Objectives

The primary objective of the audit was to determine if the FBI has implemented prior OIG and GAO recommendations directed toward improving its information technology.⁴⁸

Scope and Methodology

The audit was performed in accordance with Government Auditing Standards, and included tests and procedures necessary to accomplish the audit objective. We conducted work at FBI Headquarters in Washington, D.C., and GAO Headquarters in Washington, D.C. We also visited internal offices within the Office of the Inspector General, specifically the Financial Statement Audit Office, the Computer Security and Information Technology Audit Office, and the Office of Oversight and Review.

To perform our audit, we conducted 27 interviews with officials from the FBI, OIG, and GAO. The FBI officials interviewed were from the Inspection Division, Information Resources Division, and National Infrastructure Protection Center. Additionally, we reviewed over 100 documents, including prior GAO and OIG reports, Congressional testimony, and documentation on the FBI's process for tracking the resolution of recommendations.

To determine if the FBI has implemented IT recommendations issued by the OIG in the last five years, we made inquiries with OIG management in the Audit Division, Investigations Division, Evaluation and Inspections Division, and the Office of Oversight and Review to identify the applicable reports. Based on our inquiries, we determined that the OIG's detailed internal control reports over the FBI's IT systems in support of the annual financial statement audits (fiscal years 1996 to 2001), the FY 2001 and FY 2002 GISRA reports, and two special review reports contained recommendations related to the FBI's information technology and information management. Based on the records and opinions of the OIG offices responsible for preparing the reports and interviews with FBI officials, we then analyzed and summarized the current status of the recommendations.

To determine if the FBI has implemented IT recommendations issued by the GAO in the last five years, we searched the GAO website for reports that included references to the FBI and information technology or information management. From this sample, we reviewed reports to identify recommendations made to the FBI that pertain to IT. Our search indicated that one report contained one recommendation that met our criteria.⁴⁹ Additionally, we made inquiries with GAO personnel to determine if they issued any classified reports relating to FBI IT that would not be listed on the website. We were told by GAO personnel that no such classified reports were issued. From the GAO's website, we obtained the status of the recommendation and confirmed the status through inquiries with GAO and FBI personnel, as well as by reviewing supporting documentation.

48. We included recommendations related to document management because FBI documents are generally produced electronically or managed in automated databases and systems.
49. This report is discussed in Appendix 3.