Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
FINAL REPORT 19.07.2019 LIMS (SiGIT) Review
AUTHORS:
Emmanuel Mahinga
Tuomo Heinonen
Vlad Costea
András Juszt
Manyiri Isack
Favilli Raffaele
Project manager: Kajsa Österberg Åström
FCG Swedish Development AB Dalagatan 7, SE-111 23 Stockholm, Sweden E-mail: [email protected] Homepage: www.fcgsweden.se Phone: +46 (0)8 406 76 20 Fax: +46 (0)8 21 02 69
Corporate Reg No: 559034-3793 VAT No: SE559034379301 Registered office: Sweden
Version 2019-04-18
Contents
Glossary of Abbreviations and Acronyms ............................................... i
List of Figures and Tables ..................................................................iii
1 ASSIGNMENT SYNOPSIS ............................................................. 6
2 EXECUTIVE SUMMARY................................................................. 7
3 INTRODUCTION AND BACKGROUND ........................................... 10
Background ...................................................................................................... 10 3.1
Objectives ........................................................................................................ 10 3.2
Scope of the Assignment ................................................................................... 11 3.3
3.3.1 ToR Requirements .................................................................................. 11
3.3.2 Limitations of the Scope ......................................................................... 11
3.3.3 Team and Counterparts .......................................................................... 11
3.3.4 Assignment Schedule and Main Deliverables .............................................. 11
3.3.5 Work Plan ............................................................................................. 12
General Methodology of the Assignment .............................................................. 12 3.4
3.4.1 Detailed Study Approach ......................................................................... 16
3.4.2 Presentation of Audit/Review Observations and Recommendations – To Be ... 16
3.4.3 Content of the Final Report ..................................................................... 16
4 SIGIT IMPLEMENTATION REVIEW – CURRENT STATUS .................. 19
Overview and History ........................................................................................ 19 4.1
SiGIT Project Implementation Arrangements Review ............................................. 24 4.2
SiGIT Contextual Review .................................................................................... 28 4.3
4.3.1 National Cadastre as Framework of SiGIT ................................................. 28
4.3.2 Review of LTR Business Processes ............................................................ 33
4.3.3 Workflow Management Module ................................................................ 38
4.3.4 Spatial Data .......................................................................................... 41
4.3.5 Reporting .............................................................................................. 42
4.3.6 Portal ................................................................................................... 45
4.3.7 Support for Management of Financial Data ................................................ 46
4.3.8 Support for Document Management System .............................................. 46
4.3.9 Interoperability and Support for Data Services .......................................... 46
4.3.10 Support for Management and Administration ............................................. 48
4.3.11 Capacity of Staff and Personnel ............................................................... 49
SiGIT System Architecture Review ...................................................................... 52 4.4
Costs of Third-Party Software Licences ................................................................ 56 4.5
Communications Infrastructure Review ................................................................ 58 4.6
4.6.1 Current Network Overview ...................................................................... 58
4.6.2 Network Equipment Inventory ................................................................. 60
4.6.3 Bandwidth Utilisation vs. Requirement ...................................................... 60
4.6.4 Cost of Bandwidth and Collocation ........................................................... 64
4.6.5 Internet/Data Service Providers ............................................................... 64
4.6.6 Observations and Recommendations ........................................................ 64
4.6.7 Estimated Network Equipment & License Costs .......................................... 68
4.6.8 The Quest for Centralisation from Network Perspective ............................... 68
Version 2019-04-18
4.6.9 Availability of a Reliable Data Centre ........................................................ 68
4.6.10 Availability of a Reliable Network to the Data Centre .................................. 68
4.6.11 Network Availability at the SPGC’s/Districts – Category ITA ......................... 69
Comprehensive Comparison and Evaluation of Decentralised vs. Centralised ............ 69 4.7
Technical Documentation ................................................................................... 73 4.8
Intellectual Property Boundaries Review .............................................................. 79 4.9
Performance and Scalability Reviews ................................................................... 81 4.10
Database Management Reviews .......................................................................... 87 4.11
4.11.1 Database Architecture ............................................................................ 87
4.11.2 High Availability (HA) ............................................................................. 89
4.11.3 Data Maintenance .................................................................................. 89
4.11.4 Database integrity checking and schema analysing .................................... 92
4.11.5 Performance .......................................................................................... 95
4.11.6 Security ................................................................................................ 95
4.11.7 Spatial .................................................................................................. 99
4.11.8 LADM compliance review (ISO 19152:2012) ............................................ 106
4.11.9 Database long term maintenance discussions .......................................... 109
System Security Review .................................................................................. 110 4.12
5 SiGIT FUTURE IMPLEMENTATION CONSIDERATIONS AND
RECOMMENDATIONS .............................................................. 113
SiGIT Value Delivery Recommendations – To Be ................................................. 115 5.1
5.1.1 SiGIT Value Delivery Summary Table ..................................................... 115
5.1.2 VDA - Project Implementation Arrangements (Adequacy of control over quality, delivery and costs) ................................................................... 116
5.1.3 VDB – Alignment of IT Services with Business Priorities ............................ 118
5.1.4 VDC – HR Capacity ............................................................................... 121
5.1.5 VDD – Independent Assurance – Reviews and Audits................................ 122
5.1.6 VDE – Compliance with Laws and Regulations ......................................... 122
SiGIT – IT General Control – To Be ................................................................... 122 5.2
5.2.1 IT General Control Review Summary Table ............................................. 122
5.2.2 ITA - Adequacy of measures for security, integrity and availability of IT Resources – Data, Technology, Facilities and People ................................. 123
5.2.3 ITB - Adequacy of measures to monitor performance and detect problems .. 125
SiGIT Application Control Review – To Be ........................................................... 126 5.3
5.3.1 Application Control Review Summary Table ............................................. 126
5.3.2 APA - Adequacy of measures for security, integrity and availability of Application .......................................................................................... 126
5.3.3 APB - Adequacy of measures to monitor performance and detect Application Problems ............................................................................................ 128
6 CONCLUSIONS AND RECOMMENDATIONS ................................. 130
What is the big picture? ................................................................................... 130 6.1
Where are we now? ......................................................................................... 131 6.2
Where do we want to go? ................................................................................ 132 6.3
How do we get there? ...................................................................................... 132 6.4
6.4.1 Field to Office Process .......................................................................... 132
6.4.2 Software Architecture ........................................................................... 135
6.4.3 Communications .................................................................................. 135
Version 2019-04-18
6.4.4 System Security .................................................................................. 135
6.4.5 HR Capacity for System Maintenance ..................................................... 135
6.4.6 SIGIT Interoperability ........................................................................... 136
6.4.7 Current system situation ....................................................................... 136
6.4.8 Financial and other resources for the system ........................................... 137
The way forward ............................................................................................. 137 6.5
7 WORK PLAN ........................................................................... 140
Annex 1: Terms of references ........................................................ 141
Annex 2: References ..................................................................... 150
Annex 3: Laws and Regulations ...................................................... 151
Annex 4: Interviews ...................................................................... 152
Annex 5: Detailed Study Approach .................................................. 154
Annex 6: Land administration overview ........................................... 162
Annex 7: NSDI for Mozambique – a Concept Document ..................... 165
Annex 8: Database Management Scripts .......................................... 173
Annex 9: SIGIT System Architecture Review .................................... 181
Annex 10: Action Plan ................................................................... 201
Annex 11: Comments and Responses .............................................. 218
1
GLOSSARY OF ABBREVIATIONS
AND ACRONYMS
CENACARTA National Centre for Cartography and Remote Sensing
(Portuguese Acronym)
CORS Continuously Operating Reference Station
DBMS Data Base Management System
DELCOM Community Delimitation
DINAT National Directorate of Lands (Portuguese Acronym)
DPTADER Ministry of Land, Environment and Rural Development’s Provincial
Directorates (Portuguese Acronym)
DUATs Direitos de Uso e Aproveitamento da Terra (Rights to Use and Benefit from
Land)
EGIF4M e-Government Interoperability Framework for Mozambique
FNDS National Fund for Sustainable Development (Portuguese Acronym)
GIS Geographic Information System
ICT Information and Communication Technologies
INAGE National Institute of e-Government
IOS Internetworking Operating System
IPSec Internet Protocol Security
LTR Land Tenure Regularization
M&E Monitoring and Evaluation
MCC Millennium Challenge Corporation
MITADER Ministry of Land, Environment and Rural Development (Portuguese Acronym)
MozNET National Geodetic Network (Portuguese Acronym)
MPLS Multi-Protocol Label Switching
NGO Non-governmental organization
NLP National Land Policy
NRS National Research Council (US)
NSDI National Spatial Data Infrastructure
NUIT Unique Tax Identification Number (Portuguese Acronym)
2
PDO Project Development Objective
POM Project Operations Manual
SDLC Software Development Life Cycle
SDI Spatial Data Infrastructure
SiGIT Sistema de Gestão de Informação da Terra (Land Information
Management System)
SIRP Real Property Register System (Portuguese Acronym)
SPGCs Provincial Cadastral Offices (Serviços Provinciais de Geografia e Cadastro)
