FINAL REPORT - FNDS › edocman › sigit-review-and-audit-final-report.pdfFINAL REPORT 19.07.2019...

FINAL REPORT 19.07.2019 LIMS (SiGIT) Review

AUTHORS:

Emmanuel Mahinga

Tuomo Heinonen

Vlad Costea

András Juszt

Manyiri Isack

Favilli Raffaele

Project manager: Kajsa Österberg Åström

FCG Swedish Development AB Dalagatan 7, SE-111 23 Stockholm, Sweden E-mail: [email protected] Homepage: www.fcgsweden.se Phone: +46 (0)8 406 76 20 Fax: +46 (0)8 21 02 69

Corporate Reg No: 559034-3793 VAT No: SE559034379301 Registered office: Sweden

Version 2019-04-18

Contents

Glossary of Abbreviations and Acronyms ............................................... i

List of Figures and Tables ..................................................................iii

1 ASSIGNMENT SYNOPSIS ............................................................. 6

2 EXECUTIVE SUMMARY................................................................. 7

3 INTRODUCTION AND BACKGROUND ........................................... 10

Background ...................................................................................................... 10 3.1

Objectives ........................................................................................................ 10 3.2

Scope of the Assignment ................................................................................... 11 3.3

3.3.1 ToR Requirements .................................................................................. 11

3.3.2 Limitations of the Scope ......................................................................... 11

3.3.3 Team and Counterparts .......................................................................... 11

3.3.4 Assignment Schedule and Main Deliverables .............................................. 11

3.3.5 Work Plan ............................................................................................. 12

General Methodology of the Assignment .............................................................. 12 3.4

3.4.1 Detailed Study Approach ......................................................................... 16

3.4.2 Presentation of Audit/Review Observations and Recommendations – To Be ... 16

3.4.3 Content of the Final Report ..................................................................... 16

4 SIGIT IMPLEMENTATION REVIEW – CURRENT STATUS .................. 19

Overview and History ........................................................................................ 19 4.1

SiGIT Project Implementation Arrangements Review ............................................. 24 4.2

SiGIT Contextual Review .................................................................................... 28 4.3

4.3.1 National Cadastre as Framework of SiGIT ................................................. 28

4.3.2 Review of LTR Business Processes ............................................................ 33

4.3.3 Workflow Management Module ................................................................ 38

4.3.4 Spatial Data .......................................................................................... 41

4.3.5 Reporting .............................................................................................. 42

4.3.6 Portal ................................................................................................... 45

4.3.7 Support for Management of Financial Data ................................................ 46

4.3.8 Support for Document Management System .............................................. 46

4.3.9 Interoperability and Support for Data Services .......................................... 46

4.3.10 Support for Management and Administration ............................................. 48

4.3.11 Capacity of Staff and Personnel ............................................................... 49

SiGIT System Architecture Review ...................................................................... 52 4.4

Costs of Third-Party Software Licences ................................................................ 56 4.5

Communications Infrastructure Review ................................................................ 58 4.6

4.6.1 Current Network Overview ...................................................................... 58

4.6.2 Network Equipment Inventory ................................................................. 60

4.6.3 Bandwidth Utilisation vs. Requirement ...................................................... 60

4.6.4 Cost of Bandwidth and Collocation ........................................................... 64

4.6.5 Internet/Data Service Providers ............................................................... 64

4.6.6 Observations and Recommendations ........................................................ 64

4.6.7 Estimated Network Equipment & License Costs .......................................... 68

4.6.8 The Quest for Centralisation from Network Perspective ............................... 68

Version 2019-04-18

4.6.9 Availability of a Reliable Data Centre ........................................................ 68

4.6.10 Availability of a Reliable Network to the Data Centre .................................. 68

4.6.11 Network Availability at the SPGC’s/Districts – Category ITA ......................... 69

Comprehensive Comparison and Evaluation of Decentralised vs. Centralised ............ 69 4.7

Technical Documentation ................................................................................... 73 4.8

Intellectual Property Boundaries Review .............................................................. 79 4.9

Performance and Scalability Reviews ................................................................... 81 4.10

Database Management Reviews .......................................................................... 87 4.11

4.11.1 Database Architecture ............................................................................ 87

4.11.2 High Availability (HA) ............................................................................. 89

4.11.3 Data Maintenance .................................................................................. 89

4.11.4 Database integrity checking and schema analysing .................................... 92

4.11.5 Performance .......................................................................................... 95

4.11.6 Security ................................................................................................ 95

4.11.7 Spatial .................................................................................................. 99

4.11.8 LADM compliance review (ISO 19152:2012) ............................................ 106

4.11.9 Database long term maintenance discussions .......................................... 109

System Security Review .................................................................................. 110 4.12

5 SiGIT FUTURE IMPLEMENTATION CONSIDERATIONS AND

RECOMMENDATIONS .............................................................. 113

SiGIT Value Delivery Recommendations – To Be ................................................. 115 5.1

5.1.1 SiGIT Value Delivery Summary Table ..................................................... 115

5.1.2 VDA - Project Implementation Arrangements (Adequacy of control over quality, delivery and costs) ................................................................... 116

5.1.3 VDB – Alignment of IT Services with Business Priorities ............................ 118

5.1.4 VDC – HR Capacity ............................................................................... 121

5.1.5 VDD – Independent Assurance – Reviews and Audits................................ 122

5.1.6 VDE – Compliance with Laws and Regulations ......................................... 122

SiGIT – IT General Control – To Be ................................................................... 122 5.2

5.2.1 IT General Control Review Summary Table ............................................. 122

5.2.2 ITA - Adequacy of measures for security, integrity and availability of IT Resources – Data, Technology, Facilities and People ................................. 123

5.2.3 ITB - Adequacy of measures to monitor performance and detect problems .. 125

SiGIT Application Control Review – To Be ........................................................... 126 5.3

5.3.1 Application Control Review Summary Table ............................................. 126

5.3.2 APA - Adequacy of measures for security, integrity and availability of Application .......................................................................................... 126

5.3.3 APB - Adequacy of measures to monitor performance and detect Application Problems ............................................................................................ 128

6 CONCLUSIONS AND RECOMMENDATIONS ................................. 130

What is the big picture? ................................................................................... 130 6.1

Where are we now? ......................................................................................... 131 6.2

Where do we want to go? ................................................................................ 132 6.3

How do we get there? ...................................................................................... 132 6.4

6.4.1 Field to Office Process .......................................................................... 132

6.4.2 Software Architecture ........................................................................... 135

6.4.3 Communications .................................................................................. 135

Version 2019-04-18

6.4.4 System Security .................................................................................. 135

6.4.5 HR Capacity for System Maintenance ..................................................... 135

6.4.6 SIGIT Interoperability ........................................................................... 136

6.4.7 Current system situation ....................................................................... 136

6.4.8 Financial and other resources for the system ........................................... 137

The way forward ............................................................................................. 137 6.5

7 WORK PLAN ........................................................................... 140

Annex 1: Terms of references ........................................................ 141

Annex 2: References ..................................................................... 150

Annex 3: Laws and Regulations ...................................................... 151

Annex 4: Interviews ...................................................................... 152

Annex 5: Detailed Study Approach .................................................. 154

Annex 6: Land administration overview ........................................... 162

Annex 7: NSDI for Mozambique – a Concept Document ..................... 165

Annex 8: Database Management Scripts .......................................... 173

Annex 9: SIGIT System Architecture Review .................................... 181

Annex 10: Action Plan ................................................................... 201

Annex 11: Comments and Responses .............................................. 218

1

GLOSSARY OF ABBREVIATIONS

AND ACRONYMS

CENACARTA National Centre for Cartography and Remote Sensing

(Portuguese Acronym)

