Lax oversight of a contractor for a $300 million information technology project resulted in questionable compliance with internal policies, including holding the contractor to agreed-upon metrics, the inspector general for the federal bank deposit insurance agency said Wednesday.
In a report on oversight of a 2021infrastructure support services (ISS) contract, the Office of Inspector General (OIG) for the Federal Deposit Insurance Corp. (FDIC) said the agency “did not provide effective oversight to ensure key contract personnel and the Contractor complied with internal policies and procedures or the ISS contract terms and conditions.”
Specifically, the OIG said, the agency did not:
- Monitor contractor performance against agreed upon metrics nor enforce the requirement for the Contractor to provide the supporting data needed to verify compliance with service level metrics and to determine the accuracy of the service level credits due to the FDIC.
- Review and verify the accuracy of invoice charges and service level credits for Critical Service Level defaults nor consistently retain supporting data for invoices.
- Verify that all contractors completed training prior to being granted privileged access to the FDIC’s network and systems and ensure the Contractor reported a data leakage incident in accordance with internal policy.
The OIG said it conducted its audit of the ISS contract to determine whether the FDIC provided effective oversight “to ensure compliance with service level metrics, invoice review and approval procedures, and data protection and security controls.” It made eight recommendations to improve oversight; it said the agency agreed with all and intends to complete corrective actions by year’s end.
Leave a Reply