This is the accessible text file for GAO report number GAO-06-698T entitled 'Federal Bureau Of Investigation: Weak Controls over Trilogy Project Led to Payment of Questionable Contractor Costs and Missing Assets' which was released on May 3, 2006. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony: Before the Committee on the Judiciary, U.S. Senate: Federal Bureau Of Investigation: Weak Controls over Trilogy Project Led to Payment of Questionable Contractor Costs and Missing Assets: Statement of Linda M. Calbom: Director: Financial Management and Assurance: GAO-06-698T: GAO Highlights: Highlights of GAO-06-698T, a testimony before the Committee on the Judiciary, U.S. Senate. Why GAO Did This Study: The Trilogy project—initiated in 2001—is the Federal Bureau of Investigation’s (FBI) largest information technology (IT) upgrade to date. While ultimately successful in providing updated IT infrastructure and systems, Trilogy was not a success with regard to upgrading FBI’s investigative applications. Further, the project was plagued with missed milestones and escalating costs, which eventually totaled nearly $537 million. This testimony focuses on (1) the internal controls over payments to contractors, (2) payments of questionable contractor costs, and (3) FBI’s accountability for assets purchased with Trilogy project funds. What GAO Found: FBI’s review and approval process for Trilogy contractor invoices, which included a review role for GSA as contracting agency, did not provide an adequate basis for verifying that goods and services billed were actually received and that the amounts billed were appropriate, leaving FBI highly vulnerable to payments of unallowable costs. This vulnerability is demonstrated by FBI’s payment of about $10.1 million in questionable contractor costs we identified using data mining, document analysis, and other forensic auditing techniques. These costs included first-class travel and other excessive airfare costs, incorrect charges for overtime hours, potentially overcharged labor rates, and charges for which the contractors could not provide adequate supporting documentation to substantiate the costs purportedly incurred. FBI also failed to establish controls to maintain accountability over equipment purchased for the Trilogy project. These control lapses resulted in more than 1,200 missing pieces of equipment valued at approximately $7.6 million that GAO identified as part of its review. The table below summarizes questionable contractor costs and missing assets that GAO identified. Table: Questionable Costs and Missing Assets: Dollars in thousands: Issues identified: First-class travel; Amount: $20.0. Issues identified: Excessive air travel costs; Amount: $49.8. Issues identified: Excess overtime charges; Amount: $400.0. Issues identified: Potential overcharging of labor rates; Amount: $2,100.0. Issues identified: Inadequately supported subcontractor labor costs; Amount: $1,957.9. Issues identified: Inadequately supported other direct costs; Amount: $5,508.3. Issues identified: Duplicate payment of subcontractor labor invoice; Amount: $26.3. Total questionable costs: $10,062.3. 1,205 pieces of missing equipment: $7,607.1. [End of Table] Given the poor control environment and the fact that GAO reviewed only selected FBI payments to Trilogy contractors, other questionable contractor costs may have been paid that have not been identified. If these control weaknesses go uncorrected, future contracts, including those related to Sentinel—FBI’s new electronic information management system initiative—will be greatly exposed to improper payments. In addition, the lack of accountability for Trilogy equipment calls into question FBI’s ability to adequately safeguard its existing assets as well as those it may acquire in the future. What GAO Recommends: GAO’s related report (GAO-06-306) makes 27 recommendations to help improve (1) FBI’s and the General Services Administration’s (GSA) controls over their invoice review and approval processes and to address questionable billing issues and (2) FBI’s accountability for assets. FBI concurred with GAO’s recommendations. GSA accepted the recommendations but expressed concern with some of the findings and one recommendation. GAO reaffirms its position on all of its findings and recommendations. