Sentinel Audit II:  Status of the Federal Bureau of Investigation’s Case Management System (Redacted)

Audit Report 07-03
December 2006
Office of the Inspector General

Appendix 3
Prior Reports on the FBI’s Information Technology

Below is a listing of relevant reports discussing the FBI’s information technology systems. These include reports issued by the Department of Justice, Office of the Inspector General (OIG), the Government Accountability Office (GAO), and by other external entities as well as FBI internal reports.

Prior OIG Reports on FBI Case Management Efforts

In March 2006, the OIG issued a report entitled The Federal Bureau of Investigation’s Pre-Acquisition Planning For and Controls Over the Sentinel Case Management System. The report found that the FBI had taken important steps to address its past mistakes in planning for the development of Sentinel. The report identified the following areas of concern:

The OIG concluded that these areas of concern required action and continued monitoring by the FBI, the OIG, and other interested parties.

In February 2005, the OIG issued a report entitled, The Federal Bureau of Investigation’s Management of the Trilogy Information Technology Management Project, which encompassed Sentinel’s predecessor, the Virtual Case File (VCF). The OIG recommended the FBI take the following steps:

The report concluded that the difficulties experienced in completing the Trilogy project were partially attributable to: (1) design modifications the FBI made as a result of refocusing its mission from traditional criminal investigations to preventing terrorism, (2) poor management decisions early in the project, (3) inadequate project oversight, (4) a lack of sound IT investment practices, and (5) not applying lessons learned over the course of the project.

External Reports on FBI Case Management Efforts

In May 2006, the GAO released a report titled Weak Controls over Trilogy Project Led to Payment of Questionable Contractor Costs and Missing Assets that was critical of the FBI’s controls over costs and assets of its Trilogy project. The GAO found that the FBI’s review and approval process for Trilogy contractor invoices did not provide an adequate basis for verifying that goods and services billed were actually received and that the amounts billed were appropriate, leaving the FBI highly vulnerable to payments of unallowable costs. These costs included first-class travel and other excessive airfare costs, incorrect charges for overtime hours, and charges for which the contractors could not document costs incurred. The GAO found unsupported and questionable costs in the amount of $10 million. The GAO also found that the FBI failed to establish controls to maintain accountability over equipment purchased for the Trilogy project. According to the GAO, poor property management led to 1,200 missing pieces of equipment valued at $7.6 million.

The National Research Council issued a report in May 2004 entitled A Review of the FBI’s Trilogy Information Technology Modernization Program. The report found that the program was not on a path to success, and identified the following needs:

The report concluded that the FBI had made significant progress in some areas of its IT modernization efforts, such as the modernization of the computing hardware and baseline software and the deployment of its networking infrastructure. However, because the FBI’s IT infrastructure was inadequate in the past, there was still an enormous gap between the FBI’s IT capabilities and the capabilities that were urgently needed.

The report was updated in June 2004 as a result of what the Council deemed clear evidence of progress being made by the FBI to move ahead in its IT modernization program. This included the appointment of a permanent CIO and the formation of a staffed program office for improved IT contract management. The progress being made by the FBI appeared to the Council to have been more rapid than expected, although many challenges remained. The Council also emphasized that the FBI’s missions constitute increasingly information-intensive challenges, and the ability to integrate and exploit rapid advances in IT capabilities will only become more critical with time. The update concluded that even with perfect program management and execution, substantial IT expenses on an ongoing basis are inevitable and must be anticipated in the budget process if the FBI is to maximize the operational leverage that IT offers.

In September 2004, the GAO issued a report entitled, Information Technology: Foundational Steps Being Taken to Make Needed FBI Systems Modernization Management Improvements. This report stated that although improvements were under way and more were planned, the FBI did not have an integrated plan for modernizing its IT systems. Each of the FBI’s divisions and other organizational units that manage IT projects performs integrated planning for its respective IT projects. However, the plans did not provide a common, authoritative, and integrated view of how IT investments will help optimize mission performance, and they did not consistently contain the elements expected to be found in effective systems modernization plans. The GAO recommended that the FBI limit its near-term investments in IT systems until the FBI developed an integrated systems and modernization plan and effective policies and procedures for systems acquisition and investment management. Additionally, the GAO recommended that the FBI’s CIO be provided with the responsibility and authority to effectively manage IT FBI-wide.

