Information Technology
Responses to Subcommittee Post-Hearing Questions Regarding the FBI's Management Practices and Acquisition of a New Investigative Case Management System Gao ID: GAO-06-302R December 21, 2005This letter responds to follow-up questions about our September 14, 2005, testimony before Congress. In that testimony, we discussed the Federal Bureau of Investigation's (FBI) progress in building management capabilities essential to successfully modernizing its information technology (IT) systems. Systems modernization is a vital part of the FBI's ongoing efforts to transform itself in the wake of the September 11, 2001, terrorist attacks.
Notwithstanding the fact that any agency faces considerable risk if it does not have a complete and enforceable enterprise architecture (EA) to guide and constrain system investments, this does not mean an agency should categorically decide not to invest in a given system until such an architecture exists. Rather, our position has consistently been that such risks, such as lack of interoperability with or duplication of other systems, need to be (1) fully disclosed and considered in deciding whether to invest in the system and (2) managed when a decision is made to proceed with an investment without an architecture because of other compelling reasons, such as an urgent mission need. The absence of performance-based contracting and effective contractor tracking and oversight has constrained the FBI's ability to effectively manage and oversee its EA contractor. More specifically, it has inhibited the bureau's ability to adequately define product quality expectations, which in turn increases the chances that delivered products will require rework. Such rework puts the bureau at risk of spending more time and money than necessary to produce an architecture. Consistent and stable management leadership is a human capital best practice and as such, should be an ongoing and sustained focus of the Director within all FBI organizational components, including IT. According to federal guidance, an agency should have the resources (funding and human capital) to establish and effectively manage its EA program. Our report did not identify issues or take exception with the sufficiency of the architecture program's funding level being applied to the architecture program or the bureau's IT management budgeting methodology. However, it did state that key human capital resources were not in place. In particular, four of five key architect positions were vacant. According to bureau officials, the absence of these key staff was hampering their architecture development efforts. Bureau officials told us that job announcements had been issued for the four key architect positions, but it had been difficult finding the right candidates. According to a recent National Academy of Public Administration report on the bureau's management of human capital, the FBI requested and was provided these personnel pay flexibilities in December 2004 to better retain employees with unique qualifications and to encourage personnel to relocate to high cost areas. The Academy also reported that the bureau had not yet used these authorities, in part because it had only recently developed a policy for doing so. Our research of leading organizations, in addition to our experience in evaluating federal agencies, shows that successful organizations attract IT professionals by taking a strategic approach to human capital management. This includes developing strategies tailored to addressing gaps between the current workforce and future needs, including investing in training and professional development, retention allowances, skill-based pay to attract and retain the critical skills needed for mission accomplishment, and pay and nonpay incentives for high-performing employees.
GAO-06-302R, Information Technology: Responses to Subcommittee Post-Hearing Questions Regarding the FBI's Management Practices and Acquisition of a New Investigative Case Management System
This is the accessible text file for GAO report number GAO-06-302R
entitled 'Information Technology: Responses to Subcommittee Post-
hearing Questions Regarding the FBI's Management Practices and
Acquisition of a New Investigative Case Management System' which was
released on December 22, 2005.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
Washington, DC 20548:
December 21, 2005:
The Honorable Frank R. Wolf:
Chairman, Subcommittee on Science, the Departments of State, Justice,
and Commerce, and Related Agencies:
Committee on Appropriations:
House of Representatives:
Subject: Information Technology: Responses to Subcommittee Post-
hearing Questions Regarding the FBI's Management Practices and
Acquisition of a New Investigative Case Management System:
Dear Mr. Chairman:
This letter responds to your follow-up questions about our September
14, 2005, testimony [Footnote 1] before your Subcommittee. In that
testimony, we discussed the Federal Bureau of Investigation's (FBI)
progress in building management capabilities essential to successfully
modernizing its information technology (IT) systems. As you know,
systems modernization is a vital part of the FBI's ongoing efforts to
transform itself in the wake of the September 11, 2001, terrorist
attacks. Your questions and our responses are as follows:
1. GAO's recently completed report on the FBI's information technology
enterprise architecture concludes the FBI has made progress on this
effort but much more remains to be done. The report states that "until
the Bureau has a complete and enforceable enterprise architecture, it
remains at risk of developing systems that do not effectively and
efficiently support mission operations and performance. "Does this mean
that the FBI should not proceed with its new case management system
"Sentinel" until these deficiencies are addressed?