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-698T]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Linda M. Calbom at (202) 512-9508 or [Hyperlink, calboml@gao.gov]. [End of section] Mr. Chairman and Members of the Committee: Thank you for the opportunity to discuss the results of our audit of the Federal Bureau of Investigation's (FBI) internal controls over contract payments related to the Trilogy project and safeguarding assets purchased with Trilogy funds. Our recently issued report,[Footnote 1] developed at the request of this committee, identifies weaknesses in FBI's ability to establish and implement controls that reasonably ensure, among other things, that goods and services billed were actually received and that the amounts billed were appropriate. Further, our report also discusses how FBI failed to establish controls to maintain accountability over equipment purchased for the Trilogy project. These weaknesses resulted in payment of millions of dollars in questionable contractor costs and missing assets. It is imperative that FBI correct these weaknesses in order to avoid similar outcomes for its Sentinel and other information technology (IT) projects. Before I get into our audit findings, let me first provide some brief background on the Trilogy project. For several years, FBI's IT systems were considered archaic and inadequate for efficiently and effectively investigating criminal and other cases. Initiated in mid-2001, Trilogy- -FBI's largest IT upgrade to date--was intended to modernize FBI's IT infrastructure and systems and provide needed applications to help FBI agents, analysts, and others do their jobs. The Trilogy project consisted of two primary efforts--upgrades to FBI's IT infrastructure[Footnote 2] and development of an investigative application system to more efficiently access case files, which became known as the Virtual Case File (VCF) system. FBI entered into an interagency agreement with the General Services Administration (GSA), which served as the contracting agency to acquire the services of two primary contractors to carry out the Trilogy project. DynCorp--now Computer Services Corporation (CSC)--was responsible for the IT infrastructure upgrade, while Science Applications International Corporation (SAIC) was responsible for development of the VCF system. In addition, FBI contracted with Mitretek to assist in the administration and oversight of the project. Although the original scheduled completion date for the overall Trilogy project was June 2004, after September 11, 2001, FBI instituted an accelerated deployment plan. The targeted completion date for the portion of Trilogy related to FBI's IT infrastructure was accelerated from May 2004 to July 2002. However, after several delays the upgrade was completed in April 2004, only a month before the "pre-accelerated" due date. While the scheduled completion date for the VCF system was originally June 2004, the due date for the first VCF deliverable was accelerated to December 2003. However, in July 2004, the VCF portion of the Trilogy project was scaled back after the completion of the first phase of the project was determined to be infeasible and cost prohibitive as originally envisioned. The scaled back VCF effort was recast as a pilot that ended in March 2005, and was to be used by FBI to help develop requirements for a successor information management system initiative, referred to as Sentinel. The overall cost of the Trilogy project, originally estimated at approximately $380 million, ultimately escalated to approximately $537 million. The Department of Justice Office of Inspector General has reported on numerous issues that contributed to the cost increases and delays, including poorly defined and slowly evolving design requirements, contracting weaknesses, unrealistic task scheduling, and lack of management continuity and oversight for tracking and overseeing costs effectively.[Footnote 3] We also earlier reported on weaknesses in FBI's IT systems development and management capabilities, including contractor oversight.[Footnote 4] Because of these issues, you asked us to audit the costs of the Trilogy project, the majority of which represented the purchase of goods and services from contractors. Our objectives were to determine whether (1) FBI's internal controls provided reasonable assurance that payment of unallowable contractor costs would not be made or would be detected in the normal course of business,[Footnote 5] (2) FBI's payments to contractors were properly supported as a valid use of government funds, and (3) FBI maintained proper accountability for assets purchased with Trilogy project funds. We performed our work in accordance with generally accepted government auditing standards in Washington, D.C., and at two FBI field sites and various other GSA and contractor locations in Virginia. The complete scope and methodology of our review is discussed in appendix II of our report.