Federal Bureau of Investigation: Weak Controls over Trilogy Project Led to Payment of Questionable Contractor Costs and Missing Assets

In July 2008, FBI's Senior Procurement Executive issued Procurement Guidance Document (PGD) 08-10 to all Bureau Procurement Chiefs that incorporated a memorandum from the Office of Federal Procurement Policy (OFPP),Office of Management and Budget (OMB), which discussed new guidance on interagency agreements (IA). The new OFPP guidance, issued in June 2008, requires the requesting agency and the servicing agency to assign specific roles for each agency and is to be fully implemented for all interagency agreements executed after November 3, 2008. OMB's memorandum instructed agencies' Chief Acquisition Officers and Senior Procurement Officers to work with program managers, contracting officers, technical representatives, finance officers, information technology officers, legal staff and others involved in the agencies' interagency acquisitions to ensure the effective implementation of the OFPP guidance and compliance with its requirements. The guidance discusses, among other things, the need for defining roles such as the COTR and establishing specific responsibilities for those roles. It further elaborates on responsibilities for identifying an appropriate invoice review official prior to submittal of the first invoice and inspecting and rejecting contract work as necessary. The FBI's actions substantially address the recommendations.

FBI has established policies and procedures designed to provide guidance on its invoice review and approval process. Specifically, FBI issued two Electronic Communications (ECs) that provided guidance on the invoice review and approval process. The first EC titled "Invoice Processing - Purchase Orders and Contracts," states that the Contracting Officer is responsible for ensuring that the requirements for a proper invoice are attached and incorporated as a condition of the purchase order and for contracts, ensuring that the applicable clause is included. The second EC titled "Vendor Invoice and Payment Matter" provides guidance on the information that constitutes a proper invoice and on the documentation required to support the payment of invoices. FBI incorporated these ECs in it's Manual of Administrative Operations and Procedures (MAOP) Part 2 - Section 6-5.2 titled "Invoices under Purchase Orders/Contracts," issued in February 2007. The section states that prior to submitting an invoice to the FBI's Contracting Officer (CO) for approval and payment, the FBI requesting division is responsible for ensuring that good/services are received in accordance with contract terms. Section 6-5.2 of the MAOP also states that the FBI CO is responsible for verifying that all required information is on the invoice before approving it. These policies and procedures substantially address our recommendations.

FBI has established policies and procedures related to properly documenting the resolution of any questionable or unsupported charges on invoices identified during the invoice review process. Specifically, Part 2, Section 6-9.3.3 of FBI's Manual of Administrative Operations and Procedures (MAOP), version dated 2/26/07, titled "Review of Invoices," and FBI's Electronic Communication titled Vendor Invoice and Payment Matter specifies requirements for FBI to properly document the reasons for determining that an invoice is improper, the date the invoice is returned to the vendor, and the date a corrected invoice is received from the vendor.

In December 2008, FBI's Policy Training Unit (PTU) created an intranet site, the Contract Specialist Corner, to provide contract specialist/contract officers with procurement information and guidance. The site includes a section with links to all procurement guidance documents that have been issued by DOJ, procurement section directives issued by the PTU, and Federal Acquisition Regulation (FAR) circulars issued by the FAR council. The site also includes a section with links to procurement forms (Request for Quotation, Request for Proposal, Purchase Order, Contract for Commercial Items, etc.) used in the procurement process from solicitation through award. The site also includes a listing of the required checklists for each type of contracting vehicle utilized by FBI and an FAR Matrix of Clauses, which provides information on the FAR clauses applicable to various types of acquisitions. For example, it references FAR 15.408(d) - Subcontractor Cost or Pricing Data states that the contracting officer shall insert the clause at 52.215-12, Subcontractor Cost or Pricing Data, which requires submission of cost or pricing data for subcontractors. In addition, in 2009, the PTU created a separate intranet site for contracting officer technical representatives (COTRs) as well as one for Field Offices. The COTR site includes links to procurement guidance as well as provides access to the documentation related to the activities of the COTR, such as the statement of work. The Field Office site provides directions, with links to the specific policies and procedures and required documentation, on how to procure goods and services under the FAR simplified acquisition regulation. In addition, since January 2009 the PTU has held monthly training sessions for contract specialists/contracting officers to ensure that directives issued by DOJ and FBI are being implemented properly. In our testing of FBI contract transactions, we performed steps which included verifying that applicable labor rates, ceiling limits, treatment of overtime hours, and other key terms for cost determination were clearly specified in the procurement documents. We found no exceptions for the transactions we reviewed. The actions taken by FBI substantially address the intent of our recommendation.

In December 2008, FBI's Policy Training Unit (PTU) created an intranet site, the Contract Specialist Corner, to provide contract specialist/contract officers with procurement information and guidance, including references to all procurement guidance documents issued by DOJ, the PTU, and Federal Acquisition Regulation (FAR) circulars issued by the FAR council, including those related to travel cost requirements. Specifically, the site includes a section, FAR Matrix of Clauses, which provides information on applicable FAR clauses, including those related travel cost requirements. In addition, since January 2009 the PTU has held monthly training sessions for contract specialists/contracting officers to ensure that directives issued by DOJ and FBI are being implemented properly. In our September 2010 testing of FBI contract transactions we performed steps which included verifying that, if applicable, appropriate FAR requirements related to travel costs were either included by reference to the specific FAR clause or clearly documented in the procurement documents. We found no exceptions for the transactions we reviewed. The actions taken by FBI substantially address the intent of our recommendation.

In December 2008, FBI's Policy Training Unit (PTU) created an intranet site, the Contract Specialist Corner, to provide contract specialist/contract officers with procurement information and guidance, including references(and hyperlinks)to all procurement guidance documents that have been issued by DOJ, the PTU, and Federal Acquisition Regulation (FAR) circulars issued by the FAR council. In addition, the site includes a section, FAR Matrix of Clauses, which provides information on applicable FAR clauses, including guidance useful to contract specialists in determining whether subcontractor clauses are necessary. In addition, in 2009, the PTU also created two other separate intranet sites for contracting officer technical representatives (COTRs) and Field Offices. The COTR site includes links to procurement guidance that includes discussion of contract administration responsibilities related to the COTR, prime contractor and subcontractor, as well as provides access to the documentation related to the activities of the COTR. In addition, since January 2009 the PTU has held monthly training sessions for contract specialists/contracting officers to ensure that directives issued by DOJ and FBI are being implemented properly. In our September 2010 testing of FBI contract transactions we performed steps which included verifying that, if applicable, appropriate FAR requirements related to prime contractors responsibilities for administering their sub-contractors were either included by reference to the specific FAR clause or clearly documented in the procurement documents. We found no exceptions for the transactions we reviewed. The actions taken by FBI substantially address the intent of our recommendation.

To address this recommendation, GSA/FED SIM developed and implemented a revised Inter agency Agreement (IA) to assign specific roles and responsibilities to each party in AIs. In February 2009, GSA/FED SIM revised its IA template following guidance issued by Iamb's Office of Procurement Policy (OF PP) on AIs. The revised template includes the key elements required by OF PP guidance, including Section A.6 - Roles & Responsibilities of Servicing Agency & Requesting Agency which clearly defines the roles and responsibilities of each party in an IA, including those related to reviewing and approving invoices.

GSA/FEDSIM reassessed its invoice review and approval process, instituted invoice training, created the Project Performance Manager (PPM) team that performs invoice review, and developed an invoice checklist in order to address the issues in our recommendation. As a result, in July 2007, GSA/FEDSIM issued a PPM Comprehensive Plan which provides guidance on the roles and responsibilities of PPMs and Project Managers (PMs), and the procedures for carrying out the PPMs' responsibilities. This includes the procedures for reviewing and approving invoices performed in connection with delegated contract administration under the interagency agreements. One of the procedures in the invoice review and approval process is the completion of an Invoice Checklist which requires that PPMs confirm essential invoice information before approving it. Some elements of the Invoice Checklist include (1) verifying that the invoice contains current billing, detail billing, and contract information, and (2) ensuring that invoice charges such as labor rates and hours billed, travel costs, and other direct charges are valid and in accordance with the task order/contract terms. Other invoice review and approval procedures performed by the PPM and PM include (1) confirming with the client agency that good/services have been received, and (2) documenting invoice discrepancies, questions and the responses received from the contractors.

