Published: 22 July 2021
1. The Auditor-General’s Office (AGO) recently conducted a thematic audit of selected facility management contracts managed by the Ministry of Home Affairs (MHA). It observed that MHA had good practices in place, and also identified areas for improvement.
2. The AGO found that MHA has processes in place to ensure that the planning, budgeting and determination of needs are executed properly. MHA had also carried out risk assessment and undertaken measures to mitigate those risks. Some of these good practices include:
a. Establishing a competency framework and training plan to build up capabilities in facilities management in the Home Team;
b. Centralising the management of facilities management contracts across the Home Team under its newly formed statutory board, the Home Team Science and Technology Agency (HTX). This centralised model of operation has the benefit of building deeper expertise in facilities management, allowing for more targeted staff competency and career development, and achieving more consistent service standards across Home Team Departments (HTDs); and
c. Implementing the Data Loss Prevention (DLP) Kiosk to detect and prevent unauthorised access to information. The DLP Kiosk restricts system administrators from copying data out from the Integrated Logistics Management System (iLMS)[1] servers, or accessing sensitive data in the iLMS system without authorization.
3. However, AGO had audit findings relating to:
a. Facilities management;
b. IT governance of MHA’s iLMS; and
c. Irregularities in records furnished for audit.
Facilities Management
4. Following AGO’s findings on facilities management, MHA had taken immediate follow-up actions including action against contractors for not complying with contract specifications, standardising survey forms and monthly reporting requirements and standardising our contract specifications. MHA has also taken steps to institutionalise an annual training programme for all officers who are involved in contract administration, to ensure currency in their capabilities.
5. With the setting up of HTX in Nov 2019, there has been greater centralisation of facility management systems and processes, and consistency in specifications and requirements across the Home Team.
6. MHA will continue to improve its management of facilities, including continuous training to enhance officers’ competencies, tightening of procurement processes, closer monitoring of contract deliverables, and leveraging technology to improve processes.
IT Governance
7. MHA had taken immediate remedial measures to address the observations made by AGO during its IT audit of iLMS. These include implementing a new Security Information and Events Management tool, an auto-generated dashboard and reports to help in the review of system administrators’ activities, enhanced segregation of duties, and the requirement to retain activity logs for at least one year.
8. As an added precaution, an investigation by SPF’s Computer Emergency Response Team was conducted, which found that the integrity of the log files was intact and did not detect any suspicious activities.
9. MHA is looking into building a central team to review system administrators’ activities and automate this process. Automation will minimise the need for human intervention, and provide full coverage and better assurance of reviews.
Irregularities in Records Furnished for Audit
10. MHA takes a very serious view of the irregularities found in the records furnished for audit. We had lodged Police reports immediately after the cases were discovered. Vendors have been reminded that the creation or backdating of documents for audit is unacceptable. Internal investigations are also in progress and disciplinary action will be taken, should any officers be found guilty of such wrongdoing.
[1] The iLMS is an MHA-wide enterprise system which integrates and harmonises the logistics, finance, procurement and budget planning processes into a single system. The system streamlines business processes and improves governance and compliance.