MITA Annual Report 2022 by MITA

ANNUAL REPORT 2022 1

Table of Contents

Contents 01.

CHAIRMAN’S STATEMENT

02.

BOARD OF DIRECTORS

03.

CEO’S STATEMENT

04.

EXECUTIVE COMMITTEE

05.

HUMAN RESOURCES

06.

SETTING THE STRATEGIC CONTEXT

07.

FOCUSING ON STRATEGIC PRIORITIES

08.

ARTICULATION OF NATIONAL STRATEGIES

09.

RECOVERY AND RESILIENCY FACILITY

10.

LAUNCH OF NATIONAL CYBERSECURITY COORDINATION CENTRE 31

11.

WORDPRESS HOSTING PLATFORM (WoPHoP)

12.

OUR MODERNISATION JOURNEY: FOSTERING AGILITY AND INNOVATION 39

13.

OUR ENVIRONMENTAL COMMITMENT 43

14.

MITA CARES INITIATIVES

15.

FINANCIAL STATEMENTS

05.1 05.2 05.3

15.1 15.2 15.3 15.4 15.5 15.6

Commitment towards our Employee Organisation Changes MITA Awards for Excellence

9 10 11

Board Of Members’ Report For The Year Ended 31 December 2022 51 Projects & Programmes 53 Statement Of Board Members’ Responsabilities 58 Independent Auditors’ Report 59 Statement Of Profit Or Loss 62 Statement Of Financial Position as At 31 December 63

01.

CHAIRMAN’S STATEMENT Throughout 2022, MITA demonstrated an unwavering commitment to excellence, achieving significant milestones that have not only strengthened our position in the realm of Public Administration but also showcased our leadership in key areas such as cybersecurity and e-government. These achievements were made possible by the dedicated efforts of our talented employees and staff, whose hard work and commitment have been pivotal to our success. Your contributions do not go unnoticed, and we take pride in having such a dedicated team. The Annual Report provides a comprehensive overview of our progress and financial standing, backed by audited financial statements for the year ending on December 31, 2022. It serves as a testament to our transparency and accountability as an organisation. Looking forward, our focus remains on identifying solutions to challenges and capitalising on opportunities. The commitment to the digitisation of public services underscores our determination to harness the power of digital technology and data. This strategic move is aimed at enhancing the efficiency and resilience of our public services, positioning MITA at the forefront of innovation in the Public Administration.

I extend my sincere appreciation to the Chief Executive Officer, the Board of Directors, and the senior management team for their unwavering commitment throughout the past year. The competence and dedication of our leadership play a pivotal role in shaping the future trajectory and performance of our Agency. As we navigate the complexities of digital transformation, I am confident that the convergence of our dedication and experience will guide us toward our shared goal. Together, we will emerge stronger, ready to deliver public services that are not only efficient but also user-centric and data-driven. Our dedication reflects our commitment to serving the public and advancing the digital landscape of our nation. Tony Sultana Chairman

02.

BOARD OF DIRECTORS

Throughout the year the Board of Directors demonstrated dedication and leadership. Their expertise was evident in their proficient guidance of the Agency through a spectrum of challenges and the identification and capitalisation of emerging opportunities. The Board’s commitment manifested not only in the navigation of challenges but also in the cultivation of a forward-looking approach that aligned seamlessly with the evolving landscape of public services. This support functioned as a bedrock, fostering an environment conducive to innovation and excellence in service delivery. The resultant synergy facilitated a comprehensive strategy that, in turn, underscored our dedication to achieving and sustaining the highest standards in meeting the needs of the citizens of Malta. Left to right: Tony Borg, Dr. Aron Mifsud Bonnici (Board Secretary), Ms. Rossana Piscopo, Tony Sultana (Chairman), Inġ. Saviour Baldacchino, Joseph Agius and Dr. Helen Borg Muscat

03.

CEO’s FOREWORD I would like to start by expressing how honoured I am to serve the Agency as its Chief Executive Officer, following a career of more than 28 years at MITA, enriched with opportunities, knowledge sharing, growth, challenges, and success. I am grateful for having the chance to work in a fulfilling work environment, with a culture that promotes well-being and that encourages employee involvement and motivation. The engagement and professionalism of our employees has been demonstrated during the past year through the various initiatives that we committed to deliver, both in addressing client needs as well as to maintain our ICT infrastructure landscape that supports the operations of the whole of the Public Administration. This includes the technology refresh of the Government network, the modernisation of the information systems, and improving the service portfolio, encompassing the provision of email, internet, hosting, eGov and enabling platforms and related services, amongst others. This has been possible through the substantial investments that we have made in ICT which has been constantly on the increase. The Public Administration is continuously seeking opportunities for further digital transformation to enhance efficiency and to enable the citizen and the business to access government services with ease. We are, therefore, committed to support our clients to seek funding opportunities, particularly to maximise the use of EU funds.