GSA's Federal Systems Integration and Management Center (FEDSIM) reassessed its procedures by (1) revising its FEDSIM Task Order Request (TOR) Support (ALLIANT) and FEDSIM TOR Professional Services (OASIS) templates (dated September 15, 2016) to now include specific language on labor rates, ceiling limits, and the treatment of overtime; (2) conducting internal Kick-off meetings prior to the formal contractor Kick-off meetings that reemphasis to GSA FEDSIM that they understand the relevant sections of the contractors cost proposal to include overtime; and (3) requiring an FEDSIM invoice checklist be completed for each invoice. We believe these actions show that GSA is clearly documenting labor rates, ceiling limits, treatment of overtime hours, and other key terms for cost determination for all contracts, task orders, and related agreements. Therefore, we believe that GSA has addressed our recommendation.

GSA/FEDSIM reassessed and updated its guidance to reflect the need for future contracts to include Federal Acquisition Regulation (FAR) travel cost requirements. Specifically, GSA/FEDSIM developed two Task Order Request (TOR) templates; the Alliant TOR template (October 2009) and the TOR template used for other than Alliant Contracts (August 2009). Section H of both templates includes a subsection titled "Travel Regulations" that provides a reference to FAR clause 31.205-46 - Travel Costs. This clause includes travel requirements set by (1) Federal Travel Regulations (FTR), prescribed by the General Services Administration, for travel in the contiguous United States; (2) Joint Travel Regulations (JTR), Volume 2, DoD Civilian Personnel, Appendix A. prescribed by the Department of Defense, for travel in Alaska, Hawaii, and outlying areas of the United States; and (3) Standardized Regulations (Government Civilians, Foreign Areas), Section 925, "Maximum Travel Per Diem Allowances for Foreign Areas," prescribed by the Department of State, for travel in areas not covered in the FTR or JTR. FAR clause 31.205-46 specifies travel cost requirements, including requirements for the purchase of the lowest standard, coach, or equivalent airfare.

GSA created the Project Performance Manager (PPM) team in March 2007 to standardize and manage invoice processing; standardize project account reporting to the maximum extent practicable; monitor and track project baselines (cost and schedule); track project accomplishments (milestones and deliverables); report on project performance; and, conduct Earned Value analysis. Specific responsibilities for the PPM team were specified in GSA's PPM Comprehensive Plan, issued July 23, 2007, which included a description of the roles and responsibilities of the PPMs and Project Managers (PMs) in the invoice review process, and the specific required procedures for carrying out their responsibilities in connection with delegated contract administration under interagency agreements. One of the procedures specified in the PPM Comprehensive Plan calls for PPMs to complete an Invoice Checklist prior to submitting a contractor's invoice to the project manager. The checklist details essential invoice review procedures to be performed by the PPM including confirming that contractors properly reviewed and provided support for any submitted subcontractor charges. Specifically, the steps in the Invoice Checklist that address this requirement include confirming (1) that subcontractor costs are substantiated with backup documentation and (2) that the prime contractor has verified subcontractor costs. The actions taken by GSA substantially address the intent of our recommendation.

In January 2007 GSA requested, on behalf of the Federal Bureau of Investigation (FBI), that Defense Contract Audit Agency (DCAA) perform a postaward audit of direct costs charged by Science Applications International Corporation (SAIC) under the FBI's Trilogy project task order. This included an assessment of SAIC's informal extended work week policy. In March 2008 DCAA issued a report on the results of its postaward audit. In its report DCAA reported $3.7 million in questioned costs related to 1) costs incurred outside the effective dates of temporary labor agreements, missing supporting documentation, incorrect billing rates, unapproved timesheets, and unapproved overtime, 2) subcontractor costs billed outside the Trilogy task order periods of performance, and subcontractor overbillings, 3) unapproved staff training, and 4) an unreasonable consultant billing rate. GSA collected $3.2 million from SAIC and remitted the funds to FBI via IPAC on December 22, 2009.

In January 2007 GSA requested, on behalf of the Federal Bureau of Investigation (FBI), that Defense Contract Audit Agency (DCAA) perform a postaward audit of direct costs incurred and billed by Computer Sciences Corporation (CSC) under FBI's Trilogy project task order. In its December 2008 report, DCAA reported $14.95 million in questioned costs related to 1) costs incurred outside the effective dates of temporary labor agreements, missing supporting documentation, application of incorrect billing rates, unapproved timesheets, and unapproved overtime, 2) lack of adequate supporting documentation for intercompany labor costs, 3) travel costs not charged in accordance with applicable regulations, 4) unsupported or inadequately supported transactions, 5) unqualified employees, and 6) variances between billed and claimed costs. As of March 30, 2010, no amounts have been collected by FBI on the questioned costs reported by DCAA. In addition, at the request of Department of Justice (DOJ), FBI has suspended collection activities on the amounts identified by DCAA as DOJ is currently investigating the CSC's billing for services under the Trilogy task order.

