You are on page 1of 2

TABLE OF CONTENTS

INTRODUCTION 1. Backgrou nd 2. Reports on the FBI's IT 3. Policies and Procedures for Following-Dp on Report Recommendations
OIG FINDINGS AND RECOMMENDATIONS

1 1 2 3
5

1.

2. 3. 4.

OIG Reports on the FBI's IT 5 A. Report on the FBI's ADP Controls 6 B. Report on the FBI's IT Investment Management 8 C. Reports on the FBI's Control Environment over its Financial IT Systems 11 D. Computer Security Reports in Response to GISRA 39 E. Reports on OIG Special Investigations of the FBI 53 FBI's Process for Following-Dp on Recommendations 69 Summary 73 Recommendations 75
76 77 78

STATEMENT ON COMPLIANCE WITH LAWS AND REGDLATIONS STATEMENT ON MANAGEMENT CONTROLS APPENDIX 1: OBJECTIVES, SCOPE, AND METHODOLOGY APPENDIX 2: THE FBI'S PROGRESS TOWARD IMPLEMENTING IT RECOMMENDATIONS OTHER REPORTS RELATING TO THE FBI'S IT PROGRAM

80

APPENDIX 3:

132 139 141

APPENDIX 4: GLOSSARY OF ABBREVIATIONS AND ACRONYMS APPENDIX 5: FBI'S RESPONSE TO THE DRAFT REPORT APPENDIX 6: OIG, AUDIT DIVISION ANALYSES AND SUMMARY OF ACTIONS NECESSARY TO CLOSE REPORT

145

FEDERAL BUREAU OF INVESTIGATION'S IMPLEMENTATION OF INFORMATION TECHNOLOGY RECOMMENDATIONS

EXECUTIVE SUMMARY
Following the September 11, 2001, terrorist attacks, the Attorney General and the Director of the Federal Bureau of Investigation (FBI) made clear that prevention of terrorism is the top priority of the Department of Justice (DOJ) and the FBI. Effective use of information technology (IT) is crucial to the FBI's ability to meet this priority as well as its other critical responsibilities. For FY 2003, the FBI allocated nearly $606 million to information technology projects. As computer technology has advanced, federal agencies have become increasingly dependent on information systems to carry out operations and process, maintain, and report essential information. The FBI's computerized information systems affect many mission-critical activities, such as financial management, security of sensitive and classified data, and investigative work. Recognizing the importance and vulnerability of data processed, maintained and reported by the FBI, the Office of the Inspector General (DIG), the General Accounting Office (GAO), and other entities have conducted audits, investigations, and reviews of the FBI's management of IT. For years, reviews have found major weaknesses associated with the FBI's IT. The FBI has made upgrading its information technology one of its top ten priorities. To assess the FBI's progress in improving its IT, the OIG conducted this audit of the FBI's implementation of prior OIG and GAO recommendations. To perform our audit, we conducted 27 interviews with officials from the FBI, OIG, and GAO. The FBI officials interviewed were from the Inspection Division, Information Resources Division, and National Infrastructure Protection Center. Additionally, we reviewed over 100 documents including prior GAO and OIG reports, Congressional testimony, and documentation on the FBI's process for tracking the resolution of recommendations.