Lapses in checks and controls

In its annual report, the Auditor-General's Office (AGO) found weaknesses in IT controls at the Ministry of Social and Family Development (MSF), National Parks Board (NParks) and the Singapore Corporation of Rehabilitative Enterprises (Score).

This is worrying as IT is used extensively in public sector bodies to manage financial transactions and deliver services, as well as to hold vast amounts of personal and other sensitive data, the AGO said. IT security threats are also growing.

It also found inadequate financial controls by Score, Sport Singapore and the Economic Development Board (EDB).

Joanna Seow reports on the issues and the agencies' responses.

MSF: Lack of checks on activities by IT vendors working on systems for childcare/infantcare subsidy and Baby Bonus schemes

This meant data could be leaked, or bonuses or subsidies calculated wrongly. Vendors had accessed IT systems inappropriately nearly 600 times between April last year and February this year, using accounts belonging to others, the AGO found.

MSF also gave the CPF Board the wrong formula to calculate reimbursements to employers for paid paternity leave, resulting in 717 wrong payouts in 2014 and 2015.

In response, MSF said it is correcting the formula and has contacted affected employers. It has also tightened control over IT vendor user accounts and started reviewing user access and logs monthly.

NParks: IT user accounts not managed properly

Almost all the user accounts in the human resource, finance and procurement system were not reviewed, and access rights for 104 accounts of former NParks staff were not removed, the AGO found.

NParks said the risk of unauthorised access to its systems was mitigated as staff who leave have to return their computer devices. Their user accounts and access to the NParks intranet are also suspended.

NParks will conduct annual reviews of all user accounts in the IT system, as well as monthly reviews of inactive user accounts and accounts of staff who have left NParks or changed their roles.

Score: Payroll processing, procurement, payment problems

Access to the Human Resource Information System was not properly managed and payroll records could be tampered with undetected.

There were also issues with Score's tender process, such as contracts worth $49.6 million in all being signed by an unauthorised person, and overpayment for additional manpower.

In response, Score said it has taken action to improve documentation of systems and staff training. It is also migrating to the Civil Service-wide HR and payroll system, which has better internal controls, and will complete the move by 2018.

Sport Singapore: Late payments to suppliers; missing devices

Some vendors were made to wait one to 3.6 years for payments from Sport Singapore, an "unfair business practice", said the AGO. This happened for 299 payments totalling $661,900, made between January 2014 and June last year.

The AGO also checked records for 2,790 sponsored electronic devices, such as mobile phones and smartwatches, given for two major sporting events in 2015. About half of them, worth $224,700, were unaccounted for.

Sport Singapore said it has no outstanding cases of late payments and is reviewing its processes to ensure the lapses do not recur. It has also started disciplinary inquiries where necessary.

EDB: Grant projects and tenders not evaluated properly

After giving out grants, EDB failed to adequately monitor project progress for some of them. This could lead to public funds being wasted if the objectives of the grant schemes are not achieved.

Three of the 14 tenders checked were not evaluated well, with inconsistencies in the way EDB scored or treated different parties. In one case where EDB gave the successful party a wrong score for the financial solvency criterion, the correct score would have changed the winner of the tender exercise.

EDB acknowledged the scoring process can be improved, and said it will review tender processes . It is also developing a new system that will enable grant recipients to submit timely progress reports.

A version of this article appeared in the print edition of The Straits Times on July 19, 2017, with the headline 'Lapses in checks and controls'. Print Edition | Subscribe