In January 2007 GSA requested, on behalf of the Federal Bureau of Investigation (FBI), that Defense Contract Audit Agency (DCAA) perform post-award audits of direct costs incurred and billed by contractors under the FBI's Trilogy project. In December 2008 DCAA reported the results of its audit of the direct costs incurred and billed by Computer Sciences Corporation (CSC). In addition to questioned costs related to labor rates exceeding ceiling rates, DCAA reported additional CSC questioned costs of $1,825,952 related to airfare costs because the costs were inadequately supported and exceeded the lowest customary standard coach or equivalent airfare, and $979,187 of labor costs due to lack of personnel qualifications or lack of supporting documentation that shows the employees' labor qualifications. DCAA's report also incorporated evaluations of costs incurred by the largest subcontractors that performed under CSC's task order. The report questioned costs for subcontractors CACI, DigitalNet, PlanetGov/Apptis, Inc. and others totaling $5.1 million. The types of subcontractor questioned costs reported by DCAA included 1) supporting timesheets were either not certified by the consultant or not approved by an appropriate/approving authority 2) use of personnel that did not meet the minimum labor qualifications, and 3) unsupported or inadequately supported transactions. With regards to collection, at the request of Department of Justice (DOJ), FBI has suspended collection activities on the amounts identified by DCAA as DOJ is currently investigating the CSC's billing for services under the Trilogy task order.

In January 2007 GSA requested, on behalf of the Federal Bureau of Investigation (FBI), that Defense Contract Audit Agency (DCAA) perform post-award audits of direct costs incurred and billed by Science Applications International Corporation (SAIC) and Computer Sciences Corporation (CSC) under the FBI's Trilogy project. DCAA issued reports on the results of its audits in March 2008 and December 2008 for SAIC and CSC respectively. DCAA reported questioned costs for SAIC and CSC of $3.7 and $14.95 million respectively. The types of questioned costs reported by DCAA included 1) costs incurred outside the effective dates of temporary labor agreements, missing supporting documentation, incorrect billing rates, unapproved timesheets, and unapproved overtime, 2) subcontractor costs billed outside the Trilogy task order periods of performance, and subcontractor overbillings, 3) travel costs not charged in accordance with applicable regulations, and 4) unsupported or inadequately supported transactions. In December 2009 the FBI received $3.2 million from the General Services Administration (GSA), GSA administered the Trilogy task orders for SAIC and CSC, who had collected it from SAIC. However, CSC has not made any payments to GSA and collection activities have been suspended due to and investigation by the Justice Department into CSC's billing under the Trilogy task order.

The FBI formed the Policy Training Unit (PTU) in 2007 which is responsible for all acquisition policy and acquisition training within the FBI, including implementation, updates, and training of specialized acquisition matters. Since January 2009, the PTU holds monthly contractor specialist training sessions at which they discuss new procurement guidance issued by DOJ and procurement directives issued by FBI and implementation. According to FBI, during these procurement training sessions, the PTU staff have stressed the importance to contracting officers of generating purchase orders with a sufficient level of detail so that the requesting division can use the purchase order to verify equipment receipt. We performed testing during August and September 2010 on a sample of FBI purchase orders and the invoices submitted against those purchase orders. We found all purchase orders included sufficient detail, including separate lines for cost categories such as labor, installation, and equipment including specific descriptions of the equipment being purchased (i.e. Dell Optiplex 740). In addition, our August and September 2010 testing of the vendor invoices related to these purchase orders found that they were formatted to the same level of detail as the related purchase orders (in some cases, the invoice included the purchase order line number in the cost description). As a result, when the invoices are received by the requesting division's contracting officer technical representative, they are able to use this documentation to obtain better assurance that invoices received from contractors accurately reflect the goods and services provided.

