[ad_1]
SINGAPORE: The Auditor General’s Office (AGO) found problems with the IT systems of some public agencies, service contracting processes and donation disbursement practices, according to its annual report released on Monday (September 7).
The report, which is an audit of the government accounts for the 2019/2020 financial year, covered the 16 government ministries and the eight state organs, one government fund, 13 statutory boards, four government-owned companies, other three selected accounts and businesses. Workforce Singapore (WSG) and Enterprise Singapore (ESG) grant programs.
The ministries and agencies identified in the AGO report for failures include the Ministry of Foreign Affairs (MFA), the Public Services Board (PUB), the National Library Board (NLB), and Jurong Town Corporation (JTC), among others. .
PROBLEMS WITH IT CONTROLS
The AGO found that the Department of Accountant General of the Ministry of Finance (MOF), the Public Services Division of the Office of the Prime Minister, MFA, Ngee Ann Polytechnic, Republic Polytechnic, PUB, WSG and ESG had loopholes in their IT controls .
This included accessing and reviewing “privileged” operating system (OS) accounts that give the user full access to the OS, such as the ability to make changes to activity logs, user access, and security settings. .
“These privileged accounts have powerful access rights,” the AGO wrote.
“Therefore, it is generally considered best practice to restrict access to the most privileged operating system account and to monitor and review all activities performed under this account,” the AGO added.
The AGO also found that some government entities had technical misconfigurations in the security software for their application servers and databases, which led to operating system administrators being able to access more privileged operating system accounts and other accounts. privileged operating system, without password authentication.
In its PUB audit, the AGO found that the board failed to ensure that its private sector partner had put in place adequate controls over user access to the latter’s IT system. PUB was working with this private sector partner on a project.
Control failures included the granting of excessive rights to the partner provider, the exchange of an administrator account among partner staff, as well as the absence of separate accounts for users with privileged and non-privileged roles.
There was also no automatic timeout implemented for user accounts, the AGO found.
READ: Agencies must address several recurring lapses across the public sector: Public Accounts Watchdog
EMPTY IN ACQUISITIONS AND CONTRACT MANAGEMENT
The AGO found oversights in the way the Government Technology Agency, Jurong Town Corporation (JTC), the National Library Board (NLB), and PUB handled their procurement and contract processes.
These included failing to evaluate bids against published criteria, conducting variance work prior to obtaining approval, and not seeking approvals for a substantial increase in variance costs.
In the case of NLB, the AGO noted that its management of contract variations and overall project management for the renovation of the Singapore National Archives building was “weak”.
“There was a lack of scrutiny in the management of contract variations,” AGO said.
READ: The renovation of the national archives exceeded the budget by S $ 1.72 million, Auditor General notes that NLB indicates no
Approvals in principle (IPA) were requested for variations without compelling reasons, and IPA requests were approved although no approximate cost estimates were provided.
In the end, the project exceeded the cost of the approved project by S $ 1.72 million, about 8.4% of the approved project cost of S $ 20.53 million.
“Public officials designated as procurement and contract approval authorities must take their role seriously. They must analyze applications, raise questions and exercise due diligence as approving authorities, ”AGO said.
As for JTC, it had made a payment to a terminated contractor although, under the contract, it could have withheld the money and used it to offset a contractor’s claimable debt.
Subsequently, JTC filed a claim against the terminated contractor for the amount, but as of June 30 of this year, it had not yet received any payment for the claim.
The agency’s cash collection process was also problematic, the AGO said. For example, five receipts that AGO saw contained posters that cast doubt on their authenticity.
Three quotes submitted by a JTC contractor for a star rate item, an item for which the rate was not listed in the contract, had potential wrongdoing, and the AGO had concerns about the authenticity of the quotes.
Following the AGO’s observations, JTC conducted an investigation and filed a police report.
“In the area of procurement and contract management, public officials entrusted with responsibilities as approving authorities … can do more to scrutinize the proposals presented to them,” the AGO wrote.
“They should scrutinize evaluation reports and proposals, ask questions when proposals are unclear or justifications are not convincing, or when key information on costs and cost reasonableness is not included.
“The approval authorities play an important role in ensuring that the public procurement principles of transparency, open and fair competition and value for money are respected.”
