Information Technology: Responses to Subcommittee Post-Hearing	 
Questions Regarding the FBI's Management Practices and		 
Acquisition of a New Investigative Case Management System	 
(21-DEC-05, GAO-06-302R).					 
                                                                 
This letter responds to follow-up questions about our September  
14, 2005, testimony before Congress. In that testimony, we	 
discussed the Federal Bureau of Investigation's (FBI) progress in
building management capabilities essential to successfully	 
modernizing its information technology (IT) systems. Systems	 
modernization is a vital part of the FBI's ongoing efforts to	 
transform itself in the wake of the September 11, 2001, terrorist
attacks.							 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-06-302R					        
    ACCNO:   A43777						        
  TITLE:     Information Technology: Responses to Subcommittee	      
Post-Hearing Questions Regarding the FBI's Management Practices  
and Acquisition of a New Investigative Case Management System	 
     DATE:   12/21/2005 
  SUBJECT:   Agency missions					 
	     Appropriated funds 				 
	     Appropriations					 
	     Contract administration				 
	     Contract oversight 				 
	     Contract performance				 
	     Enterprise architecture				 
	     Human capital management				 
	     Information technology				 
	     Internal controls					 
	     IT human capital					 
	     IT investment management				 
	     Management information systems			 
	     Performance measures				 
	     Personnel recruiting				 
	     Risk management					 
	     Performance-based contracting			 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-06-302R

December 21, 2005

The Honorable Frank R. Wolf

Chairman, Subcommittee on Science, the Departments of State, Justice,

and Commerce, and Related Agencies

Committee on Appropriations

House of Representatives

Subject: Information Technology: Responses to Subcommittee Post-hearing
Questions Regarding the FBI's Management Practices and Acquisition of a
New Investigative Case Management System

Dear Mr. Chairman:

This letter responds to your questions about our September 14, 2005,
testimony1 before your Subcommittee. In that testimony, we discussed the
Federal Bureau of Investigation's (FBI) progress in building management
capabilities essential to successfully modernizing its information
technology (IT) systems. As you know, systems modernization is a vital
part of the FBI's ongoing efforts to transform itself in the wake of the
September 11, 2001, terrorist attacks. Your questions and our responses
are as follows:

           1.  GAO's recently completed report on the FBI's information
           technology enterprise architecture concludes the FBI has made
           progress on this effort but much more remains to be done. The
           report states that "until the Bureau has a complete and
           enforceable enterprise architecture, it remains at risk of
           developing systems that do not effectively and efficiently support
           mission operations and performance." Does this mean that the FBI
           should not proceed with its new case management system "Sentinel"
           until these deficiencies are addressed?

Notwithstanding the fact that any agency faces considerable risk if it
does not have a complete and enforceable enterprise architecture to guide
and constrain system investments, this does not mean an agency should
categorically decide not to invest in a given system until such an
architecture exists. Rather, our position has consistently been that such
risks, such as lack of interoperability with or duplication of other
systems, need to be (1) fully disclosed and considered in deciding whether
to invest in the system and (2) managed when a decision is made to proceed
with an investment without an architecture because of other compelling
reasons, such as an urgent mission need. In the case of Sentinel, this
means that the FBI's decision to proceed with the program concurrent with
its development of the enterprise architecture (EA) should be based on the
consideration of such risks. It also means that proactive steps should be
taken to minimize . Accordingly, our report2 did not state that the FBI
should not proceed with Sentinel until it had a complete and enforceable
architecture.

1GAO, Information Technology: FBI Is Building Management Capabilities
Essential to Successful System Deployments, but Challenges Remain,
GAO-05-1014T (Washington, D.C.: Sept. 14, 2005).