[Footnote 6] Today, I will summarize the results of our work with respect to (1) weaknesses in FBI's internal controls that made it highly vulnerable to payment of unallowable or questionable contractor costs with Trilogy funds, (2) certain payments for questionable contractor costs that we identified, and (3) FBI's inadequate accountability for assets purchased with Trilogy project funds. Insufficient Invoice Review and Approval Process Increased FBI's Vulnerability to Payment of Unallowable Contractor Costs: FBI's review and approval process for Trilogy contractor invoices, which was carried out by a review team consisting of officials from FBI, GSA, and Mitretek, did not provide an adequate basis for verifying that goods and services billed were actually received by FBI or that payments were for allowable costs. This occurred in part because responsibility for the review and approval of invoices was not clearly defined or documented. In addition, contractor invoices frequently lacked detailed information required by the contracts and other additional information that would be needed to facilitate an adequate review process. Despite this, invoices were paid without requesting additional supporting documentation necessary to determine the validity of the charges. These weaknesses in the review and approval process made FBI highly vulnerable to payment of unallowable or questionable contractor costs. While the invoice review and approval process differed for each contractor and type of invoice charge, in general the process carried out by the review team lacked key procedures to reasonably ensure that goods and services billed were actually received by FBI or that the amounts billed and paid were for allowable costs. For example, the review team did not have a systematic process for verifying that the individuals listed on labor invoices actually worked the number of hours billed or that the job classification and related billing rates were appropriate. Further, there was no documented assessment of whether overall hours billed for a particular activity were in line with expectations. In addition, the review team paid contractor invoices for subcontractor labor charges without any attempt to assess the validity of the charges. The GSA official responsible for paying the invoices stated that the review team relied on the contractors to properly bill for costs related to subcontractors and to validate the subcontractor invoices. However, the review team had no process in place to assess whether the contractors were properly validating their subcontractor labor charges or to assess the allowability of those charges. The insufficient invoice review and approval process was at least in part the result of a lack of clarity in the interagency agreement between FBI and GSA as well as in FBI's oversight contract with Mitretek. We have identified the management of interagency contracting as a high-risk area, in part because it is not always clear with whom the responsibility lies for critical management functions in the interagency contracting process, including contract oversight.[Footnote 7] For example, the terms and conditions of the interagency agreement with GSA only vaguely described GSA's role in contract administration. In particular, the agreement did not specify the invoice review and approval steps to be performed or who would perform them. Likewise, the Mitretek contract provided a general description of Mitretek's oversight duties, but did not specifically mention its responsibilities related to the invoice review and approval process. Additionally, the lack of clarity in roles and responsibilities was evident in our interviews with the review team, where each party indicated that another party was responsible for a more detailed review. The failure to establish an effective review process was compounded by the fact that not all invoices provided the type of detailed information required by the contracts and other information that would be needed to validate the invoice charges. For example: * CSC labor invoices did not include information related to individual labor rates or indicate which overhead rates were applicable to each employee--information needed to verify mathematical accuracy and to determine that the components of the labor charges were valid. * CSC invoices provided a summary of travel charges by category (e.g., airfare and lodging), but did not provide required information related to an individual traveler's trip costs. The travel invoices also did not provide cost detail by travel authorization number. Therefore, there was no way to determine that the trips billed were approved in advance or that costs incurred were proper and reasonable based on the location and length of travel. * CSC and SAIC invoices for the other direct costs (ODC) provided a summary of charges by category (e.g., shipping and office supplies); however, CSC did not provide required cost detail by transaction. In some cases, the category of charges was not even identified. For example, as shown in figure 1, on the ODC invoice, a category entitled "Other Direct Costs" made up $1.907 million of the $1.951 million invoice current billing total. No additional information was provided on the invoice to explain what made up these costs. Figure 1: Example of CSC ODC Invoice: [See PDF for image] Source: CSC(previously DynCorp). [End of figure] Even though contractor invoices, particularly