This is the accessible text file for GAO report number GAO-06-302R 
entitled 'Information Technology: Responses to Subcommittee Post- 
hearing Questions Regarding the FBI's Management Practices and 
Acquisition of a New Investigative Case Management System' which was 
released on December 22, 2005. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 

Washington, DC 20548: 

December 21, 2005: 

The Honorable Frank R. Wolf:
Chairman, Subcommittee on Science, the Departments of State, Justice, 
and Commerce, and Related Agencies: 
Committee on Appropriations: 
House of Representatives: 

Subject: Information Technology: Responses to Subcommittee Post- 
hearing Questions Regarding the FBI's Management Practices and 
Acquisition of a New Investigative Case Management System: 

Dear Mr. Chairman: 

This letter responds to your follow-up questions about our September 
14, 2005, testimony [Footnote 1] before your Subcommittee. In that 
testimony, we discussed the Federal Bureau of Investigation's (FBI) 
progress in building management capabilities essential to successfully 
modernizing its information technology (IT) systems. As you know, 
systems modernization is a vital part of the FBI's ongoing efforts to 
transform itself in the wake of the September 11, 2001, terrorist 
attacks. Your questions and our responses are as follows: 

1. GAO's recently completed report on the FBI's information technology 
enterprise architecture concludes the FBI has made progress on this 
effort but much more remains to be done. The report states that "until 
the Bureau has a complete and enforceable enterprise architecture, it 
remains at risk of developing systems that do not effectively and 
efficiently support mission operations and performance. "Does this mean 
that the FBI should not proceed with its new case management system 
"Sentinel" until these deficiencies are addressed? 

Notwithstanding the fact that any agency faces considerable risk if it 
does not have a complete and enforceable enterprise architecture to 
guide and constrain system investments, this does not mean an agency 
should categorically decide not to invest in a given system until such 
an architecture exists. Rather, our position has consistently been that 
such risks, such as lack of interoperability with or duplication of 
other systems, need to be (1) fully disclosed and considered in 
deciding whether to invest in the system and (2) managed when a 
decision is made to proceed with an investment without an architecture 
because of other compelling reasons, such as an urgent mission need. In 
the case of Sentinel, this means that the FBI's decision to proceed 
with the program concurrent with its development of the enterprise 
architecture (EA) should be based on the consideration of such risks. 
It also means that proactive steps should be taken to minimize these 
risks. Accordingly, our report [Footnote 2] did not state that the FBI 
should not proceed with Sentinel until it had a complete and 
enforceable architecture. 

Our research and evaluations of agencies has shown that certain urgent 
and compelling mission needs will necessitate acquiring system 
capabilities at the same time architectures are being developed. A key 
to dealing with this practical reality is recognizing that doing so 
increases the risk of deploying systems that are duplicative, not well 
integrated, and unnecessarily costly to operate and interface. A 
related key to success is for agencies in this situation to develop and 
implement strategies to effectively mitigate the risks associated with 
acquiring, developing, and implementing systems while the enterprise 
architecture is still evolving. This is especially important for the 
FBI because its EA program and Sentinel are long-term, multi-phased 
initiatives that are running concurrently. This is why we recommended 
[Footnote 3] in September 2003 that the FBI develop and implement a 
strategy to mitigate the risks associated with continued investment in 
modernized systems before it has developed an architecture and the 
controls for enforcing its implementation. 

The FBI has taken steps to address this recommendation. For example, 
the bureau has defined and issued an initial version of an interim "to- 
be" architecture that (1) focuses on the bureau's investigative, 
intelligence, and analytical lines of business that are to be supported 
by Sentinel; (2) identifies overlaps and dependencies between Sentinel 
and other enterprise components; and (3) contains plans to avoid 
duplication and redundancy. 

2. The report states that the FBI is relying heavily on contractor 
support to develop its enterprise architecture; however, it is not 
using effective contract management controls for this contract. 
Specifically, the report is critical of the FBI for not using a 
performance-based contract and for not performing effective contractor 
tracking and oversight. Please describe how these contracting 
deficiencies could impact the FBI's ability to develop an enterprise 
architecture in a timely fashion? Does GAO believe these contract 
management problems only pertain to this project or do they exist 
throughout the FBI's information technology program, including the new 
case management system? 

As we state in our report, [Footnote 4] the absence of performance-
based contracting and effective contractor tracking and oversight has 
constrained the FBI's ability to effectively manage and oversee its EA 
contractor. More specifically, it has inhibited the bureau's ability to 
adequately define product quality expectations, which in turn increases 
the chances that delivered products will require rework. Such rework 
puts the bureau at risk of spending more time and money than necessary 
to produce an architecture. Because of this, we recommended that the 
FBI employ performance-based contracting activities, along with 
effective contract tracking and oversight practices, prospectively on 
all EA contract actions. 