The FBI has reinforced policies and procedures related to verifying assets received to purchase orders and receiving reports. Specifically, FBI issued an Electric Communication (EC) to all divisions in November 2005 to reinforce FBI's policy that all accountable property be entered in the Property Management Application (PMA) immediately upon receipt and that data recorded in FBI's FMS must include the purchase order number and the destination division. The information entered into FMS is to be immediately uploaded to FBI's Property Management Application (PMA) for verification of the accuracy of property being recorded in PMA with specific purchase orders. In addition, the FBI issued an EC to all divisions in November 2006 to implement a new invoice submission form (ISF) to be used with all commercial invoices to improve the information provided to the payment unit for invoices. The EC required that the ISF include various fields, including, PO line # - PO line number to charge the invoice, PO quantity - quantity to be paid for the invoice, and Total amount - total amount to be paid by PO line #. These actions to reinforce policies in this area adequately address our recommendation.

In November 2006 FBI issued a policy titled, "Implementation of Invoice Submission Form for Invoices and Intragovernmental Payment and Collection Process by CPCSU," 319E-HQ-A1487524-FD. This policy requires that all invoices sent to the commercial payment unit beginning in November 2006 must include a completed invoice submission form as the cover sheet. The new required form includes the following fields to be completed by the submitting division: vendor number, invoice date, acceptance date, purchase order number, purchase order line number, purchase order quantity, total amount, date the COTR and the contracting officer (1) received the invoice form, (2) approved it--with their signature, and (3) the date they sent it on to the next responsible party. Collectively, actions to establish policies requiring confirmation of receipt of goods and services before payment addresses our recommendation.

In November 2005, immediately following the conclusion of GAO's audit fieldwork leading to our 2006 report, FBI issued an Electric Communication to reinforce policy and procedures to ensure that all accountable property entered in the Property Management Application (PMA) is assigned a bar code. If fully and effectively implemented, these reinforced policies should improve FBI asset accountability by both affixing barcodes and recording all accountable property in PMA.

FBI has taken action to strengthen controls that help ensure all accountable property is bar coded and properly recorded by issuing a March 2009 electronic communication (EC) (approved by the Chief Financial Officer) that requires all FBI offices to perform a weekly review of the On Order Report (OOR) to ensure that all property that has been receipted in FMS (FBI's current financial management system) is also added to Property Management Application (PMA). The OOR lists all property items associated with a particular purchase order that do not show having been recorded in the PMA, thus providing FBI with the ability to identify and investigate potentially missing and/or unrecorded property items. In addition, the FBI also enhanced PMA to help ensure the accuracy and completeness of the OOR, including installing a system edit to only accept valid purchase order numbers. As a result, PMA users now can only record property in PMA by entering a valid purchase order number. In addition, our August 2010 walk through of the process to enter assets into PMA found that the bar code numbers are annotated on copies of the receiving reports that are forwarded to the property custodian as we had recommended. Collectively, these actions substantially address the intent of our recommendation.

In November 2005, immediately following the completion of GAO's audit fieldwork leading to our 2006 report, FBI issued an electric communication to all divisions concerning the requirement to enter all accountable property in its Property Management Application (PMA) immediately upon receipt (rather than within a 30-day timeframe). This action addresses our recommendation.

The FBI has taken action to enhance its Property Management Application (PMA) to help ensure the accuracy and completeness of reporting on the status of property on order, the On Order Report (OOR), including installing a system edit limiting data entry to those transactions with valid purchase order numbers. Specifically, FBI issued an Electric Communication (EC) "Property Management Application Policy Change" on 02/15/2006 which provides that assets added to Property Management Application (PMA) must include data in the PMA location field. During our September 2010 walk through of the process of recording accountable property information into PMA, we validated that FBI's PMA system edit checks were effective in ensuring that only valid purchase order numbers were recorded into PMA and that related purchase order information was automatically and accurately uploaded from the Financial Management System into PMA. Further, our walk through validated that PMA has been modified to include edit checks that ensure that the user records accurate property descriptions (Optiplex 740, Optiplex 780, etc...), categories (desktop, laptop, server etc...) and location.

