Skip to main content

Information Technology: Foundational Steps Being Taken to Make Needed FBI Systems Modernization Management Improvements

GAO-04-842 Published: Sep 10, 2004. Publicly Released: Sep 10, 2004.
Jump To:
Skip to Highlights

Highlights

The Federal Bureau of Investigation (FBI) is investing more than a billion dollars over 3 years to modernize its information technology (IT) systems. The modernization is central to the bureau's ongoing efforts to transform the organization. GAO was asked to determine whether the FBI has (1) an integrated plan for modernizing its IT systems and (2) effective policies and procedures governing management of IT human capital, systems acquisition, and investment selection and control.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Federal Bureau of Investigation Until the bureau's IT management foundation is completed and available to effectively guide and constrain the hundreds of millions of dollars it is spending on IT investments, the Director of the FBI should direct the heads of the divisions to limit spending on their respective IT investments to cost-effective efforts that are congressionally directed; take advantage of near-term, relatively small, low-risk opportunities to leverage technology in satisfying a compelling bureau need; support operations and maintenance of existing systems critical to the FBI's mission; and support establishment of the FBI's IT management foundation, including the development of a modernization blueprint (enterprise architecture), initiation of integrated project planning, and development of IT management policies and procedures for systems acquisition and investment selection and control.
Closed – Implemented
Concurrent with the bureau's efforts over the last several years to establish and implement corporate IT management controls, it has taken steps to identify and prioritize proposed IT investments using various tools and methods, such as its IT Investment Ranking Score Sheet. According to FBI IT investment management guidance, IT investments are scored based on criteria, including the four categories of spending that we recommended, and those investments that score relatively low (i.e., are ranked at the bottom of the sheet) are either not selected for funding or are treated as lower priorities and funded accordingly.
Federal Bureau of Investigation The FBI Director should provide the CIO with the responsibility and authority for managing IT bureauwide, including budget management control and oversight of IT programs and initiatives.
Closed – Implemented
Consistent with the Director's 2004 announcement and FBI's IT investment management guidance, the CIO is responsible for developing, implementing, and managing the IT investment management process, and is the chair of the bureau's Investment Management Board, which is the bureau's corporate body for reviewing and approving IT investments. Based on our analysis of FBI documentation, the CIO is actively involved in overseeing the bureau's IT investments and the progress of IT programs and initiatives.
Federal Bureau of Investigation The FBI Director, with assistance from the CIO, should ensure that future and ongoing modernization plans and efforts are effectively integrated by establishing a bureauwide requirement (policy) to develop an integrated plan (or set of plans) for modernization investments.
Closed – Implemented
The FBI has developed and issued enterprise architecture development, maintenance, and implementation policies, and it has issued incremental versions of its enterprise architecture, to include transition plans for investing in IT. The latest version of the architecture and transition plan is dated June 2006. The purpose of this transition plan is to provide an integrated roadmap for modernizing and investing in IT in a way to effectively and efficiently migrate from the bureau's current IT environment to its target IT environment.
Federal Bureau of Investigation The FBI Director, with assistance from the CIO, should ensure that future and ongoing modernization plans and efforts are effectively integrated by developing corresponding guidance on plan contents and scope.
Closed – Implemented
The FBI has developed and issued policies to guide the planning and scope of its IT modernization efforts. For example, the bureau has issued enterprise architecture development, maintenance, and implementation policies, which provide for the content and scope of the architecture, including the modernization transition plan for moving from the current architecture environment to the target architecture environment. This transition plan is being used to, among other things, inform the timing, sequencing, and integration of system investments. Further, the bureau has issued its Life Cycle Management Directive, which defines an IT systems development methodology that includes controls and mechanisms for aligning investments to the architecture and transition plan.
Federal Bureau of Investigation The FBI Director, with assistance from the CIO, should ensure that future and ongoing modernization plans and efforts are effectively integrated by ensuring the appropriate resources and training are available to implement policy and guidance.
Closed – Implemented
The FBI has continued to devote a range of resources, including human capital, management tools, and contractor support, to assist it in implementing its transition plan, which is an integrated and sequenced roadmap for moving from its current to its target architectural environment. For example, on its Sentinel program, which is included in the transition plan, we reported in 2006 that it had fully staffed its program office and was employing extensive contract management support. Additionally, we reported in 2007 and 2008 that the program office was employing key program management tools, such as those for managing the system's configuration and for managing and controlling the system's requirements.
Federal Bureau of Investigation The FBI Director, with assistance from the CIO, should ensure that future and ongoing modernization plans and efforts are effectively integrated by assigning responsibility and accountability for developing the plans.
Closed – Implemented