In April 2005, the House Surveys and Investigations staff issued A Report to the Committee on Appropriations, U.S. House of Representatives, which concluded that:.

FBI Internal Reports on Case Management

The FBI hired the Aerospace Corporation to perform an assessment of Commercial Off-the-Shelf (COTS) and Government Off-the-Shelf (GOTS) systems that could be used in developing a case management system and also an Independent Verification and Validation of Trilogy’s Virtual Case File. In December 2004, the contractor issued the COTS/GOTS Trade Study, which recommended that the FBI look to systems that have an emphasis on data sharing. The contractor further recommended that an acquisition strategy be developed that includes an incremental deployment of core capabilities and the incremental addition of such components as intelligent search and reporting and specific analytic capabilities.

The contractor released the Independent Verification and Validation of the Trilogy Virtual Case File, Delivery 1: Final Report in January 2005. The report recommended discarding the VCF and starting over with a COTS-based solution. The contractor concluded that a lack of effective engineering discipline had led to inadequate specification, design, and development of VCF. Further, the contractor could find no assurance that the architecture, concept of operations and requirements were correct or complete, and no assurance that they could be made so without substantial rework. In sum, the contractor reported that VCF was a system whose true capability was unknown, and whose capability may remain unknown without substantial time and resources applied to remediation.

Other OIG Reports on the FBI’s IT

OIG reports issued over the past 15 years have highlighted issues concerning the FBI’s utilization of IT, including its investigative systems. For example, in 1990 the OIG issued a report entitled The FBI’s Automatic Data Processing General Controls. This report described 11 internal control weaknesses and found that:

The OIG’s July 1999 special report, The Handling of FBI Intelligence Information Related to the Justice Department’s Campaign Finance Investigation, reported that FBI personnel were not well-versed in the ACS system and other databases.

A March 2002 OIG report, entitled An Investigation of the Belated Production of Documents in the Oklahoma City Bombing Case, analyzed the causes for the FBI’s belated delivery of many documents in the Oklahoma City bombing case. This report concluded that the ACS system was extraordinarily difficult to use, had significant deficiencies, and was not the vehicle for moving the FBI into the 21 century. The report noted that inefficiencies and complexities in the ACS, combined with the lack of a true information management system, were contributing factors in the FBI’s failure to provide hundreds of investigative documents to the defendants in the Oklahoma City bombing case.

In May 2002, the OIG issued a report on the FBI’s administrative and investigative mainframe systems entitled the Independent Evaluation Pursuant to the Government Information Security Reform Act, Fiscal Year 2002. The report identified continued vulnerabilities with management, operational, and technical controls within the FBI. The report stated that these vulnerabilities occurred because the Department and FBI security management had not enforced compliance with existing security policies, developed a complete set of policies to effectively secure the administrative and investigative mainframes, or held FBI personnel responsible for timely correction of recurring findings. Further, the report stated that FBI management had been slow to correct identified weaknesses and implement corrective action and, as a result, many of these deficiencies repeated year after year in subsequent audits.

In December 2002, the OIG issued a report on The FBI’s Management of Information Technology Investments, which included a case study of the Trilogy project. The report made 30 recommendations, 8 of which addressed the Trilogy project. The report’s focus was on the need to adopt sound investment management practices as recommended by the GAO. The report also stated that the FBI did not fully implement the management processes associated with successful IT investments. Specifically, the FBI had failed to implement the following critical processes:

The audit found that the lack of critical IT investment management processes for Trilogy contributed to missed milestones and led to uncertainties about cost, schedule, and technical goals.

« Previous Table of Contents Next »