STM-1 Synchronous Transport Module Level 1
Sustenta Agricultural and Natural Resources Landscape Management Project
USAID United States Agency for International Development
VLAN Virtual Local Area Network
VPN Virtual Private Network
WB World Bank
3
LIST OF FIGURES AND TABLES
Figures
Figure 1 : Audit / Review Conceptual Framework .................................................................... 15 Figure 2: SiGIT Product Timelines ......................................................................................... 20 Figure 3: Current SIGIT Implementation Arrangement ............................................................ 21 Figure 4: Distribution of Project Contribution to DUATs ........................................................... 25 Figure 5: Proposed considerations for Road Map ..................................................................... 26 Figure 6: Components of the National Cadastre ...................................................................... 29 Figure 7: SiGIT Interactions ................................................................................................. 30 Figure 8: Level of Development of National Cadaster Systems ................................................. 33 Figure 9: DELCOM Key Processes ......................................................................................... 35 Figure 10: RDUAT Key Processes .......................................................................................... 36 Figure 11 : DUAT Key Processes ........................................................................................... 37 Figure 12: Print Screen of WFM Module in SIGIT .................................................................... 39 Figure 13: WFM .................................................................................................................. 40 Figure 14: Example of Data Quality Issues (Existing parcel data in SiGIT) ................................. 42 Figure 15: Report Module .................................................................................................... 43 Figure 16: Type of Report .................................................................................................... 44 Figure 17: SiGIT Portal Demonstration .................................................................................. 45 Figure 18: Portal Demonstration ........................................................................................... 46 Figure 19: Interoperability Requirements .............................................................................. 47 Figure 20: SIGIT Architecture .............................................................................................. 52 Figure 21: SGPC / Municipality Architecture Old Set-up ........................................................... 52 Figure 22: DINAT Old Set-up ............................................................................................... 53 Figure 23 : SPGC / Municipality New Set-up........................................................................... 53 Figure 24: DINAT New Set-up .............................................................................................. 54 Figure 25: SiGIT Model-View-Controller ................................................................................. 54 Figure 26 : SiGIT logical components .................................................................................... 55 Figure 27: Current Network Layout at the DINAT Data Centre .................................................. 58 Figure 28: Typical SPGC Network Layout ............................................................................... 59 Figure 29: One Internet Gateway for All ................................................................................ 65 Figure 30: Centralised Infrastructure Decentralised Operations ................................................ 72 Figure 31: Extract from Contract - DINAT /EXI 2018 ............................................................... 80 Figure 32: Matola Application Server Performance .................................................................. 82 Figure 33: Matola Database Server Performance .................................................................... 82 Figure 34: Matola GIS Server Performance ............................................................................ 83 Figure 35: Gaza Application Server ....................................................................................... 83 Figure 36: Gaza Database Server ......................................................................................... 84 Figure 37: Gaza GIS Server ................................................................................................. 84 Figure 38: Cabo-Delgado – Application Server ....................................................................... 85 Figure 39: Cabo-Delgado Database Server ............................................................................ 85 Figure 40: Cabo-Delgado – GIS Server ................................................................................. 86 Figure 41 : Database Architecture ........................................................................................ 87 Figure 42: The Oracle RAC architecture with 2 nodes .............................................................. 89 Figure 43: Parcel overlaps ................................................................................................. 102 Figure 44: UNIDADE_CADASTRAL overlap (oid1=170871; oid2=170869) ................................ 103 Figure 45: Microgap (0,011 cm) between adjacent cadastral parcels (UID= 183754;
UID=183752) .................................................................................................................. 105 Figure 46 Summary of Observations ................................................................................... 114 Figure 47: Contribution of Observations .............................................................................. 114
4
Figure 48: Value delivery Summary .................................................................................... 115 Figure 49 ITG Control Summary ........................................................................................ 123 Figure 50 Application Control Review Summary .................................................................... 126 Figure 51 : General LTR Process ......................................................................................... 132 Figure 52: Field to office process (Process automation) ......................................................... 134 Figure 53: Recommendations for the actions. ...................................................................... 139
Tables
Table 1 Synopsis ................................................................................................................. 6 Table 2 Schedule of Activities ............................................................................................... 12 Table 3 Categorisation of Risks ............................................................................................ 16 Table 4 Mapping of ToR in the Final Report ............................................................................ 17 Table 5 SDLC Process Maturity Level .................................................................................... 24 Table 6 Manning level requirements ...................................................................................... 50 Table 7 Software licences for SPGCs ..................................................................................... 56 Table 8 Software licences for DINAT ..................................................................................... 56 Table 9 Network Equipment Inventory .................................................................................. 60 Table 10 Bandwidth utilisation Vs estimated bandwidth ........................................................... 62 Table 11 Estimated Network Equipment & License Cost ........................................................... 68 Table 12 Comparison and evaluation of decentralized vs. centralized ........................................ 70 Table 13 Technical Documentations Review ........................................................................... 75 Table 14 Central database – DNTF ........................................................................................ 87 Table 15 SPGC database – Maputo ....................................................................................... 88 Table 16 Daily background tasks .......................................................................................... 91 Table 17 The top 3 loaded table objects are in the central database (DNTF)............................... 92 Table 18 The top 3 loaded table objects are in the SPGC (MAPUTO) database ............................ 93 Table 19 Table Spaces ........................................................................................................ 93 Table 20 The top 3 loaded tables’ objects at DNTF .................................................................. 94 Table 21 The top 3 loaded tables at MAPUTO ......................................................................... 94 Table 22 Password Policy in SiGIT ........................................................................................ 95 Table 23 Stored password security ....................................................................................... 96 Table 24 Password policy recommendations ........................................................................... 99 Table 25 Geographic data in SiGIT ...................................................................................... 100 Table 26 Geometry Types .................................................................................................. 100 Table 27 Coordinate Systems ............................................................................................. 100 Table 28 Control of Geometry Validity ................................................................................. 101 Table 29 Overlaps related to same “types of parcels” ........................................................... 103 Table 30 Class Mapping ..................................................................................................... 106 Table 31 SIGIT data model classes ..................................................................................... 107 Table 32 Attribute Mapping ................................................................................................ 107 Table 33 Versioning Support .............................................................................................. 108 Table 34 Comparison of DBMS ........................................................................................... 109 Table 35 System security finding ........................................................................................ 110 Table 36 Recommendations Summary Table ........................................................................ 113 Table 37 Value Delivery Summary ...................................................................................... 115 Table 38 Project Implementation Observations ..................................................................... 116 Table 39 Alignment of IT Services with Business Priorities ..................................................... 118 Table 40 HR Capacity Observations .................................................................................... 121 Table 41 Independent Assurance – Reviews and Audits Observations ...................................... 122 Table 42 Compliance with Laws and Regulations Observations ............................................... 122 Table 43 IT General Control Review Summary Table ............................................................ 122 Table 44 Adequacy of measures for security, integrity and availability of IT Resources .............. 123 Table 45 Adequacy of measures to monitor performance and detect problems ......................... 125
5
Table 46 Application Control Review Summary .................................................................... 126 Table 47 Adequacy of measures for security, integrity and availability of Application ................. 126 Table 48 Adequacy of measures to monitor performance and detect Application Problems ......... 128 Table 49 Help Desk Incident 2018 ..................................................................................... 131 Table 50 Manning level requirements ................................................................................. 136
6
1 ASSIGNMENT SYNOPSIS
The basics of the assignment (project) and its goals is presented in the following table.