those from CSC, frequently lacked key information needed for reviewing charges, we found through inquiries with the review team and the contractors that invoices were generally paid without requesting additional supporting documentation. We further found that invoices for equipment did not individually identify each asset being billed by bar code, serial number, or some other identifier that would allow verification of assets billed to assets received. This severely impeded FBI's ability to determine whether it had actually received the assets included on invoices and to subsequently track individual accountable assets on an item-by-item basis. Some Payments Made to Contractors Were for Questionable Costs: Because of the lack of fundamental internal controls over the process used to pay Trilogy invoices, FBI was highly vulnerable to payment of unallowable contractor charges. In order to assess the effect of these vulnerabilities, we used forensic auditing techniques to select certain contractor costs for review. We identified about $10.1 million in questionable contractor costs paid by FBI. These costs included payments for first-class travel and other excessive airfare costs, incorrect billings for overtime hours worked, potentially overcharged labor rates, and other questionable costs. Given FBI's poor control environment over invoice payments and the fact that we reviewed only selected FBI payments to Trilogy contractors, other questionable costs may have been paid that have not been identified. First-class Travel and Other Excessive Airfare Costs: During our review of CSC's supporting documentation for selected travel charges, we found 19 first-class airline tickets costing a total of $20,025. The CSC contract called for travel to be reimbursed to the extent allowable under the Joint Travel Regulations, which state that travelers must use basic economy or coach class unless the use of first- class travel is properly authorized and justified. Because the documentation provided by CSC for these first-class tickets we identified did not contain the required authorizations or justifications, we consider the cost of this travel in excess of coach- class fares as potentially unallowable.[Footnote 8] Also during our review of travel charges, we noted several instances of unusually expensive coach-class tickets, which we also considered to be questionable. Upon further inquiry with several airlines, we determined that most of these were for "full fare" coach-class tickets. We noted that the airlines used most often by the contractors indicated that it is possible to obtain a free upgrade to first class with the purchase of the more expensive full-fare coach ticket. In fact, we found that in some instances, the current price of a full-fare coach ticket was higher than the current price of a first-class ticket. We noted 62 full- fare coach tickets billed by CSC for $85,336. In contrast, we estimated that basic coach-class fares would have cost $41,978. SAIC and Mitretek also billed FBI for excessive airfare costs, but to a lesser degree. In total, we identified 75 unusually expensive tickets costing $100,847, which exceeded our estimate of basic coach-class fares by approximately $49,848. Table 1 provides examples of the first- class and excessive airfare travel costs we identified. Table 1: Examples of First-class and Excessive Airfare Travel Costs: Contractor: CSC; Itinerary: Chicago, IL to Pittsburgh, PA and back; Ticket class: First-class; Actual cost of ticket: $926; Estimated cost of basic coach-class ticket[A]: $197; Percentage that full-fare coach exceeded basic coach cost: 370%. Contractor: Mitretek; Itinerary: Washington, DC to Phoenix, AZ and back; Ticket class: First-class upgrade[B]; Actual cost of ticket: $2,051; Estimated cost of basic coach-class ticket[A]: $480; Percentage that full-fare coach exceeded basic coach cost: 327%. Contractor: CSC; Itinerary: One-way from Los Angeles, CA to Philadelphia, PA; Ticket class: Full fare; Actual cost of ticket: $1,253; Estimated cost of basic coach-class ticket[A]: $307; Percentage that full-fare coach exceeded basic coach cost: 308%. Contractor: CSC; Itinerary: One-way from Las Vegas, NV to Washington, DC; Ticket class: Full fare; Actual cost of ticket: $1,171; Estimated cost of basic coach-class ticket[A]: $304; Percentage that full-fare coach exceeded basic coach cost: 285%. Contractor: CSC; Itinerary: One-way from San Francisco, CA to Cleveland, OH; Ticket class: Full fare; Actual cost of ticket: $1,049; Estimated cost of basic coach-class ticket[A]: $290; Percentage that full-fare coach exceeded basic coach cost: 262%. Contractor: Mitretek; Itinerary: Washington, DC to Portland, OR and back; Ticket class: First-class upgrade[B]; Actual cost of ticket: $1,850; Estimated cost of basic coach-class ticket[A]: $643; Percentage that full-fare coach exceeded basic coach cost: 188%. Contractor: CSC; Itinerary: One-way from San Diego, CA to Baltimore, MD; Ticket class: Full fare; Actual cost of ticket: $1,128; Estimated cost of basic coach-class ticket[A]: $413; Percentage that full-fare coach exceeded basic coach cost: 173%. Contractor: CSC; Itinerary: Wichita, KS to Washington, DC and back; Ticket class: First-class; Actual cost of ticket: $1,984; Estimated cost of basic coach-class ticket[A]: $732; Percentage that full-fare coach exceeded basic coach cost: 171%. Contractor: CSC; Itinerary: Atlanta, GA to Los Angeles, CA and back; Ticket class: Full fare; Actual cost of ticket: $2,121; Estimated cost of basic coach-class ticket[A]: $851; Percentage that full-fare coach exceeded basic coach cost: 149%. Contractor: SAIC; Itinerary: Denver, CO to Washington, DC and back; Ticket class: Not determinable[C]; Actual cost of ticket: $1,570; Estimated cost of basic coach-class ticket[A]: $1,037; Percentage that full-fare coach exceeded basic coach cost: 51%. Source: GAO analysis of supporting documentation provided by contractors. [A] Because historical costs for coach-class tickets were not available, we estimated the costs of coach-class tickets based on an average of current prices for a similar itinerary purchased 3 days in advance (which was the average based on the trips we reviewed) and adjusted for inflation applicable to airfare. [B] The fare basis code for this ticket indicated that a first-class upgrade was obtained. We could not verify whether this ticket was purchased as a full-fare coach or some other class of travel that exceeded the basic coach-class fares. [C] We could not determine the airfare class of the ticket purchased because the supporting documentation provided did not include the fare basis code. [End of table] Excess Overtime Charges: Our review also showed that FBI may have paid SAIC for incorrectly billed overtime charges. The task order for SAIC work stated that the government would not object to SAIC employees working hours in excess of 40 per week if necessary. In March 2003, SAIC implemented a policy that FBI agreed to, which decreased the amount of hours that would be billed to FBI. This policy stated that contractor staff would be compensated for hours worked that exceeded 90 hours in a 2-week pay period, and established a ceiling of 120 hours per pay period. We found, however, that SAIC employees frequently charged for all hours worked beyond 80 in a pay period and noted some instances where employees charged hours beyond the 120-hour ceiling. The costs of these hours were billed to and paid by FBI. SAIC management acknowledged that billings were not consistent with the March 2003 policy and indicated that it would research the issue further to determine whether corrections are necessary.[Footnote 9] Based on our review of the labor charges, FBI may have overpaid for more than 4,000 hours. Using average, fully burdened labor rates for employees who billed incorrectly, we estimated that FBI may have overpaid these overtime costs by as much as $400,000. Questionable Labor Rates: We also found that CSC/DynCorp may have charged labor rates that exceeded ceiling rates that GSA asserts were established pursuant to a DynCorp task order. In short, GSA and CSC disagree on whether ceiling rates for a CSC/DynCorp subcontractor, DynCorp Information Systems (DynIS), were ever established. When DynCorp entered into the contractual agreement with GSA, it agreed to ceiling rates for various labor categories and agreed to negotiate subcontractor ceiling rates separately for each task order. The May 2001 DynCorp task order award document stated that ceilings were in place on all DynIS labor category and indirect rates, subject to negotiation pending the results of a Defense Contract Audit Agency[Footnote 10] audit. GSA officials told us they believed that DynIS labor category rates in DynCorp's Trilogy proposal represented established ceilings, and that they negotiated DynIS labor category ceiling rates with DynCorp. However, CSC stated that it never negotiated labor category ceiling rates with GSA. Based on our review of DynCorp's labor invoices, we noted that several of DynIS's rates charged exceeded the labor rates that GSA contended were ceiling rates. For example, CSC/DynCorp billed over 14,000 hours for work performed by senior IT analysts during 2001 on the Trilogy project based on an average hourly rate of $106.14. However, if ceiling rates were established, the DynCorp proposal indicated that the Trilogy project would be charged a maximum of $68.73 per hour for a senior IT analyst working in the field or $96.24 per hour for a senior IT analyst working at headquarters during 2001. If ceiling rates were established, we estimated that FBI overpaid CSC/DynCorp by approximately $2.1 million for DynIS labor costs. Other Questionable Costs: We also identified about $7.5 million in other payments to contractors that were