Our research and evaluations of agencies has shown that certain urgent and
compelling mission needs will necessitate acquiring system capabilities at
the same time architectures are being developed. A key to dealing with
this practical reality is recognizing that doing so increases the risk of
deploying systems that are duplicative, not well integrated, and
unnecessarily costly to operate and interface. A related key to success is
for agencies in this situation to develop and implement strategies to
effectively mitigate the risks associated with acquiring, developing, and
implementing systems while the enterprise architecture is still evolving.
This is especially important for the FBI because its EA program and
Sentinel are long-term, multi-phased initiatives that are running
concurrently. This is why we recommended3 in September 2003 that the FBI
develop and implement a strategy to mitigate the risks associated with
continued investment in modernized systems before it has developed an
architecture and the controls for enforcing its implementation.

The FBI has taken steps to address this recommendation. For example, the
bureau has defined and issued an initial version of an interim "to-be"
architecture that (1) focuses on the bureau's investigative, intelligence,
and analytical lines of business that are to be supported by Sentinel; (2)
identifies overlaps and dependencies between Sentinel and other enterprise
components; and (3) contains plans to avoid duplication and redundancy.

           2.  The report states that the FBI is relying heavily on
           contractor support to develop its enterprise architecture;
           however, it is not using effective contract management controls
           for this contract. Specifically, the report is critical of the FBI
           for not using a performance-based contract and for not performing
           effective contractor tracking and oversight. Please describe how
           these contracting deficiencies could impact the FBI's ability to
           develop an enterprise architecture in a timely fashion? Does GAO
           believe these contract management problems only pertain to this
           project or do they exist throughout the FBI's information
           technology program, including the new case management system?

As we state in our report,4 the absence of performance-based contracting
and effective contractor tracking and oversight has constrained the FBI's
ability to effectively manage and oversee its EA contractor. More
specifically, it has inhibited the bureau's ability to adequately define
product quality expectations, which in turn increases the chances that
delivered products will require rework. Such rework puts the bureau at
risk of spending more time and money than necessary to produce an
architecture. Because of this, we recommended that the FBI employ
performance-based contracting activities, along with effective contract
tracking and oversight practices, prospectively on all EA contract
actions.

2GAO, Information Technology: FBI Is Taking Steps to Develop an Enterprise
Architecture, but Much Remains to Be Accomplished, GAO-05-363 (Washington,
D.C.: Sept. 9, 2005).

3GAO, Information Technology: FBI Needs An Enterprise Architecture to
Guide Its Modernization Activities, GAO-03-959 (Washington, D.C.: Sept.
25, 2003).

4GAO-05-363.

While we have not reviewed contract management practices across the FBI's
portfolio of IT programs, the Department of Justice's Inspector General
reported in February 2005 that, after investing more than 3 years and $170
million, the FBI was unable to deploy its investigative case management
project-referred to as the Virtual Case File-due in part to weaknesses in
the way contractors were retained and overseen.5 Similarly, the Surveys
and Investigations Staff of the House Appropriations Committee reported in
April 2005 that the bureau lacked the necessary management and controls to
effectively oversee the Virtual Case File contractor and that this
contributed to the FBI's cancellation of the project.6

More recently, the FBI's Chief Information Officer (CIO) acknowledged the
contract management problems that we reported by describing steps under
way to expand the use of performance-based contracting and strengthen
overall contract management. Specifically, the CIO stated that the , had
begun increasing awareness and providing training on the use of
performance-based contracting. According to the CIO, these procedures are
to be fully defined and implemented in 2006.

           3.  Over the past several years, there has been significant
           turnover in the FBI's senior information technology leadership. Is
           consistent and stable information technology leadership something
           Director Mueller needs to remain concerned about?

Consistent and stable management leadership is a human capital best
practice and as such, should be an ongoing and sustained focus of the
Director within all FBI organizational components, including IT. Our
research of private and public organizations that effectively manage IT
shows that they have, among other things, sustained senior leadership at
key IT positions, including the CIO and other IT executive positions.7 As
.9

5U.S. Department of Justice, Office of the Inspector General, The Federal
Bureau of Investigation's Management of the Trilogy Information Technology
Modernization Project, Audit Report 05-07 (February 2005).

