Federal Bureau of Investigation's Comments on Recent GAO Report on its Enterprise Architecture Efforts
Gao ID: GAO-04-190R November 14, 2003On September 25, 2003, we issued our report on efforts by the Federal Bureau of Investigation (FBI) to develop a corporate blueprint--commonly called an enterprise architecture--to guide and constrain its information technology (IT) systems modernization. (This report is available on GAO's Web site at www.gao.gov/cgi-bin/getrpt?GAO-03-959.) We provided the FBI with a draft of this report on August 22, 2003, requesting that comments be provided by September 18. On September 23, the FBI provided us with written comments. However, the comments were not received in time to be analyzed, incorporated, and responded to in the report and still meet our September 25, 2003, reporting commitment to Congress. As discussed with Congress at that time, we did not extend the reporting date in order to include the FBI's comments and instead are transmitting and responding to them in this follow-up correspondence.
In its written comments signed by the Assistant Director, Inspection Division, the FBI made two primary points. First, it expressed its commitment to developing and using an enterprise architecture (EA), including (1) agreeing with our conclusion that it needs an architecture to effectively manage its IT systems modernization; (2) consistent with our recommendations, stating that it recognized the need for immediate attention to its architecture efforts; and (3) noting that it was managing its architecture effort as an IT modernization enabler and priority. Related to this first point, the FBI also stated that it has efforts currently under way to improve its EA posture, and that substantial and real progress has already been made in doing so. For example, it stated that an executive team had been established to (1) assess the bureau's EA status and resource needs using our EA maturity management framework and (2) formulate recommendations for improvement. Although the FBI's comments did not specify when it would complete the assessment, it did state that the necessary resources would be applied to architecture development, maintenance, and implementation following the results of the assessment.