S’pore’s public accounts watchdog stresses importance of modernising public sector IT systems
Sign up now: Get ST's newsletters delivered to your inbox
In a Feb 10 report, the Public Accounts Committee also highlighted recurring lapses in procurement and contract management, as well as the need to strengthen supervisory oversight.
ST PHOTO: RYAN CHIONG
SINGAPORE – It is critical for Singapore’s public sector to modernise its legacy IT systems and protect itself from cyberthreats, said the country’s public accounts watchdog.
In a Feb 10 report, the Public Accounts Committee also highlighted recurring lapses in procurement and contract management, as well as the need to strengthen supervisory oversight in the public sector.
The parliamentary committee, chaired by PAP MP Jessica Tan, comprises six other ruling party MPs and Workers’ Party MP Dennis Tan. It scrutinises how public funds are spent and tracks what government agencies have done to correct irregularities in using these funds.
In reviewing the Auditor-General’s report for the 2024-2025 financial year, the committee focused on issues which could impact spending, financial governance and controls across the public sector.
It held three meetings and looked at written representations from 11 ministries, as well as the National Research Foundation and Smart Nation Group (SNG) under the Prime Minister’s Office.
The committee also convened hearings on Jan 21 and heard oral representations by the permanent secretaries from the Ministry of Finance (MOF), and for Digital Development and Information, Smart Nation and Cybersecurity, to provide clarifications and elaboration on their written responses.
On IT controls and cybersecurity governance, the committee observed that weaknesses in privileged access management have recurred over the years. Privileged access management is the control and protection of accounts that have enhanced access beyond that of a standard user.
It also noted that digital transformation in government agencies is constrained by “tech debt” arising from legacy systems and outdated codes.
The Ministry of Digital Development and Information (MDDI) and SNG told the committee that such legacy issues make it “prohibitively expensive and complex to implement basic modern security controls”.
They also acknowledged that agencies’ heavy reliance on manual processes for privileged account management makes this area more prone to human lapses.
In its report, the committee said: “Longstanding policies and practices also need to change to enable effective digital transformation.
“Given the many IT systems in the public sector, it will take time to bring all the systems up to date.”
On the privileged access management issue, the committee said that MDDI and SNG have introduced tools – such as the Central Accounts Management and Automated Baseline Log Review – to automate user account and access rights management and review. However, there are limits to their coverage and effectiveness, it noted.
It also said that they plan to extend additional privileged account management controls to higher-risk systems, enhance training programmes and review policies to improve tracking and management of privileged accounts.
In addition, the committee said that MDDI and SNG are working with other government agencies to prioritise the more critical systems for modernisation first.
On lapses in general, the committee also said that many were not about lack of rules, but linked to inadequate supervision and oversight.
As such, it recommended that corrective action should strengthen supervisory oversight, instead of relying on only stricter standard operating procedures or training individual officers.
It noted that inadequate supervision contributed to lapses in the management of biocide and chemical supply contracts at national water agency PUB
In September 2025, PUB took disciplinary action against those held accountable, and counselled others for less serious mistakes.
Separately, the committee noted that lapses in procurement, contract management and grant administration have been recurrent findings by the Auditor-General's Office (AGO). It had asked MOF about the root causes of these lapses and the implementation of initiatives to address them.
MOF said the lapses stem from a combination of people and process factors, such as non-compliance by individual officers arising from knowledge gaps, or from prioritising operations over process or documentation.
In some instances, there were inadequacies in documentation, the control over and monitoring of contractors’ compliance with policies and procedures, as well as the management of conflict-of-interest situations.
The committee noted MOF’s multi-pronged approach to strengthen controls while balancing risk mitigation and compliance costs, with initiatives such as a compulsory e-learning module for officers new to procurement functions.
On more specific issues, the committee also noted weaknesses flagged by the AGO in the management of revenue by the Maritime and Port Authority of Singapore (MPA) and Ministry of Foreign Affairs (MFA). It said there should be stronger accountability and oversight over the monies managed.
The AGO had found that dumping and monitoring fees charged by MPA and two types of port dues concessions granted were not prescribed in law.
Checks on visa applications processed by MFA had also found that related fees collected by honorary consuls-general and honorary consuls were not tracked and accounted for as government revenue, even though they are public monies under the law.
The committee noted that MPA has since regularised the fees it collected and concessions it granted through legislation or by exercising its statutory power of waiver, while MFA has enhanced its systems and processes to verify the returns needed to properly track and account for the visa fees.
In its overall assessment, the Public Accounts Committee said that from the agencies’ replies and its discussions with them, it was assured that the Government has adopted a systematic, multi-pronged approach to address the complex challenges and remains committed to strengthening public sector governance.
It added: “The committee recognised that while agencies are taking swift action to address the lapses, sustained improvements in governance systems and institutional capabilities are long-term endeavours.
“Such transformation requires patience, continued investments, and commitment from all levels in the public sector. It also requires the support of the industry ecosystem, in terms of responsible and capable consultants, contractors and vendors in delivery.”