Table 1 Synopsis
Project title SiGIT (LIMS) Review and Audit
Project Number P, IDA – D1190 (Land Administration Project / World Bank)
Country Mozambique
Project objective
(ToR)
Conduct a review and audit of SiGIT, the existing Land Information Management
System under the current conditions and to propose measures necessary for the
development and improvement of the land administration and management system,
and identify the needs towards the development and implementation of a National
Spatial Data Infrastructure (NSDI).
Expected results
Three reports, each with the respective review findings and recommendations:
I. Inception report,
II. Preliminary report and
III. Final report.
Contract signing
date
3rd December 2018
Project duration 60 days
Starting Date 18th February 2019
7
2 EXECUTIVE SUMMARY
The Government of Mozambique (GoM) engaged FCG Swedish Development AB (FCG) to conduct
an assignment - LIMS (SiGIT) Review and Audit. The assignment took place in Maputo and
Matola Province from 26 February to 18 April 2019.
The general objectives of the assignment outlined in the Terms of Reference (ToR) were: (A)
critical review and audit of the existing LIMS system and software architecture, communications,
system security and other risks affecting system stable functionality, capacity of the client and
its personnel in the system maintenance, performance of the technical team in the system
maintenance services provision, and the need of financial and other resources for the system
maintenance to ensure its stability and, with a careful analysis of the lessons learned from the
existing LIMS, provision of relevant recommendations; (B) review the existing business process
of the DUATs registration, its appropriateness to the computerized environment and procedures
and propose the measure to the introduction and testing of a streamlined land regularization
methodology that is less time consuming and robust; (C) review and analyse the existing
draft of the “Methodology for the DUATs regularization and Community Land delimitation” in
close cooperation with the Cadastral Surveying and Mapping Needs assessment consultant and (D)
review of the LIMS interoperability, in accordance with the eGIF4M (eGovernment
Interoperability Framework for Mozambique), with the Land Registry Information system SIRP
(Sistema Integrado de Registo Predial) implemented by the Ministry of Justice that is responsible
for registering the titles of Land Use Right, and the interoperability with the municipalities that
also carry out the regularization of land tenure rights in the areas under its territorial jurisdiction
and generate information to feed the national land registry.
Based on the general objectives for this assignment, the following key questions were answered
as part of the review/audit: (I) what is the big picture? (II) Where are we now? (III) Where
do we want to go? (IV) How do we get there?
A four steps approach was taken: (1) Identification of issues and documentations on SiGIT
implementation status - The review was intended to obtain understanding of the general and
specific business requirements derived from Mozambique land legislation in order to identify SiGIT
implementation status vis-à-vis these requirements; (2) Evaluation and categorizations -, we
evaluated the appropriateness of SiGIT implementation controls and measures commensurate with
international best practices, internal policies, procedures and best practices for information
systems of similar nature; (3) Compliance testing – We tested whether the stated controls,
practices and procedures are working as prescribed. Inspecting, examining and observing to
ascertain existence of such controls in line with general international best practices as applicable to
systems development in general and land information systems in particular; and (4) Substantive
testing - Where appropriate measures including substantiating the risks of control objectives not
being met through analytical techniques for example on Database Management Reviews , Spatial
Data Reviews, communication network reviews etc., walkthrough methods for example on
Workflow Management Module etc. and/or consulting alternative sources in order to ascertain our
observations and recommendations which are outlined in this final report.
The results: First of all, as key themes emanating from detailed findings and recommendations
some good progress in implementation of Land Information System, made by the
government can be mentioned: implementation of Land Information System (LIS) to all 11
Provincial Offices (SPGC) and to some selected Municipalities; implementation of a data centre at
DINAT; documenting key business processes as part of implementation of LIS and maintaining
record of approximately 500,000 DUATs at SPGCs and DINAT. While we applaud these well done
endeavours by DINAT, a number of observations requires attention to provide improved land
administration and management services as part of fulfilling the mandated functions and especially
when preparing for the mass registration program Terra Segura.
8
The answers to the key questions can be summarised as follows:
(I) what is the big picture? - The bigger picture of the National Cadaster System is derived from
the requirement of Mozambique land legislations.
The main issues are:
The current data in SiGIT is incomplete - The current data does not contain all the
information as required by the Mozambique legislation. With regard to the amount of
current data in the system, based on dashboard reports that were provided, there are a
total of 563,765 DUAT Requests in SIGIT in which 433,376 (77%) have been processed
and 384,759 (68%) delivered to beneficiaries; Data related to old parcels are not yet fully
incorporated in the system. Some key information that is not available includes Cadaster
data from Municipalities, data on soil, forestry, wildlife, water, mines, tourism and other
areas of public domain. There are also spacial data quality and accuracy issues that need
to be addressed which includes parcel overlaps and positional accuracy.
With regard to securing rights, there are inadequacies in systems security with regard
to SiGIT Information Technology General and Application Controls. Examples of such
inadequacies includes network security, lack of end-to-end sessions encryptions between
the client computers and servers.
With regard to shared data - The Current SiGIT does not share (Interoperate) data with
external systems such as municipalities, National ID, Registration of Titles just to mention
a few as required by EGIF4M.
With regards to the National Spatial Data Infrastructure (NSDI) – So far there is
neither NSDI strategy nor policy or legislation in Mozambique. We noted the ongoing
World Bank NSDI project at Ministry of Transportation and Communication as a good start
to build NDSI and be placed under MITADER.
(II) Where are we now? – With regard to current system situation, its operational efficiency and
the quality of performance levels and process control the SiGIT system performance is considered
as moderate to low. This assessment is attributed to poor completions rates (69% Printed
DUATS); Reported incidents (most of them bugs/errors); Poor support on the Field-to-office
process (Manual error prone processes and poor data quality) ; the software architecture that
needs to be revisited to adequately reflect operations of the National Cadaster System (including
interoperability to municipalities, National ID, Registration of Titles etcetera) ; System security
gaps (especially related to the management of searchable and well documented events logs,
database management ); Low level of transfer of knowledge for the system to be maintained by
DINAT’s staff; High maintenance costs.
(III) Where do we want to go? - The Government of Mozambique (GoM) is implementing
ongoing initiative called Terra Segura (MozLand Project) with the main objective of regularizing
land tenure rights in priority and selected Districts as well as to modernize land administration
services. The LMIS needs to respond to this policy directive in which programs and projects are
ongoing for example Gesterra and MozLand. As mentioned also above one of the goals is to
register and maintain five Million DUATS (from currently approximately 500,000 currently
registered) and delimit 4,000 community.
(IV) How do we get there? - Based on the review and audit the following next actions are
highly recommended:
A complete redesign of Field to Office process – A major component that will assist in
achieving the Land Title Regularization (LTR) is usage of technology to automate the
process as much as possible.
Software Architecture - Considering improvements proposed in this review report, a new
conceptual design will lead to the redesign of the architecture to respond to the actual
needs of the National Cadaster as derived from envisaged functional and technical
specifications.