While we have not reviewed contract management practices across the 
FBI's portfolio of IT programs, the Department of Justice's Inspector 
General reported in February 2005 that, after investing more than 3 
years and $170 million, the FBI was unable to deploy its investigative 
case management project-referred to as the Virtual Case File-due in 
part to weaknesses in the way contractors were retained and overseen. 
[Footnote 5] Similarly, the Surveys and Investigations Staff of the 
House Appropriations Committee reported in April 2005 that the bureau 
lacked the necessary management and controls to effectively oversee the 
Virtual Case File contractor and that this contributed to the FBI's 
cancellation of the project. [Footnote 6] 

More recently, the FBI's Chief Information Officer (CIO) acknowledged 
the contract management problems that we reported by describing steps 
under way to expand the use of performance-based contracting and 
strengthen overall contract management. Specifically, the CIO stated 
that the Finance Division, which is responsible for bureau contracting 
policies and procedures, had begun increasing awareness and providing 
training on the use of performance-based contracting. The CIO also 
stated that the bureau is in the process of implementing an FBI-wide 
life cycle management directive that is to define procedures for the 
use of performance-based contracting methods and the establishment of 
contract tracking and oversight structures, policies, and processes. 
According to the CIO, these procedures are to be fully defined and 
implemented in 2006. 

3. Over the past several years, there has been significant turnover in 
the FBI's senior information technology leadership. Is consistent and 
stable information technology leadership something Director Mueller 
needs to remain concerned about? 

Consistent and stable management leadership is a human capital best 
practice and as such, should be an ongoing and sustained focus of the 
Director within all FBI organizational components, including IT. Our 
research of private and public organizations that effectively manage IT 
shows that they have, among other things, sustained senior leadership 
at key IT positions, including the CIO and other IT executive 
positions. [Footnote 7] As we and others have reported, the FBI has 
been challenged in its ability to retain individuals in senior IT 
positions. For example, in March 2004, we reported [Footnote 8] that 
the CIO had changed 5 times over the previous 24 months, and the IT 
official responsible for developing the bureau's architecture-the chief 
architect-had changed 5 times during the previous 16 months. About the 
same time, the Department of Justice's Inspector General reported that 
leadership turnover was also occurring on key IT projects, such as 
Trilogy. [Footnote 9]  

Moreover, a recent assessment of the FBI's human capital efforts by the 
National Academy of Public Administration states that the bureau still 
faces challenges in this area, including establishing an overall 
strategy for unifying the various FBI leadership development and other 
human capital initiatives and developing and implementing a strategic 
process to plan for intermediate and long-term leadership and workforce 
needs. [Footnote 10] According to the Academy, while the bureau is 
taking steps to improve the situation, much more needs to be done. 

4. The GAO report states that sufficient resources have not been 
applied to developing an enterprise architecture. Does the FBI need to 
improve its methodology for budgeting for information technology 
management? Does GAO have an estimate for the level of additional 
resources that are needed? 

According to federal guidance, [Footnote 11] an agency should have the 
resources (funding and human capital) to establish and effectively 
manage its EA program. Our report [Footnote 12] did not identify issues 
or take exception with the sufficiency of the architecture program's 
funding level being applied to the architecture program or the bureau's 
IT management budgeting methodology. However, it did state that key 
human capital resources were not in place. In particular, four of five 
key architect positions were vacant. According to bureau officials, the 
absence of these key staff was hampering their architecture development 
efforts. Bureau officials told us that job announcements had been 
issued for the four key architect positions, but it had been difficult 
finding the right candidates. 

5. The GAO report raises concerns that several of the FBI's information 
technology positions remain vacant. This is somewhat frustrating to 
hear because in the fiscal year 2005 Appropriations Act, Congress gave 
the FBI the authority to provide bonuses of up to 50 percent of an 
employee's salary and provided authority to pay certain critical 
employees more than $175,000 per year. Has the FBI been using these new 
authorities to attract high quality information technology staff? What 
have other agencies done to attract talented information technology 
professionals? 

According to a recent National Academy of Public Administration report 
on the bureau's management of human capital, [Footnote 13] the FBI 
requested and was provided these personnel pay flexibilities in 
December 2004 to better retain employees with unique qualifications and 
to encourage personnel to relocate to high cost areas. The Academy also 
reported that the bureau had not yet used these authorities, in part 
because it had only recently developed a policy for doing so. 

While our reviews of the FBI's IT management capabilities have not 
addressed whether the bureau was using its new authorities to attract 
high-quality IT staff, our research of leading organizations, in 
addition to our experience in evaluating federal agencies, shows that 
successful organizations attract IT professionals by taking a strategic 
approach to human capital management. [Footnote 14] This includes 
developing strategies tailored to addressing gaps between the current 
workforce and future needs, including investing in: 

* training and professional development, 

* retention allowances, 

* skill-based pay to attract and retain the critical skills needed for 
mission accomplishment, and: 

* pay and nonpay incentives for high-performing employees. 

We previously reported [Footnote 15] on the FBI's need to take such a 
strategic approach to help it better attract and retain high-quality IT 
personnel. In March 2004, the FBI issued an enterprisewide strategic 
human capital plan, including policies and procedures for IT human 
capital. Since then, the CIO told us that his office is taking 
additional steps to enhance its IT human capital capability, including 
targeting training and professional certifications. 

