Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=224600615
Questionable ethical behavior and poor oversight during a $40 million, multi-year IT system overhaul and contractor transition at the Federal Emergency Management Agency led to numerous delays, a divisive working environment, and millions of dollars wasted, according to a report by the agency's inspector general.
The report finds serious problems with IT management and oversight in FEMA's National Flood Insurance Program, which provides more than 5.5 million federally-backed flood insurance policies, creates floodplain management regulations, and maps flood hazards.
The problems arose as FEMA looked to simultaneously switch IT services providers from Computer Sciences Corporation to the much smaller Optimal Solutions and Technologies and have Optimal Solutions oversee the multi-year development of a new system of record called NextGen that would provide Web-based access to insurance companies and federal contractors who needed to enter and retrieve flood insurance information.
The contractor transition between CSC and Optimal Solutions and Technologies, originally scheduled for 2008, has yet to be completed, and the new system still hasn't taken over for the legacy system. The report lays much of the blame on poor oversight and the "misplaced allegiances" of employees at FEMA's mitigation directorate (of which the flood insurance program is a part).
Although the current acting assistant administrator for the directorate said he knew little about IT, the directorate attempted to upgrade the systems without involving FEMA's CIO and acquisition managers, with the assistant administrator relying on reports from his managers to keep him informed. In addition, FEMA's CISO didn't even hear about NextGen until 5 years after its development had begun. Ultimately, the administrator came to distrust the information he was getting and sought assistance from the agency CIO, but this came too late, the report finds.
The lack of necessary expertise and oversight, the report finds, inevitably led to the development of and payment for an unproven system that didn't meet FEMA's security and technical requirements, wasting as much as $7.5 million.
Former contractor employees appear to be a big part of the problems. According to the report, there's a "revolving door" of former IT contractors and FEMA employees at NFIP. "The apparent inability of these employees to leave behind past alliances led to a divide within the directorate and prevented an honest assessment of the status of [the next generation system] and the transition," the report says.
For example, a former Optimal Solutions employee was chosen to oversee Optimal Solutions' performance only a year after leaving the company. That employee gave upbeat risk assessments and assurances that the system was ready to go, despite the fact that, as later analyses found, the system had not been fully tested, business logic documentation remained incomplete, and the system lacked approval from FEMA's IT security team.
Furthermore, 14 former CSC employees were working on the transition. These employees apparently retained close ties with their former employer, referring to themselves as "we" at internal meetings, sharing internal communications with CSC employees, and even siding with CSC on disputes between FEMA and CSC.
These problems might reach back several years. Even CSC's legacy system was found to have deficiencies in its IT security, and a FEMA IT security official told the inspector general that this is because the program office neither had necessary expertise nor ever sought help from FEMA's IT security office.
Ultimately, this cross pollination also led to divisiveness between employees who favored CSC and those who favored Optimal Solutions. "This division made managing the contracts difficult because the contracting officer could not trust his contracting officer's technical representatives to give him objective insights into the companies' abilities to perform under the contracts," the report says.
For example, unauthorized meetings between the contractors and NFIP prevented the contracting officer from determining if either contractor was in breach of its contract, and received reports from both camps blaming the other for poor performance.
In the end, FEMA terminated Optimal Solutions' contract and fired the former Optimal Solutions employee who had overseen the contractor's performance. In addition, new Department of Homeland Security directives require FEMA's CIO to review and approve IT acquisitions costing more than $2.5 million, so some of the oversight problems should be things of the past.
However, the inspector general recommended a number of additional changes, including additional ethics training for NFIP employees and ensuring that all new FEMA IT systems development is done hand-in-hand with FEMA's CIO.