An operational review of Malta’s ITS tourism school that was commissioned weeks after Rosianne Cutajar resigned from her fake €19,000 consultancy job highlighted that a risk of fraud could potentially act as a major stumbling block in the ITS’s achievement of its objectives.
This website is publishing the full report that was signed by accountant Reece Delia on behalf of KSi Malta. The request for proposals for such a report was issued by the Ministry for Tourism in February 2020, just weeks after Cutajar’s departure.
While the KSi Malta report discusses a number of points including conflicts of interest, encouraging a culture of competence, oversight on financial matters, a risk of fraud, fraud schemes and scenarios common to the public sector, and a board of directors that can become unstable in times of “political strife”, it fails to specifically mention Cutajar’s conduct and contract which was subsequently flagged in a report by Malta’s National Audit Office (NAO).
A brief reminder of what the NAO audit found
In brief, the NAO audit found that the CEO of the ITS, Pierre Fenech, engaged MP Rosianne Cutajar (back then part of the PL benches) as a consultant. The contract was dated May 2019. Cutajar resigned from her role as a ‘consultant’ in January 2020. During her ‘time spent’ at ITS, Cutajar earned a gross income of €19,195.
- The NAO established that the employment of Cutajar breached all regulations governing recruitment
- Cutajar had no evident expertise to review ITS financial documents and to ensure it adhered to ethical requirements
- A dearth of evidence casted doubt on what work Cutajar actually carried out
- Rosianne Cutajar refused to met the NAO to answer questions in person
Previously unpublished: The operational review
To the best of our knowledge the operational review carried out by KSi Malta hasn’t been published anywhere in the public domain until now.
The full report is 71 pages long. You can download a copy of the full report from the bottom of this page.
Here were are highlighting a small number of sections from the report. While they are in order of appearance in the report, a number of sections are skipped:
The primary purpose of this report has been to carry out an operational review of the ITS, focusing specifically on its corporate governance structure as well as the efficiency and effectiveness of its controls with respect to project management, procurement, finance, operations and the recruitment and engagement of personnel, with the ultimate aim of providing recommendations on how the operations could improve through the introduction of changes to the current structure of the Institute.
To this end, it was concluded that the control environment currently in place at the ITS is significantly strong with the Institute having a number of structures in place to ensure that it is kept on its toes and that recommendations for improvement are continuously made.
Key Issues and Recommendations
- Rotation of Board Members on the Disciplinary Board every five (5) years to strengthen control risk
- Keeping a database of all conflicts of interest and breaches of independence arising
- Ensuring that a Finance function is in place to oversee the financial matters of the Institute
- Performing a training gap analysis and develop a training plan on a yearly basis to encouragea culture of competence
Following the Ministry for Tourism and Consumer Protection’s Request for Proposals, issued on 20th February 2020, KSi Malta was successfully awarded and assigned the task of offering its professional services to the Ministry, with the main objective of conducting an Operational Review on a number of entities falling under the Ministry’s remit, the ITS being the entity that shall be considered for the scope of this report.
Scope of the Engagement at hand
As agreed, upon during the initial meeting held with Mr. Dolan Debattista, Director of Operations within the Office of the Permanent Secretary of the Ministry for Tourism, on Tuesday, 10th March, 2020 and the letter of engagement signed on 8th April, 2020, the primary objectives of this report shall be:
(i) To review the work practices of the ITS with a special focus on:
a. Corporate Governance
b. Procurement procedures and processes
c. Project management
d. Financial and operational controls in place
e. The engagement and remuneration process adopted for personnel engaged by the entity.
Moreover, all employees of the organisation should have some responsibility for internal control as part of their accountability for achieving objectives.
The integrity and ethical values of the organisation
The general sentiment provided during the meetings and discussions held with the CEO and members of Senior Management was that the strictest levels of integrity and ethical values are adopted at the ITS, especially when taking into account the fact that the team on board nowadays faced at situation five (5) years ago in which no standards, policies or procedures were in place and in which the ITS faced a dire situation.
Nonetheless, we would like to remark to this effect that situations giving rise to a potential conflict of interest have seemingly occurred in the past and current practice seems to be such that any conflict of interest is declared up to a ministerial level, with members standing on particular bodies, such as the SCB, standing down from their position when issues of independence arise.
One point to mention in this regard is that, given that the appointment of such Board members depends on the administration in Government, it usually changes every time that there is a change in Minister heading the Ministry of Tourism. A case in point is the recent appointment of the new Minister, Hon. Julia Portelli, in which case the then Board members were asked to resign back January and it was up to the new Minister to actually re-appoint or accept the resignation of the Board members. The new Board of Governors in fact commenced its work during the operational review performed on the ITS.
