How We Consolidated a Federal OIG's Mission Operations Onto a Single .NET Platform

The situation

The agency's oversight mission depended on a patchwork of legacy systems, SharePoint sites, spreadsheets, and manual handoffs. Hotline intake lived in one place, case workflows in another, subpoena drafting and tracking in a third, and field evidence routinely existed only in local artifacts that had to be reconciled by hand.

Each disconnected tool was individually functional. Together, they introduced duplicate data entry, fragile audit trails, and operational friction that scaled poorly with caseload.

The mandate was direct: bring mission operations onto one platform, hold the line on auditability and security, and do it without disrupting active investigations.

The challenge

The engagement had to solve several problems in parallel:

1. Consolidate disconnected legacy systems (custom apps, SharePoint sites, spreadsheets, manual workflows) into a unified operational platform.
2. Modernize hotline intake to support outsourced LSU and call-center operations without re-introducing manual imports or duplicate records.
3. Migrate subpoena management off legacy SharePoint into a workflow-driven module with dynamic, editable document generation and a full audit trail.
4. Extend evidence and field workflows to support mobile-ready, offline-capable operations for agents and investigators.
5. Stand up enterprise-grade engineering practices (CI/CD, automated testing, segmented environments, security-focused SDLC, vulnerability remediation) on a federal delivery cadence.
6. Run all of this with a small integrated team while remaining defensible to oversight, audit, and security review.

The approach

The operating model

Delivery ran as a single integrated team: seven ExeQut engineers and five federal staff, with shared dependencies on the agency's operations and information security functions. We treated federal staff as full delivery participants rather than reviewers, which collapsed the usual contractor / federal handoff cycle and kept architectural decisions, security posture, and operational realities aligned in the same room.

Cadence was disciplined and program-aware. Releases moved through DEV, TEST, and PROD environments on a predictable rhythm, with security review and vulnerability remediation built into the SDLC rather than bolted on at the end.

Modernization that has to survive an audit is different from modernization that has to survive a demo. We built for the audit.

The technical architecture call

The platform is built on a layered .NET architecture: ASP.NET Core services exposing a Web API backend, with a React front-end consuming those APIs. Integration between modules and to upstream and downstream agency systems is API-first, which gave us clean seams for the parallel modernization workstreams (hotline, subpoena, case support, evidence) instead of forcing a single monolithic rewrite.

We deliberately separated concerns at the module boundary. Hotline intake, case-related workflows, subpoena management, document generation, dashboards, search, evidence tracking, and user and role administration each have a clear ownership boundary inside the platform, but share a common identity, audit, and integration layer. That made the consolidation defensible: one record of truth, many mission workflows, no parallel databases of record.

Key infrastructure decisions

The deployment posture is hybrid. Azure carries elastic services and platform components; on-prem carries workloads that needed to remain inside the agency boundary. The split was driven by data sensitivity, agency policy, and operational reality, not by preference. Where Azure made sense, we used it. Where on-prem was the right answer, we did not fight it.

The hotline modernization is the clearest example of why the hybrid posture mattered. Intake had to scale to outsourced LSU and call-center operations without manual imports or duplicate data entry. That meant a centralized intake surface, secure data handling, workflow routing, and operational dashboards that worked equally well for in-house analysts and external operational support, all without weakening the agency's data boundary.

One platform, one record of truth, and a deployment posture that respected where data was actually allowed to live.

Deployment and release approach

CI/CD ran on Azure DevOps with automated testing gates and segmented DEV, TEST, and PROD environments. Vulnerability remediation was handled as a first-class workstream rather than a quarterly fire drill, which is how a federal-grade SDLC is supposed to work and is rarely how it actually does.

Subpoena management is illustrative. Migrating it off legacy SharePoint required dynamic document generation, an editable generated-document model, multi-step workflow approvals, status tracking, and full auditability. Each of those is a small feature in isolation. Together, in a regulated environment, they are the difference between a tool a prosecutor will actually use and a tool that gets quietly worked around in Word and email.

The fastest way to lose a federal modernization is to build something the operators route around.

The outcome

The platform shipped and now serves as the operational backbone for the agency's mission workflows: hotline intake, case-related operational processes, subpoena management, document generation and editing, workflow orchestration, user and role administration, user-generated dashboards and reporting, search and query tooling, evidence and operational tracking, and integration services between internal systems.

Real users sit on top of it every day. Dozens of agents, prosecutors, hotline analysts, and their management teams use it as their primary system of record. The platform supports oversight outcomes that reach into the millions of dollars in fraud, waste, and abuse identified, tracked, and recovered. Consolidating disconnected systems, spreadsheets, and manual handoffs into a single platform reclaimed staff hours every week across the user base, accumulating into thousands of hours over the program's life that had previously gone to duplicate data entry, swivel-chair work between tools, and manual document handling.

The engineering posture matters as much as the feature list. A layered .NET architecture, API-first integration, automated testing, segmented environments, and a security-focused SDLC gave the agency a platform it can extend rather than a project it has to replace. The same architecture is positioned to absorb future analytics and AI workloads on top of consolidated, governed mission data, without re-litigating the foundation.

We closed out the engagement on plan. The platform remains in sustained agency operation.

What we took from it

• Consolidation is an architecture problem before it is a UX problem. The win was not a prettier interface. It was one identity model, one audit trail, and one record of truth across previously disconnected mission tools.
• Treat federal staff as delivery, not as oversight. Embedding five federal staff into a twelve-person integrated team collapsed handoff cycles and kept security, operations, and engineering aligned in real time.
• Hybrid is a feature, not a compromise. Splitting Azure and on-prem along data sensitivity and policy lines produced a defensible posture. Forcing everything into one venue would have lost either elasticity or compliance.
• API-first lets you modernize in parallel. Hotline, subpoena, case support, and evidence modernized as parallel workstreams against a shared integration layer instead of waiting on a single monolithic rewrite.
• The SDLC is the deliverable. CI/CD, automated testing, segmented environments, and continuous vulnerability remediation are not engineering hygiene in this context. They are how a federal modernization survives audit, leadership change, and the next administration's priorities.