Dear A.S.S. Editor
The Auditor General have rapped several government ministries and agencies for weaknesses in controls over information technology (IT) systems, lack of financial controls and inadequate oversight over large-scale development projects.
The lapses were discovered by the AGO in the latest annual audit of government accounts for the financial year 2016/17. However, the MOF was quick to respond, stating that the public sector's overall system of managing public funds remains sound, but acknowledged there are areas where agencies can do better by strengthening their financial governance. They also stated that the Public Service is taking a concerted effort to address the issues identified. Heads of the agencies responsible have reviewed each case and where warranted, appropriate actions have been or will be taken against those responsible.
Amongst faults discovered were the Ministry of Social and Family Development (MSF) did not track how its staff and vendors use the IT systems that run the Baby Bonus, child care and infant care subsidy schemes. The systems were accessed 4,920 times over an 11-month period, but 595 of these were "inappropriate" logins that "would warrant further investigation". Among them, 560 logins were made by MSF's IT contractor who "had used a privileged system user account which did not belong to them.
The National Parks Board (NParks) did not remove the access rights of 104 accounts of staff who have quit, some as far back as 10 years, while the Singapore Corporation of Rehabilitative Enterprises (SCORE) had weak controls over its payroll system. The agency with the most lapses in its IT systems was the Central Provident Fund (CPF) Board. It did not track its monitoring systems for unauthorised access to the computers. In one of its IT systems, nearly 89 per cent of changes made by the system administrator over a three-month period were not backed by proper approvals. In another IT system, the alerts meant to pop up when there was unauthorised access were incomplete.
These all reads like serious allegations of malpractice by the agencies involved. If the government went all out to rap WP for their handling of AHPTC accounts, then they should go all out to punish and shame those responsible for these lapses. But will they?