OPERATIONAL GAPS
AGO found flaws in operational processes at MFA, JTC, and PUB.
MFA did not implement adequate measures to enforce the terms stipulated in the service agreements signed with its authorized visa agents, AGO noted in its audit of a mission abroad.
The service agreements stipulated a fixed visa application fee and required agents to only use designated credit cards when transmitting visa processing fees to MFA.
But the AGO found that the visa application fees set on the websites of three agents were higher than the fixed fee stipulated in the service agreements.
Controls in the information and communications technology system were ineffective in detecting the use of non-designated credit cards by agents to transfer visa processing fees.
JTC’s leased and rented premises may have been subletted to some 26,000 entities without their approval, the AGO found, prompting JTC to conduct an investigation of about 2,800 of the 26,000 entities.
Of the investigations, 2,010 entities were suspected cases of unauthorized subleasing. AGO also noted instances of illegal storage and / or sale of diesel to the public at four of JTC’s leased industrial premises.
“Such illegal activities could present environmental and safety risks to the public,” the report read.
AGO noted that PUB had weak payment controls for a project in which a private sector partner was involved.
The private sector company managed to modify real-time values of parameters in its IT system, which would affect the amounts to be paid by PUB.
PUB had also relied heavily on information provided by the partner to make the payments, without conducting proper independent verification, the AGO added.
INCONSISTENCIES IN BUSINESS SCHOLARSHIP PROGRAMS
AGO conducted an audit of six business grant programs administered by WSG and ESG, three each, where a total of S $ 333.40 million was disbursed between April 1, 2018 and June 30, 2019.
Of these, the AGO verified 285 disbursements worth S $ 100.81 million made by WSG and ESG to program partners and directly to grant recipients, and another 361 disbursements totaling S $ 7.83 million made by the program partners to the companies that received the grants.
While both agencies generally had procedures for administering the selected grant programs, the AGO found inconsistent practices among WSG program partners when stipulating requirements for grant recipients and analyzing grant applications /
“For WSG, AGO found cases of double claims by companies and cases of double funding in different grants,” the report said.
It also uncovered three instances in which companies or individuals could have circumvented grant requirements and controls. Since then, the WSG has conducted police reports on these cases.
The AGO observed inconsistent practices among different ESG officials when evaluating companies’ eligibility.
“There was also an inadequate guarantee that deviations from political guidelines were monitored and approved.”
AGO noted cases of grants disbursed by ESG that were not in line with grant guidelines, resulting in too much or too little money being awarded.
In terms of procedures to recover unused funds, there were instances where WSG did not follow up with program partners to recover unused grants in a timely manner for programs that had terminated.
While ESG had a process to identify expired projects, its officers’ monitoring of follow-up actions was inadequate, according to the report.
REPLIES FROM GOVERNMENT BODIES
In response to the lapses listed in the report, the government has accepted all the recommendations made by the AGO, the MOF said on Monday.
The agencies have confirmed that no sensitive data has been compromised and no unauthorized activities have occurred as a result of lapses in IT controls, and they have also taken recovery measures for lapses involving overpayments, the MOF said. .
Smart Nation and Digital Government Group is addressing weaknesses in IT controls and will implement technical systems to reliably automate IT tasks related to reviewing privileged user activities and managing accounts and access rights. of the users. This will minimize human error and focus on higher-order security tasks, MOF said.
To improve its contract management processes, MOF said it will “emphasize the roles and responsibilities of approval officers and personnel officers to examine proposals carefully” and enhance data analysis capabilities that can better detect anomalies and lapses.
To address issues with grant management, the MOF issued a new grant governance framework that covers the different stages of the grant life cycle and will help agencies ensure that grant schemes are “effective and effective. efficient “to achieve its objectives, the ministry said.
Several public agencies issued statements on improving their standards.
ESG said it has provided additional training to employees to help them better understand policies and guidelines, as well as clarified grant evaluation parameters and required documentation.
WSG said it will conduct more regular sampling checks on applications that are being processed and develop a stricter framework to deter non-compliance by program partners.
“The Public Service is committed to maintaining high standards of governance,” the MOF said.
“We will continue to take active steps to strengthen our structures, processes and systems to serve Singaporeans effectively and efficiently,” he added.