9
Communications -A centralised approach to implementation of the National Cadaster is
recommended to be undertaken.
System Security – We recommend improvements of Network Security, Data base
Security and Systems Security.
HR Capacity for System Maintenance - In terms of sustainability and skills transfer in
the past two years, we consider DINAT ICT Staffs’ roles and level of competences as
insufficient to carry out their functions properly. A minimum requirements for different
positions at DINAT and efforts to build capacity of their staff for the next 2 years have been
provided.
LMIS Interoperability - Design considerations that guarantee availability of secure
interfaces to connect to other data sources such as municipalities, National ID, Registration
of Titles and the like based on the actual requirement of the EGIF4M are recommended.
Equally, compliance to citizen centric services are to be part and parcel of such interfaces.
Financial and other resources for the system - Maintaining the platforms which are
under long term agreements for ArcGIS (special licences for 4 years), Microsoft and Oracle
(with leadership from INAGE) is recommended. Based on the level of skills coupled with
ongoing systemic reforms in land administration and services, in our humble opinion
changing these platforms at the present times increases complexity to the equation. The
architecture considerations in the design for the new upgraded Land Information System
should consider making database layer ( and other layers) as technology independent as
possible to allow considerations for change it in the future should there be such a need
mainly emanating from planned increased skills levels of DINAT Technical Staff.
As a concluding recommendation and in line with our analysis and reasoning above, we are of
the opinion that SiGIT redesign is required to ensure all current legal requirements are
incorporated, and future needs are considered in the design of enhanced SiGIT.
The way forward:
The redesigned SiGIT will require development of Terms of Reference (ToR) for public international
tender for the design, development/adjustment, installation, training, implementation and
maintenance of an enhanced SIGIT 4. In parallel to the procurement process, MITADER/FNDS will
have to consider engaging SIGIT vendor for a transition period of 1 year. The engagement
agreement should clearly stipulate the goals and the requirements from the SIGIT vendor such as
(a) ensuring the continuation of business, and (b) assisting in a smooth transition from the current
to the new system.
Our proposed work plan for the transition from SIGIT3 to the enhanced SIGIT 4 is presented in the
report.
10
3 INTRODUCTION AND BACKGROUND
Background 3.1
The Government of Mozambique has an ongoing initiative called Terra Segura with the main
objective of regularizing land tenure rights in priority and selected Districts as well as to modernize
land administration services. The project is implemented by the Ministry of Land, Environment and
Rural Development (MITADER) and has the support of the World Bank in the period from 2018 to
2024.
A Land Information Management System “Sistema de Gestão de Informação da Terra” (SiGIT) has
been in use for the land administration from 2013 at the National Directorate of Lands (DINAT) and
since 2013 in all 10 Provincial Cadastral Offices (SPGC). In the end of 2018 as part of the
preparation of the Terra Segura project, the National Fund for Sustainable Development (FNDS)
decided to hire a Consultant to conduct a review and audit (later ‘assignment’) of SiGIT mainly to
assess the systems readiness for the coming mass registration of 5 million DUATs and delimitation
of 4000 Communities.
Objectives 3.2
According to the ToR (Annex 1) the general objective of the assignment is to conduct a review and
audit of SiGIT, the existing Land Information Management System under the current conditions
and to propose measures necessary for the development and improvement of the land
administration and management system, and identify the needs towards the development and
implementation of a National Spatial Data Infrastructure (NSDI). The consultancy must include:
• a critical review and audit of the existing LIMS system and software architecture,
communications, system security and other risks affecting system stable functionality,
capacity of the client and its personnel in the system maintenance, performance of the
technical team in the system maintenance services provision, and the need of financial and
other resources for the system maintenance to ensure its stability and, with a careful
analysis of the lessons learned from the existing LIMS, provision of relevant
recommendations;
• also review the existing business process of the DUATs registration, its appropriateness to
the computerized environment and procedures and propose the measure to the
introduction and testing of a streamlined land regularization methodology that is less time
consuming and robust;
• review and analyse the existing draft of the “Methodology for the DUATs regularization and
Community Land delimitation” in close cooperation with the Cadastral Surveying and
Mapping Needs assessment consultant and
• review of the LIMS interoperability, in accordance with the eGIF4M (eGovernment
Interoperability Framework for Mozambique), with the Land Registry Information system
SIRP (Sistema Integrado de Registo Predial) implemented by the Ministry of Justice that is
responsible for registering the titles of Land Use Right, and the interoperability with the
municipalities that also carry out the regularization of land tenure rights in the areas under
its territorial jurisdiction and generate information to feed the national land registry.
Specific objectives in order to achieve the general objective are:
• reviewing all existing documentation and other artefacts (UML diagrams, data structure,
business processes, etc.) on system development,
• evaluating and monitoring the current system situation, its operational efficiency and the
quality of performance levels and process control and
• verifying and validating the following parameters of the Information System: Efficiency,
Effectiveness, Confidentiality, Fidelity of information in relation to data, Physical security,
11
Logical security, Obedience to the organization's policies and business rules and
Compliance with current legislation.
Scope of the Assignment 3.3
3.3.1 ToR Requirements
To reach the objectives and deliver the expected results (2.2) the assignment is carried out following the requirements given in the ToR attached in annex 1.
3.3.2 Limitations of the Scope
There are two exceptions (presented in the Technical Proposal):
(1) In case of “identifying the needs towards the development and implementation of a
National Spatial Data Infrastructure (NSDI)”, we will submit as part of this assignment only
a Concept Document and High-level Architecture & Proposed Main Data Layers. [Remark:
During the assignment we observed that there is already an ongoing project “National
Statistics and Data for Development” financed by the World Bank as Ministry of Transport
and Communications (MTC) covering the main features of proposed NSDI in Mozambique.
MITADER is one of the stakeholders of the project. Due to this the Concept Document
(Annex 7) concentrates only in advising MITADER in participating of that project.]
(2) “Analysing business processes” of an organization is a task that might attract lots of
resources and long duration. When it comes to business processes, our main efforts will be
given to the analysis on the existing documents and comparing the already analysed
business processes, the UML diagrams, the technical documents of the existing system
(SiGIT), and the actual implementation of these processes in the system.
3.3.3 Team and Counterparts
The mission is carried through by an Expert Team (Team members with their counterpart):
Team Leader – Mr. Emmanuel Mahinga (55 working days)
o Mr. José Luis Correia / FNDS
GIS and LTR Expert – Dr. Tuomo Heinonen (25 working days)
o Mr. Anjos / FNDS
Software Architecture Expert – Mr. Vlad Costea (15 working days)
o Mr. José Luis Correia / FNDS
DBMS Experts – Mr. Andras Juszt (15) and Favilli Raffaele (5 home based working days)
o Mr. Daniel Queface (DINAT)
Computer Networks Expert – Mr. Manyiri Isack (15 working days)
o Mr. Kennedy Ismael / DINAT
The Team worked closely with our counterparts at the assignment sites - DINAT Offices in Maputo
and Maputo SPGS in Matola area.
3.3.4 Assignment Schedule and Main Deliverables
The assignment commenced on 18th
February and ends on 20th
April 2019. The main deliverables are delivered
according to the following time-table.
12
Table 2 Schedule of Activities
Date (days after signature of the contract)
Activity Deliverables
- Beginning of Audit and Review -
15 days Submission of the Inception Report Inception Report
2 days Meeting to discuss the activity Inception Report -
47 days Submission of Preliminary Report1 Preliminary Report
50 days Discussion meeting of the preliminary report2 -
57 days Submission of Final Report3 Final Report
60 days Discussion Meeting of the final report -
3.3.5 Work Plan
See a separate chapter “7. Work Plan” in general.
