SINGAPORE - Several government ministries and agencies have been rapped by the Auditor-General for weaknesses in controls over information technology (IT) systems, lack of financial controls and inadequate oversight over large-scale development projects.

These lapses were discovered by the Auditor-General's Office (AGO) in the latest annual audit of government accounts for Financial Year 2016/17.

In response, the Ministry of Finance (MOF) said the public sector's overall system of managing public funds remains sound, but acknowledged there are areas where agencies can do better by strengthening their financial governance.

"The Public Service is taking a concerted effort to address the issues identified," it said.

"Heads of the agencies responsible have reviewed each case and where warranted, appropriate actions have been or will be taken against those responsible."

In the report released on Tuesday (July 18), the AGO found that the Ministry of Social and Family Development (MSF) did not track how its staff and vendors use the IT systems that run the Baby Bonus, child care and infant care subsidy schemes. The systems were accessed 4,920 times over an 11-month period, but 595 of these were "inappropriate" logins that "would warrant further investigation". Among them, 560 logins were made by MSF's IT contractor who "had used a privileged system user account which did not belong to them"

The National Parks Board (NParks) did not remove the access rights of 104 accounts of staff who have quit, some as far back as 10 years, while the Singapore Corporation of Rehabilitative Enterprises (SCORE) had weak controls over its payroll system.

The agency with the most lapses in its IT systems was the Central Provident Fund (CPF) Board. It did not track its monitoring systems for unauthorised access to the computers. In one of its IT systems, nearly 89 per cent of changes made by the system administrator over a three-month period were not backed by proper approvals. In another IT system, the alerts meant to pop up when there was unauthorised access were incomplete.

"These lapses could affect the effectiveness of the two IT security-monitoring systems in detecting IT security violations," the AGO said. The CPF Board also did not revoke IT access granted to temporary staff and could not identify who used the accounts after they quit.

As for financial controls, the AGO found lapses in the Economic Development Board (EDB), Sport Singapore (formerly the Singapore Sports Council) and SCORE.

The EDB had given out grants totalling $2.59 million for eight projects even though information on these projects was inaccurate and incomplete. In six of these projects, EDB misrepresented them as being on track even though the grant recipients did not meet or faced difficulties in meeting the project conditions.

In SCORE, payments amounting to about $710,000 were made to contractors even though the invoices were not properly certified by its staff. A staff who was authorised to approve payments of up to only $1 million was found to have approved payment of up to $15.88 million.

Sport Singapore was found to have dragged its feet in paying contractors. It paid about $970,700 to vendors more than a year after the invoices were received. The longest it took to pay a contractor was more than three years and six months. The national sports body also could not account for how it used some of the sponsored items that it received, AGO noted.

On management of projects, the AGO singled out the Ministry of Health (MOH) for "irregularities" in many multi-million dollar contracts that it oversees. For example, the ministry paid $4.08 million for site supervisors for the building of the Ng Teng Fong General Hospital, but the ministry did not verify the need for the staff or the reasonableness of the cost, the AGO noted. It also did not get proper approvals and made the payment solely based on the agent's claims.

The MOH also made 40 changes to contracts amounting to $3.76 million without approval, including 32 changes for 10 projects valued at $2.17 million where the changes were made after the projects were completed or had started.

In response to the AGO report, MOH said it has worked to strengthen project oversight and management, as well as controls and checks on infrastructure projects to prevent lapses.

It will also train officers on public procurement procedures in a more structured way, and hold regular briefings on the contract variation process.

It noted AGO found "there was no indication of fraud or corrupt practices which warrant further investigation, or deliberate wrongdoing by the persons involved in the projects."

On the lapses of control over large scale projects, the AGO said: "Such lapses were found across different public sector entities over the last few years, indicating that more could be done to strengthen these areas."

MINISTRY OF FINANCE RESPONSE

In its response to the report, MOF noted that AGO had given an unmodified audit opinion on the Government Financial Statements for FY 2016/17. "This gives assurance that public funds have been independently verified to be properly accounted for, and the accounts are reliable and prepared in accordance with the law," the ministry said.

It also said the Public Service is taking steps to address issues raised in a systemic way.

On enhancing financial controls over grants, the Accountant-General's Department has been consulting government agencies and developing a guide that will help them put in place appropriate control procedures to ensure better accountability and efficiency. This guide will be given to agencies by the end of this year.

On better management of projects and contracts, a new Building & Infrastructure Centre of Excellence under JTC Corporation will advise government agencies and strengthen their capabilities in managing infrastructure projects. Project management training for public officers has also been enhanced, and MOF has worked with agencies on further guidelines on managing contract variations for development projects, which were issued last month.

On strengthening audits and policies for better IT governance, MOF said there are IT policies to ensure proper controls are in place so as to safeguard the integrity of public sector IT systems and the data within. "These policies have been continually strengthened over the years to improve the IT security posture of the public sector. Internal audits are also conducted from time to time against these policies to help agencies identify shortcomings for remediation," it said.

The newly-formed Smart Nation and Digital Government Group in the Prime Minister's Office will also strengthen the internal IT audit regime so that agencies can better identify and rectify any gaps in compliance. It will also continue to refine policies and share best practices to raise the governance and performance of public sector IT systems.

Said MOF: "Improving financial governance and accountability of government agencies... is a journey of continuous improvement."