The Office of Inspector General of the Federal Deposit Insurance Corporation (FDIC) has issued its report on FDIC Oversight of a Telecommunications Contract.
The FDIC procures goods and services from contractors to support its mission. It needs a strong culture of compliance and internal controls related to acquisition and procurement. These internal controls must include comprehensive acquisition policies and procedures, supervisory processes that promote compliance, and effective contract oversight management.
In February 2014, the FDIC awarded a telecommunications service contract to AT&T Corp. (AT&T) in the amount of $12 million for telecommunication services. In May 2019, the FDIC Chief Information Officer Organization (CIOO) approved a strategy to upgrade the bandwidth of AT&T’s telecommunication services within the FDIC Field Offices. In March 2021, the FDIC CIOO notified the OIG of major internal control failures with the telecommunications contract.
We conducted a review to determine if the FDIC authorized and paid AT&T for services to upgrade bandwidth in FDIC Field Offices in accordance with its policies and procedures and existing telecommunications contract.
We determined that the FDIC did not authorize and pay AT&T for services to upgrade bandwidth in the FDIC Field Offices in accordance with its policies and procedures and existing telecommunications contract. The FDIC did not adhere to its acquisition policies and procedures because FDIC CIOO Executive Managers did not establish an accountable organizational culture or “tone at the top” for compliance with FDIC acquisition policies and procedures. FDIC CIOO Executive and Corporate Managers also did not implement proper internal controls for the AT&T contract. In addition, risks related to the FDIC CIOO’s reliance on contractor services and the need to maintain an effective internal control environment for its contract oversight management activities were not included in the FDIC’s Enterprise Risk Management Risk Inventory. Lastly, FDIC CIOO personnel failed to fulfill their roles and responsibilities with regard to the AT&T contract. As a result of certain actions and inaction pertaining to the AT&T contract, the FDIC overpaid AT&T by more than $1.5 million.
We made 14 recommendations in the report. The FDIC concurred with all of our recommendations and plans to complete corrective actions by February 28, 2024.