Auditor-General highlights weak IT controls, lapses in management of contracts and grants for social programmes
SINGAPORE: Several ministries and government agencies have been flagged by the Auditor-General for lapses in three areas - IT controls, contract management and the management of social grants.
These gaps were laid out in a report by the Auditor-General's Office (AGO) released on Tuesday (Jul 16), after its audit of government accounts for the financial year 2018/2019.
The audit covered all 16 government ministries and eight organs of state, four government funds, nine statutory boards, four government-owned companies and three other accounts.
Ministries and agencies singled out in the AGO report for lapses include the Ministry of Defence (MINDEF), the Ministry of Culture, Community and Youth (MCCY), Ministry of Health (MOH), Islamic Religious Council of Singapore (MUIS) and the Ministry of Social and Family Development (MSF).
In response to the report, the Ministry of Finance (MOF) said the Government "has accepted all the recommendations" and the agencies are "working on the necessary follow-up actions".
WEAKNESSES IN IT CONTROLS
The AGO said it "found weaknesses in IT controls" in the Ministry of Manpower, Singapore Customs and MINDEF.
The lapses included: Inadequate logging and review of activities of privileged users, such as operating system and database administrators, and lapses in the management of user access rights.
In its audit of MINDEF, for example, the AGO found that a number of IT vendor employees were granted unrestricted access to read personnel and payroll information in MINDEF’s human resource system.
"The read-access was not granted on a strict, needs-only basis based on the vendor staff’s job scope and duties to be performed in the system," the AGO said.
It also noted that since 2014, MINDEF had not reviewed the log records of access made by the IT vendor staff to information which required controlled access.
Weaknesses like that, the AGO said, "would expose the entities to the risk of not detecting unauthorised access and activities which could compromise the integrity and confidentiality of data in the IT systems".
LAPSES IN PROCUREMENT AND CONTRACT MANAGEMENT
The AGO also found lapses in procurement and contract management at MCCY, MUIS, and the National Council of Social Service.
For the National Gallery development project, which is owned by MCCY and managed by the National Gallery Singapore, there were lapses in the approval of 142 contract variations amounting to S$12.4 million, said AGO.
"These lapses included obtaining approval from the approving authority only after works had commenced or had already been completed, obtaining approval from incorrect approving authority, and not seeking approval for substantial increase in variation cost," the AGO noted.
For items with rates not listed in the contract under six contract variations, AGO said the cost was based on a single quotation obtained by the contractor for each item, and was not assessed for how reasonable the rate was.
"Failure to properly assess and manage contract variations could result in MCCY not obtaining full value from the public funds spent," it said.
MUIS was also mentioned in the report for a "number of lapses from its test checks". Six tenders and quotations amounting to S$4.4 million had errors in the scores awarded during the evaluation process. Some would have resulted in different vendors being awarded.
GAPS IN MANAGEMENT OF SOCIAL GRANT PROGRAMMES
The AGO also carried out a thematic audit on selected social grant programmes managed by MOH and MSF.
It pointed out that a total of S$1.59 billion was disbursed by the two ministries under their social grant programmes to 1,058 Programme-Voluntary Welfare Organisations (VWOs).
"By and large, grant programmes managed by both ministries had defined objectives and clear service deliverables which were approved by the correct approving authority," the AGO said.
However, AGO found a significant number of instances where funding was approved or a funding agreement was entered into only after the start of the funding period.
There were also cases of grants being approved or disbursed before funding approval was obtained or before an agreement had been entered into.
It noted that "checks by both ministries for grant disbursements were inadequate".
"Based on AGO’s test checks, there was a significant number of instances where the ministries had not carried out adequate checks on VWOs’ inputs and claims for disbursements to ensure that these were valid and correct before processing the disbursements. AGO also noted instances of errors in the computation of disbursement amounts."
The AGO also noted gaps in MOH's monitoring process for grants.
There was "no evidence" documents submitted by VWOs were reviewed, the ministry did not adequately follow up on anomalies detected in documents submitted and it did not follow up with VWOs for documents they had failed to submit, the AGO said.
GOVERNMENT HAS ACCEPTED ALL RECOMMENDATIONS: FINANCE MINISTRY
"Some of the lapses highlighted in this report, such as weaknesses in IT controls and lapses in procurement and contract management, are similar to those reported last year although the lapses involve different entities," the AGO said.
"It is important that public sector entities avoid repeating similar lapses and implement effective measures to enhance governance and controls on the use of public funds.
"AGO will follow up with the public sector entities to ascertain that remedial actions are taken."
In response to the lapses listed in the report, the Government "has accepted" all the recommendations made by the AGO, MOF said on Tuesday.
In a news release, MOF said the public service sector was "making a concerted effort to address the AGO's findings".
The Smart Nation and Digital Government Group will help agencies raise their level of compliance on rules of IT controls, MOF said.
The public service will also continue to strengthen its internal IT audit regime, MOF said.
MOF added the ongoing Public Service Data Security Review Committee will examine how IT measures affecting data security and third-party management may be improved.
To address the lapses in construction contract management, MOF has been working with the Building and Construction Authority (BCA) to implement several measures, such as simplifying rules on variation orders and works, as one of the areas of lapses in contract management was due to the misinterpretation of rules.
BCA also enhanced the procurement framework for consultancy services by placing greater emphasis on quality during tender.
To improve grant management, MOF said the public service is taking steps to improve grant governance after the completion of the grants management review conducted by MOF and the Accountant-General’s Department.
"As stewards of public resources, we are firmly committed to ensuring a sound governance system," MOF said, noting the report had not identified instances of fraud or corruption among public officers.
"As we make improvements, we are mindful of the need to strike a sensible balance between strengthening controls, and maintaining efficiency and timeliness in delivering services to Singaporeans."