The Maryland Department of Information Technology did not maintain adequate internal controls in managing a $158 million initiative to bring fiber-optic cable service to community organizations, according to a state audit.
A legislative audit report on DoIT found that while the department was ultimately responsible for the program — called One Maryland Broadband Network — sub-grantees were instead doing most of the work. In total, the auditor found problems with contracting practices, construction oversight, monitoring of sub-grants and cash control.
The program is largely funded through the American Recovery and Reinvestment Act
The OMBN project will build 1,340 miles of fiber-optic cabling service to 1,087 community organizations like hospitals, schools, emergency responders and all levels of government within the state. The ultimate goal is to foster economic development, enhance public safety communication and extend existing high-speed networks through the state.
The Inter-County Broadband Network (ICBN) — a consortium of nine Central Maryland counties and cities, led by Howard County — managed approximately 60 percent of the spending on the project.
Some of the auditor’s findings:
- DoIT did not execute a task order modification for the One Maryland Broadband Network (OMBN) project management responsibilities, with an estimated cost of $11.8 million, until approximately 20 months after deciding to use an existing contractor. The modification did not include certain provisions to help protect the StateControls were not adequate to ensure that payments for certain OMBN engineering and construction services were properly approved and supported. Additionally, expenditures by a consortium of local jurisdictions related to $71.5 million in funding provided by DoIT from a federal grant for OMBN construction were not adequately monitored.
- DoIT did not ensure compliance with its established policy regarding the minimum time period for soliciting competitive bidding by state agencies and DoIT under statewide computer master contracts. Furthermore, DoIT did not adequately secure bids received electronically for its procurements of statewide information technology contracts.
- DoIT did not always document its monitoring of major information technology development projects, such as maintaining documentation substantiating its performance of quarterly portfolio reviews of each project’s scope, schedule, budget, expenditures and risks.
- DoIT did not have controls to ensure that State agency information placed on a vendor’s file storage, cloud-based system by State agencies was appropriate or adequately secured.
- DoIT did not maintain offsite backup files of several critical networkMaryland devices and did not have an up-to-date disaster recovery plan.