At the heart of our organisation are our employees being socially responsible. This is reflected both through the corporate giving as well as through the employees’ c ommitment and participation in Corporate Social Responsibility (CSR) initiatives organised by MITA Cares. Furthermore, in our role as a national asset, throughout the year, we provided technical support during national events, including Pope Francis’ visit, Special Olympics, and Arraiolos Group – Head of States meeting. As an Agency, we assessed how we can achieve further operational efficiencies to be in an ever-stronger position to fulfil our mandate, consolidate our strategic role and increase our value proposition. Such goals can only be achieved through our employees’ commitment to embrace challenges, seeking knowledge, and staying committed to our Agency’s goals. I would like to take this opportunity to thank our Chairman and Board of Directors for their continuous support, our employees who have been very engaging and committed, and all our other stakeholders who have helped us to be a better version of ourselves; you have all been instrumental for another rewarding year. Emanuel Darmanin

Chief Executive Officer

04.

EXECUTIVE COMMITTEE

Throughout 2022, the Executive Committee met on a regular basis, steering the Agency to deliver projects and services aimed at supporting the Public Administration in implementing and governing digital solutions to improve public service delivery. In tandem with the MITA Board of Directors, the Executive Committee has worked to constantly enhance and safeguard our infrastructure and digital assets through technology and tools to offer resilient services and protect against cyber threats. Through the Agency’s collective commitment and accountability, we achieved many milestones that will certainly propel us into another year of success. Left to right: Inġ. Ian Bonello, Priscilla Bugeja, Robert Galea, Jonathan Cassar, Adrian Camilleri, Inġ. Emanuel Darmanin (CEO), Pierre Vella, Jesmond Mizzi, Wayne Valentine and Ivan Alessandro.

05.

HUMAN RESOURCES

05.1

Commitment towards our Employees

MITA has always viewed human capital as its greatest asset and places employee wellbeing at the forefront of its HR practices. We are proud to have achieved ‘Investors in People’ certification. Our continuous commitment is to maintain the right HR principles and practices in place, and that both our leadership team and employees are aware of what is expected of us to make us better. Support and care for our employees’ wellbeing and mental health is an area of priority as we believe that our employees’ wellbeing is much beyond the physical wellbeing but involves a holistic approach to wellness. Such approach, apart from improving our productivity, mental clarity, and physical health, enables us to build resiliency to overcome challenges and provides the abilities necessary for a proactive outlook on daily life. As part of our initiatives to promote employees’ wellbeing, MITA provided the service of a professional psychologist and physiotherapist for employees. The initiative was very well received by employees. Employees were also encouraged to come forward, should the service of a psychologist be required throughout their employment. Management coaching services were also made available to the management team, as needed. They were encouraged to utilise the service to enhance their managerial skills through focused strategies and to reinforce areas of competence that are customised to meet individual needs.

Our values – People, Empowerment, Continuous Improvement, Client Focus, Professionalism - shape the culture and define the character of our Agency. With these strong values embedded in all what we do, we are commitment to accepting change and to rising to upcoming challenges with confidence and commitment. Supporting our people through change, enables us to be successful and take advantage of opportunities that arise. 05.2

Organisation Changes

Following the appointment of Tony Sultana as Principal Permanent Secretary, Emanuel Darmanin became the new MITA CEO as from 1st June 2022. Functions from within the eGovernment Services Department and the Programme Management Department moved to the new Digital Enabling Services Department headed by the newly appointed Adrian Camilleri. All functions and personnel within the Strategy & Business Department were moved to other departments, namely the Executive Office, the Finance and Contracts, and the Chief Technology Office.

5.3 MITA Awards for Excellence On Wednesday 7th December 2022, the Agency hosted the MITA Awards for Excellence. For this annual event all employees met under one roof to celebrate our achievements. This year the panels’ discussions focused on the work of the five Action Teams that were established as a means to further improve the organisation. Members of the Actions Teams, including the respective Heads of Departments, explained their teams’ remit including recent outcomes and future plans. Awards were also conferred to those employees who were voted as having embraced the MITA Values and having achieved the highest levels of teamwork. These were as follows: • Team Award – Network Operations Centre - Daniel Manche - Benjamin Piscopo - Horace Penza - Clive Zahra - Christopher Camilleri - Malcolm Borg - Reuben Galea - James Coleiro - Matthew Xuereb

- Nigel Buhagiar - Warren Galea - Stefan Bonanno In absensia - Mario Debono - Josmic Calleja - Jacqueline Ellul - Silvan Xerri - Charles Camilleri

• People Award - Marica Xuereb • Empowerment Award - Keith Mallia • Continuous Improvement Award - Joseph Grech • Client Focus Award - Joanna Debono • Professionalism Award - Kenneth Penza • Chairman’s Award- Matthew Catania • 25 Years Award - Alison Calleja, Darren Bellizzi, Kevin Cachia & Alan Caruana

During the ceremony Roderick Stoner was also conferred the title of MITA ICT Technical Fellow.

06.

SETTING THE STRATEGIC CONTEXT Through the Circular published by the Office of the Principal Permanent Secretary with reference OPM No 9/2022, titled “Government Committee for the Digitalisation of the Public Administration”, the Public Service has setup a structure to enable the Government’s commitment to the digitalisation of the Public Administration. This process which is already underway is bringing effective transformation in the delivery of public services. There are numerous digitalisation initiatives that are taking place, including vertical strategic initiatives that meet departmental business process requirements as well as horizontal initiatives that span accross the entire public service. To provide high-level policy and strategic direction, the Circular established a committee vested with the responsibility for the Digitalisation of the Public Administration. The committee’s role is to oversee projects prioritisation, budgeting and resourcing, and governance thereof. The Principal Permanent Secretary presides over the committee, which includes representatives from MITA, the Ministry Chief Information Officers (CIOs), servizz.gov, and the Ministry responsible for the Digital Economy.

