforms.
Reverse Electronic Auction - Data Connectivity Services
In 2021, MITA pioneered a reverse electronic auction as part of the procurement process for the provision of data connectivity services for the Malta Public Service, to equip remote workers with the equipment and data connectivity necessary to work remotely, pursuant to Government’s remote working policy. Following a call for tenders inviting a selection of electronic communication service providers to submit the eligibility, technical and financial information, compliant bidders were invited to outbid each other financially in a fully electronic auction process. The process resulted in savings of 37.5% from the estimated budget, and harmonised services across the Public Service being provided through a framework contract with one Economic Operator for a maximum value of€1.8M, excluding VAT.
Other main contracting initiatives
MITA was also involved on the Electronic Public Procurement System (ePPS) renewal agreement, the re-issue of the Microsoft licenses contract and the conclusion of the Enterprise Resource Planning (ERP) tendering process.
The Internal Audit Office
The Internal Audit Office (IAO) primary mandate is to ensure an independent disciplined approach in evaluating and improving the Agency’s controls and in adding value to the operations of MITA. Risk based Audits and reviews are conducted as commissioned by the Board Audit Committee (BAC) and as illustrated in the IAO Strategic audit plan. IAO ensures the uphold of four main principles as part of its code of ethics, being, Integrity, Objectivity, Confidentiality and Competency in adhering to the Institute of Internal Auditors (IIA) International
Standards. IAO also develops a yearly risk based plan, as approved by the Board Audit Committee (BAC) which is realised through the verification of key risks at both strategic and operational level. Recommendations are put forward to add value and ensure improvement both in audit engagements and audit follow-ups.
The BAC plays a key role in assisting the MITA board to fulfil its oversight responsibilities in internal control systems, risk management systems and the internal and external audit functions whilst ensuring the objective assessment of the Agency’s performance and its management. The MITA Internal Audit Office reports to the BAC, enabling independence and the structural separation from management to enhance objectivity.
Enterprise Risk Management
During 2021, MITA continued in its endeavours towards ensuring that Enterprise Risk Management (ERM) is integrated within the Agency’s processes and that risks, of different classifications, are being identified and effectively managed in a timely manner in line with the ERM policy and procedure, whilst taking into consideration the Agency’s risk appetite. Through regular ERM Committee meetings, it is ensured that material risks which may impact the Agency are routinely discussed, reviewed, and monitored by the ERM Committee members. The MITA Risk Register System (RRS) in use by the Agency is also regularly updated in terms of functionality to ensure that it continues to provide a solid base where MITA risks are recorded and maintained.
Achieving Corporate Governance
The Internal Audit Office and ERM continued to work jointly to carry out risk-based checks on multiple risk areas within the Agency, which has contributed to the identification of risks that MITA may be exposed to, and the recommendation of effective controls to mitigate the risks. Follow-ups of previous activities have ensured the effectiveness of the verified governing controls. Additionally, in 2021, IAO and ERM established a Risk Based Audit Plan development framework, to build the annual risk based plan through the use of a systematic risk assessment. This framework was immediately benchmarked to create the Annual Risk Based Plan 2022.
Financial review
The overall financial performance of the Agency for 2021 shows a net surplus before tax of €975,791 (2020: €828,672). Revenue from the provision of projects and ICT services to Government reached €35,788,038 (2020: €32,031,072), up by 12% from 2020 results.
To the Members of Malta Information Technology Agency
Report on the Audit of the Financial Statements
Opinion
We have audited the accompanying financial statements of Malta Information Technology Agency (“the Agency”), which comprise the statement of financial position as at 31 December 2021, the statement of profit or loss and other comprehensive income, statement of changes in accumulated fund and statement of cash flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies.
In our opinion, the financial statements give a true and fair view of the financial position of the Agency as at 31 December 2021, and of its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards (IFRS) as adopted by the European Union (EU).
Basis for Opinion
We conducted our audit in accordance with International Standards on Auditing (ISAs). Our responsibilities under those standards are further described in the Auditors’ Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Agency in accordance with the ethical requirements of both the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants (including International Independence Standards) (IESBA Code) and the Accountancy Profession (Code of Ethics for Warrant Holders) Directive issued in terms of the Accountancy Profession Act (Cap. 281) in Malta that are relevant to our audit of the financial statements, and we have fulfilled our other ethical responsibilities in accordance with the IESBA Code and the Code of Ethics for Warrant Holders in Malta. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.
Other Information
The board members are responsible for the other information. The other information comprises the board members’ report. Our opinion on the financial statements does not cover the other information, including the board members’ report.
In connection with our audit of the financial statements, our responsibility is to read the other information identified above and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. If, based on the work we have performed on the other information that we have obtained prior to the date of this auditors’ report, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.
Responsibilities of the Board Members for the Financial Statements
The board members are responsible for the preparation of financial statements that give a true and fair view in accordance with IFRS as adopted by the EU, and for such internal control as the board members determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, the board members are responsible for assessing the Agency’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the board members either intend to liquidate the Agency or to cease operations, or have no realistic alternative but to do so.
The board members are responsible for overseeing the Agency’s financial reporting process.
Auditors’ Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditors’ report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.
As part of an audit in accordance with ISAs, we exercise professional judgement and maintain professional scepticism throughout the audit. We also:
• Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit proce dures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
• Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Agency’s internal control.
• Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the board members.
• Conclude on the appropriateness of the board members’ use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Agency’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditors’ report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditors’ report. However, future events or conditions may cause the Agency to cease to continue as a going concern.
• Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events in a manner that achieves fair presentation.
We communicate with the board members regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.
This copy of the audit report has been signed by
Registered Auditors
Mdina Road
Zebbug ZBG 9015 Malta
02 September 2022