Notwithstanding the fact that any agency faces considerable risk if it
does not have a complete and enforceable enterprise architecture to
guide and constrain system investments, this does not mean an agency
should categorically decide not to invest in a given system until such
an architecture exists. Rather, our position has consistently been that
such risks, such as lack of interoperability with or duplication of
other systems, need to be (1) fully disclosed and considered in
deciding whether to invest in the system and (2) managed when a
decision is made to proceed with an investment without an architecture
because of other compelling reasons, such as an urgent mission need. In
the case of Sentinel, this means that the FBI's decision to proceed
with the program concurrent with its development of the enterprise
architecture (EA) should be based on the consideration of such risks.
It also means that proactive steps should be taken to minimize these
risks. Accordingly, our report [Footnote 2] did not state that the FBI
should not proceed with Sentinel until it had a complete and
enforceable architecture.
Our research and evaluations of agencies has shown that certain urgent
and compelling mission needs will necessitate acquiring system
capabilities at the same time architectures are being developed. A key
to dealing with this practical reality is recognizing that doing so
increases the risk of deploying systems that are duplicative, not well
integrated, and unnecessarily costly to operate and interface. A
related key to success is for agencies in this situation to develop and
implement strategies to effectively mitigate the risks associated with
acquiring, developing, and implementing systems while the enterprise
architecture is still evolving. This is especially important for the
FBI because its EA program and Sentinel are long-term, multi-phased
initiatives that are running concurrently. This is why we recommended
[Footnote 3] in September 2003 that the FBI develop and implement a
strategy to mitigate the risks associated with continued investment in
modernized systems before it has developed an architecture and the
controls for enforcing its implementation.
The FBI has taken steps to address this recommendation. For example,
the bureau has defined and issued an initial version of an interim "to-
be" architecture that (1) focuses on the bureau's investigative,
intelligence, and analytical lines of business that are to be supported
by Sentinel; (2) identifies overlaps and dependencies between Sentinel
and other enterprise components; and (3) contains plans to avoid
duplication and redundancy.
2. The report states that the FBI is relying heavily on contractor
support to develop its enterprise architecture; however, it is not
using effective contract management controls for this contract.
Specifically, the report is critical of the FBI for not using a
performance-based contract and for not performing effective contractor
tracking and oversight. Please describe how these contracting
deficiencies could impact the FBI's ability to develop an enterprise
architecture in a timely fashion? Does GAO believe these contract
management problems only pertain to this project or do they exist
throughout the FBI's information technology program, including the new
case management system?
As we state in our report, [Footnote 4] the absence of performance-
based contracting and effective contractor tracking and oversight has
constrained the FBI's ability to effectively manage and oversee its EA
contractor. More specifically, it has inhibited the bureau's ability to
adequately define product quality expectations, which in turn increases
the chances that delivered products will require rework. Such rework
puts the bureau at risk of spending more time and money than necessary
to produce an architecture. Because of this, we recommended that the
FBI employ performance-based contracting activities, along with
effective contract tracking and oversight practices, prospectively on
all EA contract actions.
While we have not reviewed contract management practices across the
FBI's portfolio of IT programs, the Department of Justice's Inspector
General reported in February 2005 that, after investing more than 3
years and $170 million, the FBI was unable to deploy its investigative
case management project-referred to as the Virtual Case File-due in
part to weaknesses in the way contractors were retained and overseen.
[Footnote 5] Similarly, the Surveys and Investigations Staff of the
House Appropriations Committee reported in April 2005 that the bureau
lacked the necessary management and controls to effectively oversee the
Virtual Case File contractor and that this contributed to the FBI's
cancellation of the project. [Footnote 6]
More recently, the FBI's Chief Information Officer (CIO) acknowledged
the contract management problems that we reported by describing steps
under way to expand the use of performance-based contracting and
strengthen overall contract management. Specifically, the CIO stated
that the Finance Division, which is responsible for bureau contracting
policies and procedures, had begun increasing awareness and providing
training on the use of performance-based contracting. The CIO also
stated that the bureau is in the process of implementing an FBI-wide
life cycle management directive that is to define procedures for the
use of performance-based contracting methods and the establishment of
contract tracking and oversight structures, policies, and processes.