Given that the Board of Directors is hence based on political appointment, considering the commercial nature of the entity, it might introduce a certain level of instability in the management of the ITS, especially in times of political strife. Nonetheless, the handover process from one Board to the next seems to transition quite efficiently, with the CEO of the ITS and his team preparing voluntarily, without any obligation to do so, an end-of-term report which summarises the main achievements of the previous Board, the HR structure, the financial performance and position of the entity as well as some pending key matters so that the newly appointed board can take over from the previous in a smooth manner.
Hence, while most of the executive day-to-day decisions are made by the CEO who is particularly responsible for implementing the direction selected by the Board for the ITS, all decisions made by the CEO are communicated to the Board of Governors, in an official manner, through the Board meetings held, and in an unofficial manner, through conversations held with various members of the Board in which they communicate on a regular basis on urgent matters that might not permit the scheduling of an official meeting within a short period of time. All activity carried out and decisions made by the Board of Governors are carefully minuted.
The organisational structure and assignment of authority and responsibility
With reference to the organisation chart displayed in Figure 4 above, we believe that the current structure operates quite well and smoothly, with individuals having clearly defined roles and responsibilities and with lines of authority and responsibilities being well established and understood by members of staff at the ITS
The process for attracting, developing, and retaining competent individuals
While it has been noted that the level of staff turnover at the ITS is close to none, with the ITS having good employee retention with very few terminations occurring during the year, when raising the point of attracting and developing new talent to better improve the quality of service of the ITS and smoothen its operations even further, it was highlighted that the remit of the Board of Governors is significantly limited.
To this end, the Human Resource Manager explained that attracting new individuals to the entity is subject to the scrutiny of the People and Standards Division of the Government of Malta. Every addition to the headcount of the ITS requires the explicit approval of the said Division following the submission of an annual Human Resources Plan (through an annual allocation made to headcount by the said Division) and hence, even if the Board of Governors approves the engagement of a new person, this will not count without approval aforementioned.
The rigour around performance measures, incentives, and rewards to drive accountability for performance
In a discussion held with the CEO of the ITS, it clearly emerged that the associated performance incentives and rewards given to the senior management of the entity are ultimately dependent on the performance of the bottom line and hence, ultimately, how much profit is generated or how much loss is mitigated. To this end, the latest Directive 7 approved by the Board of Governors for the period 2017-2019, indicates that CEO and Directors may receive a performance bonus of up to 15%, with Mangers, the Registrar, the Gozo Campus Administrator and any Heads being entitled to a bonus of up to 10%.
However, when asked if some form of performance appraisal mechanism is in place in order to be able to compute the expected performance bonus of each member of senior management, it was identified that no such system exists and, hence, the suggestion of how much bonus each member of management may receive is proposed to the Board of Governors and subject to their approval. There is hence no formal mechanism or system in place that can back up the incentives given and act as a motivating factor in reaching targets set, as also confirmed with the Human Resources Manager who explained that the performance of lecturers and other academics is usually assessed through set forms yet in terms of all other personnel working for the ITS, performance is discussed informally through meetings held between the member of management and the employee.
It is hence being recommended that, in order to drive accountability for performance of the members of senior management of the ITS, a fully-fledged performance measurement and management system is introduced in order to highlight how much of the 10% or 15% each manager should be entitled to receive on an annual basis.
Identification and Analysis of Risks involved
While the objective-setting process at the ITS is clearly delineated and functions adequately, we believe that more emphasis should be placed on the identification, assessment, and management of risks within the ITS. To this end, we suggest that based on the objectives of the entity, a thorough assessment of what potential risks could arise should be carried out and the expected likelihood of the risk materialising as well as the expected impact and severity of risk on the ITS if the risk were to materialise be determined, using an appropriate risk management tool such as a risk scorecard, risk matrix or a heatmap. Such a risk assessment should be regularly revisited to identify any pertinent changes. Engaging a competent individual in this regard would be strongly recommended or subcontracting the exercise to a third-party service provider which is an expert in the field.
Assessment of Fraud Risk
The risk of fraud could potentially act as a major stumbling block in the ITS’s achievement of objectives as identified in Section 8.1. To this end, it is important for the ITS to specifically perform an assessment of the extent to which fraudulent reporting, possible loss of assets and corruption resulting from the various ways that fraud and misconduct, can occur and the assessed severity on the operations of the ITS. To this end, the executive management at the ITS should consider:
• The degree of estimates and judgments in external financial reporting
• Methodology for recording and calculating certain accounts, such as inventory and cash
• Fraud schemes and scenarios common to the public sector
• The geographic regions wherefrom the entity attracts clients
• Nature of automation
• Unusual and complex transactions subject to significant management influence
• Last-minute transactions
• Individuals that are in a position to circumvent and override fraud controls
• Review pressures and incentives in compensation programmes that would allow management and employees to consider fraud
Once a thorough assessment of the above is carried out, appropriate mitigation strategies should be devised to ensure that the risk of fraud materialising is minimal. As alluded to further in this operational review, having the IQAC to act as a watchdog, to a certain extent, aids significantly in the assessment, identification, management and curtailment of risks which would keep the ITS on its toes and ensure that no abuse is carried out.