To support the committee’s operations, the circular further establishes the following forums: - The CIO Forum addresses service and business perspectives relating to the implementation of the digitalisation projects within the public service, and is attended by Ministry CIOs. MITA is not a member but is invited to this forum to contribute on specific topics. - The Technology Forum provides technology direction and best practiced in relation to technology, security, standardisation, integration, interoperability, data sharing and re-use. This forum is chaired by MITA CEO and includes Ministry CIOs and representatives of Officially appointed bodies. This commitment further strengthens MITA remit in its role to provide technology direction and implement digital solutions for government.

07.

FOCUSING ON STRATEGIC PRIORITIES In June, the CEO selected five strategic priorities for the Agency to continue strengthening its position and deliver a better service to its clients in line with MITA’s remit and strategy. For each of these Strategic Priorities an action team composed of MITA resources was set up to come up with, plan and implement recommendations cutting across the Agency. With a term spreading over at least one year, each action team had the possibility to select the preferred methodology to gather information from the relevant stakeholders, propose recommendations and work with the respective function to achieve implementation. The Strategic Priorities and the Action Teams’ aims were the following: Talent motivation, well-being, retention & recruitment Understand the different strata of MITA employees and implement measures to motivate people. Identify the ‘competitive edge’ that MITA has over other employers, strengthen and communicate it. Measures aim to attract valuable talent to MITA. Listen to, be closer and enable our client Look into the various client interaction processes and practices that are managed throughout the client lifecycle and identify any new initiative and potential areas of improvement which the Agency could implement to enhance the client experience.

Strengthen our core: Policy, Architecture and Technologies Establish policies, frameworks, guidelines and standards that will provide a backbone for coherence, interoperability and standardisation of digital solutions and data architectures across the Public Administration. A more agile Agency that optimises on digital processes and fosters inter-departmental cohesiveness Streamline MITA processes, automate, digitalise, consolidate and reduce duplication across the organisation, both in terms of internal operations, as well as the Agency’s interactions with its external clients. Make MITA more efficient and agile in project and service delivery. Focus on Strategic Areas, Divest non-Strategic, Provision of New Services Identify strategic areas on which MITA should focus and recommend measures to align these areas with the desired level of involvement. Identify areas that should be discontinued or transferred to clients or other organisations with necessary recommendations. All Action Teams had the possibility to present their work to EXCO in October 2022 and during the MITA Achievements Day, the first set of recommendations were presented and discussed. In 2023 the Actions Teams will continue with the implementation of various short- and medium-term recommendations, and any long term recommendations will be put forward to be considered for the new MITA Strategy 2024-26.

08.

ARTICULATION OF NATIONAL STRATEGIES During 2022, MITA was engaged in articulating three national strategies Malta Diġitali, the National Cybersecurity Strategy 2023-2026 and the National eSkills Strategy 2022-2025. The Agency also lead the drafting of the Public Administration Data Strategy. The completion of Malta Diġitali was assigned to MITA by the Ministry for the Economy, European Funds and Lands, following earlier consultations with various stakeholders. Through its contribution, MITA ensured the strategy’s alignment to digital developments as well as to pertinent Government, national and EU regulations, strategies and initiatives. The Strategy aims to establish digital as the key driving force for national transformation by addressing the diverse needs, requirements and expectations of various cohorts of Malta’s society and economy. It also looks at how digital can shape and strengthen Malta’s economy by addressing growth through innovation and through sectoral strategies of social and economic priority. The Strategy also highlights various strategic enablers that need to be addressed, namely, regulation and legislation, digital infrastructure and funding, data, cybersecurity and eSkills. Government’s Cyber Security Steering Committee commissioned MITA, for the second time, to draft the National Cybersecurity Strategy. The new Strategy outlines several key objectives, accompanied by measures in four key strategic thrusts. Including a multi-disciplinary approach in protecting digital infrastructure and its dependencies, a cyber risk assessment approach across businesses and the economy, increased cyber security consciousness, and capabilities and last but not least, stronger cooperation in cybersecurity on a national and international scale.

The eSkills Malta Foundation have also engaged MITA in devising its new national strategy. The National eSkills Strategy, highlights a number of goals, which cover Education, Society, the Workforce, and the ICT professionals. Alignment to relevant EU, national and sectoral strategies, policies and initiatives in place have been taken into account in the process. In devising all strategies, MITA has, above all, ensured extensive consultations with Government, business and society. Most importantly it has applied its accrued experience and know-how of Government so as to facilitate the effective implementation of the Strategies, making the Public Administration a pioneer.

Use the QR code to access this document.

09.

RECOVERY AND RESILIENCY FACILITY Financed through the Recovery and Resiliencey Facility (RRF) as part of the Digital Transition, MITA is implementing a Digital Backbone programme which includes a suite of interlinked digital investments, capacities, and deployment of advanced technologies. A total of €16.7 million have been allocated from the RRF towards this programme and the investment focuses on improving the resilience and secure nature of the backbone by further enhancing, strengthening, securing, and modernising the underlying infrastructure. It also increases the homogeneity, standardisation and sharing of services across Government through additional ‘as a Service’ and shared components. The resultant enhanced secure and flexible environment set-up is critical for Government’s continued digitalisation process and business continuity. The investment in devices and tools will also enable proof-of-concepts which will lead to new and improved services to enhance the users’ experience and to allow further analysis of related data. Through user-identity verification, proactive action will be enabled to ensure government services operate smoothly and securely, across. Another €5.8 million-investment, also financed through the RRF, is the Modern Digital Workplace programme. This programme is an evolution of the Government Modern Workplace and will further enhance additional services and facilities to the platform and strengthen the associated infrastructure and licensing framework.

