MALTA: IT audit – Malta Food Agency
The National Audit Office (Malta) has recently conducted a comprehensive Information Technology (IT) audit at the Malta Food Agency (MFA). Established in 2021 under the Ministry for Agriculture, Fisheries, and Animal Rights, the MFA was entrusted with the task of regulating food produce from farming and fishing while overseeing the Pitkalija[1] and the Pixkerija[2] markets. Essentially, this audit focused on the overall IT setup of the Agency, with a particular emphasis on the Pitkalija Market Management System (PMMS), which is the core IT system used at the Pitkalija market.
The NAO report, which was tabled in Parliament in June 2023, uncovered a number of key findings and as a consequence proposed various recommendations related to IT management to address these issues. One of the primary concerns was the lack of adequate resources within the MFA to address security threats effectively. To address this, the NAO recommended regular information security awareness training, an initiative provided by the Institute for the Public Services (IPS). This training should become a part of the induction programs for newly recruited MFA employees.
Furthermore, the audit identified that although a Business Continuity Plan (BCP) was in the draft stage, it was not yet finalized. The NAO advised the MFA to complete and regularly review and test the BCP to ensure it remains effective against evolving threats and risks.
The absence of Standard Operating Procedures (SOPs) outlining daily operations was also noted. The NAO recommended the development and formalization of SOPs, especially concerning the PMMS application, to ensure consistency in operations.
An additional concern was the state of the MFA's server rooms, including cable management, housecleaning, air-conditioning, and ventilation. In this regard, the NAO recommended improvements in these areas to mitigate potential fire hazards.
The report also focused on the core IT software applications used by the MFA, including the PMMS, the agency's website, and the use of social media and networking platforms.
To address the significant volume of data handled daily, the NAO recommended periodic data cleaning exercises. This process should involve standardising data entry in PMMS, minimizing duplication, ensuring data accuracy, and eliminating errors to maintain correct and consistent data.
A highlight of the audit was the commendation of the PMMS application for its robust audit trail functionality, recording every step of the buying and selling process of fruits and vegetables centrally and in real-time.
Efficiency issues were also noted at the Cash Office, where multiple clients were waiting despite a one-person-at-a-time policy. The NAO recommended the continuous presence of a Security Officer to enforce this rule.
Privacy and security enhancements were proposed, including replacing the perspex window at the Cash Office with a cashier window equipped with a deal tray. Additionally, the installation of a metal shutter or roller blind when the Cash Office closes was suggested. Minimizing cash transactions and providing hawkers with electronic payment facilities were also recommended. Security at the Cash Office was further addressed by recommending the installation of an access control card system or numeric pad at the back door, allowing entry only to authorized personnel.
Another finding referred to the absence of a specific renewal cutoff date and enforcement mechanism for hawker licenses. To address this issue, the NAO suggested implementing a notification system with alerts for hawker license renewals, preventing non-renewed license holders from entering the Pitkalija until renewal.
In line with the digitization process, the MFA introduced two new web portals: the Farmers portal and the Hawkers portal, alongside the PMMS implementation. The Farmers portal, launched in April 2022, offers farmers access to sales, payment, and dues information, with each farmer assigned a unique six-digit user identifier and PIN code. On the other hand, the Hawkers portal offers hawkers access to data on purchases, produce prices, credit terms, and outstanding dues, assigning each hawker a unique six-digit user identifier and PIN code. In the future, hawkers will also have the option to make online payments through this portal, streamlining the process.
Lastly, the MFA's website was recommended to support dual languages (Maltese and English) and undergo a thorough review to resolve broken and missing links for a seamless user experience.
In conclusion, the IT audit of the Malta Food Agency has identified key areas for improvement. Through the timely implementation of these recommendations, the MFA can continue to enhance its IT capabilities, data security, and operational efficiency, ultimately providing an enhanced service delivery to all stakeholders and clients in Malta's local fresh produce markets. These measures will not only improve the agency's performance but also contribute to the overall well-being of the local food industry and the consumers it serves.
[1] The Pitkali market opens twice a week in the early hours of the morning and sees hundreds of farmers drop off thousands of kilos of fresh fruit and vegetables that are then traditionally auctioned off to restaurants, shops and street hawkers, etc.
[2] Fishermen from all over the Maltese islands deliver their catch in the early mornings to licenced ‘pitkala’ located at the fish market, which is open almost daily from Monday to Sunday. All the catch is weighed and labelled and is then auctioned by licensed ‘pitkala’ to the highest bidder. The auction starts at 4am sharp.