Control Activities with respect to personnel engagement and remuneration
With respect to the control activities performed for the engagement of employees, it is to be noted the ITS does not have much control over the recruitment and engagement process given that the People and Standards Division is the one that oversees and regulates the process of each new recruit at the ITS. As previously explained, an HR Plan is submitted on a yearly basis to the People and Standards Division and an allocation is given in terms of headcount which the ITS then decides where to place such allocations depending on the needs of the Institute at the time (for instance, in the latest HR Plan submitted as at 31st December 2019, a total of sixteen (16) new recruits were requested to the Division).
Recruitment and engagement of employees is usually on the basis of a termination of a previous employee, secondment with replacement or else the retirement of an individual and a case needs to be built for each proposed recruitment, making hence the personnel engagement process somewhat rigid although this is beyond the control of the ITS itself. The process nonetheless is well controlled by a body external to the ITS and hence the control level is expected to be quite high in this regard. A file for each new recruit is also kept and may be requested upon inspection carried out. This process, however, is not applicable in the case of academics for whom recruitment can be carried out more flexibly.
In terms of the remuneration of employees, a sample collected from a recent payroll revealed that the wages and salaries reflected the conditions and stipulated increments and allowances laid out in the Collective Agreement issued for non-managerial (administrative) staff levels and the Directive 7 and approvals of the Board of Governors for managerial staff. A part-time employee is particularly employed with the ITS as an administrator of all payroll-related matters. Such a person monitors which members of staff need to receive progression and which members of staff should receive an increase in their salaries. This particular separation of the payroll function vested in the hands of one particular individual, who is segregated from HR personnel recruiting and engaging new employees and from the finance team responsible for the recording of overtime, is commended as it allows for the necessary segregation of duties.
All employees at the ITS are requested to punch in and punch out (through a face recognition software) through their staff card in order to be able to determine how many hours of work they carry out during the day. The administrative assistant checks these reports on a daily basis to identify who reported sick and if there was any lateness. He also sends the attendance first thing in the morning to the HR Manager and the DCS. Overtime schedules (although overtime is kept to a minimum) are prepared and pre-approved by the DCS whenever there is overtime required through the filling in of an appropriate pre-authorisation sheet. These are then checked against the face recognition system readings to see if the actual overtime was carried out. Leave is also booked using an appropriate form to be signed by the appropriate line manager. Vacation and sick leave also involve filling in a form and getting an approval from the manager, which is then sent to a processing clerk to input the data into the payroll system. While the aforementioned processes and procedures are to be encouraged, operational efficiency could be significantly be improved if these processes were to be computerised, reducing the risk of material misstatement due to fraud or error, and improving the remuneration process.
With respect to external information, the ITS’s key stakeholder is the Government of Malta itself, namely through the Ministry for Tourism and Consumer Protection, which remains, ultimately, its main “shareholder”. To this end, a representative from the Ministry is invited to attend each and every Board meeting held while meetings which usually involve important decisions, which are also expected to have a significant impact on the operations of the Institute as well as the general operations of the Government, are normally attended by a representative from the Ministry so that a Board resolution can be made in his or her presence.
As an Institute of Further and Higher Education, the Institute is, first and foremost, governed by the Requirements of the NCFHE, which regulates the operations of all educational institutions in Malta. Having been subject to its first external audit back from the NCFHE back in 2015 (given that the ITS is subject to an external audit from this body once every five years and hence its next audit is scheduled this year), a number of major deficiencies were identified in reaching the eleven (11) standards that govern the quality assurance of educational institutions such as the ITS. These major shortcomings were inherited by the new management which took over the reins back in 2015, inheriting a system of quality assurance that was weak with an ad-hoc committee for quality assurance purposes being set up.
Demonstrates commitment to competence
While a system of performance bonus and incentive schemes are in place to management, it might be a good idea to drive accountability further by developing in further detail a performance measurement and management system. A standard performance appraisal mechanism to be carried out at least once a year and to include the achievement of KPIs that ultimately allow staff members to reach the goals and objectives of the ITS should be devised to drive accountability even further.
The assessment of risk of fraud should be considered seriously especially given that the ITS deals considerably with cash in its restaurants and inventory in its stores.
A fraud risk assessment should be performed, either internally or through the help of an external service provider, to analyse the extent to which the ITS is exposed to this risk and appropriate mitigation strategies devised.
Malta Files 