For Immediate Release
January 26, 2005
|
Washington D.C.
FBI National Press Office
(202) 324-3691
|
The Honorable Glenn A. Fine
Inspector General
Office of the Inspector General
U.S. Department of Justice
Room 4322
950 Pennsylvania Avenue, N.W.
Washington, D.C. 20530
Re: DRAFT AUDIT REPORT - THE FEDERAL BUREAU OF INVESTIGATION'S
MANAGEMENT OF THE TRILOGY INFORMATION TECHNOLOGY MODERNIZATION PROJECT
Dear Mr.
Fine: The Federal Bureau of Investigation (FBI) appreciates your efforts,
and those of your staff, in assessing the progress of our Trilogy technology
modernization project. As always, the FBI welcomes your observations and
final recommendations. We will give them thorough review and consideration.
We have completed our review of your draft report entitled, "The Federal
Bureau of Investigation's Management of the Trilogy Information Technology
Modernization Project" and appreciate this opportunity to respond to your
preliminary findings and recommendations. Based upon our review, your findings
and recommendations are consistent with the FBI's internal reviews and with
those of other oversight entities. I am pleased to inform you that the FBI
has made significant progress in addressing not only all the recommendations,
but all the key issues raised in your draft report. Before responding to the
individual recommendations, however, there are several issues that call for
clarification. These relate to the national security impact of the delay of
the Virtual Case File (VCF), the future of the VCF, and changes in the FBI's
management of information technology (IT). A more detailed "fact
check" that pointed out specific inaccuracies was submitted under separate
cover on January 19, 2005.
Issue 1: National security remains uncompromised by the delay of VCF We
agree that we have not met our goals for an automated case management system.
However, we disagree with your finding that "the continuing lack
of an effective case management system hinders the FBI's capability to perform
its critical national security mission." The draft report states that
delays in the VCF program raise national security implications because the
FBI is continuing to rely on the Automated Case Support (ACS) system and paper
files, which hamper FBI Agents and Analysts from adequately searching and sharing
information from investigative files. These statements overlook the substantial
IT improvements that directly support our counterterrorism mission. While VCF
would improve efficiency, workflow, and records management, it is important
to stress that VCF is a software application, not a counterterrorism database
or hardware set. All FBI Special Agents and Intelligence Analysts have access
to the necessary FBI databases. The legacy case management system, ACS, has
limitations, but it is a widely used tool that heavily supports case, lead,
and collected-item management, reporting, and indexing services. ACS is searchable
and data entered into it can be updated. More importantly, ACS is far from
the only means by which the FBI searches, analyzes, and shares data. Substantial
IT improvements have been made, such as upgrading our secure network to a high-speed
reliable network. Hardware and robust search tools have greatly enhanced our
ability to access, analyze, and share information. As pointed out in the draft
report, the new Trilogy network and hardware provides a uniform suite of software
that has given FBI personnel the ability to share information, including images,
audio, video, and multimedia files, quickly, reliably, and securely. The Trilogy
upgrades have also provided a foundation for a number of new capabilities that
support the FBI's counterterrorism mission. The FBI's Investigative Data Warehouse
(IDW) now provides Special Agents, Intelligence Analysts, and members of Joint
Terrorism Task Forces (JTTFs), with a single access point to more than 47 sources
of counterterrorism data, including information from FBI files, other government
agency data, and open source news feeds, that were previously available only
through separate, stove-piped systems. New analytical tools are used across
multiple data sources providing a more complete view of the information possessed
by the Bureau. Users can search up to 100 million pages of international terrorism-related
documents and billions of structured records such as addresses and phone numbers
in seconds. They can also search rapidly for pictures of known terrorists and
match or compare the pictures with other individuals in minutes rather than
days. Coupled with sophisticated state-of-the-art search tools, the IDW enhances
the FBI's ability to identify relationships across cases quickly and easily.
