Strengthening Financial Governance, Procurement Practices and IT Controls across Government and Addressing Recurring Lapses
Ministry of FinanceSpeakers
Summary
This question concerns systemic measures to strengthen financial governance, procurement practices, and IT controls following the Auditor-General’s Report FY2024/2025, as raised by Mr Saktiandi Supaat. Prime Minister and Minister for Finance Lawrence Wong stated that the Government is updating training to improve officer capabilities in contract management and specialized IT security tasks like threat modelling. Agencies are enhancing IT monitoring through stricter access validation and automation, with high-impact systems subjected to more stringent requirements under GovTech guidance. To address recurring lapses, agencies identify root causes and implement corrective actions, which are tracked by internal auditors to ensure timely remediation and control robustness. Lessons learned are shared across the public sector to continually improve processes and ensure the responsible management of public resources.
Transcript
2 Mr Saktiandi Supaat asked the Prime Minister and Minister for Finance (a) what systemic measures is the Government taking to strengthen financial governance, procurement practices, and IT controls across Ministries and statutory boards in response to the Auditor-General's Report FY2024/2025; and (b) how will the public be assured that recurring lapses flagged in past audit cycles are being addressed.
Mr Lawrence Wong: The Government takes the Auditor-General's findings seriously and has implemented measures to strengthen financial governance, procurement practices and information technology (IT) controls. These measures include:
a. Improving the knowledge and capabilities of public sector officers to better handle financial, procurement and IT control tasks in accordance with established policies and procedures. In response to the Auditor-General Office's (AGO's) findings, we are updating training programmes and other learning resources to better equip officers to identify key risk areas when evaluating or managing contracts. We are also stepping up the training of information and communication officers, including on threat modelling and privileged account management, so that they are better equipped to perform their roles.
b. Enhancing IT controls and monitoring. Agencies are expected to regularly assess risks to their systems and implement appropriate mitigating controls. Systems with more significant impact are subject to more stringent requirements on the IT controls that should be in place. Where there are critical gaps or vulnerabilities identified, GovTech guides agencies to put in place more robust safeguards, including stricter access rights validation and tapping on automation to reduce human error in account management.
In response to all AGO observations both past and present, agencies take steps to identify root causes, rectify gaps and tighten internal controls. Agencies' internal auditors track the implementation of corrective action, provide independent assessment of the robustness of agencies' controls, as well as raise issues to be remediated in a timely manner. Areas for improvement are shared across public agencies. We will take onboard the lessons learnt to continually improve our processes, controls and systems, and strengthen responsible management of public resources.