6Surveys and Investigations Staff, Committee on Appropriations, House of
Representatives, A Report To The Committee On Appropriations, U.S. House
Of Representatives, on the Federal Bureau Of Investigation's
Implementation Of Virtual Case File (April 2005).

7See, for example, GAO, FBI Transformation: FBI Continues to Make Progress
in Its Efforts to Transform and Address Priorities, GAO-04-578T
(Washington, D.C.: Mar. 23, 2004).

8GAO-04-578T.

Moreover, a recent assessment of the FBI's human capital efforts by the
National Academy of Public Administration states that the bureau still
faces challenges in this area, including establishing an overall strategy
for unifying the various FBI leadership development and other human
capital initiatives and developing and implementing a strategic process to
plan for intermediate and long-term leadership and workforce needs.10 .

           4.  The GAO report states that sufficient resources have not been
           applied to developing an enterprise architecture. Does the FBI
           need to improve its methodology for budgeting for information
           technology management? Does GAO have an estimate for the level of
           additional resources that are needed?

,11 being applied to the architecture program or the bureau's IT
management budgeting methodology.

           5.  The GAO report raises concerns that several of the FBI's
           information technology positions remain vacant. This is somewhat
           frustrating to hear because in the fiscal year 2005 Appropriations
           Act, Congress gave the FBI the authority to provide bonuses of up
           to 50 percent of an employee's salary and provided authority to
           pay certain critical employees more than $175,000 per year. Has
           the FBI been using these new authorities to attract high quality
           information technology staff? What have other agencies done to
           attract talented information technology professionals?

9U.S. Department of Justice, Office of the Inspector General, Statement of
Glenn A. Fine, Inspector General, before the Senate Committee on
Appropriations, Subcommittee on Commerce, Justice, State, and the
Judiciary Concerning Information Technology in the Federal Bureau of
Investigation (Washington, D.C.; Mar. 23, 2004).

10National Academy of Public Administration, Transforming the FBI: Roadmap
to an Effective Human Capital Program, (September 2005).

11See, for example, CIO Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001) and GAO, Information Technology:
A Framework for Assessing and Improving Enterprise Architecture Management
(Version 1.1), GAO-03-584G (Washington, D.C.: April 2003).

12GAO-05-363.

According to a recent National Academy of Public Administration report on
the bureau's management of human capital,13 the FBI requested and was
provided these personnel pay flexibilities in December 2004 to better
retain employees with unique qualifications and to encourage personnel to
relocate to high cost areas. The Academy also reported that the bureau had
not yet used these authorities, in part because it had only recently
developed a policy for doing so.

While our reviews of the FBI's IT management capabilities have not
addressed whether the bureau was using its new authorities to attract
high-quality IT staff

           o  training and professional development,
           o  retention allowances,
           o  skill-based pay to attract and retain the critical skills
           needed for mission accomplishment, and
           o  pay and nonpay incentives for high-performing employees.

. the FBI issued an enterprisewide strategic human capital plan

and then compare them to current human capital strengths and weaknesses.
This will permit gaps to be identified between current capabilities and
those needed to perform established IT functions

13National Academy of Public Administration, Transforming the FBI: Roadmap
to an Effective Human Capital Program, September 2005.

14See, for example, GAO, A Model of Strategic Human Capital Management,
GAO-02-373SP (Washington, D.C.: March 2002), and GAO, Human Capital: A
Guide for Assessing Strategic Training and Development Efforts in the
Federal Government, GAO-03-893G, (Washington, D.C.: July 2003).

15GAO, FBI Reorganization: Progress Made in Efforts to Transform, but
Major Challenges Continue, GAO-03-759T (Washington, D.C.: June 18, 2003).

16GAO-05-1014T.

                                 * * * * * * *

. .

Sincerely yours,

Randolph C. Hite

Director, Information Technology Architecture

and System Issues

(310614)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly
released reports, testimony, and correspondence on its Web site. To have
GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: [email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
D.C. 20548
*** End of document. ***