Other critical IT improvements have given the FBI unprecedented connectivity
with our partners in the Intelligence and Law Enforcement Communities. The
Top Secret/Sensitive Compartmented Information Operational Network (SCION)
gives FBI personnel the ability to electronically receive, disseminate, and
share compartmented sources of intelligence information among the FBI's counterterrorism
and counterintelligence operations and with the Intelligence Community. SCION
also provides for video teleconferencing at the TOP SECRET level. The FBI
has further enhanced its SECRET level connectivity to the Intelligence and
Homeland Security Communities via the Department of Defense's (DOD) SECRET
Internet Protocol Router Network (SIPRNET). At the start of 2004, the FBI had
a SIPRNET presence of 50 stand-alone workstations. In December 2004, the FBI
implemented a new strategy which currently provides FBI users with access to
SIPRNET from their Trilogy desktop. The FBI uses SIPRNET to disseminate both
raw and finished intelligence and to support more than 100 JTTFs, the Foreign
Terrorist Tracking Task Force (FTTTF), the National Virtual Translation Center
(NVTC), the Terrorism Screening Center (TSC), and the Terrorist Explosive
Devices Analytical Center (TEDAC). The Secure Video Teleconferencing Network
(SVTCN) provides SECRET level, state-of-the-art video teleconferencing capability
between FBI Headquarters, remote field offices, JTTFs, and other secure locations.
The SVTCN operates over the FBI's new Trilogy network and can relay live
video and information from a crisis center to senior FBI management located
at any FBI site. The SVTCN also supports distance learning activities. We
have also enhanced connectivity through the FBI's Automated Messaging System
(FAMS). FAMS began 24/7 operations on December 15, 2004, and now provides
users with the capability to send and receive critical organizational message
traffic to any of the 40,000+ addresses on the Defense Messaging System (DMS).
FAMS will replace the legacy SAMNET system and support all FBI users by April
30, 2005. The Top Secret version of FAMS is currently under test and will provide
the same capability to everyone on SCION by May 30, 2005. The FBI is the first
civilian agency to operate on the classified DMS. Another innovation is the
FBI Intelligence Information Reports Dissemination System (FIDS), deployed
throughout the FBI on November 15, 2004. FIDS is a web-based software application
that allows all FBI personnel with access to the FBI's Intranet to create and
disseminate standardized Intelligence Information Reports (IIRs) quickly and
efficiently. FIDS is significant because it is the first Extensible Markup
Language (XML)- based IIR system in the federal government with a message format
output standardized to Intelligence Community standards. It facilitates interoperability
with other Intelligence Community databases and dissemination systems using
XML. It also automates the IIR re-engineered process with a re-engineered electronic
workflow allowing for improved information management. The FBI is also beginning
to implement programs for data marts as part of the Intelligence Community
System for Information Sharing (ICSIS). The first FBI Secret/Top Secret Intelligence
Community data mart is currently being developed and will be online by January
30, 2005. To facilitate information sharing with state, municipal, and tribal
law enforcement and first responders, the FBI continues to expand its use of
Law Enforcement Online (LEO). LEO is used to support the sharing of vital information
between the National JTTF, the Department of Justice (DOJ), the TSC, and local
JTTFs across the country. The National JTTF and each of the JTTFs have established
Special Interest Groups on LEO, accessible to all law enforcement personnel,
to facilitate the exchange of terrorism information nationally and locally.
