Escolar Documentos
Profissional Documentos
Cultura Documentos
0
0
23
1
60
16
1
0
63
1
1
FY11 IA
Issues
0
0
10
11
12
2
0
0
9
1
1
FY12 IA
Issues
0
0
0
0
0
0
0
0
0
0
0
166
46
EA Issues
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
%
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
Err:504
25
0
134
4
1
2
FY11 IA
Issues
17
11
18
1
0
0
FY12 IA
Issues
0
0
0
0
0
0
166
47
EA Issues
1 Not Applicable
2 FY11
3 FY12Q1
4 FY12Q2
5 FY12Q3
6 FY12Q4
Total
Err:504
11
Err:504
Err:504
5
1
2
%
Err:504
Err:504
#VALUE!
Err:504
Err:504
Err:504
Err:504
EA Issues
1 Not Resolved
2 Resolved Pending IA Follow-up
3 Resolved Pending EA Follow-up
4 Resolved and Closed
Total
69
41
17
39
166
FY11 IA
Issues
13
5
6
22
46
FY12 IA
Issues
0
0
0
0
0
Err:504
Err:504
%
Err:504
#VALUE!
#VALUE!
#VALUE!
Err:504
1200.00%
1000.00%
800.00%
600.00%
400.00%
200.00%
0.00%
1000.00%
800.00%
600.00%
Column I
400.00%
200.00%
0.00%
Not Resolved
Risk Rating
Medium
Title
Lack of test environment
12 Computer Operations
High
14 Computer Operations
High
18 Access to Programs
High
19 Access to Programs
High
High
Medium
Low
High
Low
High
High
33 Database Review
High
34 Database Review
Medium
35 Database Review
Medium
36 Database Review
Medium
37 Database Review
High
38 Database Review
Medium
39 Database Review
Low
Medium
High
46 Database Review
High
47 Database Review
Medium
48 Database Review
High
49 Database Review
High
50 Database Review
High
52 Database Review
High
Medium
Medium
Low
High
Medium
Medium
High
High
Medium
Medium
Low
High
High
High
Medium
High
High
Low
High
Medium
Medium
Medium
Medium
High
Low
Medium
High
High
High
Medium
High
143 General
High
144 General
High
Revenue Receivables
Important
Recommendation
MTN Swaziland should
explore the possibility of
deploying a test
environment for all
systems within scope.
Agreed Management
Action
Primary
Department
N/A
Information
Systems
MINSAT is a none
critical system as it is a
reporting tool that
extracts data from
source systems. if
MINSAT could be
compromised, the data
will not be afected as it
is not produced by
MINSAT, but by other
systems from which
MINSAT extracts for
reporting.
This rating should be
2.1.2.3
31-Mar-2012
Information
Systems
2.1.2.5
31-Dec-2012
Information
Systems
2.1.3.3
Management should
institute a process to
review user access rights
on a periodic basis to
ensure that these rights
are commensurate with
job responsibilities. This
should be applied to all
critical systems, at
minimum.
31-Mar-2012
Information
Systems
2.1.3.4
Management should
institute a process to
delete user access rights
on termination.
31-Mar-2012
Information
Systems
30-Jun-2012
Information
Systems
N/A
Information
Systems
We therefore
recommend that this
finding should be
removed from the
report.
2.2.1.1
2.2.1.2
System access is
restricted to
administrators.
Permissions can be
removed but presently
the people with the
view access are
privileged.
2.2.1.3
Disable unnecessary
Business needs to
services if not needed. If accept risk for this
these services must be
service.
used, ensure that the
latest version is being
used and that their use is
restricted, with only
properly authorised
individuals being able to
use them. Alternatively
explore the possibility of
using alternative more
secure services that
integrate with existing
controls.
N/A
Information
Systems
we recommend that
should FTP be required,
management should
explore other more
secure protocols such as
secure FTP.
2.2.1.4
N/A
Information
Systems
2.2.1.5
An appropriate legal
notice approved by the
MTN legal department
should be displayed upon
direct authentication to
this environment.
Standardised banner
could be included and
applied throughout all
systems. Enticement
information can be
removed.
