Singapore

Watchdog: Weaknesses in public sector's IT controls are significant

Public Accounts Committee in report to Parliament highlights issues in public sector

The weaknesses in information technology controls detected in the public sector are significant, given the growing IT security threats today, said the Public Accounts Committee (PAC).

Many of the lapses cut across agencies and happened despite the Auditor-General pointing out similar problems in the past, added the parliament watchdog on public funds.

It reminded public-sector agencies to adhere strictly to IT policies and controls, saying the mistakes had occurred "not because of a lack of processes, but due to agencies not complying with the controls put in place".

The PAC - tasked to scrutinise how public funds are spent and track what government agencies have done to correct irregularities in the use of the funds - had studied the Auditor-General's findings for the 2016/2017 financial year. Its latest report was submitted to Parliament on Monday.

Besides weaknesses in IT controls, the committee also highlighted two other issues: lax financial controls and inadequate oversight of development projects.

Some problems cut across the public sector and were not new, indicating that there was a need to strengthen these areas, said the committee of eight MPs, chaired by East Coast GRC MP Jessica Tan.

INAPPROPRIATE ACCESS

It called on the agencies to drum into their staff the importance of complying with rules and processes, and to hold agency heads accountable when this is not done.

"The committee would like to reiterate that to stamp out recurring lapses and strengthen governance, every public sector agency has to play its part and be committed to implementing effective controls," said the report.

One case the PAC flagged had to do with 595 instances of inappropriate access of the IT systems used for subsidy schemes such as the Baby Bonus.

The committee found that user accounts used had high-level rights with unrestricted access.

The Ministry of Social and Family Development (MSF) said it had issued a stern warning to its IT vendor, which had used the different accounts to complete its tasks quickly. And to prevent a repeat of this, MSF has also introduced measures such as requiring monthly reviews of accounts and access logs by its own IT staff to detect inappropriate activity.

The PAC noted that the Ministry of Finance (MOF) has put in place measures to deal with the lapses on a whole-of-government level, including setting up an inter-agency work group to look into common lapses.

The committee suggested that the MOF could also consider how the good practices of some agencies can be implemented in other places for improvements across the board.

FOR MORE, READ THE STRAITS TIMES TODAY

Technology