South Africa’s new driver’s licence cards hit roadblock

The Auditor-General (AG) has found irregularities in the tender evaluation for South Africa’s new driver’s licence cards, which was awarded to French firm Idemia Identity and Security.

This comes after Minister of Transport Barbara Creecy instructed the AG in September 2024 to investigate the tender process.

While at the time the AG was already reviewing the tender as an early regularity audit process, Creecy’s request specified that it focused on the following areas:

• The affordability of the chosen bid
• Whether South African service providers were considered in this procurement process
• Whether the specifications in place for the project are adequate to protect the safety of personal data
• Implications for the procurement process following the recent cancellation of Idemia’s contract with the Airports Company of South Africa
• Whether Idemia’s technical capacity and its ability to deliver key outputs timeously were adequately considered, especially following allegations of the challenges faced at three airports where Idemia’s biometrics system has been contracted by the Border Management Authority

The minister’s communication was accompanied by a letter from the Organisation Undoing Tax Abuse (Outa), in which specific allegations of an irregular procurement process were made.

Irregularities aplenty

To comply with the Creecy’s request, the AG enhanced the proactive audit’s initial scope to include additional procedures.

Furthermore, it deployed a multidisciplinary team consisting of forensic experts, information systems auditors, and performance auditors to execute the specific procedures required.

“During the audit process, we identified instances of non-compliance with the required procurement processes and communicated these to the accounting officer and management,” said the AG.

The non-compliances stemmed from transgressions of supply chain management (SCM) prescripts as detailed in the Public Finance Management Act, Treasury Regulations, and Driving Licence Card Account (DLCA) policies, rendering the procurement process irregular.

The identified instances of non-compliance were due to:

• The DLCA’s budget analysis, as part of the demand management process, being inadequate
• Bids not being evaluated according to the evaluation criteria as per the bid specifications
• Inconsistent application of scoring during the bid evaluation process

During its assessment, the AG noted that the bid evaluation committee (BEC) deviated from assessing the bids using the exact criteria set out in the bid specifications when evaluating documents provided by bidders.

“The BEC members had to use their judgement and make executive decisions on how to assess the bids due to ambiguous bid specifications, which did not clearly address the DLCA requirements,” said the AG.

“This ambiguity led to discrepancies identified by the AG, resulting in an unfair and non-transparent procurement process.”

The inconsistencies extended to site visits conducted by the DLCA.

During these visits, the entity was meant to ensure that the machine proposed by Idemia, the MX8100, had the required capacity and capability to deliver on the requirements.

However, the DLCA chose to inspect an unrelated machine, and its management has been unable to provide a satisfactory explanation or evidence for this decision.

“The deviation from the bid specifications and the use of ambiguous criteria undermine the fairness and transparency of the procurement process,” said the AG.

“Furthermore, the evaluation of a machine not proposed by the bidder increases the risk that the selected service provider, Idemia, may not be able to fulfil the contract requirements. This could result in the DLCA failing to meet its constitutional mandate.”

Looking at other bidders who threw their hat into the ring, the AG said that no one had been unfairly disqualified as alleged as none of the original bidders met the technical bid specifications.

All bids submitted exceeded the R486.385 million budget set by the DLCA, which the AG said points to inadequate market analysis and budgeting.

“The DLCA used outdated pre-Covid prices, and the budget they submitted to Cabinet for approval did not include all the costs for the contract, leading to Cabinet approving a memo that was not a true reflection of the cost of the contract,” said the AG.

This would likely have led to the project being delayed or cancelled due to insufficient funds.

Finally, the AG noted that the bid specification included an adequate assessment of the ability of the system to protect personal data.

All bidders were evaluated on this criterion, and some were responsive.

“While the current non-compliances do not indicate fraud risk factors, their impact will be fully evaluated during the final regularity audit of 2024-25,” concluded the AG.

Fortunately, implementation and payment to Idemia has not commenced as of the time of writing.

On the basis of the AG’s findings, Minister Creecy has instructed her Department to lodge a High Court application for a declaratory order for guidance on how to proceed from here.