CORS Continuously Operating Reference Station

DBMS Data Base Management System

DELCOM Community Delimitation

DINAT National Directorate of Lands (Portuguese Acronym)

DPTADER Ministry of Land, Environment and Rural Development’s Provincial

Directorates (Portuguese Acronym)

DUATs Direitos de Uso e Aproveitamento da Terra (Rights to Use and Benefit from

Land)

EGIF4M e-Government Interoperability Framework for Mozambique

FNDS National Fund for Sustainable Development (Portuguese Acronym)

GIS Geographic Information System

ICT Information and Communication Technologies

INAGE National Institute of e-Government

IOS Internetworking Operating System

IPSec Internet Protocol Security

LTR Land Tenure Regularization

M&E Monitoring and Evaluation

MCC Millennium Challenge Corporation

MITADER Ministry of Land, Environment and Rural Development (Portuguese Acronym)

MozNET National Geodetic Network (Portuguese Acronym)

MPLS Multi-Protocol Label Switching

NGO Non-governmental organization

NLP National Land Policy

NRS National Research Council (US)

NSDI National Spatial Data Infrastructure

NUIT Unique Tax Identification Number (Portuguese Acronym)

2

PDO Project Development Objective

POM Project Operations Manual

SDLC Software Development Life Cycle

SDI Spatial Data Infrastructure

SiGIT Sistema de Gestão de Informação da Terra (Land Information

Management System)

SIRP Real Property Register System (Portuguese Acronym)

SPGCs Provincial Cadastral Offices (Serviços Provinciais de Geografia e Cadastro)

STM-1 Synchronous Transport Module Level 1

Sustenta Agricultural and Natural Resources Landscape Management Project

USAID United States Agency for International Development

VLAN Virtual Local Area Network

VPN Virtual Private Network

WB World Bank

3

LIST OF FIGURES AND TABLES

Figures

Figure 1 : Audit / Review Conceptual Framework .................................................................... 15 Figure 2: SiGIT Product Timelines ......................................................................................... 20 Figure 3: Current SIGIT Implementation Arrangement ............................................................ 21 Figure 4: Distribution of Project Contribution to DUATs ........................................................... 25 Figure 5: Proposed considerations for Road Map ..................................................................... 26 Figure 6: Components of the National Cadastre ...................................................................... 29 Figure 7: SiGIT Interactions ................................................................................................. 30 Figure 8: Level of Development of National Cadaster Systems ................................................. 33 Figure 9: DELCOM Key Processes ......................................................................................... 35 Figure 10: RDUAT Key Processes .......................................................................................... 36 Figure 11 : DUAT Key Processes ........................................................................................... 37 Figure 12: Print Screen of WFM Module in SIGIT .................................................................... 39 Figure 13: WFM .................................................................................................................. 40 Figure 14: Example of Data Quality Issues (Existing parcel data in SiGIT) ................................. 42 Figure 15: Report Module .................................................................................................... 43 Figure 16: Type of Report .................................................................................................... 44 Figure 17: SiGIT Portal Demonstration .................................................................................. 45 Figure 18: Portal Demonstration ........................................................................................... 46 Figure 19: Interoperability Requirements .............................................................................. 47 Figure 20: SIGIT Architecture .............................................................................................. 52 Figure 21: SGPC / Municipality Architecture Old Set-up ........................................................... 52 Figure 22: DINAT Old Set-up ............................................................................................... 53 Figure 23 : SPGC / Municipality New Set-up........................................................................... 53 Figure 24: DINAT New Set-up .............................................................................................. 54 Figure 25: SiGIT Model-View-Controller ................................................................................. 54 Figure 26 : SiGIT logical components .................................................................................... 55 Figure 27: Current Network Layout at the DINAT Data Centre .................................................. 58 Figure 28: Typical SPGC Network Layout ............................................................................... 59 Figure 29: One Internet Gateway for All ................................................................................ 65 Figure 30: Centralised Infrastructure Decentralised Operations ................................................ 72 Figure 31: Extract from Contract - DINAT /EXI 2018 ............................................................... 80 Figure 32: Matola Application Server Performance .................................................................. 82 Figure 33: Matola Database Server Performance .................................................................... 82 Figure 34: Matola GIS Server Performance ............................................................................ 83 Figure 35: Gaza Application Server ....................................................................................... 83 Figure 36: Gaza Database Server ......................................................................................... 84 Figure 37: Gaza GIS Server ................................................................................................. 84 Figure 38: Cabo-Delgado – Application Server ....................................................................... 85 Figure 39: Cabo-Delgado Database Server ............................................................................ 85 Figure 40: Cabo-Delgado – GIS Server ................................................................................. 86 Figure 41 : Database Architecture ........................................................................................ 87 Figure 42: The Oracle RAC architecture with 2 nodes .............................................................. 89 Figure 43: Parcel overlaps ................................................................................................. 102 Figure 44: UNIDADE_CADASTRAL overlap (oid1=170871; oid2=170869) ................................ 103 Figure 45: Microgap (0,011 cm) between adjacent cadastral parcels (UID= 183754;

UID=183752) .................................................................................................................. 105 Figure 46 Summary of Observations ................................................................................... 114 Figure 47: Contribution of Observations .............................................................................. 114

4

Figure 48: Value delivery Summary .................................................................................... 115 Figure 49 ITG Control Summary ........................................................................................ 123 Figure 50 Application Control Review Summary .................................................................... 126 Figure 51 : General LTR Process ......................................................................................... 132 Figure 52: Field to office process (Process automation) ......................................................... 134 Figure 53: Recommendations for the actions. ...................................................................... 139

Tables

Table 1 Synopsis ................................................................................................................. 6 Table 2 Schedule of Activities ............................................................................................... 12 Table 3 Categorisation of Risks ............................................................................................ 16 Table 4 Mapping of ToR in the Final Report ............................................................................ 17 Table 5 SDLC Process Maturity Level .................................................................................... 24 Table 6 Manning level requirements ...................................................................................... 50 Table 7 Software licences for SPGCs ..................................................................................... 56 Table 8 Software licences for DINAT ..................................................................................... 56 Table 9 Network Equipment Inventory .................................................................................. 60 Table 10 Bandwidth utilisation Vs estimated bandwidth ........................................................... 62 Table 11 Estimated Network Equipment & License Cost ........................................................... 68 Table 12 Comparison and evaluation of decentralized vs. centralized ........................................ 70 Table 13 Technical Documentations Review ........................................................................... 75 Table 14 Central database – DNTF ........................................................................................ 87 Table 15 SPGC database – Maputo ....................................................................................... 88 Table 16 Daily background tasks .......................................................................................... 91 Table 17 The top 3 loaded table objects are in the central database (DNTF)............................... 92 Table 18 The top 3 loaded table objects are in the SPGC (MAPUTO) database ............................ 93 Table 19 Table Spaces ........................................................................................................ 93 Table 20 The top 3 loaded tables’ objects at DNTF .................................................................. 94 Table 21 The top 3 loaded tables at MAPUTO ......................................................................... 94 Table 22 Password Policy in SiGIT ........................................................................................ 95 Table 23 Stored password security ....................................................................................... 96 Table 24 Password policy recommendations ........................................................................... 99 Table 25 Geographic data in SiGIT ...................................................................................... 100 Table 26 Geometry Types .................................................................................................. 100 Table 27 Coordinate Systems ............................................................................................. 100 Table 28 Control of Geometry Validity ................................................................................. 101 Table 29 Overlaps related to same “types of parcels” ........................................................... 103 Table 30 Class Mapping ..................................................................................................... 106 Table 31 SIGIT data model classes ..................................................................................... 107 Table 32 Attribute Mapping ................................................................................................ 107 Table 33 Versioning Support .............................................................................................. 108 Table 34 Comparison of DBMS ........................................................................................... 109 Table 35 System security finding ........................................................................................ 110 Table 36 Recommendations Summary Table ........................................................................ 113 Table 37 Value Delivery Summary ...................................................................................... 115 Table 38 Project Implementation Observations ..................................................................... 116 Table 39 Alignment of IT Services with Business Priorities ..................................................... 118 Table 40 HR Capacity Observations .................................................................................... 121 Table 41 Independent Assurance – Reviews and Audits Observations ...................................... 122 Table 42 Compliance with Laws and Regulations Observations ............................................... 122 Table 43 IT General Control Review Summary Table ............................................................ 122 Table 44 Adequacy of measures for security, integrity and availability of IT Resources .............. 123 Table 45 Adequacy of measures to monitor performance and detect problems ......................... 125