for questionable costs. In most cases, these costs were not supported by sufficient documentation to enable an objective third party to determine if each payment was a valid use of government funds. For example, CSC did not provide us adequate supporting documentation for almost $2 million of subcontractor labor charges and about $5.5 million of ODC charges we selected to review. Because $4.7 million of these inadequately supported ODC costs were for training charges from one subcontractor, CACI Inc. - Federal (CACI), we subsequently requested supporting documentation from the subcontractor for selected charges for training costs totaling about $3.5 million. We found that CACI could not adequately support charges to FBI totaling almost $3 million that CACI paid to one event planning company (another subcontractor). CACI stated that supporting documentation was not applicable because its agreement with the event planner was "fixed priced." However, CACI's assertion was not supported by the terms of the purchase order and related statement of work that specifically required documentation to support costs claimed by the event planner and to charge only for services rendered. CSC was also unable to provide us adequate supporting documentation for $762,262 in equipment disposal costs billed by two subcontractors. The documentation provided consisted of a spreadsheet that summarized costs of the subcontractors, but did not include receipts or other support to prove that these costs were actually incurred. Our review of SAIC's subcontractor labor charges found that FBI was billed twice for the same subcontractor invoice totaling $26,335. SAIC officials agreed that they double billed and stated that they would make a correction. Major Lapses in Accountability Resulted in Millions of Dollars of Missing Trilogy Equipment: Our audit also disclosed that FBI did not adequately maintain accountability for equipment purchased for the Trilogy project. FBI relied extensively on contractors to account for Trilogy assets while they were being purchased, warehoused, and installed. However, FBI did not establish controls to verify the accuracy and completeness of contractor records it was relying on. Moreover, once FBI took possession of the Trilogy equipment, it did not establish adequate physical control over the assets. Consequently, we found that FBI could not locate over 1,200 assets purchased with Trilogy funds, which we valued at approximately $7.6 million. Because of the significant weaknesses we identified in FBI's property controls, the actual amount of missing equipment could be even higher. FBI relied on contractors to maintain records related to the purchasing, warehousing, and installation of about 62 percent of the equipment purchased for the Trilogy project.[Footnote 11] FBI's primary contractor responsible for delivering computer equipment to FBI sites was CSC. FBI officials told us they met regularly with CSC and its subcontractors to discuss FBI's equipment needs and a deployment strategy for the delivery of equipment. Based on these meetings, CSC instructed its subcontractors to purchase equipment, which was subsequently shipped to and put under the control of those same subcontractors. Once equipment arrived at the subcontractors' warehouses, the subcontractors were responsible for affixing bar codes on accountable items--all items valued above $1,000 and certain others considered sensitive that are required by FBI policy to be tracked individually. In addition, FBI directly purchased about $19.1 million of equipment for the Trilogy project that was shipped directly to either CSC or CSC subcontractors. When equipment was shipped from a subcontractor warehouse to an FBI site, the subcontractor prepared a bill of lading that listed all items shipped. However, there was no requirement for FBI officials to verify that the items were actually received. The subcontractors also prepared a "Site Acceptance Listing" of equipment that had been installed at each FBI site. While an FBI official signed this listing, based on our inquiries at two field offices, we found the officials may not have always verified the accuracy and completeness of these lists. FBI did not prepare its own independent lists of ordered, purchased, or paid- for assets and did not perform an overall reconciliation of total assets ordered and paid for to those received. Such a reconciliation would have been made difficult by the fact that invoices FBI received from CSC did not include item-specific information--such as bar codes, serial numbers, or shipping location. However, failure to perform such a reconciliation left FBI with no assurance that it had received all of the assets it paid for. In addition, equipment that was delivered to FBI sites was not entered into FBI's Property Management Application (PMA) in a timely manner, increasing the risk that assets could be lost