Inspector General report finds delays, lack of oversight by IT leadership, and questionable ethical behavior at the Federal Emergency Management Agency.
For example, a former Optimal Solutions employee was chosen to oversee Optimal Solutions' performance only a year after leaving the company. That employee gave upbeat risk assessments and assurances that the system was ready to go, despite the fact that, as later analyses found, the system had not been fully tested, business logic documentation remained incomplete, and the system lacked approval from FEMA's IT security team.
Furthermore, 14 former CSC employees were working on the transition. These employees apparently retained close ties with their former employer, referring to themselves as "we" at internal meetings, sharing internal communications with CSC employees, and even siding with CSC on disputes between FEMA and CSC.
These problems might reach back several years. Even CSC's legacy system was found to have deficiencies in its IT security, and a FEMA IT security official told the inspector general that this is because the program office neither had necessary expertise nor ever sought help from FEMA's IT security office.
Ultimately, this cross pollination also led to divisiveness between employees who favored CSC and those who favored Optimal Solutions. "This division made managing the contracts difficult because the contracting officer could not trust his contracting officer's technical representatives to give him objective insights into the companies' abilities to perform under the contracts," the report says.
For example, unauthorized meetings between the contractors and NFIP prevented the contracting officer from determining if either contractor was in breach of its contract, and received reports from both camps blaming the other for poor performance.
In the end, FEMA terminated Optimal Solutions' contract and fired the former Optimal Solutions employee who had overseen the contractor's performance. In addition, new Department of Homeland Security directives require FEMA's CIO to review and approve IT acquisitions costing more than $2.5 million, so some of the oversight problems should be things of the past.
However, the inspector general recommended a number of additional changes, including additional ethics training for NFIP employees and ensuring that all new FEMA IT systems development is done hand-in-hand with FEMA's CIO.