5

Table 46 Application Control Review Summary .................................................................... 126 Table 47 Adequacy of measures for security, integrity and availability of Application ................. 126 Table 48 Adequacy of measures to monitor performance and detect Application Problems ......... 128 Table 49 Help Desk Incident 2018 ..................................................................................... 131 Table 50 Manning level requirements ................................................................................. 136

6

1 ASSIGNMENT SYNOPSIS

The basics of the assignment (project) and its goals is presented in the following table.

Table 1 Synopsis

Project title SiGIT (LIMS) Review and Audit

Project Number P, IDA – D1190 (Land Administration Project / World Bank)

Country Mozambique

Project objective

(ToR)

Conduct a review and audit of SiGIT, the existing Land Information Management

System under the current conditions and to propose measures necessary for the

development and improvement of the land administration and management system,

and identify the needs towards the development and implementation of a National

Spatial Data Infrastructure (NSDI).

Expected results

Three reports, each with the respective review findings and recommendations:

I. Inception report,

II. Preliminary report and

III. Final report.

Contract signing

date

3rd December 2018

Project duration 60 days

Starting Date 18th February 2019

7

2 EXECUTIVE SUMMARY

The Government of Mozambique (GoM) engaged FCG Swedish Development AB (FCG) to conduct

an assignment - LIMS (SiGIT) Review and Audit. The assignment took place in Maputo and

Matola Province from 26 February to 18 April 2019.

The general objectives of the assignment outlined in the Terms of Reference (ToR) were: (A)

critical review and audit of the existing LIMS system and software architecture, communications,

system security and other risks affecting system stable functionality, capacity of the client and

its personnel in the system maintenance, performance of the technical team in the system

maintenance services provision, and the need of financial and other resources for the system

maintenance to ensure its stability and, with a careful analysis of the lessons learned from the

existing LIMS, provision of relevant recommendations; (B) review the existing business process

of the DUATs registration, its appropriateness to the computerized environment and procedures

and propose the measure to the introduction and testing of a streamlined land regularization

methodology that is less time consuming and robust; (C) review and analyse the existing

draft of the “Methodology for the DUATs regularization and Community Land delimitation” in

close cooperation with the Cadastral Surveying and Mapping Needs assessment consultant and (D)

review of the LIMS interoperability, in accordance with the eGIF4M (eGovernment

Interoperability Framework for Mozambique), with the Land Registry Information system SIRP

(Sistema Integrado de Registo Predial) implemented by the Ministry of Justice that is responsible

for registering the titles of Land Use Right, and the interoperability with the municipalities that

also carry out the regularization of land tenure rights in the areas under its territorial jurisdiction

and generate information to feed the national land registry.

Based on the general objectives for this assignment, the following key questions were answered

as part of the review/audit: (I) what is the big picture? (II) Where are we now? (III) Where

do we want to go? (IV) How do we get there?

A four steps approach was taken: (1) Identification of issues and documentations on SiGIT

implementation status - The review was intended to obtain understanding of the general and

specific business requirements derived from Mozambique land legislation in order to identify SiGIT

implementation status vis-à-vis these requirements; (2) Evaluation and categorizations -, we

evaluated the appropriateness of SiGIT implementation controls and measures commensurate with

international best practices, internal policies, procedures and best practices for information

systems of similar nature; (3) Compliance testing – We tested whether the stated controls,

practices and procedures are working as prescribed. Inspecting, examining and observing to

ascertain existence of such controls in line with general international best practices as applicable to

systems development in general and land information systems in particular; and (4) Substantive

testing - Where appropriate measures including substantiating the risks of control objectives not

being met through analytical techniques for example on Database Management Reviews , Spatial

Data Reviews, communication network reviews etc., walkthrough methods for example on

Workflow Management Module etc. and/or consulting alternative sources in order to ascertain our

observations and recommendations which are outlined in this final report.

The results: First of all, as key themes emanating from detailed findings and recommendations

some good progress in implementation of Land Information System, made by the

government can be mentioned: implementation of Land Information System (LIS) to all 11

Provincial Offices (SPGC) and to some selected Municipalities; implementation of a data centre at

DINAT; documenting key business processes as part of implementation of LIS and maintaining

record of approximately 500,000 DUATs at SPGCs and DINAT. While we applaud these well done

endeavours by DINAT, a number of observations requires attention to provide improved land

administration and management services as part of fulfilling the mandated functions and especially

when preparing for the mass registration program Terra Segura.

8

The answers to the key questions can be summarised as follows:

(I) what is the big picture? - The bigger picture of the National Cadaster System is derived from

the requirement of Mozambique land legislations.

The main issues are:

The current data in SiGIT is incomplete - The current data does not contain all the

information as required by the Mozambique legislation. With regard to the amount of

current data in the system, based on dashboard reports that were provided, there are a

total of 563,765 DUAT Requests in SIGIT in which 433,376 (77%) have been processed

and 384,759 (68%) delivered to beneficiaries; Data related to old parcels are not yet fully

incorporated in the system. Some key information that is not available includes Cadaster

data from Municipalities, data on soil, forestry, wildlife, water, mines, tourism and other

areas of public domain. There are also spacial data quality and accuracy issues that need

to be addressed which includes parcel overlaps and positional accuracy.

With regard to securing rights, there are inadequacies in systems security with regard

to SiGIT Information Technology General and Application Controls. Examples of such

inadequacies includes network security, lack of end-to-end sessions encryptions between

the client computers and servers.

With regard to shared data - The Current SiGIT does not share (Interoperate) data with

external systems such as municipalities, National ID, Registration of Titles just to mention

a few as required by EGIF4M.

With regards to the National Spatial Data Infrastructure (NSDI) – So far there is

neither NSDI strategy nor policy or legislation in Mozambique. We noted the ongoing

World Bank NSDI project at Ministry of Transportation and Communication as a good start

to build NDSI and be placed under MITADER.

(II) Where are we now? – With regard to current system situation, its operational efficiency and

the quality of performance levels and process control the SiGIT system performance is considered

as moderate to low. This assessment is attributed to poor completions rates (69% Printed

DUATS); Reported incidents (most of them bugs/errors); Poor support on the Field-to-office

process (Manual error prone processes and poor data quality) ; the software architecture that

needs to be revisited to adequately reflect operations of the National Cadaster System (including

interoperability to municipalities, National ID, Registration of Titles etcetera) ; System security

gaps (especially related to the management of searchable and well documented events logs,

database management ); Low level of transfer of knowledge for the system to be maintained by

DINAT’s staff; High maintenance costs.

(III) Where do we want to go? - The Government of Mozambique (GoM) is implementing

ongoing initiative called Terra Segura (MozLand Project) with the main objective of regularizing

land tenure rights in priority and selected Districts as well as to modernize land administration

services. The LMIS needs to respond to this policy directive in which programs and projects are

ongoing for example Gesterra and MozLand. As mentioned also above one of the goals is to

register and maintain five Million DUATS (from currently approximately 500,000 currently

registered) and delimit 4,000 community.