N/A
Information
Systems
2.2.1.6
System administrators
should be allocated to
the own user accounts
and granted appropriate
access. The system
password should be kept
in a safe and the account
used only when there is
an emergency.
We will investigate
granting access to
warm-bodied users for
usage of the root
account.
2.2.1.7
We will investigate
password control
parameters and
password management
processes and apply
them as necessary.
2.2.2.1
Auditing should be
Refer to attached
appropriately enabled
collective response.
and configured as
defined by the business.
Emphasis should be
placed on the auditing of
users who authenticate
directly to the database.
The audit logs should be
reviewd in a regular basis
by a security officer and
any unauthorised
activities conducted on
the database should be
reported to management.
N/A
Information
Systems
N/A
Information
Systems
31-Mar-2012
Information
Systems
2.2.2.2
Management should
Refer to attached
ensure that audit logs are collective response.
protected from access by
privileged users.
Furthermore, a security
administrator (not a DBA)
should oversee the setup
of auditing on the
database environment.
31-Mar-2012
Information
Systems
2.2.2.3
Management should
Refer to attached
ensure that at least more collective response.
than 3 control files exist
for the database.
31-Mar-2012
Information
Systems
2.2.2.4
31-Mar-2012
Information
Systems
2.2.2.5
31-Mar-2012
Information
Systems
2.2.2.6
31-Mar-2012
Information
Systems
The RESOURCE_LIMIT
2.2.2.7
Management should
ensure tha the listener
file is securely
configured.
Refer to attached
collective response.
31-Mar-2012
Information
Systems
2.3.1.3
31-Mar-2012
Information
Systems
2.3.1.4
System administrators
Refer to attached
should be allocated to
collective response.
the own user accounts
and granted appropriate
access. The system
password should be kept
in a safe and the account
used only when there is
an emergency.
31-Mar-2012
Information
Systems
2.3.2.1
Auditing should be
Refer to attached
appropriately enabled
collective response.
and configured as
defined by the business.
Emphasis should be
placed on the auditing of
users who authenticate
directly to the database.
The audit logs should be
reviewd in a regular basis
by a security officer and
any unauthorised
activities conducted on
the database should be
reported to management.
31-Mar-2012
Information
Systems
2.3.2.2
31-Mar-2012
Information
Systems
2.3.2.3
31-Mar-2012
Information
Systems
2.3.2.4
Refer to attached
collective response.
31-Mar-2012
Information
Systems
2.3.2.5
31-Mar-2012
Information
Systems
Additionally, a system
auditing policy should be
formalised and published.
2.3.2.7
2.4.1.1
31-Mar-2012
Information
Systems
31-Mar-2012
Information
Systems
2.4.1.3
31-Mar-2012
Information
Systems
2.4.1.4
An appropriate legal
Refer to attached
notice approved by the
collective response.
MTN legal department
should be displayed upon
direct authentication to
this environment.
31-Mar-2012
Information
Systems
2.4.1.5
System administrators
Refer to attached
should be allocated to
collective response.
the own user accounts
and granted appropriate
access. The system
password should be kept
in a safe and the account
used only when there is
an emergency.
31-Mar-2012
Information
Systems
2.4.1.6
31-Mar-2012
Information
Systems
2.4.1.7
Management should
Refer to attached
ensure that an
collective response.
accountable person has
been appoited for all
administrator logins, and
the users that use the
login are authorised to
have adminstrator
access.
31-Mar-2012
Information
Systems
2.5.1.1
System administrators
Refer to attached
should be allocated to
collective response.
the own user accounts
and granted appropriate
access. The system
password should be kept
in a safe and the account
used only when there is
an emergency.
31-Mar-2012
Information
Systems
2.5.1.2
31-Mar-2012
Network
2.6.1.1
31-Mar-2012
Information
Systems
2.6.1.3
31-Mar-2012
Information
Systems
2.6.1.4
An appropriate legal
Refer to attached
notice approved by the
collective response.
MTN legal department
should be displayed upon
direct authentication to
this environment.
31-Mar-2012
Information
Systems
2.6.1.5
System administrators
Refer to attached
should be allocated to
collective response.
the own user accounts
and granted appropriate
access. The system
password should be kept
in a safe and the account
used only when there is
an emergency.
