A Performance Audit
An Audit Report on Information Technology Contract Oversight at the Department of Transportation
January 2019
Summary Analysis
The Department had certain processes and controls in place to help manage and monitor its contract with NTT Data (vendor) to outsource and modernize its information technology operations. However, those processes had weaknesses and were not sufficient to ensure that the vendor delivered the contracted services in accordance with applicable requirements.
The Department lacked adequate Information Management Division (IMD) monitoring processes, policies, and procedures, and it did not monitor or performed only limited monitoring of the delivery of those deliverables.
The Department implemented a methodology to validate the accuracy of the vendor’s invoices for payment and the calculations for the service level agreements for the outsourced operations deliverables.
The Department did not verify that the vendor-provided transformation project costs were reasonable. Certain transformation projects exceeded their budgets and expected timeframes. Additionally, the Department did not maintain evidence that it received and approved all of the projects’ deliverables.
The Department did not sufficiently monitor the vendor’s delivery of outsourced services to verify that the services it received complied with the contract’s terms. According to the Department’s Negotiated Contracts Procedures Manual, the contract manager and the managing division within the Department are supposed to determine the monitoring method for each contract situation and type of service procured. However, the Department’s Information Management Division did not have documented policies and procedures describing the processes it would use to monitor the contract audited for this report.
Without a documented, comprehensive monitoring process, the Department limited its ability to verify that it received all outsourced services and whether the quality of those services complied with the contract.
The Department implemented a monitoring process to help ensure that the vendor invoices and service level agreements were accurate. However, the Department’s monitoring did not include a process to help detect and correct inappropriate changes to either the help desk system reports or the data used to generate the service level compliance reports.
The Department outsourced the delivery of the transformation projects to the vendor without sufficient Department oversight of the cost of the projects. The Department’s transformation project development process relied on the vendor to provide the Department with detailed project costs. However, the Department did not have a process to verify that those detailed project costs were reasonable.
The Department did not ensure that it and/or the vendor developed and retained all Department required project documentation. The Department did not have comprehensive, documented, and approved policies and procedures for the delivery and monitoring of contracted services, including the delivery of transformation projects. As a result of the lack of detailed policies and procedures, the Department did not ensure that it had complete documentation for certain transformation projects.
The Department did not receive three report deliverables and one service deliverable even though the vendor was contractually required to provide the deliverables.
Graphics, Media, Supporting documents