Tap Technology and Artificial Intelligence to Flag Irregularities in Public Sector's IT Systems Administration and Manage User Access and Controls
Prime Minister's OfficeSpeakers
Summary
This question concerns the use of technology and artificial intelligence to address IT control weaknesses identified in the Auditor-General's Report for FY 2020/2021, as raised by MP Ms Jessica Tan Soon Neo. Senior Minister and Coordinating Minister Teo Chee Hean explained that the Government is automating processes to mitigate human error, including implementing the Central Accounts Management system to automate user account removals by end-2023. He also detailed the use of the Automated Baseline Log Review system, which utilizes analytics to identify irregular activities, with all high-priority systems to be onboarded by December 2022. These automated tools allow agencies to focus resources on tasks requiring human intervention while continuously improving IT controls through automation and analytics. Additionally, the Government has intensified training for ICT officers to ensure they possess the necessary competencies to manage system access rights for staff and vendors effectively.
Transcript
112 Ms Jessica Tan Soon Neo asked the Prime Minister with regard to the observations of weaknesses in IT controls highlighted in the Report of the Auditor-General for the Financial Year 2020/2021 (a) to what extent has technology been used in public sector entities to administer and manage user access and controls; and (b) how is artificial intelligence and analytics used to monitor and flag irregularities and to derive insights.
Mr Teo Chee Hean (for the Prime Minister): The Report of the Auditor-General for FY 2020/2021 highlighted observations of weaknesses in IT controls, including the management of account and user access rights.
The root cause of these observations is human error. To help address this, the Government has progressively introduced tools to automate processes in IT controls. For account management, since November 2020, 33 agencies have implemented a tool that automatically notifies system managers of employee movements, so that they can be prompted to close the relevant user accounts. This is an interim measure. SNDGG will be implementing a technical solution that also automates the removal of accounts. Agencies will onboard onto this technical system, known as the Central Accounts Management (CAM) system, from January 2022 onwards, with all applicable systems onboarded by end-December 2023.
Similarly, we are automating the log management processes. The log of privileged users’ activities can accumulate to over 100,000 records within weeks. SNDGG is implementing the Automated Baseline Log Review (ABLR) system across the Government. ABLR uses analytics to sieve out a much smaller set of potentially irregular events, allowing reviewing officers to focus their efforts. As of 1 August 2021, over 600 systems have already been onboarded onto this system. All high priority systems will be onboarded by December 2022, with the remaining systems a year later.
We will continuously improve our IT control tools, to make better use of automation, analytics and AI. That said, not all processes can be fully automated. The use of automated tools will enable agencies to dedicate more bandwidth and management attention to processes that require human intervention.
The Government has also stepped up training for officers in ICT roles to equip them with the requisite competencies to perform their duties well, such as determining the appropriate level of rights needed for vendors and officers in different job roles.