Sammyboy RSS Feed
22-07-2013, 11:50 PM
An honorable member of the Coffee Shop Has Just Posted the Following:
The Auditor-General’s Office (AGO) of Singapore, a government organ that audits and monitors the use of public money and resources at government ministry and agencies, has released an annual report detailing the lapses it has found.
The report follows a pattern: it lists and describes in detail the irregularities that were discovered, then highlights the corrective actions that respective agencies have taken.
While the report details corrections that have been or will be carried out by the organizations under audit, it’s unclear if the AGO has a follow-up process to ensure promised actions were taken.
Inspection of certain agencies are rotated each year, based on the materiality of the agency’s funds and the number of years since the last audit. This adds a certain amount of predictability to the selection process, since the more significant the agency’s spending or discrepancies are in public impact, the more likely it is to be audited.
Highlights from this year’s report:
Wastage at Central Provident Fund Board (CPFB) from software not installed after licence purchases.
In a case of buyer’s remorse, the AGO has found after receiving complaints that installation of software was not carried out for 55 out of the 180 licences purchased between one and 3.5 years ago as at January 2013. The CPFB is an agency that runs a compulsory retirement saving scheme for Singapore Citizens and Permanent Residents.
The unused licenses and their maintenance costs amounted to SGD 0.99M. For 12 of these licenses, their maintenance were extended in December 2011 even though the software were not used in the 12 months before and after the extension date.
The AGO found no evidence of monitoring and reconciliation of installed software against a list of licences.
CPFB has said that it will put in place a monitoring system for software management. While 12 licenses were no longer need by the Board, the remaining unused ones will be assessed for redeployment.
Processes for evaluation and approval of research projects at MDA’s Gambit Game Lab were not followed.
The Lab was a SGD 40M (USD 31M) six-year research initiative to bolster Singapore’s video games industry. As of 30 September 2012, SGD 33.46M in grants were doled out to fund R&D projects. A final report was issued last year.
The AGO found lapses in the way projects funded by the initiative were evaluated and approved.
Projects were supposed to be scrutinized by an independent research panel or committee, then approved by an “appropriate authority” before funding could be given. However, in six of the projects checked by the AGO, no external validations and approvals were given.
Internal approval processes were also not followed. Contracts exceeding SGD 200k were signed by an officer who was authorized to approve contracts less than SGD 200k.
MDA has informed AGO that it has “since taken” measures to ensure compliance with procedures for project evaluation, funding approval, and contract signing. Additional checks and balances were added for existing and future funding initiatives.
It’s unclear if iJAM, startup funding scheme, is included in the process review.
Lax database access controls at Ministry of Law, ACRA, and Accountant-General’s Department (AGD).
These organizations outsource some of their system administration activities to vendors. The AGO has found that all three have allowed external parties to potentially alter database records due to lax access controls.
In the AGD‘s case, activities performed by external system administrators were not monitored for “a considerable period of time”, a breach of government protocol. This involved the department’s Government accounting and pension administration systems.
AGD has since enabled activity logs which it says will subsequently be reviewed by an independent team.
For the Ministry of Law, vendors were given privileged access rights that allowed them to potentially modify database records used by the Insolvency and Public Trustee’s Office to administer services to the public.
The Ministry has since tightened access rights and has started tracking activities of privileged users for potential security breaches.
Finally, ACRA, a business regulatory agency, had given vendors unauthorized access to business information, some of which can be purchased by the public.
ACRA has since tightened access to data and found that no information was compromised.
http://sgentrepreneurs.com/2013/07/2...nment-agencies (http://sgentrepreneurs.com/2013/07/22/management-and-it-security-lapses-found-at-several-singapore-government-agencies/?utm_source=rss&utm_medium=rss&utm_campaign=management-and-it-security-lapses-found-at-several-singapore-government-agencies)
Click here to view the whole thread at www.sammyboy.com (http://sammyboy.com/showthread.php?157695-The-myth-of-efficient-govt-systems-destroyed-by-AGO-yet-again&goto=newpost).
