Skip to main content

Information Technology: FBI Is Implementing Key Acquisition Methods on Its New Case Management System, but Related Agencywide Guidance Needs to Be Improved

GAO-08-1014 Published: Sep 23, 2008. Publicly Released: Sep 23, 2008.
Jump To:
Skip to Highlights

Highlights

The Federal Bureau of Investigation (FBI) is 3 years into its 6-year, $451 million program known as Sentinel, which is to replace its antiquated, paper-based, legacy systems for supporting mission-critical intelligence analysis and investigative case management activities. Because of the importance of Sentinel to the bureau's mission operations, GAO was asked to conduct a series of reviews on the FBI's management of the program. This review focuses on whether the FBI is employing effective methods in acquiring commercial solutions for Sentinel. To do so, GAO researched relevant best practices; reviewed FBI policies and procedures, program plans, and other program documents; and interviewed appropriate program officials.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Federal Bureau of Investigation To leverage key commercial component-based acquisition methods being implemented on Sentinel, and increase the chances of these practices being implemented on all FBI IT programs, the FBI Director should instruct the Chief Information Officer to incorporate into FBI policy or guidance each of the practices that we identified in this report as not being addressed relative to requirements/commercial product trade-off analysis.
Closed – Implemented
In September 2011, the Federal Bureau of Investigation (FBI) implemented this recommendation by updating its recommended Analysis/Trade Study Report template (DT-005) to have project teams analyze trade-offs between implemented systems and competing design alternatives to determine the best fit based on commercial component capabilities and high-level project requirements as part of the tailoring process outlined in FBI's IT Life Cycle Management framework. The template states that this analysis should be revisited early and continuously throughout the system acquisition life cycle, beginning at the system concept exploration phase and continuing through project-level and bureau governance milestone reviews. Additionally, the template states that the analysis should address the relative quality and cost trade-offs between the commercial alternatives and should involve relevant stakeholders in trade-off analyses and decision making processes. By requiring periodic reassessment of system design with respect to commercial alternatives, the Bureau has increased the likelihood that its investments in information systems will deliver required capabilities in a timely and cost-effective way.
Federal Bureau of Investigation To leverage key commercial component-based acquisition methods being implemented on Sentinel, and increase the chances of these practices being implemented on all FBI IT programs, the FBI Director should instruct the Chief Information Officer to incorporate into FBI policy or guidance each of the practices that we identified in this report as not being addressed relative to commercial product dependency analysis.
Closed – Implemented
In November 2008, the Federal Bureau of Investigation (FBI) implemented this recommendation by developing guidance for commercial product dependency analysis as part of the tailoring process outlined in FBI's IT Life Cycle Management framework. For instance, FBI project teams now allocate requirements among the various commercial components that constitute a given system design in a Requirements Traceability Matrix (DT-031). Consistent with our recommendation, the matrix requires, for example, that system and interface requirements be allocated to sub-systems, hardware and software components, as well as test procedures and results. In addition, FBI project teams complete an Interface Control Document, which specifies system requirements associated with the equipment, software, operations, or services affecting the involved systems or segments. Moreover, bureau officials stated that certain of its information technology (IT) projects have utilized iterative prototyping, a leading practice for ensuring that system components will successfully interact. By taking these actions, FBI has helped ensure that its IT investments will deliver required capabilities in a timely and cost-effective fashion.
Federal Bureau of Investigation To leverage key commercial component-based acquisition methods being implemented on Sentinel, and increase the chances of these practices being implemented on all FBI IT programs, the FBI Director should instruct the Chief Information Officer to incorporate into FBI policy or guidance each of the practices that we identified in this report as not being addressed relative to commercial product modification.
Closed – Not Implemented
To date, the Federal Bureau of Investigation has not implemented this recommendation. In September 2011, the Bureau updated its recommended Analysis/Trade Study Report template (DT-005) to consider commercial product customization, when appropriate. However, this guidance does not specifically address effective controls for modifications to commercial components, which include (1) having a defined policy or guidance governing modification of commercial products, (2) ensuring that any modification is justified on the basis of the life-cycle impact on system costs and benefits, and (3) working proactively with the product's vendor to incorporate planned modifications into the next release of the product. By not addressing these leading practices for modifying commercial information technology components in its guidance, the Bureau may not be able to fully realize the advantages of such commercial components and may introduce problems in operating and maintaining its systems as a result of their modification.
Federal Bureau of Investigation To leverage key commercial component-based acquisition methods being implemented on Sentinel, and increase the chances of these practices being implemented on all FBI IT programs, the FBI Director should instruct the Chief Information Officer to incorporate into FBI policy or guidance each of the practices that we identified in this report as not being addressed relative to legacy system integration management.
Closed – Implemented
In November 2008, the Federal Bureau of Investigation (FBI) implemented this recommendation by incorporating the Interface Control Document as part of the tailoring process defined in its IT Life Cycle Management framework. This document is used as a requirements agreement between two or more participants within a system, or between systems. It specifies the requirements and/or design definitions of system interfaces affecting multiple systems, segments, or contractors within a project. It establishes the specifications and system requirements associated with the equipment, software, operations, or services affecting the involved systems or segments. This document also defines a set of qualification methods (such as testing, analysis, and inspection) to be used to verify that the requirements for the interfaces have been met. FBI officials confirmed that although legacy systems are not specifically mentioned with regard to interface control documents, all legacy and existing systems are documented and tested to ensure proper integration. By adopting this approach, FBI has increased the likelihood that its IT investments will perform as required and will be fielded in a timely and cost-effective fashion.

Full Report

Office of Public Affairs

Topics

Agency missionsBest practices reviewsCommercial productsCost analysisCost effectiveness analysisDesign specificationsInformation technologyInternal controlsIT acquisitionsLegacy systemsManagement information systemsMission critical systemsMission essential operationsPolicy evaluationProcurement practicesProgram evaluationProgram managementRequirements definitionRisk assessmentSystems analysisSystems designSystems development life cyclePolicies and proceduresProgram goals or objectivesProgram implementation