SINGAPORE - Weaknesses in IT controls, as well as irregularities in procurement and contract management were among the key financial lapses in several ministries and government agencies flagged by the Auditor-General's Office (AGO) in its latest annual report.
The report was made public on Tuesday (July 16), after the AGO's audit of government accounts for the 2018/2019 financial year.
The report covers the financial statements of all 16 ministries and eight organs of state, as well as nine statutory boards, four government funds, four government-owned companies and three other accounts.
Ministries and agencies that were flagged in the AGO report for lapses include the Ministry of Culture, Community and Youth (MCCY), Ministry of National Development (MND) and Urban Redevelopment Authority (URA), Ministry of Defence (Mindef) and Ministry of Manpower (MOM).
LAPSES IN PROCUREMENT AND CONTRACT MANAGEMENT
MCCY was flagged for lapses in the approval of 142 contract variations amounting to $12.4 million for the National Gallery development project.
For instance, AGO's checks found that the approvals were not obtained from the relevant authorities for a period of 30 days to almost four years from the commencement or completion of works. The National Gallery opened in 2015.
In the case of one contract, approvals for seven contract variations under it were obtained from the incorrect approving authority.
"While MCCY had appointed National Gallery Singapore (NGS) to manage the project, it remained accountable and responsible for ensuring financial prudence and proper use of public funds," said the report.
In its response, NGS said that it was reviewing its procurement policies and processes, and targets to conclude this review by end-July.
"The contract variations for the project are in line with its scale and complexity. Changes to the scope of work are to be expected... to take into account a variety of factors like statutory requirements, site constraints and user or operational requirements," it added.
Irregularities in procurement and contract management were also observed at the Islamic Religious Council of Singapore (Muis) and the National Council of Social Service (NCSS), the AGO noted.
In the case of Muis, the evaluation sub-criteria and scoring methodology used were only determined after the tender closed. This applied to 12 tenders and quotations totalling $5.54 million. There were also errors in the scores awarded.
Muis said on Tuesday that it is strengthening training in governance and finance for its officers, and has deployed more resources to procurement and IT-related functions.
NCSS was rapped for accepting documents from three vendors after the tender closing date, for a $3.29 million renovation and relocation project.
One of the three vendors was subsequently awarded the contract. Evaluation scores for a tender to provide refreshments were also either wrongly computed or not properly substantiated.
"Had the score been properly computed, the outcome of the tender could have been different," AGO said.
WEAKNESSES IN IT CONTROLS
AGO also found weaknesses in IT controls in the Ministry of Manpower, Singapore Customs and the Ministry of Defence.
For example, MOM was not aware that five servers for two of its IT systems were unable to send logs to its IT security monitoring system for about seven months due to outdated configurations.
Its operating system (OS) administrators, who were external vendors, also had unrestricted access to IT systems processing work permits and employment passes.
"Any unauthorised activity could compromise the confidentiality and integrity of the data in the systems," said AGO. "The administrators could delete audit trails to remove any trace of the unauthorised activities carried out."
At Customs, seven vendor staff could access the most privileged OS user account without password authentication in six out of the seven system servers checked by AGO.
In the case of Mindef, which had not reviewed the access records by vendors to its controlled information since 2014, this extended to unrestricted access to personnel and payroll information .
GAPS IN MANAGEMENT OF SOCIAL GRANT PROGRAMMES
AGO noted that while there were established processes for grant application, evaluation and approval by the Ministry of Health (MOH) and Ministry of Social and Famiily Development (MSF), checks by both ministries were inadequate.
There were a "significant" number of instances where approval of funding came only after the funding period had already started, or grants disbursed before the necessary approvals had been obtained.
Both ministries also did not carry out adequate checks on claims by voluntary welfare organisations (VWOs) before disbursing monies, said the report.
QUOTATION IRREGULARITIES REFERRED TO POLICE
For MND, a "significant" number of irregularities were found in quotations submitted by a contractor for 49 out of 71 works orders amounting to $250,000, said the report.
As AGO had concerns over the authenticity of the quotations, MND has referred the matter to the police.
URA was similarly scrutinised for the authenticity of nine out of 16 quotations by its contractor for an infrastructure project between 2017 and 2018. URA has since lodged a police report and is conducting an independent evaluation of the value of the variation works before making payment to the contractor.
The Ministry of Finance, in its response, said that efforts are being made across public agencies to address the AGO's findings in three areas: IT controls, contract management and grants management.
These include producing a good practice guide on construction contract management, an interagency grants management review team to review processes and strengthen capabilities in grants administration; and automating IT tasks in collaboration with the Smart Nation and Digital Government Group.
Said MOF: "As we make improvements, we are mindful of the need to strike a sensible balance between strengthening controls, and maintaining efficiency and timeliness in delivering services to Singaporeans."
This article was first published in The Straits Times. Permission required for reproduction.