09. Recovery and Resiliency Facility (RRF) for Digital Transition

Through this programme, MITA is designing, implementing, and piloting different technologies, software, and associated processes to add features and extend the use of the current Modern Digital Workplace platform. This includes the replacement of desktops with laptops with modern workplace tools and related software to allow flexible/remote working, collaboration, telephony, and other means of communication.

10.

LAUNCH OF NATIONAL CYBERSECURITY COORDINATION CENTRE The EU Regulation of the European Parliament and of the Council establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres came into force in June 2022. This Regulation provides for the setting up of a National Coordination Centre (NCC) in each of the Member States. Moreover, the Regulation also establishes the European Cybersecurity Competence Community (ECCC). These structures are intended to ensure stronger coordination between research and innovation, as well as the deployment of cybersecurity strategies at the EU and national level. Given several considerations, the cabinet office approved MITA’s nomination to act as the Maltese Cybersecurity Coordination Centre (NCC-MT). Soon after MITA started working on the structure that will drive this new function. Meetings have been held with a number of EU members states including Cyprus, Belgium and Spain to share views on the organisation of their respective Centres. As a result, the NCC-MT team has been established in the Information Security and Governance Department. This team is assisted by various other teams within MITA, specifically the Finance and Contracts department, the Internal Audit office and the Risk Management office. MITA is today an approved NCC-MT that can cascade funds to third parties. In this respect, in September 2022 it managed to secure €3 million funds through the Digital Europe Programme. €1 million is dedicated to the implementation of the NCC-MT, the building and maintenance of the National Cybersecurity Community together with raising awareness, assistance to local students for participation in the University of Malta Cybersecurity Master’s Programme and for the dissemination and visibility of the project. With respect to the National Cybersecurity Community, since its launch in October 2022 during the fourth edition of the Cyber Root conference, by end 2022 this Community recorded 100 individuals and 15 entities.

10. Launch of National Cybersecurity 09. Recovery and Resiliency Coordination Centre Facility (RRF) for Digital Transition

The other €2 million will be cascaded to Small to Medium Enterprises (SMEs) for the take up of state-of-the-art cybersecurity solutions where it is being forecasted that as a minimum 33 SMEs will benefit from this scheme. It is pertinent to note that MITA, as the NCC-MT, sits on the ECCC Governing Board representing Malta.

11.

WORDPRESS HOSTING PLATFORM (WoPHoP)

The digital era demands a strong web presence, for the Government to reach a wider audience to communicate efficiently and effectively. Web hosting is a pivotal component to achieve this demand. MITA has always been at the forefront in offering the Government of Malta with platforms that are robust, reliable, and secure. In 2022 MITA launched a Shared WordPress Hosting Platform (WoPHoP), offering powerful and advanced centrally managed shared web hosting capabilities. The platform is based on WordPress, and was built specifically to provide best-in-class hosting services. Since its launch in July 2022, the platform has gained widespread recognition and is currently hosting more than 180 portals. The features, advantages, and underlying technologies of the platform set it apart from other hosting options. The key differentiators of this platform are that it is centrally managed, offers shared provisioning, remarkable speed, and high performance. MITA manages the platform end-to-end, whilst allowing the Government of Malta to focus on what really matters, the content. This platform is a near Business-As-A-Service hosting model. The platform is powered by the latest Microsoft Azure capabilities, that guarantees ultra-fast page load speeds and a harmonised experience. WoPHoP also offers unparalleled underlying flexibility that allows MITA to scale the platform whenever required.

Being MITA managed, the platform comes with several other advantages namely exceptional security features. The Agency has always been at the forefront in making security a top priority, and WoPHoP has multiple layers of advanced security measures to protect websites hosted on its platform. The platform is also supported by an experienced and knowledgeable team, together with a 24/7 Operations Centre, to assist the Government of Malta whenever needed. WoPHoP has truly increased the bar, with its exciting features, advanced underlying technologies, and exceptional customer service. It is thus not a surprise that the platform experienced an incredible uptake and became the web hosting platform for the Government of Malta.

12.

OUR MODERNISATION JOURNEY: FOSTERING AGILITY AND INNOVATION In an ever-evolving technological landscape, MITA is undergoing a comprehensive modernisation effort, reshaping the very core of our business. This transformation aims to infuse our operations with agility and innovation. The progression of our modernisation journey unfolds as follows: Staying Ahead with Technology: At the heart of this journey is our commitment to leading with technology. We are providing our development team with access to cutting-edge technologies and advanced platforms, empowering them to create solutions that align with current industry standards. Embracing Modern Architectural Principles: In a world where software architecture is pivotal, we are actively adopting the latest architectural principles. This ensures our systems remain current and adaptable to changing business dynamics. Boosting Agility with Best Practices: Our modernisation journey is guided by best practices, including Domain-Driven Development (DDD), clean code principles, and Test-Driven Development (TDD). These practices are central to delivering high-quality software while ensuring adaptability. Agile Methodologies and Team Adaptations: We are embracing agile methodologies and adjusting our team structures. This shift enhances our focus on quality and efficiency. Principles like Domain-Driven Design and Test-Driven Development are now at the core of our work.