(IV) How do we get there? - Based on the review and audit the following next actions are

highly recommended:

A complete redesign of Field to Office process – A major component that will assist in

achieving the Land Title Regularization (LTR) is usage of technology to automate the

process as much as possible.

Software Architecture - Considering improvements proposed in this review report, a new

conceptual design will lead to the redesign of the architecture to respond to the actual

needs of the National Cadaster as derived from envisaged functional and technical

specifications.

9

Communications -A centralised approach to implementation of the National Cadaster is

recommended to be undertaken.

System Security – We recommend improvements of Network Security, Data base

Security and Systems Security.

HR Capacity for System Maintenance - In terms of sustainability and skills transfer in

the past two years, we consider DINAT ICT Staffs’ roles and level of competences as

insufficient to carry out their functions properly. A minimum requirements for different

positions at DINAT and efforts to build capacity of their staff for the next 2 years have been

provided.

LMIS Interoperability - Design considerations that guarantee availability of secure

interfaces to connect to other data sources such as municipalities, National ID, Registration

of Titles and the like based on the actual requirement of the EGIF4M are recommended.

Equally, compliance to citizen centric services are to be part and parcel of such interfaces.

Financial and other resources for the system - Maintaining the platforms which are

under long term agreements for ArcGIS (special licences for 4 years), Microsoft and Oracle

(with leadership from INAGE) is recommended. Based on the level of skills coupled with

ongoing systemic reforms in land administration and services, in our humble opinion

changing these platforms at the present times increases complexity to the equation. The

architecture considerations in the design for the new upgraded Land Information System

should consider making database layer ( and other layers) as technology independent as

possible to allow considerations for change it in the future should there be such a need

mainly emanating from planned increased skills levels of DINAT Technical Staff.

As a concluding recommendation and in line with our analysis and reasoning above, we are of

the opinion that SiGIT redesign is required to ensure all current legal requirements are

incorporated, and future needs are considered in the design of enhanced SiGIT.

The way forward:

The redesigned SiGIT will require development of Terms of Reference (ToR) for public international

tender for the design, development/adjustment, installation, training, implementation and

maintenance of an enhanced SIGIT 4. In parallel to the procurement process, MITADER/FNDS will

have to consider engaging SIGIT vendor for a transition period of 1 year. The engagement

agreement should clearly stipulate the goals and the requirements from the SIGIT vendor such as

(a) ensuring the continuation of business, and (b) assisting in a smooth transition from the current

to the new system.

Our proposed work plan for the transition from SIGIT3 to the enhanced SIGIT 4 is presented in the

report.

10

3 INTRODUCTION AND BACKGROUND

Background 3.1

The Government of Mozambique has an ongoing initiative called Terra Segura with the main

objective of regularizing land tenure rights in priority and selected Districts as well as to modernize

land administration services. The project is implemented by the Ministry of Land, Environment and

Rural Development (MITADER) and has the support of the World Bank in the period from 2018 to

2024.

A Land Information Management System “Sistema de Gestão de Informação da Terra” (SiGIT) has

been in use for the land administration from 2013 at the National Directorate of Lands (DINAT) and

since 2013 in all 10 Provincial Cadastral Offices (SPGC). In the end of 2018 as part of the

preparation of the Terra Segura project, the National Fund for Sustainable Development (FNDS)

decided to hire a Consultant to conduct a review and audit (later ‘assignment’) of SiGIT mainly to

assess the systems readiness for the coming mass registration of 5 million DUATs and delimitation

of 4000 Communities.

Objectives 3.2

According to the ToR (Annex 1) the general objective of the assignment is to conduct a review and

audit of SiGIT, the existing Land Information Management System under the current conditions

and to propose measures necessary for the development and improvement of the land

administration and management system, and identify the needs towards the development and

implementation of a National Spatial Data Infrastructure (NSDI). The consultancy must include:

• a critical review and audit of the existing LIMS system and software architecture,

communications, system security and other risks affecting system stable functionality,

capacity of the client and its personnel in the system maintenance, performance of the

technical team in the system maintenance services provision, and the need of financial and

other resources for the system maintenance to ensure its stability and, with a careful

analysis of the lessons learned from the existing LIMS, provision of relevant

recommendations;

• also review the existing business process of the DUATs registration, its appropriateness to

the computerized environment and procedures and propose the measure to the

introduction and testing of a streamlined land regularization methodology that is less time

consuming and robust;

• review and analyse the existing draft of the “Methodology for the DUATs regularization and

Community Land delimitation” in close cooperation with the Cadastral Surveying and

Mapping Needs assessment consultant and

• review of the LIMS interoperability, in accordance with the eGIF4M (eGovernment

Interoperability Framework for Mozambique), with the Land Registry Information system

SIRP (Sistema Integrado de Registo Predial) implemented by the Ministry of Justice that is

responsible for registering the titles of Land Use Right, and the interoperability with the

municipalities that also carry out the regularization of land tenure rights in the areas under

its territorial jurisdiction and generate information to feed the national land registry.

Specific objectives in order to achieve the general objective are:

• reviewing all existing documentation and other artefacts (UML diagrams, data structure,

business processes, etc.) on system development,

• evaluating and monitoring the current system situation, its operational efficiency and the

quality of performance levels and process control and

• verifying and validating the following parameters of the Information System: Efficiency,

Effectiveness, Confidentiality, Fidelity of information in relation to data, Physical security,

11

Logical security, Obedience to the organization's policies and business rules and

Compliance with current legislation.

Scope of the Assignment 3.3

3.3.1 ToR Requirements

To reach the objectives and deliver the expected results (2.2) the assignment is carried out following the requirements given in the ToR attached in annex 1.

3.3.2 Limitations of the Scope

There are two exceptions (presented in the Technical Proposal):

(1) In case of “identifying the needs towards the development and implementation of a

National Spatial Data Infrastructure (NSDI)”, we will submit as part of this assignment only

a Concept Document and High-level Architecture & Proposed Main Data Layers. [Remark:

During the assignment we observed that there is already an ongoing project “National

Statistics and Data for Development” financed by the World Bank as Ministry of Transport

and Communications (MTC) covering the main features of proposed NSDI in Mozambique.

MITADER is one of the stakeholders of the project. Due to this the Concept Document

(Annex 7) concentrates only in advising MITADER in participating of that project.]

(2) “Analysing business processes” of an organization is a task that might attract lots of

resources and long duration. When it comes to business processes, our main efforts will be

given to the analysis on the existing documents and comparing the already analysed

business processes, the UML diagrams, the technical documents of the existing system

(SiGIT), and the actual implementation of these processes in the system.

3.3.3 Team and Counterparts

The mission is carried through by an Expert Team (Team members with their counterpart):

Team Leader – Mr. Emmanuel Mahinga (55 working days)

o Mr. José Luis Correia / FNDS

GIS and LTR Expert – Dr. Tuomo Heinonen (25 working days)

o Mr. Anjos / FNDS

Software Architecture Expert – Mr. Vlad Costea (15 working days)

o Mr. José Luis Correia / FNDS

DBMS Experts – Mr. Andras Juszt (15) and Favilli Raffaele (5 home based working days)

o Mr. Daniel Queface (DINAT)

Computer Networks Expert – Mr. Manyiri Isack (15 working days)

o Mr. Kennedy Ismael / DINAT

The Team worked closely with our counterparts at the assignment sites - DINAT Offices in Maputo

and Maputo SPGS in Matola area.

3.3.4 Assignment Schedule and Main Deliverables

The assignment commenced on 18th

February and ends on 20th

April 2019. The main deliverables are delivered

according to the following time-table.