General Methodology of the Assignment 3.4
In the context of governments, Information Systems -IS (also referred to as e-governments
information systems) are made up of four main components4:
a) The Technologies which includes Hardware, Software, databases and Communications
infrastructure which we will refer to as Information and Communications Technology
(ICT) in this review;
b) Business Processes which refers to a series of steps to achieve desired outcome. These are
usually guided by policies, legislations, regulations, procedures and standards. In this
review we refer them to Business Processes;
c) People who performs various duties related to Business Processes (Land Administration
and Management in our case) and ICT. These provides front line services, back office
functions, programmers, Analysist etcetera. In our review we refer them to Human
Resources and
d) Stakeholders are all other groups who are interested in what we do. These are
Development Partners (World Bank, MCA, Kadaster etc.) and Vendors who provide services
such as Service Providers, ICT Companies etc. In our review we refer this group as
Stakeholders
1 Submitted on the 50th Day – 9th April 2019 2 Stakeholder’s meeting 58th Day – 16th April 2019 3 Submission and discussions of the Final Report 25th April 2019 4 Unlocking E-Government Potential: Concepts, Cases and Practical Insight Subhash Bhatnagar (2012)
13
Based on the general objectives for this assignment, we approach the review/ audit by asking the
following key questions:
i. What are the issues on implementation status of SiGIT? – What is the big picture?
Why now? (Output being a list of issues in relation to the proposed reporting themes –
Current Situation presented mainly in chapter 4 and to-be Situation presented in chapter 5
;
ii. Where are we now? What are we doing now, how does that align with our goals? (Output
being the SiGIT current implementation status and stakeholder’s individual concerns and
expectations also presented in chapters above);
iii. Where do we want to go – what would an ideal situation look like? What does
success look like for us? What else can we do to achieve more, how can we do it more
efficiently and effectively? How that impacts our outcome? (Output being the
recommendations for the desired future state presented mainly in chapter 6 titled
CONCLUSIONS AND RECOMMENDATIONS)
iv. How do we get there? – What can we do and what are our options (linked to
recommendations and also presented as proposed road map mainly in the chapter 6 titled
CONCLUSIONS AND RECOMMENDATIONS).
During this review / audit assignment the consultants undertake their tasks by adapting the
general approach based on the requirements outlined in the Control Objectives for Information and
related Technology (COBIT) model as well as The Information Technology Infrastructure Library
(ITIL). Where applicable and in specific cases we reviewed specific items outlined in the scope of
work based on standards and methodologies outlined in ISO/IEC 12207 - Systems and software
engineering – Software life cycle processes alongside ISO 19152:2012 – Geographic information –
Land Administration Domain Model (LADM); ISO/IEC 19510:2013 Information technology – Object
Management Group Business Process Model and Notation and ISO/IEC 2501n:2011 - Systems and
software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) –
System and software quality models. (See Annex 1: ToR p. 26)
Our approach follow four main steps are namely:
a) Identification of issues and documentations on SiGIT implementation status: The
review seeks to obtain understanding of the general and specific business requirements
derived from Mozambique land management legal and institutional frameworks in order to
identify SiGIT implementation status and assess related risks and relevant control
measures to be instituted commensurate with best practises. The review is conducted
through documentary review, key informant interviews and other relevant methods as
appropriate to collaborate understanding and documentation of key review/audit issues as
outlined in the ToR. The list of key documents reviewed and people interviewed is attached
for your reference in the Annexes.
b) Evaluation and categorisations: During the review, we evaluate the appropriateness of
SiGIT implementation controls and measures commensurate with international best
practises internal policies, procedures and practises. The Final Report – Current situation
presented in chapter 4 presents findings related to audit based on the scope of work and
their associated specific recommendations. These may relate to a wide range of issues such
as creating necessary strategies, tactical plans or operational processes. We also
consolidate our findings for to-be situation and presents them in three main categories
namely: SiGIT Value delivery, IT General Controls and Application Controls respectively
presented in chapter 4. SiGIT value delivery reviews examined SiGIT value proposition in
order to enable it to delivers required benefits based on the existing land administration
and management business process as derived from Mozambique institutional and legal
frameworks also specified in the ToR. We examine and propose measures to ensure the
effectiveness and efficiency of its operations and their compliance with the Existing laws
and regulations. SiGIT IT General controls encompass key requirements related to SIGIT
systems’ security, confidentiality, integrity, reliability and availability. Lastly Application
14
General Controls examined efficiency and effectiveness of SiGIT application and its
reliability in compliance with existing laws and regulations and general accepted
international standards related to Information Systems. The review is limited to the scope
of the ToR provided.
c) Compliance testing: Based on the proposed categorisation stated above, we further
undertake the review in which compliance is undertaken by testing whether the stated
controls, practises and procedures are working as prescribed. Inspecting, examining and
observing to ascertain existence of such controls in line with general international best
practises as applicable to systems development in general and land information systems in
particular; and
d) Substantive testing: Where appropriate we undertake measures including substantiating
the risks of control objectives not being met through analytical techniques for example on
Database Management Reviews, Spatial Data Reviews etc., walkthrough methods for
example on Workflow Management , User Management etc. and/or consulting alternative
sources to ascertain our observations which are outlined in this final report.
15
In a diagram below we present our conceptual framework for the assignment.
Information System Business Criteria
Effectiveness: Doing right things
(Timely, Correct, Usable)
Efficiency : Doing things right (most
productive and economical)
Confidentiality: Guide against
unauthorized disclosure (physical and logical)
Integrity : Accuracy and Completeness
Availability : Safeguarding Resources
Compliance: Externally imposed laws
and regulations
Reliability : Provides Management with
Appropriate information for its use and reporting
COBIT Model Domain
Areas linked to SDLC
Plan and Organize –�
Initiate and Plan
IT Strategic Plan
Project Mgt (SDLC)
Human Resource Mgt
Acquire and Implement -
Execute
Identify and acquire solution
Deploy solutions
Manage change
Deliver and Support
Manage Contracts and Operations
Manage IS Environment
Train Users and Support User
Maintain and secure facilities
Monitor and Evaluate
Monitor Processes
Assess internal Control
Obtain independent Assurance
Independent Audit
Review Recommendations –�To-be
SiGIT Value Delivery –�To Be
VDA - Project Implementation Arrangements (Adequacy of control over quality , delivery and costs );
VDB - Alignment of IT Services with Business Priorities;
VDC - HR Capacity;
VDD - Independent assurance – Reviews and audits;
VDE - Compliance with laws and regulations;
SiGIT ITGC Review –�To-be
ITA - Adequacy of measures for security, integrity and availability of IT Resources – Data, Technology, Facilities and People;
ITB - Adequacy of measures to monitor performance and detect problems;
SiGIT Application Control Review - To-be
APA - Adequacy of measures for security, integrity and availability of Application;
APB - Adequacy of measures to monitor performance and detect problems ;
Key
SD- Service Delivery
IT –�IT General Control
AP –�Application Control
Mission/ Vision/
Strategies/Tactics/
Processes
SiGIT Review ToR
Requirements -
Current
Contextual;
Know-How transfer strategy ;
Training ;
Technical documentation
decentralized vs. centralized;
Deployment;
Availability and resilience;
Communications;
Information;
Functional;
System Admin ;
Operation;
Security;
Intellectual Property Rights (IPR)
Performance and scalability ;
Stability Assessment
Legal and Compliance ;
International Standards compliance
DIAGNOSIS
What are the issues? – What is the big picture? Why now?
Where are we now? Where are we going? What are we doing now, how
does that align with our goals?
Where do we want to go – what would an ideal situation look like to you?
What does success look like for us?
How do we get there? – What can we
do and what are our options
Figure 1 : Audit / Review Conceptual Framework
16
3.4.1 Detailed Study Approach
During this review/audit, we obtained information from documentations, interviews, walkthrough
methods and other relevant sources and documentations. A more detailed approach for collecting
data, conducting interviews and utilizing various technical documentation is presented as Annex 5.
