FDIC faces a number of ‘challenges and risks’ in IT governance
The Federal Deposit Insurance Corporation’s IT governance practices leave room for improvement, a recent agency inspector general’s report found.
Specifically, the IG found, the FDIC could benefit from fully developing long-term strategies for IT initiatives, and getting buy-in on those strategies, before executing. “An IT strategy is an essential part of the Governance Framework,” the report states. But the former CIO of the FDIC, Larry Gross, stopped work on a long-term plan in 2016 order to create a short-term “Action Plan” around specific high-risk IT priorities.
However, “the CIO Organization did not obtain the acceptance of organizational stakeholders within the FDIC’s divisions and offices, particularly for the adoption of cloud technologies, prior to executing its 2016 Action Plan,” the IG found. “As a result, stakeholders were uncertain about the business impacts of the FDIC’s IT strategy and approach.”
Issues like this, and others, adversely impacted the three FDIC IT initiatives that the IG looked into — migrating email to the cloud, deploying laptop computers to employees and contractors, and the planned adoption of mobile managed services. In two of these three initiatives, governance issues seem to have slowed down completion of the project. The email to the cloud initiative, for example, had a planned completion date of Dec. 31, 2016, but wasn’t actually complete until Sept. 2017.
And while email is now taken care of, the IG found that the FDIC has been pursuing broader use of cloud computing for some time. However, despite a 2015 independent assessment from Gartner that concluded that the FDIC needs a cloud strategy, “at the close of our audit, the CIO Organization had not yet finalized a comprehensive Cloud Strategy.”
The IG offers eight recommendations to FDIC CIO Howard Whyte, including that he build an implementation plan to serve alongside an IT strategic plan use enterprise architecture to guide IT decision-making and more.
Whyte agreed with all eight recommendations. His office said that it has already taken action in six of the areas and will address the other two by June 2019.