Promoting Modularity: We are transitioning from large monolithic applications to agile microservices. This approach minimises disruptions to our clients’ business functions while promoting system decoupling. Efficient Business Process Discovery: To streamline business process discovery, we have adopted storytelling through Event Storming. This technique helps us understand complex systems and their interactions efficiently. Modernisation Across IT Systems: Our modernisation efforts extend to various IT systems, including taxation, customs, social security, and Public Administration. We are implementing cloud-native solutions based on a well-defined Reference Architecture. This approach expedites application development by leveraging prior experiences and best practices. Unlocking Innovation with Cloud: By embracing cloud infrastructure, we are unleashing the potential of emerging technologies, such as Artificial Intelligence. This shift has unlocked opportunities for innovation and efficiency. In summary, our modernisation journey is not confined to software; it’s a transformation of our entire approach to business. By adopting modern practices, empowering our teams, and staying current with technology, we are poised to enhance our agility and deliver efficient and high-quality solutions.

13.

OUR ENVIRONMENTAL COMMITMENT

14.

MITA CARES INITIATIVES

Throughout 2022, MITA Cares continued its efforts to drive MITA’s CSR. This was done through a multitude of ways across internal as well as external-facing activities and initiatives. Thanks to the contributions of MITA employees, the Committee’s effort apart from focusing on aiding internal employees, has supported various sectors of the society. Externally, MITA Cares has also donated several laptops to various charitable institutions, allowing families in need to support the learning of their children. It has supported the pledge management for several telethons while also visiting Sutton (London) to perform technical work in the Puttinu Cares apartments. In parallel, the Committee proceeded to follow up on requests received by Social Workers, Head of Schools, amongst others, to provide financial assistance where needed, as guided by the newly introduced Donation Protocol. Such financial assistance has targeted various families in dire situations because of terminal illness or other serious problems. Furthermore, the Committee has worked on various initiatives in support of non-Governmental Organisations.

The Committee has continued its drive to collect funds and thus has also performed several social events and activities within MITA, ranging from distribution of items to employees, organisation a children’s Christmas party, raffles and collection of food for foodbanks. The final activity for 2022 was to provide support with pledges during Istrina 2022, thus assisting The Malta Community Chest Fund Foundation. In 2022 the Committee had a change of Chairperson, moving from the immense contribution of Wayne Valentine across many years, under the new direction of Matthew Catania. All financial-related operations of the Committee are listed in the Financial Report for 2022.

15.

FINANCIAL STATEMENTS

15.1

Board Of Members’ Report for the year ended 31 December 2022

Board Members Mr Tony Sultana - Chairman Mr Joseph Noel Agius Inġ. Saviour Baldacchino Mr Anthony Borg Dr Helen Borg Muscat Ms Rossana Piscopo (appointed on 1 July 2022) Board Secretary

Dr Aaron Mifsud Bonnici

Registered Address Gattard House National Road Blata l-Bajda HMR 9010 Malta The board members of the Agency present their annual report and the audited financial statements for the year ended 31 December 2022. Overview Malta Information Technology Agency (MITA) is the public entity vested with the responsibility to provide ICT infrastructure, systems and services to Government that leverage a modern digital ecosystem and contribute towards the definition and execution of the Government’s digital strategies that sustain a modern digital economy. MITA, through the direction of the Office of the Prime Minister, collaborates with the Office of the Principal Permanent Secretary and Ministry CIOs to attain its mandated strategies and assigned projects.

The Agency is dedicated in assisting the Government in transforming technological innovations into real business solutions. Its unique approach combines an innovative array of ICT and project management services with focused delivery capabilities using tried and tested methodologies to help fulfil Government’s strategies and projects and maximise the benefits of investment in technology. Core ICT Services to Government Throughout 2022, the provision of Core ICT Services to Government detailed by means of a contractual agreement between MITA and the Office of the Prime Minister, continued to provide the basis for the provision of the core ICT infrastructure to Government. Projects and Programmes The delivery of specific projects and programmes provided a significant portion of the Agency’s business during the year. Specific programmes and deliverables included: Information Systems development and maintenance MITA continued to develop and maintain information systems to meet the needs of specific strategic business areas within Government including Taxation, Social Security, Customs, Health, Justice, VISA and the Funding programmes. We worked closely with our clients to deliver technically sound and cost-effective device-agnostic solutions that prioritise privacy and security by design and build based on sound interoperability principles.