31-Mar-2012
Information
Systems
2.7.1.1
31-Mar-2012
Information
Systems
2.7.1.4
System administrators
Refer to attached
should be allocated to
collective response.
the own user accounts
and granted appropriate
access. The system
password should be kept
in a safe and the account
used only when there is
an emergency.
31-Mar-2012
Information
Systems
2.9.1.3
31-Mar-2012
Information
Systems
2.9.1.5
System administrators
Refer to attached
should be allocated to
collective response.
the own user accounts
and granted appropriate
access. The system
password should be kept
in a safe and the account
used only when there is
an emergency.
31-Mar-2012
Information
Systems
2.10.1.1
Auditing should be
Refer to attached
appropriately enabled
collective response.
and configured as
defined by the business.
Emphasis should be
placed on the auditing of
users who authenticate
directly to the database.
The audit logs should be
reviewd in a regular basis
by a security officer and
any unauthorised
activities conducted on
the database should
reported to management.
31-Mar-2012
Information
Systems
2.10.1.2
The administrator
account should be
renamed as it is a prime
target for unauthorised
users to abuse.
31-Mar-2012
Information
Systems
Refer to attached
collective response.
2.10.1.3
31-Mar-2012
Information
Systems
2.10.1.4
Refer to attached
collective response.
31-Mar-2012
Information
Systems
2.10.2.1
Refer to attached
collective response.
31-Mar-2012
Information
Systems
The implementation of
appropriate login will be
set up in conjunction
with the SEA HUB.
2.10.2.2
Management should
ensure that audit logs are
protected from access by
privileged users.
Furthermore, a security
administrator (not a DBA)
should oversee the setup
of auditing on the
database environment.
Refer to attached
collective response.
31-Mar-2012
Information
Systems
31-Mar-2012
Information
Systems
31-Mar-2012
Information
Systems
The implementation of
appropriate login will be
set up in conjunction
with the SEA HUB.
Furthermore, access to
program and data
directories shoulc be
secured and accessible
only by authorised
personnel.
2.10.2.3
Management should
ensure that secure
password controls are
configured for all
technology stacks across
the system and applied
appropriately to the
users.
Refer to attached
collective response.
Complex passwords will
be set.\
2.10.2.4
Refer to attached
collective response.
Vendor will be engaged
to see necessity of the
use of PUBLIC. If
required, monitoring
processes will be
implemented.
2.10.2.5
5.2
Refer to attached
collective response.
We recommend that
management investigate
the root cause of these
missing TT-files. A
process should be put in
place to ensure that
adequate provision is
made to safeguard the
switch files. We
recommend that TT-files
are backed up on a daily
basis, and that the
backups be regularly
tested to ensure that
they can be restored.
We further recommend
that MTN takes legal
advice regarding the loss
of data to determine
whether the law or
telecommunications
regulations have been
violated as a result of the
data not being available.
MTN should also confirm
what data should be
retained, and for what
period.
As from September
2011 RA is monitoring
billing TT file sequences
and reporting missing
files to the billing team
on a weekly basis. As
this is dynamic data
and billing has a
specific cut of date,
there bound to be a few
files not processed in
the same period but RA
ensures that these are
resolved within the
required 90 days.
Therefore RA will
continue to monitor
these on a weekly
basis.
31-Mar-2012
Information
Systems
N/A
Information
Systems
6.1
31-Jan-2012
Information
Systems
7.1
We recommend that
management further
investigate these
diferences. Management
is urged to review tarif
configurations to ensure
that the correct tarif
rules are being applied.
Furthermore,
billing/rating systems
should be corrected for
errors identified. Regular
reviews of the billing
system logic should be
conducted by the
Revenue Assurance
department.
Management should
consider the regulatory
impact of this issue
including the possible
need to provide
compensation to
subscribers.
RA is monitoring
diferences in charging
on a weekly basis and
exceptions forwarded to
networks for further
investigation. Networks
is still in the process of
testing the root cause
of the various
diferences and has
requested Ericssons
assistance in this
matter.