For each specific assignment objective that we reviewed.
3.4.2 Presentation of Audit/Review Observations and Recommendations – To
Be
The results are presented as Observations/Risks, their impacts to the Stakeholders in general;
Infrastructure (Hardware, LAN, WAN and general-purpose Software), Human Resources and
Application (Business Process) in particular. In each observation, recommendations are also
provided. During the review / audit the client was requested to review and comment on preliminary
report. Audit observation and its associated recommendation are presented in chapter 5. The risks
are categorise as High, Medium and Low and their respective actions are presented in a table
below.
Table 3 Categorisation of Risks
Risk Classification Implication Proposed Action
High The observation has a high risk exposure which may result in
compromising SiGIT (National Cadastre) operations as a whole or in part.
Immediately
Medium The observation has a medium risk exposure which may result in compromising SiGIT (National Cadastre) operations as a whole or in part.
As Soon as Possible
Low
The observation has a low risk exposure which may not result
in compromising SiGIT (National Cadastre) operations as a whole or in part on their own. However a number of low unattended risks may result into a compromise.
Planned
3.4.3 Content of the Final Report
The Final Report is organised in 7 main chapters and Annexes as follows:
Chapter 1 ASSIGNMENT SYNOPSIS
Chapter 2 EXECUTIVE SUMMARY
Chapter 3 INTRODUCTION AND BACKGROUND
Chapter 4 SIGIT IMPLEMENTATION REVIEW – CURRENT STATUS
Chapter 5 SiGIT FUTURE IMPLEMENTATION CONSIDERATIONS AND
RECOMMENDATIONS
Chapter 6 CONCLUSIONS AND RECOMMENDATIONS
Chapter 7 WORK PLAN
Annexes
In the following table we present mapping of the assignment specific objectives to the deliverables
in our work plans. We further indicates sections in the final report which discusses our findings and
recommendations.
17
Table 4 Mapping of ToR in the Final Report
Assignment Objective from ToR Work Plan Deliverable Section in the Final Report
I. Contextual - relationships, dependencies
and interactions between the system and its environment, including other systems;
D-1-1 Review of Specifications
D-2-1 Infrastructure, Software Architecture Review
D-2-5 NDSI
4.3.1
II. Comprehensive comparison and evaluation of decentralized vs. centralized system architecture - Detailed analysis, review and recommendations on its enhancement to ensure the stability and sustainability of the system in the Mozambique's context characterized by high costs of third-party software licenses, instability of power, available communication infrastructure, scarcity of financial resources for the system maintenance;
D-1-1 Review of Specifications
D-2-1 Infrastructure, Software Architecture Review
4.7
III. Information - the way that system stores
manipulates manages and distributes information, including conceptual and logical data models and their conformity to LADM, data synchronization and transfer between locations;
D-2-2 Database Review 4.11
IV. Functional - the system's runtime
functional elements and their responsibilities, interfaces and primary interactions, including capability to support reliable and streamlined process of the DUATs recording/registration. It should include: Registration of DUAT Request, Massive Registration of Land, Community land Registration, DUAT Issue, Payment of Taxes;
D-2-4 Business Review, Validation efficiency
D-2-1 Infrastructure, Software Architecture Review
D-2-6 – LTR Process Recommendations
D-2-3 Code Review5
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
V. Deployment - required runtime platform, hosting, third-party software, network availability and capacity, and physical constraints;
D-2-1 Infrastructure, Software Architecture Review
4.4
VI. System Administration - configuration
management, performance monitoring, upgrade, functional migration, data migration, backup and restore;
D-1-3 Review of Test Documentations
D-1-2 Review of issues tracking, change management and problem handling
4.4
4.6
4.10
VII. Operation - The operation of the system
should follow appropriate practices and have a service desk to support;
D-1-2 Review of issues tracking,
change management and problem handling
4.3.10
VIII. Security - the ability of the system to
reliably control, monitor, and audit who can perform what actions on which resources and the ability to detect and recover from security breaches;
D-2-1 Infrastructure, Software Architecture Review
4.12
IX. Performance and scalability - the ability
of the system to predictably execute within its mandated performance profile and to handle increased processing volumes in the future;
D-2-1 Infrastructure, Software Architecture Review
D-2-2 Database Review
4.10
5 This was not undertaken due to unavailability of software codes
18
Assignment Objective from ToR Work Plan Deliverable Section in the Final Report
X. Availability and resilience - the availability
of the system to be fully operational as and when required and to effectively handle failures that could affect system availability, as well as options for disaster recovery centre (DRC);
D-2-1 Infrastructure, Software Architecture Review
D-2-2 Database Review
4.6
4.11
XI. Communications - The current capabilities and quality of data communication infrastructure and Internet and potential strengthening to support the system at all levels (national, provincial and district).
D-2-1 Infrastructure, Software Architecture Review
4.6
XII. Interoperability - current capabilities
and potential strengthening according to the e-Government interoperability framework and analysis of the system capability to support the improvement of public services provision, including the on-line services, functionality and usability of the public portal.
D-2-4 Business Review, Validation efficiency
D-2-1 Infrastructure, Software Architecture Review
4.3.9
XIII. Intellectual Property boundaries
definition - There must be clear and well defined Intellectual property arrangements, boundaries of background IP, Third-Party IP and licenses to ensure the clients full ownership of the Development final product and sub-products, as well as the Existence of a well-documented, verified and secured repository of source codes;
D-2-4 Business Review, Validation efficiency
D-2-1 Infrastructure, Software Architecture Review
4.9
XIV. Know-How transfer strategy - To allow
continuous improvement of the LIMS, rationalize maintenance costs and ensure sustainability of the system the service agreement must include an in-depth system knowledge transfer strategy;
D-2-4 Business Review, Validation efficiency
4.3.11
XV. Technical documentation - The system should have relevant technical documentation (System Analysis, Design and Implementation, operation and maintenance manuals);
D-2-1 Infrastructure, Software Architecture Review
D-2-4 Business Review, Validation efficiency
4.8
XVI. Training - Assessment of the human
resources available and recommendations on capacity improvement necessary to efficiently operate and maintain the System;
D-2-1 Infrastructure, Software Architecture Review
D-2-4 Business Review, Validation efficiency
4.3.11
XVII. International Standards compliance - The system should comply with relevant standards and follow the best practices in nationwide information systems development and implementation
D-2-1 Infrastructure, Software Architecture Review
D-2-2 Database Review
Cross cutting
XVIII. Legal and Compliance - The System
should follow the National Land law, comply with the land program Terra Segura and follow the Land Administration Processes;
D-2-4 Business Review, Validation efficiency
4.3.1
4.3.2
19
4 SIGIT IMPLEMENTATION REVIEW – CURRENT
STATUS
Overview and History 4.1
SiGIT is a Land Management Information System (LMIS) custom designed for the Government of
Mozambique (GoM) by a local Company EXI. In response to the need emanating from a Land
Tenure Regularization (LTR) Project funded by Millennium Challenge Account (MCC), the GoM
received a technical assistance to develop SiGIT. The first version (SiGIT Ver.1) was released in
2012 and was installed in 4 Provinces – SPGCs (and later was extended to all 10 SPGCs) and 8
Municipalities with key functionalities as outlined in the figure below. In 2014, SiGIT Ver.2 was
released with additional functionalities related to improvements in Tax, RDUAT and Surveyors
Licensing Modules.
In 2017, SiGIT Ver. 3 was released with additional functionalities and improvements.
The detailed timelines is described in below.
The upgrades of SiGIT received funding and technical assistances from other Development Partners
(DP) as also summarised in figure below.