15.2 Projects & Programmes Modernisation of Taxation and Social Security Systems The modernisation of Taxation and Social Security Systems is progressing alongside, whilst the systems are being enhanced to cater for new functionality to address changing business needs, including the implementation of Government budget measures. Using an agile development and a DevOps approach to software development, the teams are working closer together to release software on a regular basis, through a series of iterations. Critical updates and the inclusion on new functionality are incorporated within project time blocks, called sprints, though which software is released on a regular basis. This further promotes the culture of continuous modernisation.

also implementing a National Electronic Health Record (NEHR) to which MITA is also advising on IT technical matters. MITA also maintains the myHealth portal which has seen significant increase in usage by both citizens and medical practitioners. Privileged Access Management (PAM) MITA implemented a Privileged Access Management (PAM) solution which provides enhanced security by limiting and monitoring privileged access to critical systems and data. PAM reduces the risk of unauthorised access, insider threats, and data breaches, while ensuring compliance with regulatory requirements and proper credential management. The solution strengthens MITA’s overall cybersecurity posture, safeguards sensitive information, and mitigates potential damages caused by privileged account misuse.

Economic Stimulus Payments The MITA Taxation and Social Security teams collaborated with the Ministry for Finance and Employment to implement Government’s budget initiative to distribute payments towards taxpayers with the aim to incentivise Economic Stimulus. Consultancy MITA provided consultancy services to Malta Police Force as part of their initiative for the modernisation / replacement of the National Police Systems suite. This involved drafting and reviewing of technical documentation and providing direction on the integration requirements to fulfil both national and EU obligations. Additional effort was invested to define the technical evaluation criteria for the procurement of solutions through a Competitive Dialogue Procedure. MITA provided consultancy services to the Ministry for Health in relation to the Ministry’s technology refresh of the Radiology suite of applications and the Laboratory Testing solutions. The Ministry is

Cybersecurity Skilling Programme MITA, through the National Cybersecurity Coordination Centre, is committed to deliver a national cyber security awareness and education campaign. One specific initiative focuses on building internal employees’ cybersecurity skill set. Through a specific designed programme, which is aimed to run until 2025, MITA will be providing a framework whereby interested individuals will be offered cyber security fundamentals and specialised training intended to improve their knowledge in the field. Zero Trust MITA have been working to implement a Zero Trust security model. Zero Trust is a security framework requiring all users, whether in or outside the organisation’s network, to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Overall, Zero Trust architecture changes the concept of perimeter from one

based on location to one based on identity and access. This is a much more relevant security model in today’s era of cloud computing, remote work, and digital transformation. Network Access Control (NAC) A new Network Access Control (NAC) tool was implemented to replace the authentication tool that had recently reached its end of support. The purpose of the NAC tool is to act as a central device through which remote Virtual Private Network (VPN) and wireless users are authenticated before being granted access to the government network. The main benefit of the new NAC tool is increased visibility of the end users devices connected to the government network. Furthermore, this tool provided n ew security related functionality and features that increased the overall security posture. Network consultancy Throughout 2022, MITA assisted in delivering the required IT and support services that were requested during various national events, namely Papal visit, Special Olympics and Arraiolos. MITA installed and configured the network infrastructure that was required in the various locations such that media personnel, delegates and host broadcasters could make use of this infrastructure. In addition, various MITA employees supported these events by providing IT support assistance. Migration of VMware workloads following tech refresh. In the first quarter of 2022, following the installation, configuration and thorough testing of the new VMware hosting platform, all workloads (applications), made of around 1,200 Virtual Machines (VMs) were seamlessly migrated from the old VMware hosting platform to the new. This was achieved with no downtime to the applications and no client business disruption, a testament to the extensive planning and diligent work of all involved.

MITA Shared WordPress Hosting Platform (WoPHoP) WoPHoP has been successfully implemented and launched to production and became one of the Agency’s flagship services. The response has been overwhelmingly positive with a sharp take-up in the number of clients who are choosing this platform, including the Prime Minister’s website. This is attributable to the dedication to deliver a reliable, secure, scalable, and user-friendly platform. The Agency is committed to continue enhancing this service and to host more portals, which include Ministry, Parliamentary Secretary and Entity websites. Decommissioning of legacy applications and platforms Financial legacy applications (Stock Ledger, Bank Reconciliation System, ArchDAS) were decommissioned after being replaced by the Corporate Financial Management Solution in 2021. Liquid Office eforms were redeveloped for either the Workflow Automation Solution (WAS) or other preferred platforms to enable deactivating the Liquid Office platform. The public-facing website hosting platform (ECMS13) and the intranet-based workflow and document-sharing collaboration platform shall be discontinued because the support for Sharepoint 2013 ends in April 2023. The relevant sites were therefore migrated to the WoPHop and SharePoint Online platforms respectively. GoM Payroll and HR systems All Virtual Machines (VM’s) pertaining to the government Payroll and HR systems were successfully migrated from Hyper-V to the new VMware environment, and the Hyper-V VMs decommissioned. A major Dakar system upgrade and the new Personnel module were implemented in September 2022. Personnel is now the central module, and all suite modules, along with Recruitment and Payroll, will now be linked to it. The online leave module was also implemented and rolled out across government.

eID Azure Migration

Single Digital Gateway

One of the most significant strategic outcomes achieved in 2022 was the successful migration of the eID solution to Azure. Over the past few years, we had embarked on a transformational journey for the eID which included an initial technology upgrade, a process of simplification for the acquisition and use of the eID account, the introduction of levels of assurance to provide for added choice between usability and security, an account management dashboard to further align with the GDPR, and finally the migration to Azure. During this journey, we have witnessed an astounding increase in the usage of the system, and we now have over 300 thousand active accounts generating 7 million yearly logins. The migration to Azure provides us with the performance, scalability, resilience, and security to cater for eGovernment service demand for the coming 5 years.