12

Table 2 Schedule of Activities

Date (days after signature of the contract)

Activity Deliverables

- Beginning of Audit and Review -

15 days Submission of the Inception Report Inception Report

2 days Meeting to discuss the activity Inception Report -

47 days Submission of Preliminary Report1 Preliminary Report

50 days Discussion meeting of the preliminary report2 -

57 days Submission of Final Report3 Final Report

60 days Discussion Meeting of the final report -

3.3.5 Work Plan

See a separate chapter “7. Work Plan” in general.

General Methodology of the Assignment 3.4

In the context of governments, Information Systems -IS (also referred to as e-governments

information systems) are made up of four main components4:

a) The Technologies which includes Hardware, Software, databases and Communications

infrastructure which we will refer to as Information and Communications Technology

(ICT) in this review;

b) Business Processes which refers to a series of steps to achieve desired outcome. These are

usually guided by policies, legislations, regulations, procedures and standards. In this

review we refer them to Business Processes;

c) People who performs various duties related to Business Processes (Land Administration

and Management in our case) and ICT. These provides front line services, back office

functions, programmers, Analysist etcetera. In our review we refer them to Human

Resources and

d) Stakeholders are all other groups who are interested in what we do. These are

Development Partners (World Bank, MCA, Kadaster etc.) and Vendors who provide services

such as Service Providers, ICT Companies etc. In our review we refer this group as

Stakeholders

1 Submitted on the 50th Day – 9th April 2019 2 Stakeholder’s meeting 58th Day – 16th April 2019 3 Submission and discussions of the Final Report 25th April 2019 4 Unlocking E-Government Potential: Concepts, Cases and Practical Insight Subhash Bhatnagar (2012)

13

Based on the general objectives for this assignment, we approach the review/ audit by asking the

following key questions:

i. What are the issues on implementation status of SiGIT? – What is the big picture?

Why now? (Output being a list of issues in relation to the proposed reporting themes –

Current Situation presented mainly in chapter 4 and to-be Situation presented in chapter 5

;

ii. Where are we now? What are we doing now, how does that align with our goals? (Output

being the SiGIT current implementation status and stakeholder’s individual concerns and

expectations also presented in chapters above);

iii. Where do we want to go – what would an ideal situation look like? What does

success look like for us? What else can we do to achieve more, how can we do it more

efficiently and effectively? How that impacts our outcome? (Output being the

recommendations for the desired future state presented mainly in chapter 6 titled

CONCLUSIONS AND RECOMMENDATIONS)

iv. How do we get there? – What can we do and what are our options (linked to

recommendations and also presented as proposed road map mainly in the chapter 6 titled

CONCLUSIONS AND RECOMMENDATIONS).

During this review / audit assignment the consultants undertake their tasks by adapting the

general approach based on the requirements outlined in the Control Objectives for Information and

related Technology (COBIT) model as well as The Information Technology Infrastructure Library

(ITIL). Where applicable and in specific cases we reviewed specific items outlined in the scope of

work based on standards and methodologies outlined in ISO/IEC 12207 - Systems and software

engineering – Software life cycle processes alongside ISO 19152:2012 – Geographic information –

Land Administration Domain Model (LADM); ISO/IEC 19510:2013 Information technology – Object

Management Group Business Process Model and Notation and ISO/IEC 2501n:2011 - Systems and

software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) –

System and software quality models. (See Annex 1: ToR p. 26)

Our approach follow four main steps are namely:

a) Identification of issues and documentations on SiGIT implementation status: The

review seeks to obtain understanding of the general and specific business requirements

derived from Mozambique land management legal and institutional frameworks in order to

identify SiGIT implementation status and assess related risks and relevant control

measures to be instituted commensurate with best practises. The review is conducted

through documentary review, key informant interviews and other relevant methods as

appropriate to collaborate understanding and documentation of key review/audit issues as

outlined in the ToR. The list of key documents reviewed and people interviewed is attached

for your reference in the Annexes.

b) Evaluation and categorisations: During the review, we evaluate the appropriateness of

SiGIT implementation controls and measures commensurate with international best

practises internal policies, procedures and practises. The Final Report – Current situation

presented in chapter 4 presents findings related to audit based on the scope of work and

their associated specific recommendations. These may relate to a wide range of issues such

as creating necessary strategies, tactical plans or operational processes. We also

consolidate our findings for to-be situation and presents them in three main categories

namely: SiGIT Value delivery, IT General Controls and Application Controls respectively

presented in chapter 4. SiGIT value delivery reviews examined SiGIT value proposition in

order to enable it to delivers required benefits based on the existing land administration

and management business process as derived from Mozambique institutional and legal

frameworks also specified in the ToR. We examine and propose measures to ensure the

effectiveness and efficiency of its operations and their compliance with the Existing laws

and regulations. SiGIT IT General controls encompass key requirements related to SIGIT

systems’ security, confidentiality, integrity, reliability and availability. Lastly Application

14

General Controls examined efficiency and effectiveness of SiGIT application and its

reliability in compliance with existing laws and regulations and general accepted

international standards related to Information Systems. The review is limited to the scope

of the ToR provided.

c) Compliance testing: Based on the proposed categorisation stated above, we further

undertake the review in which compliance is undertaken by testing whether the stated

controls, practises and procedures are working as prescribed. Inspecting, examining and

observing to ascertain existence of such controls in line with general international best

practises as applicable to systems development in general and land information systems in

particular; and

d) Substantive testing: Where appropriate we undertake measures including substantiating

the risks of control objectives not being met through analytical techniques for example on

Database Management Reviews, Spatial Data Reviews etc., walkthrough methods for

example on Workflow Management , User Management etc. and/or consulting alternative

sources to ascertain our observations which are outlined in this final report.

15

In a diagram below we present our conceptual framework for the assignment.

Information System Business Criteria

Effectiveness: Doing right things

(Timely, Correct, Usable)

Efficiency : Doing things right (most

productive and economical)

Confidentiality: Guide against

unauthorized disclosure (physical and logical)

Integrity : Accuracy and Completeness

Availability : Safeguarding Resources

Compliance: Externally imposed laws

and regulations

Reliability : Provides Management with

Appropriate information for its use and reporting

COBIT Model Domain

Areas linked to SDLC

Plan and Organize –�

Initiate and Plan

IT Strategic Plan

Project Mgt (SDLC)

Human Resource Mgt

Acquire and Implement -

Execute

Identify and acquire solution

Deploy solutions

Manage change

Deliver and Support

Manage Contracts and Operations

Manage IS Environment

Train Users and Support User

Maintain and secure facilities

Monitor and Evaluate

Monitor Processes

Assess internal Control

Obtain independent Assurance

Independent Audit

Review Recommendations –�To-be

SiGIT Value Delivery –�To Be

VDA - Project Implementation Arrangements (Adequacy of control over quality , delivery and costs );

VDB - Alignment of IT Services with Business Priorities;

VDC - HR Capacity;

VDD - Independent assurance – Reviews and audits;

VDE - Compliance with laws and regulations;

SiGIT ITGC Review –�To-be

ITA - Adequacy of measures for security, integrity and availability of IT Resources – Data, Technology, Facilities and People;

ITB - Adequacy of measures to monitor performance and detect problems;

SiGIT Application Control Review - To-be

APA - Adequacy of measures for security, integrity and availability of Application;

APB - Adequacy of measures to monitor performance and detect problems ;

Key

SD- Service Delivery

IT –�IT General Control

AP –�Application Control

Mission/ Vision/

Strategies/Tactics/

Processes

SiGIT Review ToR

Requirements -

Current

Contextual;

Know-How transfer strategy ;

Training ;

Technical documentation

decentralized vs. centralized;

Deployment;

Availability and resilience;

Communications;

Information;

Functional;

System Admin ;

Operation;

Security;

Intellectual Property Rights (IPR)

Performance and scalability ;

Stability Assessment

Legal and Compliance ;

International Standards compliance

DIAGNOSIS

What are the issues? – What is the big picture? Why now?