The Auditor-General’s Office (AGO) of Singapore, a government organ that audits and monitors the use of public money and resources at government ministry and agencies, has released an annual report detailing the lapses it has found.
The report follows a pattern: it lists and describes in detail the irregularities that were discovered, then highlights the corrective actions that respective agencies have taken.
While the report details corrections that have been or will be carried out by the organizations under audit, it’s unclear if the AGO has a follow-up process to ensure promised actions were taken.
Inspection of certain agencies are rotated each year, based on the materiality of the agency’s funds and the number of years since the last audit. This adds a certain amount of predictability to the selection process, since the more significant the agency’s spending or discrepancies are in public impact, the more likely it is to be audited.
Highlights from this year’s report:
Wastage at Central Provident Fund Board (CPFB) from software not installed after licence purchases.
In a case of buyer’s remorse, the AGO has found after receiving complaints that installation of software was not carried out for 55 out of the 180 licences purchased between one and 3.5 years ago as at January 2013. The CPFB is an agency that runs a compulsory retirement saving scheme for Singapore Citizens and Permanent Residents.
The unused licenses and their maintenance costs amounted to SGD 0.99M. For 12 of these licenses, their maintenance were extended in December 2011 even though the software were not used in the 12 months before and after the extension date.
The AGO found no evidence of monitoring and reconciliation of installed software against a list of licences.
CPFB has said that it will put in place a monitoring system for software management. While 12 licenses were no longer need by the Board, the remaining unused ones will be assessed for redeployment.
Processes for evaluation and approval of research projects at MDA’s Gambit Game Lab were not followed.
The Lab was a SGD 40M (USD 31M) six-year research initiative to bolster Singapore’s video games industry. As of 30 September 2012, SGD 33.46M in grants were doled out to fund R&D projects. A final report was issued last year.
The AGO found lapses in the way projects funded by the initiative were evaluated and approved.
Projects were supposed to be scrutinized by an independent research panel or committee, then approved by an “appropriate authority” before funding could be given. However, in six of the projects checked by the AGO, no external validations and approvals were given.
Internal approval processes were also not followed. Contracts exceeding SGD 200k were signed by an officer who was authorized to approve contracts less than SGD 200k.
MDA has informed AGO that it has “since taken” measures to ensure compliance with procedures for project evaluation, funding approval, and contract signing. Additional checks and balances were added for existing and future funding initiatives.
It’s unclear if iJAM, startup funding scheme, is included in the process review.
Lax database access controls at Ministry of Law, ACRA, and Accountant-General’s Department (AGD).
These organizations outsource some of their system administration activities to vendors. The AGO has found that all three have allowed external parties to potentially alter database records due to lax access controls.
In the AGD‘s case, activities performed by external system administrators were not monitored for “a considerable period of time”, a breach of government protocol. This involved the department’s Government accounting and pension administration systems.
AGD has since enabled activity logs which it says will subsequently be reviewed by an independent team.
For the Ministry of Law, vendors were given privileged access rights that allowed them to potentially modify database records used by the Insolvency and Public Trustee’s Office to administer services to the public.
The Ministry has since tightened access rights and has started tracking activities of privileged users for potential security breaches.
Finally, ACRA, a business regulatory agency, had given vendors unauthorized access to business information, some of which can be purchased by the public.
ACRA has since tightened access to data and found that no information was compromised.
http://sgentrepreneurs.com/2013/07/2...nment-agencies (http://sgentrepreneurs.com/2013/07/22/management-and-it-security-lapses-found-at-several-singapore-government-agencies/?utm_source=rss&utm_medium=rss&utm_campaign=management-and-it-security-lapses-found-at-several-singapore-government-agencies)
Click here to view the whole thread at www.sammyboy.com (http://sammyboy.com/showthread.php?157695-The-myth-of-efficient-govt-systems-destroyed-by-AGO-yet-again&goto=newpost).