N/A
Information
Systems
31-Jan-2012
Information
Systems
10.1
We recommend that
management investigate
the reporting diference
and document and
approved the method
and rules that produce
the usage reports.
11.1
The Technology
department is working
on motivating for data
that is older than 3months in the error
bucket to be archived
and removed from the
systems environment.
Once this has been
achieved, the data will
be archived on a
quarterly basis to
ensure that errors
within the error bucket
are still relevant for
processing. Technology
will also document a
formal process of
managing error
buckets.
31-Jan-2012
Information
Systems
11.2
A formalised process
should be put in place for
the preparation and
review of the
reconciliations by a
person independent of
the preparation of the
spreadsheets as well as
independent of making
the actual adjustments
on MINSAT as well as
VTU.
As part of Continuous
Monitoring, all credit
granting and
adjustments processed
afecting customer
balances or outstanding
balance are reconciled
and reported on a
weekly basis. With the
upgrading of the VTU
system, RA is also able
to monitor adjustments
and reconcile these to
the manual
spreadsheets and
source documents, a
process to be reviewed
on a monthly basis
starting January 2012.
31-Jan-2012
Information
Systems
13.1
A data transformation
rule document should be
created and maintained
which includes all data
transformation rules for
all major income streams
and processes.
Technology to review,
amend and modify the
data process provided
by Ericsson for the
Swazi MTN
environment.
12.2
We recommend that
management formalize
the process for:
Assigning audit liaisons
to be the gatekeepers to
resources and
information within each
part of the business.
Extracting data to
support the various tests.
This will include:
Incorporating the data
extraction into the
operational procedures of
the relevant IS and
Network Group staf
members
Linking the data
extraction to key
performance indicators of
the relevant staf
Communicating the
importance of the data in
support of assurance
functions
Follow up on data
extractions that were
either not provided or not
provided timeously. This
will include a reschedule
of the missed data
extraction as well as an
understanding of why the
data could not be
extracted.
We requested the
remote server to have 8
TB of space but we have
only been allocated 1 TB.
31-Jan-2012
Information
Systems
N/A
Information
Systems
1.2
N/A
Information
Systems
er
Status
Management Comment
(FY12 Q1 Status)
The issue of motivating for some risks to
be accepted by the business has been
escalated to the Board of Directors for
consideration and review.
Not Resolved
No change in status
Resolved
Pending IA
Follow-Up
Resolved and
Closed
No change in status
Not Resolved
Resolved
Pending IA
Follow-Up
Resolved and
Closed
The issue of motivating for some risks to
be accepted by the business has been
escalated to the Board of Directors for
consideration and review.
Resolved and
Closed
Not Resolved
Resolved and
Closed
Resolved and
Closed
No change in status
Resolved and
Closed
Resolved and
Closed
Resolved
Pending IA
Follow-Up
Resolved and
Closed
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Not Resolved
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved
Pending EA
Follow-Up
Resolved
Pending EA
Follow-Up
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved
Pending EA
Follow-Up
Not Resolved
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved and
Closed
Login directly using the root account has
been disabled. System Administrators are
now required to logon using their
personal user credentials, and then - su to
the root account
Resolved and
Closed
Resolved
Pending IA
Follow-Up
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved
Pending EA
Follow-Up
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved and
Closed
Resolved and
Closed
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved and
Closed
Resolved
Pending IA
Follow-Up
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Resolved
Pending IA
Follow-Up
Resolved and
Closed
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Resolved
Pending EA
Follow-Up
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved
Pending IA
Follow-Up
Resolved and
Closed
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved and
Closed
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved
Pending EA
Follow-Up
Resolved
Pending EA
Follow-Up
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved
Pending EA
Follow-Up
The baseline standard document for the
configuration of all servers of Swazi MTN
is still under development. This baseline
standard will take into consideration all
the audit issues related to it.
Once finalised, it will be submitted to the
appropriate structures for adoption and
approval.
Thereafter, an efort to bring all servers to
conformance with this baseline will be
made.