Where are we now? Where are we going? What are we doing now, how

does that align with our goals?

Where do we want to go – what would an ideal situation look like to you?

What does success look like for us?

How do we get there? – What can we

do and what are our options

Figure 1 : Audit / Review Conceptual Framework

16

3.4.1 Detailed Study Approach

During this review/audit, we obtained information from documentations, interviews, walkthrough

methods and other relevant sources and documentations. A more detailed approach for collecting

data, conducting interviews and utilizing various technical documentation is presented as Annex 5.

For each specific assignment objective that we reviewed.

3.4.2 Presentation of Audit/Review Observations and Recommendations – To

Be

The results are presented as Observations/Risks, their impacts to the Stakeholders in general;

Infrastructure (Hardware, LAN, WAN and general-purpose Software), Human Resources and

Application (Business Process) in particular. In each observation, recommendations are also

provided. During the review / audit the client was requested to review and comment on preliminary

report. Audit observation and its associated recommendation are presented in chapter 5. The risks

are categorise as High, Medium and Low and their respective actions are presented in a table

below.

Table 3 Categorisation of Risks

Risk Classification Implication Proposed Action

High The observation has a high risk exposure which may result in

compromising SiGIT (National Cadastre) operations as a whole or in part.

Immediately

Medium The observation has a medium risk exposure which may result in compromising SiGIT (National Cadastre) operations as a whole or in part.

As Soon as Possible

Low

The observation has a low risk exposure which may not result

in compromising SiGIT (National Cadastre) operations as a whole or in part on their own. However a number of low unattended risks may result into a compromise.

Planned

3.4.3 Content of the Final Report

The Final Report is organised in 7 main chapters and Annexes as follows:

Chapter 1 ASSIGNMENT SYNOPSIS

Chapter 2 EXECUTIVE SUMMARY

Chapter 3 INTRODUCTION AND BACKGROUND

Chapter 4 SIGIT IMPLEMENTATION REVIEW – CURRENT STATUS

Chapter 5 SiGIT FUTURE IMPLEMENTATION CONSIDERATIONS AND

RECOMMENDATIONS

Chapter 6 CONCLUSIONS AND RECOMMENDATIONS

Chapter 7 WORK PLAN

Annexes

In the following table we present mapping of the assignment specific objectives to the deliverables

in our work plans. We further indicates sections in the final report which discusses our findings and

recommendations.

17

Table 4 Mapping of ToR in the Final Report

Assignment Objective from ToR Work Plan Deliverable Section in the Final Report

I. Contextual - relationships, dependencies

and interactions between the system and its environment, including other systems;

D-1-1 Review of Specifications

D-2-1 Infrastructure, Software Architecture Review

D-2-5 NDSI

4.3.1

II. Comprehensive comparison and evaluation of decentralized vs. centralized system architecture - Detailed analysis, review and recommendations on its enhancement to ensure the stability and sustainability of the system in the Mozambique's context characterized by high costs of third-party software licenses, instability of power, available communication infrastructure, scarcity of financial resources for the system maintenance;

D-1-1 Review of Specifications


4.7

III. Information - the way that system stores

manipulates manages and distributes information, including conceptual and logical data models and their conformity to LADM, data synchronization and transfer between locations;

D-2-2 Database Review 4.11

IV. Functional - the system's runtime

functional elements and their responsibilities, interfaces and primary interactions, including capability to support reliable and streamlined process of the DUATs recording/registration. It should include: Registration of DUAT Request, Massive Registration of Land, Community land Registration, DUAT Issue, Payment of Taxes;

D-2-4 Business Review, Validation efficiency


D-2-6 – LTR Process Recommendations

D-2-3 Code Review5

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

V. Deployment - required runtime platform, hosting, third-party software, network availability and capacity, and physical constraints;


4.4

VI. System Administration - configuration

management, performance monitoring, upgrade, functional migration, data migration, backup and restore;

D-1-3 Review of Test Documentations

D-1-2 Review of issues tracking, change management and problem handling

4.4

4.6

4.10

VII. Operation - The operation of the system

should follow appropriate practices and have a service desk to support;

D-1-2 Review of issues tracking,

change management and problem handling

4.3.10

VIII. Security - the ability of the system to

reliably control, monitor, and audit who can perform what actions on which resources and the ability to detect and recover from security breaches;


4.12

IX. Performance and scalability - the ability

of the system to predictably execute within its mandated performance profile and to handle increased processing volumes in the future;


D-2-2 Database Review

4.10

5 This was not undertaken due to unavailability of software codes

18

Assignment Objective from ToR Work Plan Deliverable Section in the Final Report

X. Availability and resilience - the availability

of the system to be fully operational as and when required and to effectively handle failures that could affect system availability, as well as options for disaster recovery centre (DRC);



4.6

4.11

XI. Communications - The current capabilities and quality of data communication infrastructure and Internet and potential strengthening to support the system at all levels (national, provincial and district).


4.6

XII. Interoperability - current capabilities

and potential strengthening according to the e-Government interoperability framework and analysis of the system capability to support the improvement of public services provision, including the on-line services, functionality and usability of the public portal.



4.3.9

XIII. Intellectual Property boundaries

definition - There must be clear and well defined Intellectual property arrangements, boundaries of background IP, Third-Party IP and licenses to ensure the clients full ownership of the Development final product and sub-products, as well as the Existence of a well-documented, verified and secured repository of source codes;



4.9

XIV. Know-How transfer strategy - To allow

continuous improvement of the LIMS, rationalize maintenance costs and ensure sustainability of the system the service agreement must include an in-depth system knowledge transfer strategy;


4.3.11

XV. Technical documentation - The system should have relevant technical documentation (System Analysis, Design and Implementation, operation and maintenance manuals);



4.8

XVI. Training - Assessment of the human

resources available and recommendations on capacity improvement necessary to efficiently operate and maintain the System;



4.3.11

XVII. International Standards compliance - The system should comply with relevant standards and follow the best practices in nationwide information systems development and implementation



Cross cutting

XVIII. Legal and Compliance - The System

should follow the National Land law, comply with the land program Terra Segura and follow the Land Administration Processes;


4.3.1

4.3.2

19

4 SIGIT IMPLEMENTATION REVIEW – CURRENT

STATUS

Overview and History 4.1

SiGIT is a Land Management Information System (LMIS) custom designed for the Government of

Mozambique (GoM) by a local Company EXI. In response to the need emanating from a Land

Tenure Regularization (LTR) Project funded by Millennium Challenge Account (MCC), the GoM

received a technical assistance to develop SiGIT. The first version (SiGIT Ver.1) was released in

2012 and was installed in 4 Provinces – SPGCs (and later was extended to all 10 SPGCs) and 8

Municipalities with key functionalities as outlined in the figure below. In 2014, SiGIT Ver.2 was

released with additional functionalities related to improvements in Tax, RDUAT and Surveyors

Licensing Modules.

In 2017, SiGIT Ver. 3 was released with additional functionalities and improvements.

The detailed timelines is described in below.

The upgrades of SiGIT received funding and technical assistances from other Development Partners

(DP) as also summarised in figure below.

20

SiGIT Ver 3

$1,420,570.92

2012 2013 2014 2015 2016 2017 2018 2019

19 Business Processes;

GIS visualizer/editor ;

WebServices between

GIS and APP servers;

GeoPortal developed;

Data Migration

methodology and tool;

SubSystem Data

creation and corrective

tooltext

RDUAT Module

Business Process Changes

- TAX module;

Improvements of RDUAT

Surveyors Licensing

module;

Optimization and general reorganization of the source code (separation of the model layer and controller, making maintenance of the application

easier);Full compatibility with Java 8.0 version;

Migration to version 9.0 of Tomcat (application server)

Change the workflow enginea) Easy interpretation of the workflow and its rules;

b) Possibility of updating and inclusion of new workflow rules;

c) Possibility of calculation of waiting times per workflow stage;

d) Higher speed in determining the current stage

Automation of Synchronization Packages transfer between DINAT and Sites

User Management Security Controls (permissions)

GIS improvement: shapefile point extraction; automatic drawing of plots based on coordinates; zooming within cadastral block coordinates to specific

plot; changes to A0 map.