However, as we have previously reported, [Footnote 16] the bureau has 
yet to create an integrated plan of action that is based on a 
comprehensive analysis of human capital roles and responsibilities 
needed to support the IT functions established under the office of the 
CIO's reorganization. Such an analysis should include an assessment of 
core competencies and essential knowledge, skills, and abilities and 
then compare them to current human capital strengths and weaknesses. 
This will permit gaps to be identified between current capabilities and 
those needed to perform established IT functions. The plan should then 
describe actions needed to fill the identified gaps (that is, the 
planned combination of hiring, training, contractor support, and so 
on), along with time frames, resources, performance measures, and 
accountability structures. According to the CIO, he is in the process 
of hiring a contractor with human capital expertise to help identify 
gaps between existing and needed skills and abilities and intends to 
have this effort completed, including the development of an 
implementation plan to address any gaps, by the end of 2005. 

In responding to these questions, we relied on past work related to our 
reviews of the FBI's management of its IT and our best practices 
research and evaluations of IT management at other federal agencies. We 
conducted this past work in accordance with generally accepted 
government auditing standards. We are sending copies of this letter to 
other interested congressional committees. Copies will also be 
available at no charge at our Web site at http://www.gao.gov. If you 
have questions about our responses, please contact me at (202) 512-3439 
or hiter@gao.gov. Contact points for our Offices of Congressional 
Relations and Public Affairs may be found on the last page of this 
correspondence. Key contributors to this product include Gary Mountjoy, 
Assistant Director; Justin Booth; Nancy Glover; Dan Gordon; and Teresa 
Tucker. 

Sincerely yours, 

Signed by: 

Randolph C. Hite: 
Director, Information Technology Architecture and System Issues: 

(310614): 

Page 6: 

FOOTNOTES: 

[1] GAO, Information Technology: FBI Is Building Management 
Capabilities Essential to Successful System Deployments, but Challenges 
Remain, GAO-05-1014T (Washington, D.C.: Sept. 14, 2005). 

[2] GAO, Information Technology: FBI Is Taking Steps to Develop an 
Enterprise Architecture, but Much Remains to Be Accomplished, GAO-05- 
363 (Washington, D.C.: Sept. 9, 2005). 

[3] GAO, Information Technology: FBI Needs An Enterprise Architecture 
to Guide Its Modernization Activities, GAO-03-959 (Washington, D.C.: 
Sept. 25, 2003). 

[4] GAO-05-363. 

[5] U.S. Department of Justice, Office of the Inspector General, The 
Federal Bureau of Investigation's Management of the Trilogy Information 
Technology Modernization Project, Audit Report 05-07 (February 2005). 

[6] Surveys and Investigations Staff, Committee on Appropriations, 
House of Representatives, A Report To The Committee On Appropriations, 
U.S. House Of Representatives, on the Federal Bureau Of Investigation's 
Implementation Of Virtual Case File (April 2005). 

[7] See, for example, GAO, FBI Transformation: FBI Continues to Make 
Progress in Its Efforts to Transform and Address Priorities, GAO-04- 
578T (Washington, D.C.: Mar. 23, 2004). 

[8] GAO-04-578T. 

[9] U.S. Department of Justice, Office of the Inspector General, 
Statement of Glenn A. Fine, Inspector General, before the Senate 
Committee on Appropriations, Subcommittee on Commerce, Justice, State, 
and the Judiciary Concerning Information Technology in the Federal 
Bureau of Investigation (Washington, D.C.; Mar. 23, 2004). 

[10] National Academy of Public Administration, Transforming the FBI: 
Roadmap to an Effective Human Capital Program, (September 2005). 

[11] See, for example, CIO Council, A Practical Guide to Federal 
Enterprise Architecture, Version 1.0 (February 2001) and GAO, 
Information Technology: A Framework for Assessing and Improving 
Enterprise Architecture Management (Version 1.1), GAO-03-584G 
(Washington, D.C.: April 2003). 

[12] GAO-05-363. 

[13] National Academy of Public Administration, Transforming the FBI: 
Roadmap to an Effective Human Capital Program, September 2005. 

[14] See, for example, GAO, A Model of Strategic Human Capital 
Management, GAO-02-373SP (Washington, D.C.: March 2002), and GAO, Human 
Capital: A Guide for Assessing Strategic Training and Development 
Efforts in the Federal Government, GAO-03-893G, (Washington, D.C.: July 
2003). 

[15] GAO, FBI Reorganization: Progress Made in Efforts to Transform, 
but Major Challenges Continue, GAO-03-759T (Washington, D.C.: June 18, 
2003). 

[16] GAO-05-1014T. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. However, because 
this work may contain copyrighted images or other material, permission 
from the copyright holder may be necessary if you wish to reproduce 
this material separately. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to www.gao.gov and select "Subscribe to Updates.": 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000: 

TDD: (202) 512-2537: 

Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov: 

Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jan-non, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, AndersonPl@gao.gov (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: