AGO report found ‘more could be done’ by certain entities

SINGAPORE — Several agencies were rapped in the latest public sector audit, for reasons ranging from weak information technology controls to inadequate oversight of development projects.

Below are details of five mentioned in the report:

The Ministry of Health (MOH)

The ministry paid S$4.08 million for site supervisory staff engaged by its agent without checking the need for these individuals in building Ng Teng Fong General Hospital. It also allowed contraction variations of S$30.09 million without ensuring the agent sought approval from the specific authorities beforehand.

In response, the MOH said that it has set up a centralised infrastructure project development and contract management team to manage healthcare development projects — creating standardised policies and processes. It has also created a separate procurement unit to oversee construction tenders.

The National Parks Board (NParks)

NParks was criticised for its weak IT controls after failing to remove the access rights of 104 suspended user accounts belonging to employees who had left between 2007 and 2014.

The user accounts of eight employees who took unpaid leave for more than six months were only suspended six months after their leave commenced.

NParks told the AGO that its system was enhanced in 2014 to automatically remove employees’ access rights on their last day at work. The access rights of the 104 employees highlighted in the report, who had left prior to the system upgrade, have since been removed.

In response to queries, NParks said that the impact of these lapses was “minimal”, given other controls in place to block unauthorised transactions such as “multiple layers of review and approval by different officers for each transaction”. It added that no fraudulent or unauthorised transactions were uncovered by the AGO and NParks’ external auditors. An annual review of all user accounts will be conducted to ensure that such lapses are not repeated.

The Ministry of Social and Family Development (MSF)

IT vendor staff had inappropriately accessed the IT systems for the Baby Bonus scheme and the Child Care/ Infant Care subsidy scheme on 595 occasions over an 11-month period.

These violations could compromise data integrity and result in the leak of information used for the computation of bonuses and subsidies, the AGO said.

The MSF said that all inappropriate access has since been terminated and following internal investigations, it concluded there were no suspicious transactions. The ministry has since implemented a monthly review of user access and logs to detect any security violations. It has also tightened its control over the creation, modification and deletion of IT vendor staff user accounts.

Sport Singapore (SportSG)

Many instances of late payments to vendors were found. In particular, 299 payments — amounting to S$661,900 — were made around one to three-and-a-half years after the invoice dates without valid reasons, exposing them to late payment penalties.

SportSG said in response to media queries that no penalties were issued due to the late payments. No further cases have been discovered, it added.

Investigations are underway for the past cases and “appropriate actions” will be taken against staff found to be negligent, it added. It plans to review its payment processes and has since started weekly payment meetings among senior management.

The Singapore Corporation of Rehabilitative Enterprises (Score)

Score was rapped for lapses in financial controls, after it emerged that 10 contracts — ranging between S$1.04 million and S$15.88 million in value — out of 16 had not been approved by authorised signatories. The officer who had signed them was only authorised to approve contracts up to S$1 million each.

Score said that the employees involved in the contracting documentation were unfamiliar with the requirements in the organisation’s financial regulations, and had mistakenly sent them to the officer involved for approval.

Responding to queries, Score said it has taken “prompt action to rectify the lapses”.

It carried out checks on its existing contracts to ensure that all were signed by authorised officers. “There was no fraudulent or malicious intent involved,” said Score, adding that it has ensured all officers are aware of their approval limits and adhere to them.