SiGIT Ver 1

$1,024,063.02* Hardware

$1,394,398.07 **

SiGIT Ver 2

$2,014,168.08

*Including Arch GIS and DC Eq.**Hardware for SPGC –�Exchange rate of July 2012*** New equipment Exchange rate of March 2019

46 Change Requests related to new functionalities

SIGIT PRODUCT TIMELINES

`

Hardware*** $ 1,367,794.65

MCC

Requirements

Design and Development

Testing

Implementation

Maintenance

GoM, Netherlands and Sweden

Requirements


Testing

Implementation

Maintenance

EXI

Requirements


Testing

Implementation

Maintenance

GoM & WB Ver. 4 ???? - 2019

Requirements


Testing

Implementation

Maintenance

Dev. Contract +AMC Dev. Contract +AMC Dev or AMC ?? ???Self efforts Self efforts Self efforts Dev or AMC??

Figure 2: SiGIT Product Timelines

21

Figure 3: Current SIGIT Implementation Arrangement

Current SiGIT

Project

Implementation

Arrangements

Funding Arrangements

Project 1: 2012-13 MCC and GoM ;

Project 2: 2014-2016 GoM,

Netherlands and Sweden ;

P3: 2016 to 2019 GoM

P4: GoM WB - MozLand

P1: Land Tenure Regularization -

effective and sustainable mgt of land in

4 SPGCs (to 10) and 8 Municipalities in

the north

P2: Capacity Building - Support Terra

Segura New methodology for RDUAT

and DelCOM;

P3 : AMC and Hardware upgrade

P4: Strengthen land tenure security in

selected districts

Support for HR, Operations

and Maintenance limited to

project implementation time

- Issues with transitions

Management

Costs

P1: $ 2,418,461

P2: $ 2,014,168.08

P3 AMC: $ 1,420,570.92 & H/W : $

1,367,794.65

P4: US$6.08m

SIGIT PROJECT IMPLEMENTATION ARRANGEMENT

CURRENT PROJECT

IMPLEMENTATION

ARRANGEMENTS

Policy->Programs->Operations-> Assets

22

OBSERVATIONS - FINDINGS - LESSONS LEARNED

Observation Description Category6

a) The current SIGIT was originally designed to respond to specific

project needs in year 2012. There has been two major upgrades to

respond to the needs of the time;

VDA

b) Although the module/functionality to support massive land

regularization was conceptualised in the first version in 2012/13,

functionality to support field to office data has not been fully

developed to date. Still there are numerous manual operations in

this functionality which impacts data quality on SiGIT and thus

affects integrity of information residing in SiGIT;

VDB

c) There has been poor transitions between projects and frequent

stoppage of financing to support SiGIT. Stop and restart of

financing and support has negatively impacted the pace and

development of SiGIT. Current processes to develop and manage

SIGIT can be viewed as unpredictable and reactive to ongoing

demands without necessarily being driven by a vision based on

DINATs missions as outlined in the legislations. In this situation

effectiveness is affected;

VDA

d) There has been numerous self-efforts by SiGIT vendor (EXI) to lead

the upgrade initiatives with minimum pro-activeness (Plan and

Organise Domain) from DINAT. This has led to lack / ineffective of

separation of duties and leadership in creation of plans, managing

change , requirement management , quality control and assurance

of Software Development Life Cycle (SLCD) Processes. In this

situation efficiency and effectiveness is at risk;

VDA

e) Some positive development have happened in SIGIT in the last

year or so, which if managed will lead to a more reliable SIGIT.

Crucial challenges remain in the areas of data reliability and

integrity in SIGIT, management of field to office data collection in

particular for ongoing massive land regularization programs and

usage of SiGIT as a management tool to improve efficiency. The

current usage is for record keeping and parallel manual operations

are still going on. There are still substantial records outside the

system and users are still relying on them for day to day land

administration functions. This impacts our DINATs effectiveness.

VDB

f) There has been significant increase of costs related to SiGIT in the

past two years. The current Annual Maintenance Cost (AMC) is

approximately $1.4million for two years and approximately

$1.4million (one time cost) for Hardware Upgrades- Total

$2.8million. In our opinion and based on the upgrades in

functionality presented in Figure 8: SiGIT Product Timelines above,

the current AMC costs are essentially development costs. In the

event of lack of proper requirements management associated with

quality control and assurance arrangements as outlined above,

there is high risk of not getting value for money spent on these

VDA

6 Refer to Figure 1: Audit / Review Conceptual Framework for definition of these categories

23

Observation Description Category6

AMC and thus affecting our efficiency and effectiveness in to

acquire and implement information systems;

g) Based on number of transactions carried out in SiGIT that we

reviewed and resource utilization ( hardware and communications),

the usage is still low;

VDB

h) As a result from observations in g) above, we are unable to clearly

establish the basis for the specifications of the upgrades of the

current SiGIT infrastructure. If the goal was not to centralize, the

current level of specifications for the SPGCs infrastructure are then

overrated. Additionally, based on the data projection for the next 5

years, and the current volumes in the Database for approximately

500,000 DUATs which is around 50GB, we could not establish the

rationale for current specifications of the storage and computing for

the Datacenter. This process if inadequately managed may impact

our efficiency ;

VDA

i) SiGIT is implemented as a decentralized system in which currently

10 SPGCs and 1 municipality are in operational. National Cadastre

as presented in Figure 9: Components of the National Cadaste is

incomplete without data from Municipalities and other agencies as

required by the law. This situation if will continue this way will

impact the reliability of SiGIT as of National Cadaster System ;

VDE

j) The Central Database in DINAT contains 10 copies of SPGC data

and is not a production system. In this case reporting at national

level is a time consuming process since it is required to process

data individually from SPGCs data bases. Additionally in the event a

new report is created or changes introduced into SiGIT as a result

of new requirements, updates to individual databases are required.

This process could be judged as ineffective in the event that other

options are available;

APA

k) Updates including versions changes is applied to SiGIT is

undertaken manually to all 10 SPGCs. There is no update

site/depository for SiGIT software application at DINAT. This

practice could compromise systems stability and availability of

resources when required;

APA

l) There is no enough capacity at DINAT to undertake the upgrades of

SIGIT on their own. Additionally DINAT Staff can not undertake

customizations of the SiGIT. All change requests minor or major are

undertaken by the Vendor. This dependency is counterproductive to

DINATs’ sustainability aspirations and may be ineffective in the

long run.

VDC

Based on our assessment According to international standards for SDLC, The maturity of,

processes at DINAT are summarised below:

24

Table 5 SDLC Process Maturity Level

S/N Process in the SDLC Quality Assurance and Control Processes and Standards - leading to SDLC Outputs

Remarks

1. Planning Project Implementation Methodologies; Project Plans; Reviews and Audit

Most of these processes are

still at initial stages based on the Capability Maturity Model Integration (CMMI) 7. There is no complete control of these processes by DINAT. Most of SiGIT Development Strategies and Plans are reactive. DINAT Should endeavour to achieve reliable and predictable environments, where by the products and services it provides for the National Cadastre are proactive, efficient and productive commensurate with its mandates outlined in the legislations. This will require organisational reform and adjustments to harness alignment of IT Priorities to Business Priorities

2. Requirements analysis Requirements Planning and Management; Strategy, Plan and Checklists

3. Architecture design

Software Architecture

Document; Requirement Traceability Matrix

4. Development and implementation

Strategy, Plan and Checklists

5. Testing and Training Strategy, Plan and Checklists

6. Maintenance and support Strategy, Plan and Checklists

Our recommendations are presented in the Value Delivery, ITGC and Application Control Sections

on a case to case basis.

