Public agencies’ procurement procedures still ‘prone to lapses’

SINGAPORE — Procurement irregularities continued to plague public agencies as the Auditor-General’s Office (AGO) flagged these as an area “prone to lapses” for the seventh consecutive year, in its latest annual report released yesterday.

The report, which covers the 2012/13 financial year, also cited management of computer access controls, monitoring of performance of contractors, oversight of projects managed by external consultants, management of stocks and stores as other areas that require improvement.

Auditor-General Willie Tan noted that while the public sector had put in effort to enhance its procurement rules and procedures over the last few years, some public entities were “not sufficiently diligent” in ensuring compliance with the rules.

Among the agencies which were found to have procurement lapses was the Singapore Civil Defence Force (SCDF), whose procurement practices had been in the spotlight after its former Commissioner Peter Lim was arrested in December 2011 and subsequently convicted last month in a sex-for-contracts case.

For FY2012/13, the AGO found lapses in SCDF’s tender evaluation while selecting vendors for work on its fire stations.

The tenders — with a total value of S$2.75 million — were awarded to a tenderer which did not meet a critical evaluation criterion requiring the submission of audited financial statements for the past three years for assessment of creditworthiness or financial insolvency.

It also found weaknesses in the SCDF’s management of gift vouchers, which were given to staff for various awards.

For example, there were many instances where the serial numbers of gift vouchers issued were not recorded and acknowledgement of receipt was not obtained. The AGO’s test checks further revealed a number of instances where gift vouchers were not accounted for.

From FY2009/10 to FY2011/12, the SCDF bought S$1 million worth of vouchers each year.

Noting that gift vouchers are “subject to a high risk of misappropriation”, the AGO said: “The SCDF would need to enhance its controls over gift vouchers, especially when the amount of vouchers it purchased was significant.”

On IT security, the AGO urged public agencies to be vigilant on the management of computer access controls, including granting access rights on a needs basis and tracking and reviewing activities of users with powerful access rights.

For example, the AGO’s test checks found that between April 2011 to April last year, application support engineers who had accounts with rights to modify data files in the Accounting and Corporate Regulatory Authority’s (ACRA) computer system used those accounts to access several servers containing data files.

As at May last year, the ACRA had removed the access rights granted to the application support engineers and a process had been put in place to tighten the controls over access to servers. It also assessed that the integrity of the business information was not compromised.

The authority also found that the SCDF had failed to remove 30 user accounts of those who left the service or were redeployed. Sixteen of these accounts were used to gain unauthorised access to the accounting system. Subsequent investigations by the SCDF found that no illegal transactions had been made.

A spokesman from the Ministry of Home Affairs — which oversees the SCDF — said that it takes a “serious view” of the breaches raised.

He added: “We note that the lapses related to particular aspects of internal control, namely, gift voucher management, password administration and application of tender rules in two tenders. They were not systemic in nature.”

The spokesman said that the SCDF has since taken prompt action to address the problem areas and strengthen its internal controls to ensure compliance across all levels in the organisation.