According to the CIO, these procedures are to be fully defined and
implemented in 2006.
3. Over the past several years, there has been significant turnover in
the FBI's senior information technology leadership. Is consistent and
stable information technology leadership something Director Mueller
needs to remain concerned about?
Consistent and stable management leadership is a human capital best
practice and as such, should be an ongoing and sustained focus of the
Director within all FBI organizational components, including IT. Our
research of private and public organizations that effectively manage IT
shows that they have, among other things, sustained senior leadership
at key IT positions, including the CIO and other IT executive
positions. [Footnote 7] As we and others have reported, the FBI has
been challenged in its ability to retain individuals in senior IT
positions. For example, in March 2004, we reported [Footnote 8] that
the CIO had changed 5 times over the previous 24 months, and the IT
official responsible for developing the bureau's architecture-the chief
architect-had changed 5 times during the previous 16 months. About the
same time, the Department of Justice's Inspector General reported that
leadership turnover was also occurring on key IT projects, such as
Trilogy. [Footnote 9]
Moreover, a recent assessment of the FBI's human capital efforts by the
National Academy of Public Administration states that the bureau still
faces challenges in this area, including establishing an overall
strategy for unifying the various FBI leadership development and other
human capital initiatives and developing and implementing a strategic
process to plan for intermediate and long-term leadership and workforce
needs. [Footnote 10] According to the Academy, while the bureau is
taking steps to improve the situation, much more needs to be done.
4. The GAO report states that sufficient resources have not been
applied to developing an enterprise architecture. Does the FBI need to
improve its methodology for budgeting for information technology
management? Does GAO have an estimate for the level of additional
resources that are needed?
According to federal guidance, [Footnote 11] an agency should have the
resources (funding and human capital) to establish and effectively
manage its EA program. Our report [Footnote 12] did not identify issues
or take exception with the sufficiency of the architecture program's
funding level being applied to the architecture program or the bureau's
IT management budgeting methodology. However, it did state that key
human capital resources were not in place. In particular, four of five
key architect positions were vacant. According to bureau officials, the
absence of these key staff was hampering their architecture development
efforts. Bureau officials told us that job announcements had been
issued for the four key architect positions, but it had been difficult
finding the right candidates.
5. The GAO report raises concerns that several of the FBI's information
technology positions remain vacant. This is somewhat frustrating to
hear because in the fiscal year 2005 Appropriations Act, Congress gave
the FBI the authority to provide bonuses of up to 50 percent of an
employee's salary and provided authority to pay certain critical
employees more than $175,000 per year. Has the FBI been using these new
authorities to attract high quality information technology staff? What
have other agencies done to attract talented information technology
professionals?
According to a recent National Academy of Public Administration report
on the bureau's management of human capital, [Footnote 13] the FBI
requested and was provided these personnel pay flexibilities in
December 2004 to better retain employees with unique qualifications and
to encourage personnel to relocate to high cost areas. The Academy also
reported that the bureau had not yet used these authorities, in part
because it had only recently developed a policy for doing so.
While our reviews of the FBI's IT management capabilities have not
addressed whether the bureau was using its new authorities to attract
high-quality IT staff, our research of leading organizations, in
addition to our experience in evaluating federal agencies, shows that
successful organizations attract IT professionals by taking a strategic
approach to human capital management. [Footnote 14] This includes
developing strategies tailored to addressing gaps between the current
workforce and future needs, including investing in:
* training and professional development,
* retention allowances,
* skill-based pay to attract and retain the critical skills needed for
mission accomplishment, and:
* pay and nonpay incentives for high-performing employees.
We previously reported [Footnote 15] on the FBI's need to take such a
strategic approach to help it better attract and retain high-quality IT
personnel. In March 2004, the FBI issued an enterprisewide strategic
human capital plan, including policies and procedures for IT human
capital. Since then, the CIO told us that his office is taking
additional steps to enhance its IT human capital capability, including
targeting training and professional certifications.
However, as we have previously reported, [Footnote 16] the bureau has
yet to create an integrated plan of action that is based on a
comprehensive analysis of human capital roles and responsibilities
needed to support the IT functions established under the office of the
CIO's reorganization. Such an analysis should include an assessment of
core competencies and essential knowledge, skills, and abilities and
then compare them to current human capital strengths and weaknesses.
