S’pore Auditor-General finds lapses in contract management & IT oversight in multiple govt bodies

A lot to unpack in the 84 page report.

Nyi Nyi Thet | July 16, 2019, 07:56 PM

In its annual report for the 2018/19 financial year, the Auditor-General’s Office (AGO) once again flagged multiple lapses in government bodies.

Its report, which was made available on July 16, 2019, can be found here.

The AGO is an independent office that audits all of Singapore’s government entities’ books to make sure they adhere to robust and proper financial practices.

For this purpose, the AGO audited the following:

  • The Government Financial Statements (incorporating the accounts of all 16 government ministries and 8 organs of state)
  • 4 government funds
  • 9 statutory boards
  • 4 government-owned companies
  • 3 other accounts

And here are three key areas the government auditors took issue with:

  1. Lapses in procurement and contract management
  2. Gaps in management of social grant programmes
  3. Weaknesses in IT controls

#1: Lapses in procurement and contract management

The AGO found lapses in procurement and contract management in the Ministry of Culture, Community and Youth (MCCY), the Majlis Ugama Islam Singapura (MUIS), and the National Council of Social Service (NCSS).

MCCY

One of the lapses highlighted in the report was the National Gallery's Development Project.

The project, owned by MCCY and managed by the National Gallery Singapore, had 142 contract variations amounting to S$12.4 million.

Here are some of the variations that resulted in the lapses of procurement and contract management.

  • Obtaining approval from the approving authority (MCCY) after works had commenced or had been completed.
  • Obtaining approval from the incorrect approving authority.
  • Not seeking approval for substantial increases in variation cost.

In fact, the star rate items, totalling S$2.06 million for six variations, were agreed upon based on a single quotation obtained by the contractor for each item.

Star rates refer to the rates agreed on by the Engineer and Contractor for valuing variations from the bidding stage.

MUIS

For MUIS, lapses in 22 tenders and quotations were found, totalling S$11.32 million.

For some of these cases, the awarded vendors could have been different had the proposals been properly evaluated.

AGO therefore concluded that there was inadequate assurance that the procurement had met government procurement principles of transparency, open and fair competition, and value for money.

NCSS

For NCSS, AGO found lapses in three tenders totalling more than S$5.05 million.

Here is a breakdown of the lapses in the three tenders.

For the tender on renovation and relocation (S$3.29 million), NCSS accepted some tender documents from three tenderers after the deadline. One of the late submitters was eventually awarded the project.

In the case of the second tender on printing and delivery of training materials (S$888,200), only one bid, by the incumbent vendor, was received. This was due to the lack of information for prospective tenderers to gauge printing volume and price bids properly.

The third issue relates to the provision of refreshments for training programmes organised by NCSS (S$878,400 over three years). AGO noted that the outcome of the tender would have been different if the evaluation scores had been correctly or properly substantiated.

#2: Gaps in management of social grant programmes

AGO carried out a thematic audit on selected social grant programmes managed by the Ministry of Health (MOH) and Ministry of Social and Family Development (MSF).

A thematic audit is an in-depth examination of a selected area, which may involve more than one public sector entity.

In total, S$1.59 billion was disbursed by the two ministries under their social grant programmes to 1,058 Programme-Voluntary Welfare Organisations2 (VWOs) during the two-year period from April 1, 2016 to March 31, 2018.

While there was proper segregation of duties between grant evaluation and grant approval put in place by MOH and MSF, more could be done in terms of the grant approval process.

There were a "significant number of instances" where approval of funding was obtained after the commencement of the funding period.

Grants were approved for payment or disbursed before funding approval was obtained.

There were also insufficient checks carried out on the recipient VWOs before grant disbursement.

#3: Weakness in IT controls

AGO also found weaknesses in IT controls in its audits of several public sector entities such as the Ministry of Manpower (MOM), Singapore Customs (Customs) and the Ministry of Defence (MINDEF).

MOM

Here's what MOM failed to do:

  • MOM was unaware that five of its servers for their IT systems were unable to send logs to the security monitoring system for seven months due to outdated configurations.
  • Vendors for two IT systems, which are part of work permit and employment pass processes, had unrestricted access to the systems.

The operating system administrators could also delete audit trails to remove any trace of the unauthorised activities carried out, making it difficult to detect such activities.

MINDEF

MINDEF also granted too much access to their IT vendor staff.

The read-access was not granted on a strict, needs-only basis depending on the vendor staff’s job scope and duties.

For instance, the IT vendor staff were granted access to read personnel and payroll information in MINDEF’s human resource system.

MINDEF also doled out erroneous payments to 14 pilots in the Republic of Singapore Air Force. These 14 cases (involving S$278,970 in total) took place over a period of almost six years.

The AGO said MINDEF has recovered the erroneous payments for nine cases, and are in the process of recovering or making good the payments for the remaining five.

Singapore Customs

AGO found that Customs did not log activities performed by an IT vendor staff on the eCustoms system database, which supports key business processes such as administration of customs licences and schemes.

The AGO report stated that the above weaknesses would expose the entities to the risk of not detecting unauthorised access and activities, which could compromise the integrity and confidentiality of data in the IT systems.

AGO also noted that weaknesses in IT controls and lapses in procurement and contract management were similar to those reported last year, albeit with different entities.

The report also stressed the importance of avoiding similar lapses and implementing effective measures to enhance governance and controls on the use of public funds.

Irregularities found in contractor-submitted quotations

During its audit at Ministry of National Development (MND), AGO found irregularities in a significant number of the quotations submitted by a contractor involving star rate items.

AGO recommended MND refer the matter to the police.

Similar concerns were also raised in its audit on the Urban Redevelopment Authority (URA).

Irregularities were found in more than half the quotations submitted by a contractor for the star rate items for four out of 17 of its contract variations.

Both MND and URA have since referred their cases to the police.

The Ministry of Finance released a statement on behalf of all the ministries accepting the recommendations.

"The Government has accepted all the recommendations, and agencies are working on the necessary follow-up actions."

You can find the full 84-page report here.