The FBI has issued enterprise architecture development and maintenance policies and guidance that assign responsibility and accountability for developing modernization plans, including responsibility and accountability for developing the FBI's enterprise architecture, which includes a modernization transition plan for moving from the current to the target architecture environment. Further, the bureau has issued its Life Cycle Management Directive and its IT Investment Management guidance, which assigns responsibility and accountability for implementing the modernization transition plan and developing plans for individual IT investments. Among other things, it establishes a bureau-wide body, chaired by the CIO, for reviewing and approving plans for individual IT investments throughout their lifecycles.
Federal Bureau of Investigation The FBI Director, with assistance from the CIO, should ensure that future and ongoing modernization plans and efforts are effectively integrated by assigning responsibility and accountability to the CIO for reviewing the plans to ensure adherence to the policy and guidance, including alignment with the bureau's enterprise architecture.
Closed – Implemented
The FBI has taken steps in ensure that the CIO reviews the bureau's modernization plans and efforts for adherence to policy and alignment with the FBI enterprise architecture. Specifically, the modernization plan is part of the enterprise architecture, providing an roadmap for transitioning from the current to the target architectural environment. Further, the FBI's IT Information Management (ITIM) governance document, signed by the FBI Director, charges the CIO with responsibility for the development, implementation, and management of the ITIM process within the FBI, to include an Investment Management Board, which is a senior-level, bureau-wide committee chaired by the CIO to review IT investments for, among other things, alignment with the FBI's enterprise architecture.
Federal Bureau of Investigation The FBI Director, with the CIO's assistance, should take action to ensure that the bureau establishes effective policies and procedures for systems acquisition and investment management selection and control. With regard to systems acquisition, the Director of the FBI should correct the weaknesses in configuration management, project management, quality assurance, requirements development and management, and risk management policies and procedures described in this report's body and detailed in appendix III and implement the resulting changes accordingly.
Closed – Implemented
The FBI has established a range of policies, procedures, and guidance for systems acquisition and investment management selection and control, such as those in its 2006 Life Cycle Management Directive, 2007 Project Manager's Handbook, and 2004 Investment Management Guide. With regard to systems acquisition, these policies and procedures address configuration management, quality assurance, requirements management, and risk management in a manner that reflects published guidance and other leading practices and thereby addresses the weaknesses that we reported. Moreover, our analysis of the FBI's Sentinel program shows that these polices and procedures are being implemented.
Federal Bureau of Investigation The FBI Director, with the CIO's assistance, should take action to ensure that the bureau establishes effective policies and procedures for systems acquisition and investment management selection and control. With regard to systems acquisition, the Director of the FBI should assess the other divisions that manage IT investments to determine whether their policies and procedures align with best practices and, to the extent there are gaps, correcting them.
Closed – Implemented
The FBI has established a range of bureau-wide policies, procedures, and guidance for systems acquisition and investment management selection and control that apply FBI-wide. These include the bureau's 2006 Life Cycle Management Directive, 2007 Project Manager's Handbook, and 2004 IT Investment Management Guide. In 2007 and 2008, we reported that these policies, procedures, and guidance collectively addresses leading practices, and were largely being implemented on the Sentinel program. While we could not verify the extent to which these policies, procedures, and guidance are being implemented across each of the FBI's divisions, we consider this recommendation to be largely implemented because the FBI has required their use bureau-wide.
Federal Bureau of Investigation The FBI Director, with the CIO's assistance, should take action to ensure that the bureau establishes effective policies and procedures for systems acquisition and investment management selection and control. With regard to IT investment management, the Director of the FBI should develop the bureau's investment management processes in accordance with key IT investment decision-making best practices, such as GAO's IT investment management framework.
Closed – Implemented
The FBI has established a range of policies, procedures, and guidance for systems acquisition and investment management selection and control, such as those in its 2004 IT Investment Management Guide. Our analysis of this guide, as well as reports from the Department of Justice Inspector General, show that this guide reflects leading investment management practices, including GAO's ITIM framework.
Federal Bureau of Investigation The FBI Director, with the CIO's assistance, should take action to ensure that the bureau establishes effective policies and procedures for systems acquisition and investment management selection and control. With regard to IT investment management, the Director of the FBI should identify, and acting on, options for speeding up their implementation.
Closed – Implemented
The FBI has established a range of policies, procedures, and guidance for systems acquisition and investment management selection and control, such as those in its 2006 Life Cycle Management Directive, 2007 Project Manager's Handbook, and 2004 IT Investment Management Guide. Moreover, the FBI has moved swiftly in implementing in implementing them. For example, shortly after publishing its IT Investment Management Guide, the bureau established its Investment Review Board, chaired by the CIO, and began reviewing each investment against defined investment criteria. Further, our reviews of the FBI's Sentinel program shows that it has quickly adopted the policies and procedures that have been established, and has even identified , and acted on, other effective acquisition and investment management practices to provide for their speedy implementation out ahead of evolving policies, procedures, and guidance.

Full Report

Office of Public Affairs

Topics

Best practicesComparative benchmarking productsHuman capitalHuman capital ITInformation systemsInformation technologyInternal controlsInvestment planningPolicy evaluationStrategic information systems planningSystems conversionsIT human capitalPolicies and procedures