or stolen without detection. We found that 71.6 percent of the CSC-purchased equipment that was recorded in PMA, representing 84 percent of the total dollar value, was entered more than 30 days after receipt, and nearly 17 percent of the equipment, representing 37 percent of the dollar value, was entered more than a year after receipt. When assets are not timely recorded in the property system, there is no systematic means of identifying where they are located or when they are removed, transferred, or disposed of and no record of their existence when physical inventories are performed. This severely limits the effectiveness of the physical inventory in detecting missing assets and in triggering investigation efforts as to the causes. FBI also could not accurately identify all accountable assets because of improper controls related to its bar codes--a key tool for maintaining accountability and control over individual assets.[Footnote 12] FBI relied on contractors to affix the bar codes, yet did not track the bar code numbers given to contractors, the bar code numbers they used, or the bar code numbers returned. Moreover, FBI provided incorrect instructions to contractors, initially directing them to bar code certain types of lower cost equipment that did not need to be tracked. FBI's loss of control over its bar codes and failure to timely enter assets into its property tracking system seriously hampered its ability to maintain accountability for its Trilogy equipment. Accountability for equipment was further undermined by FBI's failure to perform sufficient physical inventory procedures to ensure that all assets purchased with Trilogy funds were actually located during the physical inventory. Given the serious nature of these control weaknesses, we performed additional test work to determine whether all accountable assets purchased with Trilogy funds could be accounted for and found that FBI was unable to locate 1,404 of these assets. These were items such as desktop computers, laptops, printers, and servers. In written comments on a draft of our report, FBI told us that it had accounted for more than 1,000 of these items. During our agency comment period, FBI stated that it had found 237 items we previously identified as missing and provided us evidence, not made available during our audit, to sufficiently account for 199 of these items. We adjusted the missing assets listing in our report to reflect 1,205 (1,404 - 199) assets as still missing. FBI later informed us that the approximately 800 remaining items noted in its official agency response included (1) accountable assets not recorded in PMA because they were either incorrectly identified as nonaccountable assets or mistakenly omitted, (2) defective accountable assets that were never recorded in PMA and subsequently replaced, and (3) nonaccountable assets or components of accountable assets that were incorrectly bar coded. We considered these same issues during our audit and attempted to determine their impact. For example, as stated in our report, FBI told us that components of some nonaccountable assets that were part of a larger accountable item may have been mistakenly bar coded. Using FBI guidance on accountable property, we determined that 103, or about 11 percent, of the 926 missing assets purchased by CSC may have represented nonaccountable components. Because FBI could not provide us with the location information, we could not definitively determine whether the items were accountable assets. During the course of our audit, FBI was not able to provide us with any evidence to support its other statements regarding the reasons the assets could not be located. While we are encouraged by FBI's current efforts to account for these assets, its ability to definitively determine their existence has been compromised by the numerous control weaknesses identified in our report. Further, the fact that assets have not been properly accounted for to date means that they have been at risk of loss or misappropriation without detection since being delivered to FBI--in some cases, for several years. Concluding Comments: FBI's Trilogy IT project spanned 4 years and the reported costs exceeded $500 million. Our review disclosed that there were serious internal control weaknesses in the process used by FBI and GSA to approve contractor charges related to Trilogy, which made up the majority of the total reported project cost. While our review focused specifically on the Trilogy program, the significance of the issues identified during our review may indicate more systemic contract and financial management problems at FBI and GSA, in particular when using cost-reimbursable type contracts and interagency contracting vehicles. These weaknesses resulted in the payment of millions of dollars of questionable contractor costs, which may have unnecessarily increased the overall cost of the project. Unless