This will permit gaps to be identified between current capabilities and
those needed to perform established IT functions. The plan should then
describe actions needed to fill the identified gaps (that is, the
planned combination of hiring, training, contractor support, and so
on), along with time frames, resources, performance measures, and
accountability structures. According to the CIO, he is in the process
of hiring a contractor with human capital expertise to help identify
gaps between existing and needed skills and abilities and intends to
have this effort completed, including the development of an
implementation plan to address any gaps, by the end of 2005.
In responding to these questions, we relied on past work related to our
reviews of the FBI's management of its IT and our best practices
research and evaluations of IT management at other federal agencies. We
conducted this past work in accordance with generally accepted
government auditing standards. We are sending copies of this letter to
other interested congressional committees. Copies will also be
available at no charge at our Web site at http://www.gao.gov. If you
have questions about our responses, please contact me at (202) 512-3439
or hiter@gao.gov. Contact points for our Offices of Congressional
Relations and Public Affairs may be found on the last page of this
correspondence. Key contributors to this product include Gary Mountjoy,
Assistant Director; Justin Booth; Nancy Glover; Dan Gordon; and Teresa
Tucker.
Sincerely yours,
Signed by:
Randolph C. Hite:
Director, Information Technology Architecture and System Issues:
(310614):
Page 6:
FOOTNOTES:
[1] GAO, Information Technology: FBI Is Building Management
Capabilities Essential to Successful System Deployments, but Challenges
Remain, GAO-05-1014T (Washington, D.C.: Sept. 14, 2005).
[2] GAO, Information Technology: FBI Is Taking Steps to Develop an
Enterprise Architecture, but Much Remains to Be Accomplished, GAO-05-
363 (Washington, D.C.: Sept. 9, 2005).
[3] GAO, Information Technology: FBI Needs An Enterprise Architecture
to Guide Its Modernization Activities, GAO-03-959 (Washington, D.C.:
Sept. 25, 2003).
[4] GAO-05-363.
[5] U.S. Department of Justice, Office of the Inspector General, The
Federal Bureau of Investigation's Management of the Trilogy Information
Technology Modernization Project, Audit Report 05-07 (February 2005).
[6] Surveys and Investigations Staff, Committee on Appropriations,
House of Representatives, A Report To The Committee On Appropriations,
U.S. House Of Representatives, on the Federal Bureau Of Investigation's
Implementation Of Virtual Case File (April 2005).
[7] See, for example, GAO, FBI Transformation: FBI Continues to Make
Progress in Its Efforts to Transform and Address Priorities, GAO-04-
578T (Washington, D.C.: Mar. 23, 2004).
[8] GAO-04-578T.
[9] U.S. Department of Justice, Office of the Inspector General,
Statement of Glenn A. Fine, Inspector General, before the Senate
Committee on Appropriations, Subcommittee on Commerce, Justice, State,
and the Judiciary Concerning Information Technology in the Federal
Bureau of Investigation (Washington, D.C.; Mar. 23, 2004).
[10] National Academy of Public Administration, Transforming the FBI:
Roadmap to an Effective Human Capital Program, (September 2005).
[11] See, for example, CIO Council, A Practical Guide to Federal
Enterprise Architecture, Version 1.0 (February 2001) and GAO,
Information Technology: A Framework for Assessing and Improving
Enterprise Architecture Management (Version 1.1), GAO-03-584G
(Washington, D.C.: April 2003).
[12] GAO-05-363.
[13] National Academy of Public Administration, Transforming the FBI:
Roadmap to an Effective Human Capital Program, September 2005.
[14] See, for example, GAO, A Model of Strategic Human Capital
Management, GAO-02-373SP (Washington, D.C.: March 2002), and GAO, Human
Capital: A Guide for Assessing Strategic Training and Development
Efforts in the Federal Government, GAO-03-893G, (Washington, D.C.: July
2003).
[15] GAO, FBI Reorganization: Progress Made in Efforts to Transform,
but Major Challenges Continue, GAO-03-759T (Washington, D.C.: June 18,
2003).
[16] GAO-05-1014T.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. However, because
this work may contain copyrighted images or other material, permission
from the copyright holder may be necessary if you wish to reproduce
this material separately.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates.":
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jan-non, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonPl@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