SiGIT Project Implementation Arrangements Review 4.2

In Mozambique a distinction is made between land administration and land management functions.

Land administration concerns the recognition and allocation of DUATs and the maintenance of

information about rights to land, land use and the value of land. Land management, in turn,

concerns guidance on uses of land as a resource from environmental, social and economic

perspectives.

National Cadastre information contains both land administration and land management based on

the requirements of the legislations. LMIS implementations efforts have been project based since

its inception. The main focus of stakeholders has been on strengthening land tenure security based

on priority areas. For example, the first major project that marked the beginning of SiGIT was

funded by MCC focusing on first four Northern provinces (then to all 10) and eight Municipalities

(only one is reported operational at this moment).

The GoM received additional support for a Terra Segura in which SiGIT was improved to contain

new methodologies for RDUAT and DELCOM to support Systematic Land Tenure Regularisation

(LTR) at a large scale. Subsequently registrations related to, use and benefit rights within selected

areas, including the compilation of land rights inventories, conducting appropriate boundary

7 The Capability Maturity Model Integration (CMMI) is a process and behavioural model that helps organizations streamline process improvement and encourage productive, efficient behaviours that decrease risks in software, product and service development.

25

surveys, the public exposition of provisional claims, conflict management and resolution, quality

control, and the issuance of documentation in respect to legitimately-acquired DUAT rights at the

community and household levels was undertaken by migrating the existing cadastral data into the

land information system. This was a good step towards implementation of a National Cadastre.

Under these arrangements, the funding was limited to project goals. The support for

institutionalisation of SiGIT was equally limited to the project period. A bigger picture for the

National Cadastre could not be taken into consideration in these projects due to lack of a

comprehensive road map for LMIS for Mozambique.

We present the contributions of each project to DUATs in SIGIT:

Figure 4: Distribution of Project Contribution to DUATs

During the implementation of SiGIT Ver.1 two user workshops presumably to validate

functionalities were undertaken in 2013. The first set of functionalities were created through ToR

provided by MCC. During the review we could not verify the completeness of implementation due

to time limitations.

There is no evidence provided to indicate subsequent upgrades to Ver.3 was validated by user

acceptance tests and for that matter was done for all functionalities that were requested through

change requests (some from DINAT). It is also noted that at times, change requests have also

been initiatives of EXI possibly due to lack of appropriate roles and responsibilities in DINAT to

undertake this task.

Although we have seen various documents that are presented as test plans/results, we cannot

ascertain if users tested and signed off these results to their satisfaction. If they were done in the

absence of appropriate structure at DINAT, and in the absence of test environment, presumably in

the production environment or at EXI environment. In the earlier scenario outlined above, there is

a risk of compromising data and stability of the system.

Additionally from the project documentations provided, there was no information available on how

other tests were undertaken (unit, integration, components, stability, usability as the case may be)

26

and approved for production by DINAT. It is also noted that there is no training environment for

users and technical staff at DINAT. No audit reports were available for review during this audit. In

general we observed that DINATs’ institutional arrangement for ICT project management, quality

control and quality assurance is weak and hence there is a risk to efficiency and effectiveness of

Service Level Agreements (SLAs) in contracts for maintaining the ICT Infrastructure for SiGIT.

Amid political (including geopolitical forces), economic, social, technological, legal and

environmental forces, and in the absence of clear strategy, operational plan and implementation

processes for development of a national cadastre system, management of programs/projects, their

operations and assets (HR and physical) at DINATs’ disposal are at risk of not delivering required

results efficiently and effectively in a continued manner.

If National Cadastre Services are to be citizen centric as stipulated and in compliance with the

EGF4M, then there is a need for DINAT to consider reduction of costs and time for citizens to

receive land related services. Additionally there is a need to provide reliable and secure services

supported by appropriate and optimised business processes, capable HR facilitated by affordable

and appropriate technologies throughout land service delivery chain. There is also a need to

strategically engage and manage our stakeholders to ensure continuity of programs and projects

inputs to the implementation of a National Cadastre System.

In this view, we urge DINAT to prepare a National Cadaster Road Mapto in cooperate some ideas

presented above and also summarised in the figure below.

SiGIT Project

Implementation

Arrangements

Funding Arrangements

Project 1: 2012-13 MCC and GoM ;

Project 2: 2014-2016 GoM,

Netherlands and Sweden ;

P3: 2016 to 2019 GoM

P4: GoM WB - MozLand

P1: Land Tenure Regularization -

effective and sustainable mgt of land in

4 SPGCs (to 10) and 8 Municipalities in

the north

P2: Capacity Building - Support Terra

Segura new methodology for RDUAT

and DelCOM;

P3 : AMC and Hardware upgrade

P4: Strengthen land tenure security in

selected districts

Support for HR, Operations

and Maintenance limited to

project implementation time

- Issues with transitions

Management

Costs

P1: $ 2,418,461

P2: $ 2,014,168.08

P3 AMC: $ 1,420,570.92 & H/W : $

1,367,794.65

P4:$6.08m

Ro

ad M

ap

LMIS –�Electronic and paper records

HUMAN RESOURCE

BPR BPR

HUMAN RESOURCE HUMAN RESOURCE

TECHNOLOGY TECHNOLOGY TECHNOLOGY TECHNOLOGY

STRATEGIC STAKEHOLDER ENGAGEMENT

Goal

Improve security and

reliability of cadaster services;

Reduce cost and

time for DUAT transactions

500K, 5M,10M

BPR BPR

Political, Economical, Social, Technological, Legal and Environmental

CURRENT PROJECT

IMPLEMENTATION

ARRANGEMENTS

PROPOSED PROJECT

IMPLEMENTATION

ARRANGEMENTS

Funding Sustainability Strategy

PAST PROJECT

IMPLEMENTATION

ARRANGEMENTS

LMIS –�Electronically generated records LIMS-E - Register

BPR

Trapped CapitalArable Land (Urban Dev.; Agriculture Dev;

Geopolitical Dev. )

Mo

zLan

d In

dic

ato

r P

DO

_5

: R

ed

uct

ion

of

cost

to

rec

ord

a

DU

AT

in S

IGIT

un

der

a s

yste

mat

ic r

egu

lari

zati

on

pro

cess

Policy->Programs->Operations-> Assets

Figure 5: Proposed considerations for Road Map

27

OBSERVATIONS - FINDINGS - LESSONS LEARNED

Observation Description Category

a) Equipment Upgrades - No clear plan for upgrades. For example

recent hardware upgrade is not based on clear plan other than

considerations that the current equipment has completed its life

cycle. No disposal plan for old equipment which are currently in

SPGCs offices. DINAT datacenter equipment upgrade has been

undertaken since December 2018 although it is still not clear on the

roadmap for centralization.

VDB

b) No clear plan for software releases and upgrades linked to user

requirements. For example field to office operations faces

challenges. Based on number of DUATs in the SiGIT as indicated in

Figure 10: Distribution of Project Contribution to DUATs and

contributions of individual parties, we consider the ration of RDUAT

is proportionally lager than DUATs in the system. Despite the

existence of AMC as applied in present form, there is no plans to

resolve this issue other than DINAT undertaking a separate

endeavour to create a separate interface to SiGIT. We noted that

FINAL REPORT - FNDS › edocman › sigit-review-and-audit-final-report.pdfFINAL REPORT 19.07.2019...

Documents

Transcript of FINAL REPORT - FNDS › edocman › sigit-review-and-audit-final-report.pdfFINAL REPORT 19.07.2019...