In September 2006, FBI issued an Electric Communication (EC) to all divisions requiring Asset Management Unit (AMU) to be notified of any accountable property returned to vendors to be recorded in the Property Management Application (PMA). The AMU is to revise the PMA records to provide descriptive information for the new property item (serial number, barcode) as active and shows the barcode of the returned piece of property as "Inactive". Further, when a piece of accountable property is returned and a replacement provided by the vendor, the item is to remain on FBI's On Order Report until a replacement is received and not to be recorded in PMA until that time. These actions, if fully and effectively implemented, should improve FBI's accountability over rejected or returned property.

FBI has reassessed its inventory procedures as reflected in changes to instructions provided to all divisions through electronic communications (ECs) in advance of wall-to-wall inventories. The FBI issued an EC in advance of the wall to wall inventory titled "2009 The Wall-to-Wall Inventory of Property, Plant, Equipment and Issued Personal Property" on 3/31/2009 for the wall to wall inventory to be held beginning 4/13/09. The EC includes instructions that were not provided on the 2005 Wall-to-Wall EC that was issued by the FBI on 2/22/05, the last inventory held prior to the issuance of our report, that are related to findings we reported. For example, the 2009 EC states that during the inventory, only the Property Management Application (PMA) custodians will have access to change only the serial number due to the fact that 95% of the manufacturer and/or model information has now been standardized on PMA. Requests to change/modify this field must be submitted using the 2009 Inventory Changes for Manufacturer and Model Numbers Form. In addition, the 2009 EC included additional language that stressed a complete inventory, stating that all additions must be added to the PMA during the inventory period in order to comply with a "fully completed" wall-to-wall inventory because failure to comply with the procedure would result in an "incomplete" inventory. The 2009 EC also included new language on property issued to individual employees and contractors which stated "Each office is to ensure that the issued personal property for each employee and contractor is inventoried. Discrepancies for issued personal property are to be forwarded to the appropriate FBIHQ Program Managers and that the Asset Management Unit should be notified of these changes. Lastly, the EC included a section titled "Required Procedures for Concluding Inventory" which included additional language related to lost and stolen property and additions. Specifically, for lost and stolen property it stated that a Police Theft Report, FL-SOD, must be provided for all stolen FBI property with the submission of the final EC. For additions, it directed the offices to generate and submit an Additions Report from PMA, noting any property scanned inadvertently or property scanned and valued under the inventory threshold. These procedures should collectively help to ensure accountable assets are properly inventoried and captured in the PMA system and unallocated assets have follow-up procedures performed.

FBI issued an Electric Communication "2009 Wall-to-Wall Inventory of Property, Plant, Equipment, and Issued Personal Property" in April 2009 that included additional directions to the inventory staff to ensure that, property information recorded in the property management application (PMA) was accurate. Specifically, the directive included detailed steps on how to request changes to correct errors in the manufacturer or model description fields in PMA for property identified during the inventory. The directive included as an attachment, a form titled "2009 INVENTORY CHANGES FOR MANUFACTURER & MODEL #s" to request a change or modification to these fields. Consequently, if fully and effectively implemented, the directive should ensure all property scanned during physical inventories has correct manufacturer and model number information. These additional directions substantially address the intent of our recommendation.

Beginning in 2008, the FBI's Finance Division's audit unit expanded its audit coverage to include conducting audits of compliance with FBI policies and procedures for review and approval of contractor invoices, government purchase card usage, and oversight for the semi-annual audits of property and equipment at the FBI field offices and divisions. Further, the Audit Unit Chief informed us that his unit expanded the scope of their audits to include audits of internal controls related to accountable property on a periodic basis as needed in response to significant events at FBI. For example, in fiscal year 2009 the FBI initiated the Next-Generation Workstation Tech Refresh program (NGW) to purchase approximately 47,000 new computers. The Finance Division audit unit performed on-site reviews at the Seattle field office and the Portland field office to determine whether required controls over property accountability were in place as the computers from the NGW program were being distributed throughout the agency. The audit unit's reporting provided information on whether or not the to field offices entered receipt of the computers into FMS at the time they were delivered, whether the new computers were recorded in PMA accurately, and whether the barcodes from the old computers were properly removed from PMA in accordance with FBI policies and procedures. In addition, the audit unit also reviewed whether or not the field offices verified purchase order information against the received equipment. The FBI has strengthened its accountability over accountable property with the expansion of the audit unit's responsibilities to perform semi-annual and periodic audits of the controls related to accountable property, including accountability issues identified in our report. As a result, these actions provide assurance that FBI has substantially addressed the intent of our recommendation.