20
SiGIT Ver 3
$1,420,570.92
2012 2013 2014 2015 2016 2017 2018 2019
19 Business Processes;
GIS visualizer/editor ;
WebServices between
GIS and APP servers;
GeoPortal developed;
Data Migration
methodology and tool;
SubSystem Data
creation and corrective
tooltext
RDUAT Module
Business Process Changes
- TAX module;
Improvements of RDUAT
Surveyors Licensing
module;
Optimization and general reorganization of the source code (separation of the model layer and controller, making maintenance of the application
easier);Full compatibility with Java 8.0 version;
Migration to version 9.0 of Tomcat (application server)
Change the workflow enginea) Easy interpretation of the workflow and its rules;
b) Possibility of updating and inclusion of new workflow rules;
c) Possibility of calculation of waiting times per workflow stage;
d) Higher speed in determining the current stage
Automation of Synchronization Packages transfer between DINAT and Sites
User Management Security Controls (permissions)
GIS improvement: shapefile point extraction; automatic drawing of plots based on coordinates; zooming within cadastral block coordinates to specific
plot; changes to A0 map.
SiGIT Ver 1
$1,024,063.02* Hardware
$1,394,398.07 **
SiGIT Ver 2
$2,014,168.08
*Including Arch GIS and DC Eq.**Hardware for SPGC –�Exchange rate of July 2012*** New equipment Exchange rate of March 2019
46 Change Requests related to new functionalities
SIGIT PRODUCT TIMELINES
`
Hardware*** $ 1,367,794.65
MCC
Requirements
Design and Development
Testing
Implementation
Maintenance
GoM, Netherlands and Sweden
Requirements
Design and Development
Testing
Implementation
Maintenance
EXI
Requirements
Design and Development
Testing
Implementation
Maintenance
GoM & WB Ver. 4 ???? - 2019
Requirements
Design and Development
Testing
Implementation
Maintenance
Dev. Contract +AMC Dev. Contract +AMC Dev or AMC ?? ???Self efforts Self efforts Self efforts Dev or AMC??
Figure 2: SiGIT Product Timelines
21
Figure 3: Current SIGIT Implementation Arrangement
Current SiGIT
Project
Implementation
Arrangements
Funding Arrangements
Project 1: 2012-13 MCC and GoM ;
Project 2: 2014-2016 GoM,
Netherlands and Sweden ;
P3: 2016 to 2019 GoM
P4: GoM WB - MozLand
P1: Land Tenure Regularization -
effective and sustainable mgt of land in
4 SPGCs (to 10) and 8 Municipalities in
the north
P2: Capacity Building - Support Terra
Segura New methodology for RDUAT
and DelCOM;
P3 : AMC and Hardware upgrade
P4: Strengthen land tenure security in
selected districts
Support for HR, Operations
and Maintenance limited to
project implementation time
- Issues with transitions
Management
Costs
P1: $ 2,418,461
P2: $ 2,014,168.08
P3 AMC: $ 1,420,570.92 & H/W : $
1,367,794.65
P4: US$6.08m
SIGIT PROJECT IMPLEMENTATION ARRANGEMENT
CURRENT PROJECT
IMPLEMENTATION
ARRANGEMENTS
Policy->Programs->Operations-> Assets
22
OBSERVATIONS - FINDINGS - LESSONS LEARNED
Observation Description Category6
a) The current SIGIT was originally designed to respond to specific
project needs in year 2012. There has been two major upgrades to
respond to the needs of the time;
VDA
b) Although the module/functionality to support massive land
regularization was conceptualised in the first version in 2012/13,
functionality to support field to office data has not been fully
developed to date. Still there are numerous manual operations in
this functionality which impacts data quality on SiGIT and thus
affects integrity of information residing in SiGIT;
VDB
c) There has been poor transitions between projects and frequent
stoppage of financing to support SiGIT. Stop and restart of
financing and support has negatively impacted the pace and
development of SiGIT. Current processes to develop and manage
SIGIT can be viewed as unpredictable and reactive to ongoing
demands without necessarily being driven by a vision based on
DINATs missions as outlined in the legislations. In this situation
effectiveness is affected;
VDA
d) There has been numerous self-efforts by SiGIT vendor (EXI) to lead
the upgrade initiatives with minimum pro-activeness (Plan and
Organise Domain) from DINAT. This has led to lack / ineffective of
separation of duties and leadership in creation of plans, managing
change , requirement management , quality control and assurance
of Software Development Life Cycle (SLCD) Processes. In this
situation efficiency and effectiveness is at risk;
VDA
e) Some positive development have happened in SIGIT in the last
year or so, which if managed will lead to a more reliable SIGIT.
Crucial challenges remain in the areas of data reliability and
integrity in SIGIT, management of field to office data collection in
particular for ongoing massive land regularization programs and
usage of SiGIT as a management tool to improve efficiency. The
current usage is for record keeping and parallel manual operations
are still going on. There are still substantial records outside the
system and users are still relying on them for day to day land
administration functions. This impacts our DINATs effectiveness.
VDB
f) There has been significant increase of costs related to SiGIT in the
past two years. The current Annual Maintenance Cost (AMC) is
approximately $1.4million for two years and approximately
$1.4million (one time cost) for Hardware Upgrades- Total
$2.8million. In our opinion and based on the upgrades in
functionality presented in Figure 8: SiGIT Product Timelines above,
the current AMC costs are essentially development costs. In the
event of lack of proper requirements management associated with
quality control and assurance arrangements as outlined above,
there is high risk of not getting value for money spent on these
VDA
6 Refer to Figure 1: Audit / Review Conceptual Framework for definition of these categories
23
Observation Description Category6
AMC and thus affecting our efficiency and effectiveness in to
acquire and implement information systems;
g) Based on number of transactions carried out in SiGIT that we
reviewed and resource utilization ( hardware and communications),
the usage is still low;
VDB
h) As a result from observations in g) above, we are unable to clearly
establish the basis for the specifications of the upgrades of the
current SiGIT infrastructure. If the goal was not to centralize, the
current level of specifications for the SPGCs infrastructure are then
overrated. Additionally, based on the data projection for the next 5
years, and the current volumes in the Database for approximately
500,000 DUATs which is around 50GB, we could not establish the
rationale for current specifications of the storage and computing for
the Datacenter. This process if inadequately managed may impact
our efficiency ;
VDA
i) SiGIT is implemented as a decentralized system in which currently
10 SPGCs and 1 municipality are in operational. National Cadastre
as presented in Figure 9: Components of the National Cadaste is
incomplete without data from Municipalities and other agencies as
required by the law. This situation if will continue this way will
impact the reliability of SiGIT as of National Cadaster System ;
VDE
j) The Central Database in DINAT contains 10 copies of SPGC data
and is not a production system. In this case reporting at national
level is a time consuming process since it is required to process
data individually from SPGCs data bases. Additionally in the event a
new report is created or changes introduced into SiGIT as a result
of new requirements, updates to individual databases are required.
This process could be judged as ineffective in the event that other
options are available;
APA
k) Updates including versions changes is applied to SiGIT is
undertaken manually to all 10 SPGCs. There is no update
site/depository for SiGIT software application at DINAT. This
practice could compromise systems stability and availability of
resources when required;
APA
l) There is no enough capacity at DINAT to undertake the upgrades of
SIGIT on their own. Additionally DINAT Staff can not undertake
customizations of the SiGIT. All change requests minor or major are
undertaken by the Vendor. This dependency is counterproductive to
DINATs’ sustainability aspirations and may be ineffective in the
long run.
