Auditor-General flags lapses in contract management, IT controls and financial processes

SINGAPORE — The Auditor-General’s Office (AGO) has flagged lapses in contract management, weaknesses in information technology controls, laxity in financial controls, and gaps in the management of research and development (R&D) grants in its annual audit of the public sector.

Among agencies rapped in the 66-page report released on Tuesday (July 17) were the Ministry of Defence (Mindef) for its overpayments to a grass-cutting contractor for six years as it overstated the area to be serviced at a camp, and the Singapore Civil Defence Force (SCDF) for its poor management of vehicle maintenance contracts.

As a result, Mindef paid about S$200,000 more than it should for grass-cutting services, while SCDF paid its contractors some S$120,000 even though they did not provide the services billed.

In SCDF’s case, AGO found that a “serious irregularity” that records for 104 servicing jobs it furnished for the audit of the management of vehicle maintenance contracts were created and backdated to give the impression that the documents existed at the time when the servicing jobs purportedly took place.

SCDF had confirmed that three SCDF officers and contractors created the documents to “cover an internal administrative gap” with no intention to falsify any records.

With the discovery, disciplinary action had been taken against the officers, and the contractors were taken to task for failing to keep proper records, the AGO noted.

The AGO separately called out the National Research Foundation under the Prime Minister’s Office for not having a common framework for grant management, leading to some inconsistencies in the way the grants were distributed. Among others issues, it was also lax in how it verified fund requests, and did not have a procedure for recovering the unutilised grants from grant recipients.

The People’s Association (PA) was also highlighted for its lapses in procurement and contract management for major events such as the Chingay Parade, failure to obtain proper approvals for the award of contracts and variation, and the lapses in management of welfare assistance schemes. This is the second time lapses surrounding the award of contracts have been identified in the PA, with the AGO noting that it had raised a similar observation in its last audit for financial year 2014/2015.

This year’s report covered three out of 16 Government ministries, three out of five Government funds, and four out of nine statutory boards audited.

As a general remark, AGO said Auditor-General Willie Tan Yoke Meng “has noted that some observations were similar to those highlighted in the last few years, although the lapses involved different entities”.

“He felt that more should be done to address those concerns so that the financial governance and controls of the public sector would be strengthened,” it also said.

“He also noted that the entities audited by AGO took the audit observations seriously and had indicated that they were committed to rectifying the lapses and putting in place measures to prevent future occurrence.”

A number of these lapses, especially those in contract management and weaknesses in IT controls, were also found “across different public sector entities” last year, the AGO added.

Common weaknesses in the area of IT controls included the lack of monitoring of privileged users’ activities in IT systems and lapses in the management of user accounts and access rights.

In Mindef for example, AGO uncovered “significant weaknesses” in the management of rights granted to its electronic procurement system users, as no periodic review were carried out on user access rights even though it was required under the Government instruction manuals and the Ministry’s internal instructions. Mindef also delayed removing access rights for 41 of the 219 user roles checked, even though they were no longer needed.

“Such weaknesses would expose (Mindef’s) system to unauthorised access, thereby increasing the risk of unauthorised procurement activities and risk of integrity and confidentiality of the data in (the system) being compromised,” the report noted.

Furthermore, AGO found that in 197 instances, 33 users assigned with rights to procure might have shared their accounts with other people who were unauthorised individuals to procure items or services totaling S$2.83 million.

The AGO said it will continue to work with the public sector entities to ascertain that follow-up actions are taken.

In a statement responding to the AGO’s report, the Finance Ministry (MOF) said it has “accepted all the recommendations, and agencies are working on the necessary follow-up actions”.

For example, PA is enhancing its online procurement platform for grassroots organisations to strengthen its procurement and contract management functions, while the SCDF is implementing a new logistics system which will improve its management of vehicle maintenance. These will be ready within the next two years.

On the issue of IT governance, MOF also said the Smart Nation and Digital Government Group (SNDGG) has increased the number and types of internal IT audits conducted across the public sector, moving beyond compliance checks to include risk and impact-based assessments to help agencies strengthen their IT systems.

MOF pledged to pay close attention, particularly to recurrent issues.

“Where warranted, investigations have been convened to go deeper into the issues raised, and disciplinary actions taken against officers found responsible for wrong-doing,” MOF added.

In cases where there have been overpayments, these had either been recovered or recovery action has been initiated. Agencies had also verified that no confidential data has been compromised as a result of the lapses in IT controls.