FBI Is Taking Steps to Develop an Enterprise Architecture, but Much Remains to Be Accomplished
GAO-05-363: Published: Sep 9, 2005. Publicly Released: Sep 9, 2005.
The Federal Bureau of Investigation (FBI) is currently modernizing its information technology (IT) systems to support its efforts to adopt a more bureauwide, integrated approach to performing its mission. A key element of such systems modernization programs is the use of an enterprise architecture (EA), which is a blueprint of an agency's current and planned operating and systems environment, as well as an IT investment plan for transitioning between the two. The conference report accompanying FBI's fiscal year 2005 appropriations directed GAO to determine (1) whether the FBI is managing its EA program in accordance with established best practices and (2) what approach the bureau is following to track and oversee its EA contractor, including the use of effective contractual controls.
The FBI is managing its EA program in accordance with many best practices, but other such practices have yet to be adopted. These best practices, which are described in GAO's EA management maturity framework, are those necessary for an organization to have an effective architecture program. Examples of practices that the bureau has implemented include establishing a program office that is responsible for developing the architecture, having a written and approved policy governing architecture development, and continuing efforts to develop descriptions of the FBI's "as is" and "to be" environments and sequencing plan. The establishment of these and other practices represents important progress from the bureau's status 2 years ago, when GAO reported that the FBI lacked both an EA and the means to develop and enforce one. Notwithstanding this progress, much remains to be accomplished before the FBI will have an effective EA program. For example, the EA program office does not yet have adequate resources, and the architecture products needed to adequately describe either the current or the future architectural environments have not been completed. Until the bureau has a complete and enforceable EA, it remains at risk of developing systems that do not effectively and efficiently support mission operations and performance. The FBI is relying heavily on contractor support to develop its EA; however, it has not employed effective contract management controls in doing so. Specifically, the bureau has not used performance-based contracting, an approach that is required by federal acquisition regulations whenever practicable. Further, the bureau is not employing the kind of effective contractor tracking and oversight practices specified in relevant acquisition management guidance. According to FBI officials, the agency's approach to managing its EA contractor is based on its long-standing approach to managing IT contractors: that is, working with the contractor on iterations of each deliverable until the bureau deems it acceptable. This approach, in GAO's view, is not effective and efficient. According to FBI officials, as soon as the bureau completes an ongoing effort to redefine its policies and procedures for managing IT programs (including, for example, the use of performance-based contracting methods and the tracking and oversight of contractor performance), it will adopt these new policies and procedures. Until effective contractor management policies and procedures are defined and implemented on the EA program, the likelihood of the FBI effectively and efficiently producing a complete and enforceable architecture is diminished.
Recommendation for Executive Action
Status: Closed - Implemented
Comments: FBI has taken actions to employ performance-based contracting and effective contract tracking and oversight practices on its enterprise architecture (EA) program. First, it has written the contract performance work statement for EA Phase IV in measurable, results-oriented terms for specific tasks (e.g., EA product integration) and for EA products (e.g., a transition roadmap for business processes). Second, it has established positive and negative contractor performance incentives (e.g., an award fee and a penalty of up to 3 percent of the contract's value related to EA product quality and timeliness). Also, a Quality Assurance Surveillance Plan has been developed that specifies the timeliness and quality level analysis to be performed, along with pass/fail criteria for products. Third, the Bureau has adopted its existing contract management processes, supplemented by its EA project management plan, to manage and oversee the EA contractor. In this regard, the project management plan describes a number of performance monitoring and progress reporting mechanisms, such as earned value management, program management reviews, and status tracking and reporting of project action items. Fourth, responsibility for managing contract tracking and oversight activities has been assigned. Specifically, the EA Program Office and its EA Strategic Planning Unit are responsible for managing execution of all contract related activities and tasks, while the Assistant Director of the Office of IT Policy and Planning is responsible for contract management oversight.
Recommendation: Given the FBI's heavy reliance on contractor assistance in developing its EA and the state of its contract management controls, the FBI Director should direct the Chief Financial Officer, in conjunction with the Chief Information Officer, to ensure that to the maximum extent practicable, performance-based contracting activities, along with effective contract tracking and oversight practices, are employed prospectively on all EA contract actions. This should include, among other things, defining contractor work in measurable, results-oriented terms; establishing positive and negative contractor performance incentives; and defining and implementing contractor tracking and oversight processes consistent with acquisition management guidance.
Agency Affected: Department of Justice: Federal Bureau of Investigation