AGO’s audit of the Human Resource and Payroll system
Written Reply to Parliamentary Question on AGO’s audit of the Human Resource and Payroll system
Parliamentary Sitting: 3 August 2023
Dr Tan Wu Meng: To ask the Prime Minister regarding the Auditor-General’s finding of the Public Service Division’s Human Resource and Payroll system having 12 accounts belonging to IT vendor staff with excessive access rights to File Transfer servers and encryption/decryption keys (a) whether there has been any unauthorised access, modification, or exfiltration of data; (b) whether malicious intent or foul play has been ruled out; and (c) whether remedial action has been taken against the vendor.
Written Reply by Mr Chan Chun Sing, Minister for Education and Minister-in-charge of the Public Service:
1. The IT vendor of the Human Resource and Payroll System created 12 administrative accounts to facilitate troubleshooting and monitoring of system issues. However, the accounts were configured with excessive rights, which created risks.
2. In response to AGO’s findings, PSD has taken immediate actions to reduce the rights of these accounts in terms of system access. PSD has checked through and ascertained that there was no unauthorised access to the system and no compromise of system data. There is no basis to suspect foul play. In addition, PSD also extended checks on other system accounts to ensure there were no unauthorised access or activities.
3. We have issued the vendor a stern warning for all the lapses uncovered within this audit.