The finalisation of the eIDAS Node could not come at a better time as we shifted gears in the implementation of the Once-only Technical System for the Single Digital Gateway Regulation. This will build upon the eIDAS Node infrastructure to additionally provide for the authenticity of data that is exchanged across borders for the fulfilment of online procedures. In 2022, we successfully built the Malta eDelivery component for the SDG and concluded a formal connectivity test for this with the European Commission. In the meantime, we continued supporting the MEFL with the work related to the conclusion of the SDG Implementing Act and Technical Specifications. We also started the work to create the SDG Integration Layer with a specific focus on finalising the integration posture for service providers by early 2023.

eIDAS Node

To further safeguard data, MITA deployed Microsoft Online Archive across all Government personal mailboxes. This makes it easier for the users to back up emails from their live mailbox, thus alleviating storage space, without relying on risky offline solutions. MITA is currently monitoring the uptake of this service to entice further use where applicable.

Another highly notable strategic outcome achieved in 2022 was the integration of the eID Card authentication mechanism through the eID single sign-on screen to the Malta eIDAS Node, following the notification process done by Identity Malta which afforded the level of assurance High to the eID Card. In this way, Maltese citizens and residents will be able to use their electronic identity or residence permit card to access eGovernment services in other Member States, and the services offered by the European Commission through its authentication portal. In addition to the technical work, this required the negotiation of a memorandum of understanding with Identity Malta to delineate the operational responsibilities. This milestone concludes the implementation of the eIDAS Node in Malta.

eMail Online Archive

Network Operations Centre MITA Network Operations Centre (NOC) remains one of the pivotal functions for the Agency and Government. Its round the clock operation requires clear, uninterrupted visibility across Government services allowing it to trigger incident management where required. Such visibility requires ample effort to be continually improved and maintained.

Change and Configuration Management In the area of Service Management, effort was dedicated to adopting a more effective, efficient, and agile approach in addressing Governance over Change and Configuration Management. Work has been underway across various dimensions ranging from improved procedures, data maintenance and presentation, reporting, user knowledge and more. The result of this effort is more successful changes while safeguarding the existing services and underlying infrastructure.

IAO maintains four main principles as part of its code of ethics, being, Integrity, Objectivity, Confidentiality and Competency. This is done in compliance with the Institute of Internal Auditors (IIA) International Standards. The BAC plays a key role in assisting the MITA board to fulfil its oversight responsibilities in internal control systems, risk management systems and the internal and external audit functions whilst ensuring the objective assessment of the Agency’s performance and its management. The MITA Internal Audit Office reports to the BAC, enabling independence and the structural separation from management to enhance objectivity.

Chatbot pilot

Enterprise Risk Management

In 2022, MITA embarked on the initiative to set up a pilot to implement a Chat Service as part of the Call Centre service, aimed to provide an additional support channel for MITA clients. The Chat service incorporates the use of Chatbot, that will provide the capability to interact with backend systems to enable an element of incident resolution via automation. Unresolved calls are then referred to a Live Agent.

During 2022, the ERM function continued its endeavours towards the governance of the ERM framework within the Agency. Through this framework, risk owners across the Agency are encouraged to identify and log risks in the Risk Register System relevant to their respective processes, projects and services, and to monitor, update and manage these risks in a timely manner in line with the Agency’s risk appetite. The ERM Committee held regular meetings during which material risks impacting the Agency were discussed, reviewed, and monitored. The ERM Framework was introduced to new MITA employees through induction sessions organised by HR, whilst the Risk Register System continued to be updated in terms of functionality to ascertain that it continues to provide a solid base where MITA risks are recorded and maintained.

The Internal Audit Office The Internal Audit Office (IAO) function is set to ensure an independent disciplined approach to evaluate and improve the Agency’s controls and in adding value to MITA operations. The IAO Risk based Audit annual plan is devised from the IAO Strategic plan and approved by the Board Audit Committee (BAC) prior to its implementation. The plan is materialised through the verification of key risks at both strategic and operational level. Improvements are put forward to add value and ensure sound internal controls are sustained across the Agency.

Achieving Corporate Governance The Internal Audit Office and ERM continued to collaborate in carrying out risk-based audit engagements on multiple risk areas within the Agency. This has contributed to the identification of risks that MITA may be exposed to, and the recommendation of effective controls to mitigate the risks.

Financial review The overall financial performance of the Agency for 2022 shows a net surplus before tax of €720,043 (2021: €975,791). Revenue from the provision of projects and ICT services to Government reached €39,976,697 (2021: €35,788,038), up by 12% from 2021 results.