Resolved
Pending EA
Follow-Up
Resolved
Pending EA
Follow-Up
Resolved
Pending IA
Follow-Up
Resolved
Pending EA
Follow-Up
Resolved
Pending IA
Follow-Up
Resolved
Pending EA
Follow-Up
Resolved
Pending IA
Follow-Up
Resolved
Pending IA
Follow-Up
Not Resolved
Resolved
Pending IA
Follow-Up
Resolved
Pending IA
Follow-Up
Confirmed
Resolved.
Confirmed
Confirmed
Confirmed
Confirmed
Confirmed
Confirmed
2011 IA
Plan
Risk Rating
Title or Recommendation
Disaster Recovery
Yes
High
Disaster Recovery
Yes
High
Disaster Recovery
Yes
Medium
Disaster Recovery
Yes
High
Disaster Recovery
Yes
Medium
Disaster Recovery
Yes
Medium
Disaster Recovery
Yes
Medium
Disaster Recovery
Yes
Medium
Data Integrity
Yes
High
Maintenance of data
completeness and accuracy
(Error correction processes)
10 Data Integrity
Yes
High
Monitoring of production
environment (Backup power)
11 Data Integrity
Yes
High
12 Data Integrity
Yes
High
13 Data Integrity
Yes
Medium
14 Data Integrity
Yes
High
15 Data Integrity
Yes
High
16 Data Integrity
Yes
Medium
17 Data Integrity
Yes
High
18 Data Integrity
Yes
High
19 Data Integrity
Yes
Low
M2U
High
20 Leased Lines
No
21 Leased Lines
No
High
22 Leased Lines
No
High
Commissioning dates of
communication lines
23 Rebates Report
No
High
24 Revenue Assurance
No
Medium
25 Revenue Assurance
No
High
CDR Information
26 Revenue Assurance
No
High
27 Revenue Assurance
No
High
28 Revenue Assurance
No
High
Prepaid EVD
Training
29 Revenue Assurance
No
Medium
30 Revenue Assurance
No
Medium
31 Revenue Assurance
No
High
32 Revenue Assurance
No
Medium
Interconnect
33 Revenue Assurance
No
Medium
Postpaid TAP IN
34 Revenue Assurance
No
Medium
35 Revenue Assurance
No
Medium
GPRS
36
37
No
No
Unsatisfactory
Unsatisfactory
38
No
No
Unsatisfactory
Unsatisfactory
40
No
Unsatisfactory
41
No
Unsatisfactory
42
No
Unsatisfactory
43
No
Unsatisfactory
Unsatisfactory
Unsatisfactory
45
No
No
46
48 VTU Process
Unsatisfactory
Line managers should ensure
that all leave of absence are
captured into HRIS and
approved/rejected and that the
leave records on HRIS are always
complete and accurate.
No
Unsatisfactory
Agreed Management
Action
Agreed Action
Date
Primary
Department
Primary
Responsibility
31-Mar-2012
All Departments
Heads of
Departments
31-Mar-2012
Information
Systems
Sinaye Dlamini
29-Feb-2012
Information
Systems
Sinaye Dlamini
31-Jan-2012
Network
Busi Mamba
29-Feb-2012
Network
29-Feb-2012
Network
29-Feb-2012
Information
Systems
Ncamiso
Khumalo
29-Feb-2012
Information
Systems
Ncamiso
Khumalo
31-Mar-2012
Network
Busi Mamba
31-May-2012
Network
Anand Naidoo
N/A
Information
Systems
Sinaye Dlamini
31-Mar-2012
Information
Systems
Sinaye Dlamini
31-Mar-2012
Information
Systems
Sinaye Dlamini
31-Mar-2012
Information
Systems
Sinaye Dlamini
Mcebo
Shabangu
Mcebo
Shabangu
N/A
Network
Busi Mamba
N/A
Network
Busi Mamba
31-Mar-2012
Information
Systems
Mduduzi
Dlamini
31-Mar-2012
Information
Systems
Sinaye Dlamini
N/A
Network
Busi Mamba
N/A
Network
Anand Naidoo
N/A
IS/NWG
Anand Naidoo
N/A
IS/NWG
Anand Naidoo
N/A
Network
Sabelo Bhembe
31-Jan-2012
Finance
Elgiva Sibisi
N/A
Information
Systems
Ntokozo
Mngomezulu
N/A
Finance
Elgiva Sibisi
N/A
Finance
Elgiva Sibisi
N/A
Finance
Elgiva Sibisi
31-Jan-2012
Finance
Elgiva Sibisi
31-Mar-2012
Information
Systems
Sinaye Dlamini
N/A
Finance
Elgiva Sibisi
N/A
Finance
Elgiva Sibisi
N/A
Finance
Elgiva Sibisi
N/A
Finance
Elgiva Sibisi
N/A
Finance
Elgiva Sibisi
2.1
01 October 2011
Human
Resources
Sibusiso Nhleko
2.2
01 October 2011
Human
Resources
Sibusiso Nhleko
2.3
01 October 2011
Human
Resources
Sibusiso Nhleko
2.4
01 October 2011
Human
Resources
Sibusiso Nhleko
2.5
Agreed
01 October 2011
Human
Resources
Sibusiso Nhleko
2.6
01 October 2011
Human
Resources
Sibusiso Nhleko
2.7
01 October 2011
Human
Resources
Sibusiso Nhleko
2.8
Agreed.