VDC
Based on our assessment According to international standards for SDLC, The maturity of,
processes at DINAT are summarised below:
24
Table 5 SDLC Process Maturity Level
S/N Process in the SDLC Quality Assurance and Control Processes and Standards - leading to SDLC Outputs
Remarks
1. Planning Project Implementation Methodologies; Project Plans; Reviews and Audit
Most of these processes are
still at initial stages based on the Capability Maturity Model Integration (CMMI) 7. There is no complete control of these processes by DINAT. Most of SiGIT Development Strategies and Plans are reactive. DINAT Should endeavour to achieve reliable and predictable environments, where by the products and services it provides for the National Cadastre are proactive, efficient and productive commensurate with its mandates outlined in the legislations. This will require organisational reform and adjustments to harness alignment of IT Priorities to Business Priorities
2. Requirements analysis Requirements Planning and Management; Strategy, Plan and Checklists
3. Architecture design
Software Architecture
Document; Requirement Traceability Matrix
4. Development and implementation
Strategy, Plan and Checklists
5. Testing and Training Strategy, Plan and Checklists
6. Maintenance and support Strategy, Plan and Checklists
Our recommendations are presented in the Value Delivery, ITGC and Application Control Sections
on a case to case basis.
SiGIT Project Implementation Arrangements Review 4.2
In Mozambique a distinction is made between land administration and land management functions.
Land administration concerns the recognition and allocation of DUATs and the maintenance of
information about rights to land, land use and the value of land. Land management, in turn,
concerns guidance on uses of land as a resource from environmental, social and economic
perspectives.
National Cadastre information contains both land administration and land management based on
the requirements of the legislations. LMIS implementations efforts have been project based since
its inception. The main focus of stakeholders has been on strengthening land tenure security based
on priority areas. For example, the first major project that marked the beginning of SiGIT was
funded by MCC focusing on first four Northern provinces (then to all 10) and eight Municipalities
(only one is reported operational at this moment).
The GoM received additional support for a Terra Segura in which SiGIT was improved to contain
new methodologies for RDUAT and DELCOM to support Systematic Land Tenure Regularisation
(LTR) at a large scale. Subsequently registrations related to, use and benefit rights within selected
areas, including the compilation of land rights inventories, conducting appropriate boundary
7 The Capability Maturity Model Integration (CMMI) is a process and behavioural model that helps organizations streamline process improvement and encourage productive, efficient behaviours that decrease risks in software, product and service development.
25
surveys, the public exposition of provisional claims, conflict management and resolution, quality
control, and the issuance of documentation in respect to legitimately-acquired DUAT rights at the
community and household levels was undertaken by migrating the existing cadastral data into the
land information system. This was a good step towards implementation of a National Cadastre.
Under these arrangements, the funding was limited to project goals. The support for
institutionalisation of SiGIT was equally limited to the project period. A bigger picture for the
National Cadastre could not be taken into consideration in these projects due to lack of a
comprehensive road map for LMIS for Mozambique.
We present the contributions of each project to DUATs in SIGIT:
Figure 4: Distribution of Project Contribution to DUATs
During the implementation of SiGIT Ver.1 two user workshops presumably to validate
functionalities were undertaken in 2013. The first set of functionalities were created through ToR
provided by MCC. During the review we could not verify the completeness of implementation due
to time limitations.
There is no evidence provided to indicate subsequent upgrades to Ver.3 was validated by user
acceptance tests and for that matter was done for all functionalities that were requested through
change requests (some from DINAT). It is also noted that at times, change requests have also
been initiatives of EXI possibly due to lack of appropriate roles and responsibilities in DINAT to
undertake this task.
Although we have seen various documents that are presented as test plans/results, we cannot
ascertain if users tested and signed off these results to their satisfaction. If they were done in the
absence of appropriate structure at DINAT, and in the absence of test environment, presumably in
the production environment or at EXI environment. In the earlier scenario outlined above, there is
a risk of compromising data and stability of the system.
Additionally from the project documentations provided, there was no information available on how
other tests were undertaken (unit, integration, components, stability, usability as the case may be)
26
and approved for production by DINAT. It is also noted that there is no training environment for
users and technical staff at DINAT. No audit reports were available for review during this audit. In
general we observed that DINATs’ institutional arrangement for ICT project management, quality
control and quality assurance is weak and hence there is a risk to efficiency and effectiveness of
Service Level Agreements (SLAs) in contracts for maintaining the ICT Infrastructure for SiGIT.
Amid political (including geopolitical forces), economic, social, technological, legal and
environmental forces, and in the absence of clear strategy, operational plan and implementation
processes for development of a national cadastre system, management of programs/projects, their
operations and assets (HR and physical) at DINATs’ disposal are at risk of not delivering required
results efficiently and effectively in a continued manner.
If National Cadastre Services are to be citizen centric as stipulated and in compliance with the
EGF4M, then there is a need for DINAT to consider reduction of costs and time for citizens to
receive land related services. Additionally there is a need to provide reliable and secure services
supported by appropriate and optimised business processes, capable HR facilitated by affordable
and appropriate technologies throughout land service delivery chain. There is also a need to
strategically engage and manage our stakeholders to ensure continuity of programs and projects
inputs to the implementation of a National Cadastre System.
In this view, we urge DINAT to prepare a National Cadaster Road Mapto in cooperate some ideas
presented above and also summarised in the figure below.
SiGIT Project
Implementation
Arrangements
Funding Arrangements
Project 1: 2012-13 MCC and GoM ;
Project 2: 2014-2016 GoM,
Netherlands and Sweden ;
P3: 2016 to 2019 GoM
P4: GoM WB - MozLand
P1: Land Tenure Regularization -
effective and sustainable mgt of land in
4 SPGCs (to 10) and 8 Municipalities in
the north
P2: Capacity Building - Support Terra
Segura new methodology for RDUAT
and DelCOM;
P3 : AMC and Hardware upgrade
P4: Strengthen land tenure security in
selected districts
Support for HR, Operations
and Maintenance limited to
project implementation time
- Issues with transitions
Management
Costs
P1: $ 2,418,461
P2: $ 2,014,168.08
P3 AMC: $ 1,420,570.92 & H/W : $
1,367,794.65
P4:$6.08m
Ro
ad M
ap
LMIS –�Electronic and paper records
HUMAN RESOURCE
BPR BPR
HUMAN RESOURCE HUMAN RESOURCE
TECHNOLOGY TECHNOLOGY TECHNOLOGY TECHNOLOGY
STRATEGIC STAKEHOLDER ENGAGEMENT
Goal
Improve security and
reliability of cadaster services;
Reduce cost and
time for DUAT transactions
500K, 5M,10M
BPR BPR
Political, Economical, Social, Technological, Legal and Environmental
CURRENT PROJECT
IMPLEMENTATION
ARRANGEMENTS
PROPOSED PROJECT
IMPLEMENTATION
ARRANGEMENTS
Funding Sustainability Strategy
PAST PROJECT
IMPLEMENTATION
ARRANGEMENTS
LMIS –�Electronically generated records LIMS-E - Register
BPR
Trapped CapitalArable Land (Urban Dev.; Agriculture Dev;
Geopolitical Dev. )
Mo
zLan
d In
dic
ato
r P
DO
_5
: R
ed
uct
ion
of
cost
to
rec
ord
a
DU
AT
in S
IGIT
un
der
a s
yste
mat
ic r
egu
lari
zati
on
pro
cess
Policy->Programs->Operations-> Assets
Figure 5: Proposed considerations for Road Map
27
OBSERVATIONS - FINDINGS - LESSONS LEARNED
Observation Description Category
a) Equipment Upgrades - No clear plan for upgrades. For example
recent hardware upgrade is not based on clear plan other than
considerations that the current equipment has completed its life
cycle. No disposal plan for old equipment which are currently in
SPGCs offices. DINAT datacenter equipment upgrade has been
undertaken since December 2018 although it is still not clear on the
roadmap for centralization.
VDB
b) No clear plan for software releases and upgrades linked to user
requirements. For example field to office operations faces
challenges. Based on number of DUATs in the SiGIT as indicated in
Figure 10: Distribution of Project Contribution to DUATs and
contributions of individual parties, we consider the ration of RDUAT
is proportionally lager than DUATs in the system. Despite the
existence of AMC as applied in present form, there is no plans to
resolve this issue other than DINAT undertaking a separate
endeavour to create a separate interface to SiGIT. We noted that