Information Technology Management:
Observations on the Financial Crimes Enforcement Network's (FinCEN's) BSA Direct Retrieval and Sharing (BSA Direct R&S) Project
GAO-06-947R, Jul 14, 2006
- Accessible Text:
The Financial Crimes Enforcement Network's (FinCEN) primary function is to support and strengthen domestic and international anti-money laundering efforts through coordination and partnerships. Since its creation in 1990, FinCEN has been responsible for overseeing the management, processing, storage and dissemination of Bank Secrecy Act (BSA) data. In 2004, FinCEN embarked on a major initiative intended to improve the sharing of information reported under the Bank Secrecy Act. BSA Direct is an umbrella project intended to provide secure, user-friendly, web-based tools for accessing, analyzing, and filing BSA data. It is part of a broad effort to reengineer data management responsibilities and transition them from the IRS. During the early spring of 2006, it became clear to FinCEN that the Retrieval and Sharing component of the BSA Direct project (BSA Direct R&S) was not going to meet the critical implementation deadline of June 30, 2006. Because FinCEN has experienced problems with development and implementation of the BSA Direct R&S, Congress asked us about the project's current status and to provide observations on FinCEN's IT investment management practices. Our objectives were to (1) describe BSA Direct R&S and the project's current status; (2) examine FinCEN's application of information technology (IT) investment management processes to the BSA Direct R&S project; and (3) describe, at a high level, the range of options FinCEN may consider as it reexamines the BSA Direct R&S project.
On March 15, 2006 the director of FinCEN placed the Retrieval and Sharing component of the BSA Direct project under a temporary "stop work" order because of significant cost, schedule, and performance issues. For example, phase one of the project was planned for completion in 250 days but was actually completed in 373 days. Judging against the criteria of GAO's framework for information technology investment management, GAO found that FinCEN did not always apply effective investment management processes to oversee the BSA Direct R&S project. This, in part, contributed to the problems experienced by the project, because issues that occurred at the project management level continued and compounded, yet were not addressed at the executive level. For example, MITRE--the organization assisting FinCEN with project monitoring--identified multiple occasions where FinCEN did not take action to mitigate project risks or address significant de-scoping of project functionality. FinCEN is considering three basic options in determining whether or not to continue the BSA Direct R&S project. These include reestablishing a modified contract; finding a new contractor to take over the project; or terminating the contract and assessing needs and plans for new capabilities. FinCEN's inadequate application of sound information technology investment management processes and controls to the BSA Direct R&S project contributed to the cost, schedule, and performance issues that have plagued the project from its inception. FinCEN plans to determine the future direction of BSA Direct R&S in mid-July 2006. Regardless of what decision is made, FinCEN runs the risk of having similar problems and similar results in the future unless better investment management processes and procedures are put in place.
- Review Pending
- Closed - implemented
- Closed - not implemented
Recommendation for Executive Action
Recommendation: In light of the issues experienced on the BSA Direct R&S project, the Director of FinCEN should direct the Chief Information Officer (CIO) to develop a plan for improving the agency's capabilities for overseeing the BSA Direct project. The plan should focus in particular on establishing policies and procedures for executives to regularly review investments' progress against commitments and take corrective actions when these commitments are not met. In addition, the plan should (1) specify measurable goals, objectives, and milestones; (2) specify needed resources; (3) assign clear responsibility and accountability for accomplishing tasks; and (4) be approved by the Director of FinCEN. In implementing the plan, the FinCEN CIO should report progress against expectations to the FinCEN Director and take appropriate actions to address deviations.
Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network
Status: Closed - Not Implemented
Comments: On July 13, 2006, FinCEN announced it would permanently halt the Bank Secrecy Act (BSA) Direct Retrieval and Sharing Component Project. According to the FinCEN liaison, the agency terminated the contract for its development and the BSA Direct Project no longer exists. Further, the agency plans no additional action.