Auditor-General flags poor IT and financial controls

Singapore

THE Singapore public sector's overall system of managing public funds remains sound, but there are areas where government agencies can do better by strengthening their financial governance, the Ministry of Finance (MOF) said on Tuesday.

This was in response to the FY2016/17 Auditor-General's (AG) Report which cited several agencies, such as the Ministry of Health (MOH), Central Provident Fund Board (CPFB) and Economic Development Board, for lapses classified into three categories: weaknesses in information technology (IT) controls, laxity in financial controls, and inadequate oversight of development projects.

In a statement on Tuesday, the Auditor-General's Office (AGO) said: "The report of the Auditor-General covers the more significant audit observations in this year's audits. These are observations which indicate lapses with significant financial impact, systemic lapses or common lapses that may seriously weaken financial governance and controls if not corrected."

On Tuesday, MOF said that the public service was taking a concerted effort to address the issues identified. "As the AG has noted, 'government agencies are committed to rectify the lapses and put in place measures to prevent future recurrence'. Heads of the agencies responsible have reviewed each case and where warranted, appropriate actions have been or will be taken against those responsible."

The AGO found an inadequate review of activities in IT systems, wrongful use of privileged accounts by officers or appointed vendors and lack of review of user access rights in its audits of CPFB, the Singapore Corporation of Rehabilitative Enterprises (Score), the National Parks Board and the Ministry of Social and Family Development.

In CPFB's case, the AGO noted a lapse in the management of two IT security monitoring systems which tracked the activities of the agency's databases and systems. CPFB didn't monitor the systems for unauthorised changes for a period of time. The AGO also found lapses in controls over access to IT Systems for 14 accounts of temporary staff of CPFB that were not removed promptly after they had left the agency.

In response to this, CPFB said that a thorough review had been conducted and there were no unauthorised activities or transactions made to CPF members' databases resulting from the lapses. It added that members' data had not been compromised.

For Score, the AGO found that two officers, who were not the system administrators of the payroll processing system, were given privileged access which allowed them to grant and amend the access rights of all users. Score responded by saying that it was working closely with the Ministry of Home Affairs to put in place "robust systems and frameworks, and build up the competency and skills of our HR and procurement officers".

For financial controls, the Singapore Sports Council, or Sport Singapore, was named in the report for delaying 299 payments amounting to S$661,900 for one to about 31/2 years after the invoice date without valid reasons. It also didn't account for 1,396 units of sponsored electronic devices for two major sporting events in 2015 that were valued at S$224,700.

Sport Singapore said in response to the lapses that it would address all of the AGO's findings and where necessary, "disciplinary inquiries have been initiated and persons found negligent will be held to account".

On management of development projects, the AGO found that MOH incurred expenditure of about S$4.08 million for site supervisory staff for the building of the Ng Teng Fong General Hospital without "verifying the need for and reasonableness of the expenditure".

MOH did not seek approval from its authority to incur this expenditure. It did not ensure that the agent adhered to MOH's condition that contract variations had to be approved by specific authorities before instructing the contractor to proceed with the variations. This condition was breached for contract variations amounting to S$30.09 million, the AGO said.

MOH acknowledged the AGO's findings of the lapses in a response to the report. It said that it had worked to strengthen its project oversight and management capabilities, and controls and checks on infrastructure projects to prevent future occurrences.

For lapses in procurement, the AGO said that its test checks on EDB of 14 tenders (totalling S$32.03 million) for the period of April 1, 2014 to June 30, 2016, found lapses in the evaluation process of three tenders (totalling S$19.24 million). In addition, the AGO found that in the administration of grants, 47 projects had the progress reports submitted late or not submitted and EDB didn't monitor and follow up on these submissions.

On Tuesday, EDB said that a review would be conducted to determine best practices for future tenders, which will include how it can provide greater clarity in its tender documents. While EDB acknowledged that more robust measures could be put in place to monitor the progress of projects that had received EDB's grants, it said that it did not find any evidence of fraudulent activities or malicious intent for the lapses cited.