FBI strengthens its controls over contractor payments, its ability to properly control the costs of future projects involving contractors, including its new Sentinel project, will be seriously compromised. Further, weaknesses in FBI's controls over the equipment acquired for Trilogy resulted in millions of dollars in missing equipment and call into question FBI's ability to adequately safeguard its equipment, as well as confidential and sensitive information that could be accessed through that equipment from unauthorized use. Our companion report includes 15 recommendations to help improve FBI's and GSA's controls over their invoice review and approval processes and to address questionable billing issues we identified. It also includes 12 recommendations to help improve FBI's accountability for assets. FBI concurred with our recommendations and outlined actions under way and further planned actions to address the weaknesses we identified. FBI also provided additional information related to Trilogy assets we identified as missing. While GSA accepted our recommendations, it did not believe that one of them was needed, and described some of the improvements to its internal controls and other business process changes already implemented. GSA also expressed concern with some of our observations and conclusions related to the invoice review and approval process and our analysis of airfare costs. We continue to believe that our report is accurate and that all recommendations should be implemented. We understand that FBI has outlined actions to implement our recommendations. While we are encouraged by these efforts, let me just emphasize the importance of continually monitoring the implementation of corrective actions to ensure that they are effective in helping to avoid the types of control lapses that we identified throughout the Trilogy project. Without such vigilant monitoring, Sentinel and other efforts will be greatly exposed to similar questionable or inappropriate payments and lack of accountability over assets. Mr. Chairman and members of the committee, this concludes my prepared statement. I would be pleased to answer any questions that you may have. Contact and Acknowledgments: For more information regarding this testimony, please contact Linda M. Calbom at (202) 512-9508 or [Hyperlink, calboml@gao.gov]. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this testimony. Individuals making key contributions to this testimony included Steven Haughton (Assistant Director), Ed Brown, Marcia Carlsen (Assistant Director), Lisa Crye, and Matt Wood. Numerous other individuals contributed to our audit and are listed in our companion report. (190123): [End of section] FOOTNOTES [1] GAO, Federal Bureau of Investigation: Weak Controls over Trilogy Project Led to Payment of Questionable Contractor Costs and Missing Assets, GAO-06-306 (Washington, D.C.: Feb. 28, 2006). [2] The IT infrastructure portion of Trilogy consisted of two parts: (1) upgrades to FBI's computer hardware and software and (2) upgrades to FBI's communication network. [3] Department of Justice, Office of the Inspector General, The Federal Bureau of Investigation's Management of the Trilogy Information Technology Modernization Project, Report No. 05-07 (Washington, D.C.: February 2005). [4] See for example, GAO, Information Technology: FBI Is Building Management Capabilities Essential to Successful Systems Deployments, but Challenges Remain, GAO-05-1014T (Washington, D.C.: Sept. 14, 2005). [5] Unallowable costs are contractor costs that are not allowed under a term or condition of the contract or pursuant to applicable regulations. [6] GAO-06-306. [7] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January 2005). [8] The determination of unallowable costs is made by the contracting agency. Therefore, until such determination is made, we have categorized these costs as potentially unallowable. [9] SAIC officials indicated that in June 2003 a waiver of the 10 hours of uncompensated time associated with the overtime policy was implemented for select teams. However, SAIC could not provide us information on which teams, tasks, or employees the waiver applied to or the length of time the waiver covered. Therefore, we were not able to consider this waiver in our analysis. [10] DCAA is responsible for performing all contract audits for the Department of Defense. They also provide contract audit services to other government agencies when hired to do so. [12] This includes Trilogy equipment purchased by CSC and SAIC and equipment purchased directly by FBI that was delivered to CSC for the IT infrastructure portion of the project. [12] The use of bar codes involves affixing a machine-readable bar code to a controlled item, which can then be scanned and compared to an equipment inventory listing as part of a periodic physical inventory. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: