The Auditor-General’s Office (AGO) has identified areas for improvement in IT controls, procurement and contract management, as well as operations management and grant management in its FY2019/20 audit report.
The agencies involved have verified that no confidential data was compromised, and that no unauthorised activities have resulted from the lapses in IT controls.
Areas of weakness in IT controls include the review of privileged users’ activities and the management of account and user access rights.
“We will implement technical systems to reliably automate the IT tasks relating to the review of privileged users’ activities and management of account and user access rights. This will minimise human error and focus attention on higher-order security tasks,” says the Ministry of Finance (MOF) in a statement dated September 7.
In a bid to address these areas at the whole-of-government (WOG) level, the Smart Nation and Digital Government Group (SNDGG) has started the pilot phase where changes in employee records are automatically detected, and notifications sent to the respective agencies.
However, this is an interim solution, where the agency will still have to conduct manual checks in certain aspects including which systems an employee had access to.
The government says the long-term solution, which would be fully automated, is on track to be fully implemented by December 2022 for the review of privileged users’ activities, and December 2023 for the management of account and user access rights for high priority systems.
The full implementation will take another year for its other systems.
“Beyond these technical safeguards, we are also tightening the WOG IT audit regime, and instituting regular engagement and training of public officers to raise their awareness of IT governance and security controls,” according to the statement.
In addition, the agencies have also looked into rectifying lapses involving overpayments.
At the Workforce Singapore (WSG) and Enterprise Singapore (ESG) for instance, the AGO noted that there was “room for improvement” in the management of grant programmes under both agencies.
In the report, the AGO suggested several steps for WSG and ESG, including applying more consistent evaluation practices, and improving disbursement checks, and strengthening the oversight of programme partners administering the grant programmes on their behalf.
“WSG and ESG are working to address the observations raised in the thematic audit, by enhancing their guidelines, strengthening compliance and supervision, and leveraging on digital solutions, while taking into consideration the operating needs of the grant programmes and recipients,” adds MOF.
In a separate statement, WSG says it has implemented “many of the AGO’s recommendations”. Monies that were wrongly disbursed, have been recovered, and in the three cases of possible fraud, WSG says it has since referred them to the police for investigation.