01 October 2011
Human
Resources
Sibusiso Nhleko
2.9
01 October 2011
Human
Resources
Sibusiso Nhleko
2.10
01 October 2011
Human
Resources
Sibusiso Nhleko
2.11
1.1
Agreed.
01 October 2011
Human
Resources
Heads of
Departments
29-Feb-2012
Sales &
Distribution
Kholekile
Mlangeni Kudiabor
Tracker
Secondary
Department
IS/NWG
Secondary
Responsibility
Status
Resolved and
Closed
Network
Network
Not Resolved
Not Resolved
Not Resolved
Not Resolved
Not Resolved
Resolved and
Closed
Not Resolved
Human
Resources
Qhakazile
Dlamini
Resolved
Pending EA
Follow-Up
All Departments
Heads of
Departments
Resolved
Pending EA
Follow-Up
Business Risk
Management
Sales &
Distribution
Resolved
Tipho Shabalala Pending EA
Follow-Up
Chris Wasswa
Resolved
Pending EA
Follow-Up
Resolved
Pending EA
Follow-Up
Not Resolved
Not Resolved
Finance
Elgiva Sibisi
Resolved
Pending IA
Follow-Up
Marketing
Cebisa
Hlatshwayo
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Resolved and
Closed
Not Resolved
Resolved and
Closed
Finance
Elgiva Sibisi
Resolved
Pending EA
Follow-Up
Resolved and
Closed
Resolved and
Closed
Resolved
Pending IA
Follow-Up
Not Resolved
Information
Systems
Sinaye Dlamini
Resolved
Pending IA
Follow-Up
Resolved and
Closed
Resolved
Pending IA
Follow-Up
Resolved
Pending IA
Follow-Up
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
All Departments
Heads of
Departments
Resolved and
Closed
Resolved
Pending IA
Follow-Up
Status by Department
Department
Information Systems
Networks
Finance
Marketing
Sales and Distribution
Mobile Money
Human Resources
TOTAL
# of Issues (EA)
# of Issues (IA)
# CBS
Not Resolved Resolved Not Resolved Resolved Not Resolved
86
41
5
7
0
8
4
5
7
0
4
19
1
9
0
0
1
0
0
0
1
0
1
0
0
0
0
0
0
0
1
0
0
11
0
100
65
12
34
0
Resolved by Department
Department
Information Systems
Networks
Finance
Marketing
Sales and Distribution
Mobile Money
Human Resources
TOTAL
# of Issues (EA)
41
4
19
1
0
0
0
65
# of Issues (IA)
7
7
9
0
0
0
11
34
External Audit
# CBS
Resolved
0
0
0
0
0
7
0
7
Total (Not
Resolved)
91
13
5
0
2
0
1
112
Total
(Resolved)
48
11
28
1
0
7
11
106
Total
48
11
28
1
0
0
11
99
Resolved
29
10
High
Not Resolved
34
4
Medium
Resolved
21
5
Audit
Medium
Not Resolved
30
3