15.3

STATEMENT OF BOARD MEMBERS’ RESPONSABILITIES

The Agency’s statute requires the board members to prepare financial statements for each financial year which give a true and fair view of the state of the affairs and profit or loss of the Agency for that year, in accordance with the requirements of International Financial Reporting Standards as adopted by the European Union. In preparing these, the board members are required to: • adopt the going concern basis unless it is inappropriate to presume that the Agency will continue in business; • select suitable accounting policies and apply them consistently; • make judgements and estimates that are reasonable and prudent; • account for income and charges relating to the accounting period on the accruals basis; • value separately the components of asset and liability items; and • report comparative figures corresponding to those of the preceding accounting period. The board members are responsible for keeping proper accounting records which disclose with reasonable accuracy, at any time, the financial position of the Agency. They are also responsible for safeguarding the assets of the Agency and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. Auditors RSM Malta, Registered Auditors, have expressed their willingness to continue in office and a resolution for their reappointment will be proposed at the Annual General Meeting. This report was approved and authorised for issue by the Board Members on 18 July 2023, and signed on its behalf by:

Mr Tony Sultana Mr Anthony Borg Chairman Board Member

15.4

INDEPENDENT AUDITORS’ REPORT

To the Members of Malta Information Technology Agency Report on the Audit of the Financial Statements Opinion We have audited the accompanying financial statements of Malta Information Technology Agency (“the Agency”), set out on pages 11 - 35, which comprise the statement of financial position as at 31 December 2022, the statement of profit or loss and other comprehensive income, statement of changes in accumulated fund and statement of cash flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies. In our opinion, the financial statements give a true and fair view of the financial position of the Agency as at 31 December 2022, and of its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards (IFRS) as adopted by the European Union (EU). Basis for Opinion We conducted our audit in accordance with International Standards on Auditing (ISAs). Our responsibilities under those standards are further described in the Auditors’ Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Agency in accordance with the ethical requirements of both the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants (including International Independence Standards) (IESBA Code) and the Accountancy Profession (Code of Ethics for Warrant Holders) Directive issued in terms of the Accountancy Profession Act (Cap. 281) in Malta that are relevant to our audit of the financial statements, and we have fulfilled our other ethical responsibilities in accordance with the IESBA Code and the Code of Ethics for Warrant Holders in Malta. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Other Information The board members are responsible for the other information. The other information comprises the board members’ report. Our opinion on the financial statements does not cover the other information, including the board members’ report. In connection with our audit of the financial statements, our responsibility is to read the other information identified above and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. If, based on the work we have performed on the other information that we have obtained prior to the date of this auditors’ report, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.

Responsibilities of the Board Members for the Financial Statements The board members are responsible for the preparation of financial statements that give a true and fair view in accordance with IFRS as adopted by the EU, and for such internal control as the board members determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the board members are responsible for assessing the Agency’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the board members either intend to liquidate the Agency or to cease operations, or have no realistic alternative but to do so. The board members are responsible for overseeing the Agency’s financial reporting process. Auditors’ Responsibilities for the Audit of the Financial Statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditors’ report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. As part of an audit in accordance with ISAs, we exercise professional judgement and maintain professional scepticism throughout the audit. We also: •

Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.

•

Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Agency’s internal control.

•

Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the board members.

•

Conclude on the appropriateness of the board members’ use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Agency’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditors’ report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditors’ report. However, future events or conditions may cause the Agency to cease to continue as a going concern.

•

Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events in a manner that achieves fair presentation.

We communicate with the board members regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit. This copy of the audit report has been signed by

Conrad Borg (Principal) for and on behalf of RSM Malta Registered Auditors 18 July 2023

15.5

STATEMENT OF PROFIT OR LOSS AND OTHER COMPREHENSIVE INCOME FOR THE YEAR ENDED 31 DECEMBER 2022

2022 €

2021 €

Revenue

39,976,697

35,788,038

Cost of sales

(32,196,494)

(28,163,845)

7,780,203

7,624,193

124,365

124,039

(7,042,227)

(6,599,798)

862,341

1,148,434

Finance costs

(142,298)

(172,643)

Surplus before tax

720,043

975,791

(342,531)

(446,962)

Surplus for the year

377,512

528,829

Total comprehensive income for the year

377,512

528,829

Gross surplus Movement in pension benefits

Administrative expenses Operating surplus

Income tax

15.6

STATEMENT OF FINANCIAL POSITION AS AT 31 DECEMBER

2022 € ASSETS

2021 €

Non-current assets Property, plant and equipment Right-of-use assets

Deferred tax Total non-current assets

2,726,202

4,091,611

2,005,775

2,267,781

975,004

1,063,784

5,706,981

7,423,176

CURRENT ASSETS Inventories Trade and other receivables

14,583

17,035

3,719,701

3,992,951

Contract assets

2,615,414

129,042

Current tax receivable

266,747

18,455,721

15,432,993

Cash and cash equivalents

Total current assets

25,072,166

19,572,021

TOTAL ASSETS

30,779,147

26,995,197

EQUITY AND LIABILITIES

€

Capital and reserves Capital reserve 4,542,497

4,542,497

Accumulated fund

5,167,754

4,790,242

TOTAL EQUITY

9,710,251

9,332,739

1,801,943

2,038,403

Provision for liabilities and charges

1,158,648

1,298,423

Total non-current liabilities

2,960,591

3,336,826

Non-current liabilities Finance lease obligation

Current liabilities Current tax payable

219,515

Finance lease obligation

334,957

334,615

140,667

173,929

Provision for liabilities and charges

Trade and other payables

7,846,111

8,327,298

Contract liabilities

9,786,570

5,270,275

18,108,305

14,325,632

TOTAL LIABILITIES

21,068,896

17,662,458

TOTAL EQUITY AND LIABILITIES

30,779,147

26,995,197

Total current liabilities

The financial statements have been authorised for issue by the board members on 18 July 2023:

Mr Tony Sultana Chairman

Mr Anthony Borg Board Member 64