IT controls in several Singapore government entities including the Defence Ministry have been found to be weak, where third-party access rights are lax and the logging and review activities of privileged users inadequate. There also have been lapses in the management of user access rights, where some of these privileged users are staff of IT vendors.
These findings were released in the Auditor-General Office’s (AGO) latest annual report, which further noted that similar issues already had been identified across various public sector entities in its audits over the last few years. This indicated that IT controls remained a major area for improvement, it said.
The assessment covered all 16 government ministries, nine statutory boards, four government-owned companies, four government funds, and three other accounts, and involved the office’s examination of records, files, reports, and various other documents as well as site visits and interviews with government officers.