Year 2000 Computing Challenge:
FBI Needs to Complete Business Continuity Plans
AIMD-00-11: Published: Oct 22, 1999. Publicly Released: Oct 22, 1999.
Additional Materials:
- Full Report:
Contact:
(202) 512-3000
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO provided information on the Federal Bureau of Investigation's (FBI) plans and controls for year 2000 business continuity planning, focusing on: (1) the status of and plans for completing the FBI's contingency planning for continuity of operations; and (2) whether the FBI's contingency planning efforts satisfy the key processes in GAO's year 2000 business continuity and contingency planning guide.
GAO noted that: (1) the FBI reported that it has renovated, tested, and certified as year 2000 compliant all but 1 of its 43 mission-critical systems and has developed system-level contingency plans for all but 2 of the 43; (2) the FBI has made some progress in its year 2000 business continuity planning, but this very important effort is running late; (3) to ensure that there will be sufficient time to develop, test, and finalize plans, GAO recommended in earlier testimony that plans be developed by April 30, 1999, and tested, including addressing problems and retesting by September 30, 1999, in order to allow agencies sufficient time to evaluate whether the plans will provide the level of core business capability needed and whether the plans can be implemented within a specified timeframe; (4) however, the FBI had not yet developed division-level business continuity plans or field office plans, and it did not expect to complete the integration of the division plans until September 1999; (5) further, it had not established a target date for completing field office plans or testing both field-level and division-level plans; (6) these delays left the FBI with little time to complete the many planning tasks that remain and ensure that it is ready to minimize the impact of possible year 2000-induced system failures; (7) the FBI also did not have many of the management controls and processes needed to effectively guide its continuity planning effort through the short time remaining before the year 2000 deadline; (8) according to the year 2000 official, the FBI had not implemented these controls and processes because the Department of Justice's guidance focuses on system-level contingency plans and does not require business continuity planning; (9) further, the official stated that the FBI is inherently capable of ensuring continuity of operations because its agents in both headquarters and the field are well trained and prepared for responding to various emergency circumstances, of which potential year 2000 system failure is just one; and (10) by not employing the management rigor and discipline specified in GAO's year 2000 business continuity planning guide, the FBI will not be able to ensure that it: (a) properly focuses its planning effort on the agency's most critical operations; (b) selects the best strategies to protect these operations; (c) has sufficient resources and staff dedicated to implementing continuity plans; and (d) can efficiently and effectively invoke its continuity plans, if necessary.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: In response to the report, Justice convened a meeting of its component bureaus, which GAO attended and facilitated. The purpose of the meeting was to specify the requirement for, and explain the importance of, Year 2000 business continuity plans.
Recommendation: The Attorney General should direct the Department of Justice's Year 2000 Program Office to clarify the department's expectations for Year 2000 business continuity planning for all Justice bureaus, emphasizing the need for these plans and discussing Office of Management and Budget's adoption of GAO's guidance as a federal standard.
Agency Affected: Department of Justice
Status: Closed - Implemented
Comments: The FBI Year 2000 Program Management Office developed a plan for developing and testing business continuity plans. The plan required FBI headquarters and field offices to develop and test business continuity plans by November 1, 1999, and December 15, 1999, respectively.
Recommendation: The Attorney General should direct the Director, FBI, to establish and implement a plan for the timely development and testing of effective headquarters and field office year 2000 business continuity plans, including incremental milestones for completing all relevant key processes in GAO's guide associated with business impact analysis, plan development, and plan testing.
Agency Affected: Department of Justice
Status: Closed - Implemented
Comments: The FBI's actions were limited to business continuity plan testing. Specifically, the FBI tested its headquarters business continuity plans on November 18, 1999 and December 2, 1999. In addition, the FBI also conducted joint testing of headquarters and field offices' business continuity plans on December 8-9, 1999.
Recommendation: The Attorney General should direct the Director, FBI, to establish and implement effective controls and structures for managing year 2000 business continuity planning, including each of the relevant key processes addressed in GAO's year 2000 continuity planning guide and discussed in this report as not yet being satisfied.
Agency Affected: Department of Justice
Explore the full database of GAO's Open Recommendations
»
Explore the full database of GAO's Open Recommendations
Dec 13, 2018
Open Data:
Treasury Could Better Align USAspending.gov with Key Practices and Search RequirementsGAO-19-72: Published: Dec 13, 2018. Publicly Released: Dec 13, 2018.
Dec 12, 2018
-
Information Technology:
Implementation of Recommendations Is Needed to Strengthen Acquisitions, Operations, and CybersecurityGAO-19-275T: Published: Dec 12, 2018. Publicly Released: Dec 12, 2018.
Dec 11, 2018
-
Information Technology:
Agencies Need Better Information on the Use of Noncompetitive and Bridge ContractsGAO-19-63: Published: Dec 11, 2018. Publicly Released: Dec 11, 2018.
Nov 13, 2018
-
Information Technology:
Departments Need to Improve Chief Information Officers' Review and Approval of IT BudgetsGAO-19-49: Published: Nov 13, 2018. Publicly Released: Nov 13, 2018.
Sep 27, 2018
-
Information Technology:
SSA Has Improved Acquisitions and Operations, but Needs to Fully Address the Role of Its Chief Information OfficerGAO-18-703T: Published: Sep 27, 2018. Publicly Released: Sep 27, 2018.
Aug 2, 2018
-
Federal Chief Information Officers:
Critical Actions Needed to Address Shortcomings and Challenges in Implementing ResponsibilitiesGAO-18-93: Published: Aug 2, 2018. Publicly Released: Aug 2, 2018.
Jun 13, 2018
-
VA Health Care:
Independent Verification and Validation of Patient Self-Scheduling Systems Was Consistent with the Faster Care for Veterans Act of 2016GAO-18-442R: Published: Jun 13, 2018. Publicly Released: Jun 13, 2018.
May 24, 2018
-
DOD Major Automated Information Systems:
Adherence to Best Practices Is Needed to Better Manage and Oversee Business ProgramsGAO-18-326: Published: May 24, 2018. Publicly Released: May 24, 2018.
May 23, 2018
-
Data Center Optimization:
Continued Agency Actions Needed to Meet Goals and Address Prior RecommendationsGAO-18-264: Published: May 23, 2018. Publicly Released: May 23, 2018. -
Information Technology:
Continued Implementation of High-Risk Recommendations Is Needed to Better Manage Acquisitions Operations and CybersecurityGAO-18-566T: Published: May 23, 2018. Publicly Released: May 23, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on Information Technology
- Best Practices and Leading Practices in Information Technology Management
- 2020 Census - High Risk Issue
- DHS Management - High Risk Issue
- DOD Business Systems Modernization - High Risk Issue
- Ensuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Information - High Risk Issue
- IT Acquisitions and Operations - High Risk Issue
- Managing Risks and Improving VA Health Care - High Risk Issue
- Modernization Blueprints
- OPM's Retirement Processing System Modernization
- Wireless Broadband Spectrum Management
Explore our other Key Issues here