We have interfaced LEO with two other law enforcement networks: (1) the National
Law Enforcement Telecommunications System (NLETS), an information sharing network
that connects state, municipal, and federal law enforcement and justice agencies;
and (2) the Regional Information Sharing Systems Network (RISS), that provides
law enforcement users in six regional centers with database pointer systems,
investigative leads bulletin boards, and encrypted e-mail. These networks are
specifically designed to facilitate sharing of intelligence to coordinate efforts
against criminal networks that operate in many locations across jurisdictional
lines. Interconnectivity among the combined users of LEO, NLETS, and RISS gives
us the means to share information about groups posing the greatest threats
to the United States with more law enforcement partners, quickly, and with
greater ease. LEO also supports the National Alert System (NAS), which uses
push-technology to notify up to 21,000 users/agencies of critical alert information
within minutes. Messages pop up on computers -- like instant messaging, but
in a secure environment -- and alert notifications are sent to police chiefs'
cell phones and pagers. The system can deliver the message selectively to specific
groups (as dictated by geography or function, such as border states or airport
security) or broadcast to all possible recipients. Messages can include text,
photos, and maps. The Criminal Justice Information Services (CJIS) Information
Sharing project will use LEO's sensitive but unclassified (SBU) infrastructure
to share information between CJIS Division systems, including the National
Crime Information Center (NCIC) and Integrated Automated Fingerprint Identification
System (IAFIS), and federal, state, municipal and tribal law enforcement. In
addition, we are well on our way toward implementing the Law Enforcement National
Data Exchange (N-DEx). The N-DEx will provide federal, state, municipal and
tribal law enforcement with a system to collect, process, and disseminate criminal
and investigative data. This national information sharing program will provide
the Law Enforcement Community with: Information about methods of criminal operation
identified by national contributors;
arrestee/indictor information;
victim information;
suspect information; and
other ongoing criminal and investigative information. N-DEx will provide a
national law enforcement "pointer" to more
detailed indices, case, and intelligence information. It will provide for automated
direct electronic input from local, tribal, state, and federal agencies, as
well as interactive responses. On June 15, 2004, the FBI's Security Division
granted interim approval to operate the N-DEx system. A number of law enforcement
agencies have signed MOUs with the FBI regarding prototyping, including: (1)
Marietta, Georgia, Police Department; (2) Alexandria, Virginia, Police Department;
(3) the Uniform Crime Reporting (UCR) State Repository, West Virginia State
Police, Huntington, West Virginia; and (4) Cabell County, West Virginia, Sheriff's
Office. Upon final FBI Office of the General Counsel approval of the Privacy
Impact Statement and the signing of the new piloting memorandum of understanding,
the prototyping phase will transition to the piloting phase. N-DEx is fully
integrated with the Global Justice XML initiative for improving interoperability
of all criminal justice information systems under one standard. N-DEx is also
fully integrated with the DOJ Law Enforcement Information Sharing Program (LEISP)
plan. In short, the FBI's capacity to access, analyze, and share data internally
and externally has improved considerably since the OIG began this audit, strengthening
our ability to predict and prevent acts of terrorism and otherwise supporting
our national security mission. Additional improvements currently underway will
further strengthen these capabilities over the next few months.Issue 2: The FBI has a plan to leverage what has been developed on
the VCF project and move forward with a long-term solution The draft
report states that "the FBI is moving away from VCF as the
solution of its case management requirements. Instead, the FBI is relying on
the future (and uncertain) development of an interagency FICMS for its case
management needs." This statement requires clarification. First, it implies
that the VCF project is being abandoned and replaced by the Federal Investigative
Case Management System (FICMS). In fact, VCF and FICMS are two separate, but
related projects that will move forward simultaneously. The VCF project remains
the highest IT priority for the FBI, and we are developing an implementation
plan that will result in deployment of a fully functional investigative case
and records management system. We have tasked Aerospace Corporation, a non-for-profit
federally funded contractor, to evaluate the SAIC-delivered VCF application.
Under a separate option, we tasked Aerospace with evaluating commercial off-the-shelf
(COTS) and government off-the-shelf (GOTS) products that may meet the defined
FBI's requirements. Aerospace has delivered two reports to the FBI, a Commercial
Off the Shelf /Government Off the Shelf (COTS/GOTS) Technology Trade Study
and an Independent Verification and Validation of the Trilogy Virtual Case
File Report. These reports will serve as vital sources of information for the
FBI's future VCF. Second, the finding represents a fundamental misunderstanding
of the FICMS project. To clarify, FICMS does
not replace VCF. FICMS serves as the framework that will govern development
of DOJ and Department of Homeland Security (DHS) investigative case management
systems to ensure the high level of inter-agency compatibility needed to facilitate
information sharing. Each agency has unique needs and will implement its own
services to manage investigative workflow, manage records, and analyze data.
However, these individual systems will follow the broad FICMS blueprint so
that data can flow easily and securely between agencies. The two projects are
on parallel tracks that will eventually converge. The FBI is moving forward
in the development and deployment of a case management system. The success
from the FBI project will be used to develop the FICMS, a broad blueprint for
federal investigative case management systems. The FBI has learned critical
lessons in various areas, including: contract management, project management,
adequate policies and procedures, modular development and deployment, discretionary
access controls for security of data, record management requirements, and the
value of prototyping. These lessons learned will be applied to future case
management systems and to all future IT projects. Issue 3: The FBI's Management of IT The
draft report states that contracting weaknesses were a primary cause of schedule
and cost problems associated with Trilogy. We agree with the finding that the
FBI's oversight of the Trilogy contracts should have been stronger. However,
it is important to note that at the start of the Trilogy project, the FBI recognized
its limitations and appropriately outsourced elements of the project in accordance
with the general framework for handling these contracts that was dictated by
DOJ. As the draft report states, DOJ initially required that the FBI perform
the project integration function and that Trilogy be divided among two contractors.
The General Services Administration's Federal Technologies Services' Federal
Systems Integration and Management (FEDSIM) Center acted as the contracting
office on behalf of the FBI for the key Trilogy contracts. Accordingly, FEDSIM
was responsible for overseeing competing contracts, awarding and maintaining
contracts, tracking contract health, and day-to-day management. Mitretek Systems
was the Program Management and Systems Engineering and Technical Advisory Services
(SETA) contractor that supported the Trilogy Program. Computer Sciences Corporation
(formerly DynCorp) was the contractor responsible for the network and hardware
components of the Trilogy Program. SAIC was responsible for delivering the
user applications component, including the VCF. SAIC also later assumed the
role of Integrator for the Trilogy Program. With regard to the overall management
of IT, we are pleased to report that we have made fundamental changes in the
method by which IT is managed in the FBI -- changes that will ensure that we
move forward in a manner that supports our mission, priorities, and Strategic
Plan, and that is consistent with industry best practices and established principles
of IT management. As part of a top-to-bottom reorganization of the FBI's IT
resources, the FBI established the Office of the Chief Information Officer
(OCIO) to centrally manage all IT responsibilities, activities, policies, and
employees across the Bureau. With the FBI's new IT organization, all IT projects
now fall under the OCIO. The OCIO is responsible for the FBI's overall IT efforts,
including developing the FBI's IT strategic plan and operating budget, developing
and maintaining the FBI's technology assets, and providing technical direction
for the re-engineering of FBI business processes. The OCIO is divided into
four components: policy and planning, project management, technology development,
and operation and maintenance. This structure provides for end-to-end management
of IT projects within the FBI and incorporates best practices for governing
a large IT organization. Under the centralized leadership of the OCIO, the
FBI is taking a coordinated, strategic approach to IT. OCIO has established
an IT governance framework for managing IT projects at each stage of their "lifecycle" from
planning and investment, through development and deployment, operation and
maintenance, and disposal. The OCIO has also implemented a comprehensive set
of safeguards to ensure that future IT programs do not run into problems like
those encountered on the VCF project. In December 2004, the OCIO completed
our first release of the Strategic IT Plan (SITP), which maps out how IT will
support the FBI's Strategic Plan and mission goals over the next five years.
All IT projects are now required to be consistent with the FBI's Strategic
Plan. We established our baseline Enterprise Architecture (EA) in 2004 and
are in the process of developing our target EA in September 2005. We have already
identified all of the IT systems, applications, networks and databases in the
Bureau in an IT Master Systems List. All IT projects in the future will be
required to be consistent with the FBI's EA. We have implemented a Life Cycle
Management Directive (LCMD) that fundamentally changes how IT projects are
managed in the Bureau. Our LCMD governs how IT projects are managed from "cradle to grave" and is consistent with
industry and other government agency best practices. The LCMD guides FBI personnel
on the technical management and engineering practices used to plan, acquire,
operate, maintain, and replace IT systems and services. All IT projects and
programs will be required to undergo rigorous project and executive level "control
gate" reviews for each stage, from inception through disposal. There are
seven gates, nine phases, and 14 key supporting processes in the LCMD. These
reviews are the mechanism for management control and direction, decision-making,
coordination, and confirmation of successful performance. The LCMD will help
prevent the delays and problems that occurred during the Trilogy project. We
have established five Enterprise IT Governance Review Boards: (1) the Investment
Management/Project Review Board; (2) the Technical Review Board; (3) the Change
Management Board; (4) the IT Policy Review Board; and (5) the Enterprise Architecture
Board. These Boards decide whether to proceed with, revise, or terminate a
program or project. An Executive Assistant Director-Level IT Advisory Board
now meets quarterly to discuss IT matters with key stakeholders. We have established
charters and procedures, and all Boards are operational. The Investment Management/Project
Review Board now reviews and approves new IT investments at specified stages
of each IT project's life cycle. We are also in the process of evaluating the
FBI's 130+ existing IT projects for overall health and placement within the
system development life cycle. This will enable FBI executives to uncover and
address cost, schedule, and performance risks. The FBI has implemented a comprehensive
and effective IT Portfolio Management Program. The program focuses on performance
assessments of IT investments in the operations and maintenance (O&M) phase of their life cycle. Since the
majority of our IT investments currently reside in the O&M phase, these
assessments help senior management make more informed decisions about IT investments
(personnel and dollars). Portfolio Management recommendations are focused on
those investments that should be leveraged, replaced, outsourced, or retired.
A pilot portfolio assessment of one Division has been completed to date, and
the enterprise portfolio assessment will be completed in the fall of this year,
in time to support the FY 2008 budget/investment cycle. The FBI has established
an IT Portfolio Management Automation project that will develop the FBI's Enterprise
IT Tool. This is a software package that will identify and track sanctioned
IT projects with baselined plans, schedules, scope, and costs. It will also
track all FBI IT hardware and software infrastructure procurements at an integrated,
enterprise level. The Enterprise IT Tool will electronically track all IT projects
throughout the lifecycle and help us to ensure that new IT investments are
aligned with mission goals. We are also taking steps to ensure a high level
of performance for our IT projects. The OCIO is in the process of establishing
an IT Metrics program that identifies and measures IT performance according
to industry standards, government regulations, and earned value management
system (EVMS) principles. Currently, we publish a CIO Monthly IT metrics report
using the Balanced Scorecard Methodology. Our plan is to establish EVMS for "major" IT
projects, which are being reviewed by the Investment Management/Project Review
Board at the rate of approximately five projects per month, beginning in January
2005. When a program or project metric varies by more than 10 percent of the
acceptable thresholds for cost, schedule and performance, it will trigger closer
scrutiny and remedial action by the Investment Management/Project Review Board.
We have launched a joint initiative between the CIO and the Chief Financial
Officer of the FBI that will standardize and automate all procurement actions
involving all IT acquisitions, as well as focus on increased competition and
small business involvement.
To build a stronger IT workforce, including managers, the OCIO has begun
to train our Program and Project Managers, as well as executive management
personnel, to be certified as Program Management Professionals (PMP). The
OCIO currently has two certified government and five contractor PMPs. Approximately
25 managers have taken the PMP review course and plan to take the test. Another
20 are currently enrolled in the training program. This and other leadership
training provides best practices and techniques to provide better management
of the IT projects and the enterprise IT portfolio.To coordinate IT policies,
the OCIO is in the process of establishing a Master IT Policy List. Once
established, any new IT policies or modifications will have to be reviewed
and approved by the IT Policy Review Board. The Master IT Policy List will
enable the OCIO to monitor all IT projects during the LCMD control gate review
processes and enforce all applicable IT policies. We are also taking steps
to standardize technology assessments. The FBI CTO is working closely with
the EA team to standardize enterprise technology standards, technical reference
models, technical architectures, and technical design reviews under the LCMD
and system testing/integration. A unified test and integration facility will
allow for centralized technology assessment that provides responsive IT solutions
to meet mission needs. These measures mitigate project risks through common,
interoperable, supportable, and affordable solutions. In the area of security,
the FBI has implemented an Information Assurance Program, which also contributes
to the LCMD. It is implementing key IT capabilities, such as Public Key Infrastructure
(PKI) and the Enterprise Security Operations Center (ESOC), which will strengthen
IT services in the Bureau and mitigate internal and external threats. Additionally,
Security and Information Assurance is being fully integrated into the new
LCMD and the EA, throughout the process, instead of being "bolted-on" afterwards.
Certification and Accreditation is being required for all IT Projects and
Systems. The VCF Initial Operating Capability (IOC) was fully executed using
the FBI's new approach to IT management. Project objectives, requirements,
and constraints were clearly identified before proceeding forward to each
control gate. A cost-sharing arrangement was established as part of the renegotiated
UAC contract. A well developed plan was established and agreed to as part
of the contract negotiations. Control gates (i.e., go/no go criteria) were
used at major milestones to control the release of funding and to keep the
project focused. Adherence to defined management processes was mandated.
As a result, the VCF IOC was developed on schedule and within budget and
its deployment is currently on schedule. Development of the FIDS is another
example of how the FBI's new approach to IT management is supporting our
national security mission. The FIDS was designed to meet exigent intelligence
mission needs and was successfully developed using a proven business process
and information management framework. It was created by a five-member development
team and conformed to the FBI CIO's new Life Cycle Management Process. Its
successful six-month development cycle is an example of focused systems development
in record time at reasonable cost. As demonstrated by VCF IOC, PKI, and FIDS,
proper planning and contractor oversight will ensure success on future IT
projects.
Response to RecommendationsRecommendation 1: Replace the obsolete
ACS system as quickly and as cost-effectively as feasible. The FBI
agrees with the recommendation to replace the ACS system as quickly and as
cost-effectively as feasible, and doing so remains our top IT priority. We
are continuing to move forward with the VCF project in accordance with a
two-track plan initiated in June 2004. Track One, also known as IOC, will
pilot the operational use of VCF's automated workflow process. Several hundred
employees in the New Orleans Field Office, Baton Rouge RA, and the Drug Unit
within the America's Criminal Enterprise Section at FBIHQ will use the system
as their document routing system from mid-January through the end of March
2005. Objectives of the pilot are to: (1) test drive the workflow concept;
(2) validate the human machine interface; (3) create an electronic interface
to ACS; (4) assess network performance; and (5) develop and deliver an enterprise-geared
training curriculum. The IOC is on track to accomplish all these objectives.
As part of Track Two, the FBI contracted with multiple independent vendors
to perform the following tasks:1. Examine the latest working version of the
VCF application to determine if the software, as designed, will meet the
FBI's operational, security, and performance requirements. The contractor
is also tasked to determine if the VCF application is scalable and can be
maintained and enhanced easily.2. Examine the current technologies and vendors,
as well as available off-the-shelf software applications and those designed
for other agencies, to determine the best combination to meet the FBI's needs.
In many ways, the pace of technological innovation has overtaken our original
vision for VCF, and there are now products to suit our purposes that did
not exist when Trilogy began.
3. We have also asked a different contractor to review and revalidate our users'
requirements because the mission of the FBI has evolved and there are new requirements
for information and intelligence sharing among different entities.
As mentioned above, we are currently reviewing the Aerospace report, and the
other reports are expected by the end of January 2005. These independent reviews
will provide the FBI with valuable information to help managers make future
decisions related to FBI applications.Recommendation 2: Reprogram FBI resources to meet the critical need
for a functional case management system. The FBI agrees with this
recommendation. As mentioned above, deployment of a new case management system
is the FBI's top IT priority. Accordingly, we will devote all necessary resources
to support the project, even if this requires reprogramming. In 2004, resources
were reprogrammed to support reorganization of the OCIO and related human
capital development initiatives. As discussed above, these efforts will help
ensure that all IT projects, including the VCF, are well managed in accordance
with established best practices for IT management.Recommendation 3: Freeze
the critical design requirements for the case management system before initiating
a new contract and ensure that the contractor fully understands the requirements
and has the capability to meet them. The FBI agrees with this recommendation
and has already taken steps to address it. This recommendation is consistent
with the FBI's new approach to IT management and, accordingly, all future
IT contracts will follow this approach. At the heart of our new IT management
initiatives, including the IT Strategic Plan and the LCMD, is the understanding
that we must have a clear picture of what we intend to achieve before making
substantial investments. This principle is being applied to VCF Track Two
to include the revalidation of our users' requirements. The implementation
of the LCMD and Review Boards will mitigate the project scope and requirements
creep. The LCMD requires the requirements to be clearly defined before system
development starts. The Review Boards will ensure that the LCMD is enforced.
Similarly, FICMS will move forward with clear System Requirement Specifications
and will use a proven contract vehicle to help ensure that they are met.Recommendation 4: Incorporate development efforts for the VCF into
the development of the requirements for any successor case management system. The FBI agrees with this recommendation and has already taken steps to address
it. Lessons learned over the course of the VCF project can and will be incorporated
into development of any future case management system.
For example, the VCF project suffered in part from runaway scope. After evaluating
the lessons learned from the VCF development, we have adopted a process that
will avoid a recurrence. The FBI has created a complete set of requirements
for developing future case management applications. To ensure that future IT
systems do not expand beyond their functional level, the IT system will be
designed, developed, and deployed incrementally against specified and planned
parameters.Recommendation 5: Validate and improve, as necessary, financial systems
for tracking project costs to ensure complete and accurate data. The
FBI agrees with this recommendation and has already taken remedial steps.
Following the FBI's submission of the LCMD, this recommendation was closed
by the OIG on December 17, 2004 in the report entitled "FBI's Management
of IT Investments, Audit Report Number 03-09." Recommendation 6: Develop
policies and procedures to ensure that future contracts for IT-related projects
include defined requirements, progress milestones, and penalties for deviations
from the baselines. The FBI agrees with this recommendation and has taken appropriate
action. Following the FBI's submission of the LCMD, this recommendation was
closed by the OIG on December 17, 2004 in the report entitled "FBI's Management
of IT Investments, Audit Report Number 03-09." Recommendation 7: Establish
management controls and accountability to ensure that baselines for the remainder
of the current user applications contract and any successor Trilogy-related
contracts are met. The FBI agrees with this recommendation and has taken appropriate
action. As previously outlined, the FBI has implemented a comprehensive approach
to management of IT under which all IT projects are evaluated for overall health,
cost, contribution to the FBI mission, and performance at each stage of their
lifecycle.Recommendation 8: Apply ITIM processes to all Trilogy and any successor
projects. The FBI agrees and will apply ITIM processes to future
IT projects, including any additional Trilogy-related projects. This recommendation
was resolved by the OIG in the report entitled, "FBI's Management of IT Investments, Audit
Report Number 03-09." In that report, the OIG concurred with the FBI's
Plan of Action and Milestones, and the FBI continues to provide status updates
on a quarterly basis in accordance with that report. In the March 24, 2004,
OIG report entitled "FBI's Implementation of
IT Recommendations, Audit Report Number 03-36," the OIG agreed that efficiencies
can be achieved by both the OIG and the FBI by tracking a duplicate recommendation
only under a single audit -- the audit in which the recommendation originated.
Accordingly, we recommend that the FBI continue to report on progress in this
area under Audit Report Number 03-09.Recommendation 9: Monitor the Enterprise Architecture being developed
to ensure timely completion as scheduled. The FBI agrees with this
recommendation and has already taken steps to address it. As discussed above,
the FBI has made considerable progress toward development of an EA. This
recommendation was closed by the OIG on September 12, 2003, in the report
entitled, "FBI's Management of IT Investments, Audit Report Number 03-09." It
was also resolved in the Government Accountability Office (GAO) report entitled, "Information
Technology - FBI Needs an Enterprise Architecture to Guide Its Modernization
Activities, GAO-03-959." Also, in September 2004, the GAO initiated a
follow-up review of the FBI's Enterprise Architecture Efforts (Job Code 310291)
and a report is pending. Accordingly, we recommend that this recommendation
be closed to avoid unnecessary duplication of GAO's efforts. Conclusion Although
deployment of a new case management system for the FBI has been delayed, the
overall pace of IT modernization in the FBI continues to accelerate. We have
made substantial IT improvements to enhance our ability to access, analyze,
and share information. We did so in a manner that has not hampered critical
ongoing operations and that ensures the security of our information and the
privacy rights of individuals. Today, armed with a solid IT foundation, a new
organization and framework for IT management, and with the lessons learned
over the course of the Trilogy project, the FBI is moving forward with further
IT enhancements to help us perform our mission. We appreciate the OIG's guidance
throughout this process. We look forward to working with your office in implementing
recommendations that remain unaddressed.
Sincerely,Zalmai
Azmi
Chief Information Officer
Federal Bureau of Investigation
#####
| Press Releases | FBI
Home Page |