The National Information Technology Development Agency (NITDA) has clarified its role in the assessment of the University Transparency and Accountability Solution (UTAS), saying the payment platform failed its quality assurance test.
Recall the Act establishing NITDA mandates it to create a framework for the planning, research, development, standardisation, application, coordination, monitoring, evaluation and regulation of information technology (IT) practices in Nigeria. Also, in line with its mandate, the agency has been registering indigenous software solutions. Part of the registration process requires that solutions are subjected to tests in line with the requirements of the Software Testing and Quality Assurance Framework and Guideline and the Guidelines for Nigerian Content Development in ICT.
It is common knowledge that the Academic Staff Union of Universities (ASUU) has been engaging the Federal Government on several issues including payment of promotion arrears, earned academic allowance, funding for revitalisation of public Universities and the adoption of UTAS as a payment platform for universities.
On October 14, 2020, NITDA was invited to participate in an interactive session between ASUU, Federal Government and the Legislature. The session, held at the conference hall of the Accountant General of the Federation’s office, was to avail ASUU opportunity to demonstrate the UTAS platform.
As part of the conditions for acceptance of UTAS as a payment platform for public universities by the Federal Government, NITDA was directed to subject the platform to an integrity test and advise the government appropriately. In doing so, the agency decided to carry out 3 of the 8 tests specified in the Software Testing and Quality Assurance Framework and Guideline – user acceptance test (UAT), stress test and vulnerability assessment and penetration test (VAPT).
As part of the process, NITDA held its first meeting with ASUU on October 22, 2020, and discussions centred on the modalities of the assessment. Furthermore, documents necessary for effective planning and execution of the tests were requested. As critical stakeholders in the implementation and deployment of the solution, both the National Universities Commission (NUC) and the Office of the Accountant General of the Federation were also engaged. The main aim of this engagement was to obtain software requirements from their perspective.
Upon receipt of the documents from ASUU as well as access details of the UTAS platform in January 2021, the agency’s team carried out the basic functionality/user acceptance test on the platform. NITDA felt it could use the report produced by NUC for its report. However, upon review, it was observed that the solution was demonstrated to the principal officers in a similar way it was demonstrated at the Accountant General’s Office. The agency decided that further UAT be carried out with actual end-users from the university system. Arrangements were made and 46 staff members from 28 federal universities (mainly from the vice-chancellor’s office), human resources, accounts and bursary participated in the UAT, held at NUC, on August 10, 2021.
Although the UAT was carried out as planned, challenges were encountered that negatively impacted the outcome of the assessment. For instance, although the invitation emphasised the need for prospective participants to come with ICT tools for the exercise, very few of the participants had these tools. This resulted in the grouping of participants and very limited hands-on interaction with the solution was possible. Furthermore, there was limited connectivity which made it difficult for the participants with the relevant tools to follow the demonstration by ASUU. These issues were adequately reported to key stakeholders.
The agency’s team also carried out a series of vulnerability assessments and penetration tests on the UTAS platform. One of these assessments revealed 5 high-risk vulnerabilities likely to negatively impact the platform if exploited. Furthermore, 2 low-risk vulnerabilities were identified. These were discussed with the ASUU team and further assessments of the updated version of the solution revealed that the high-risk vulnerabilities have been addressed. However, 1 medium-risk, 3 low-risk and 44 informational risks were identified. These were adequately communicated to the relevant stakeholders, including ASUU.
“A detailed functionality/user acceptance test on the platform was carried out by our team. A total of 687 test cases were generated and 529 passed, 156 failed and [there were] 2 cautions. As some of the failed cases are critical to the overall functionality of the solution, the agency could not recommend its deployment in a production environment. ASUU was, therefore, requested to work on the solution and submit it for further assessment. Furthermore, a comprehensive report outlining all the tests carried out and issues identified was submitted to the Honourable Minister of Communications and Digital Economy on December 3, 2021. This was in turn submitted to the chief conciliator, the Minister of Labour and Employment, as well as other stakeholders.
“During the conciliation meeting held at the instance of the Minister of Labour and Employment on Tuesday, February 22, 2022, it resolved that NITDA works with ASUU and subject UTAS to re-assessment. Furthermore, it was resolved that key members of the conciliation team be in attendance as observers during the technical team’s sessions.
“It may interest the agency’s stakeholders to know that NITDA, as a responsible agency of government, made all arrangements to ensure that the exercise was carried out successfully. The interaction commenced on March 8, 2022, with discussions on the methodology to be used as specified in the Software Testing and Quality Assurance Framework and Guideline. Upon reaching an agreement and starting the actual test on the solution, a critical error occurred and the test could not continue. As a result, the interaction had to be postponed to enable the ASUU team to rectify the issue.
“Considering the challenge encountered, the assessment methodology had to be reviewed to facilitate daily remediation of critical issues as they occur. This, although not in NITDA’s standard operating procedures for exercises such as this, was adopted. Consideration was made to the national importance attached to the exercise as well as the need to complete it in a reasonably shorter period,” a statement by the agency’s head, corporate affairs and external relations, Mrs. Hadiza Umar.
The statement further clarified that despite making all efforts to fast-track the exercise, it took the team two weeks of continuous, daily interaction [to do this].
“There is no doubt that the exercise has positively impacted the functionality and robustness of the UTAS platform. Furthermore, we believe that the interaction availed ASUU the opportunity to understand and appreciate NITDA’s commitment and level of professionalism exhibited in carrying out its responsibilities.
“The attention of stakeholders and the general public is drawn to the need for the UTAS platform to be sufficiently robust with key functionalities implemented before being deployed to the production environment. However, the assessment revealed that the solution, as it is currently implemented, is limited. There are critical functionalities that have to be implemented, tested and passed before the solution can be considered to meet NITDA’s due diligence requirements. These areas of improvement have been fully documented and shared with the ASUU team for necessary action. It is expected that ASUU will improve on the areas identified, work on the security issues flagged and resubmit the solution for further assessment,” the statement hoped.
It assured stakeholders and the general public of its commitment to its mandate and the vision of proactively facilitating the evolvement of Nigeria into a sustainable digital economy by creating an enabling environment where Nigerians develop, adopt and derive value from digital technology.