Weaknesses in IT and financial controls, and failure to oversee projects found in public-sector agencies: Public Accounts Committee

Giving staff unnecessary access rights and not promptly removing user accounts when they are no longer required were among the lapses detected.
Giving staff unnecessary access rights and not promptly removing user accounts when they are no longer required were among the lapses detected. PHOTO: BLOOMBERG

SINGAPORE - The recurring weaknesses in IT controls detected across government agencies are significant, given how IT security is a serious concern today, said the Public Accounts Committee on Tuesday (Jan 23).

Giving staff unnecessary access rights and not promptly removing user accounts when they are no longer required were among the lapses found.

Many of them had happened despite the Auditor-General already pointing them out in the past, said the committee.

It told public-sector agencies to adhere to IT policies and controls, saying that the lapses had occurred "not because of a lack of processes, but due to agencies not complying with the controls put in place".

The report by Parliament's watchdog on public funds is its second for the financial year of 2016/2017.

Weak information technology controls were among the three issues highlighted. The other two issues are lax financial controls, and failure to properly oversee development projects.

The committee of eight MPs, chaired by East Coast GRC MP Jessica Tan, said the issues cut across the public sector and were not new, indicating that there was a need to strengthen these areas.

It called on the agencies to drum into their staff the importance of complying with rules and processes, and to hold agency heads accountable when this is not done.

The report found that there were 595 instances of "inappropriate access" to the computer systems supporting the Baby Bonus and Child Care and Infant Care subsidy schemes.

This happened when an IT vendor for the Ministry of Social and Family Development (MSF) used user accounts which had unrestricted access to complete its work quickly.

Although the systems were accessed for "valid business purposes", MSF issued a stern warning letter to the vendor after an investigation, said the committee.

The ministry has also introduced measures, such as an independent monthly review of accounts and access logs by its own IT staff, to detect inappropriate activities.

In another lapse, MSF was found to have made 717 incorrect reimbursements to employers in 2014 and 2015, for government-paid paternity leave.

As of October 2017, it had heard back from employers involved in 618 cases and worked out the correct amounts.

The ministry had to make supplementary payments totalling $92,461 in 557 cases, and asked for refunds totalling $124 in three cases.

No further action was needed for 15 other cases as there was no over- or under-payment, while in three cases, the companies had closed down. MSF is awaiting bank details in 40 other cases.

The ministry has since corrected its formula for system-processed claims.

The committee noted that the Ministry of Finance (MOF) has put in place measures on the whole-of-government level to educate public officers. The ministry has also set up an inter-agency work group to look into common lapses.

The committee suggested that the MOF should also consider how the good practices of some agencies can be implemented elsewhere for improvements across the board.

The committee is tasked to scrutinise how public funds are spent and track what government agencies have done to correct irregularities in the use of public funds.

For its report, it studied the latest Auditor-General's report for the financial year 2016/2017.