You are on page 1of 2

TABLE OF CONTENTS

INTRODUCTION 1
1. Backgrou nd 1
2. Reports on the FBI's IT 2
3. Policies and Procedures for Following-Dp on Report
Recommendations 3

OIG FINDINGS AND RECOMMENDATIONS 5


1. OIG Reports on the FBI's IT 5
A. Report on the FBI's ADP Controls 6
B. Report on the FBI's IT Investment Management 8
C. Reports on the FBI's Control Environment over its Financial IT
Systems 11
D. Computer Security Reports in Response to GISRA 39
E. Reports on OIG Special Investigations of the FBI 53
2. FBI's Process for Following-Dp on Recommendations 69
3. Summary 73
4. Recommendations 75

STATEMENT ON COMPLIANCE WITH LAWS AND REGDLATIONS 76

STATEMENT ON MANAGEMENT CONTROLS 77

APPENDIX 1: OBJECTIVES, SCOPE, AND METHODOLOGY 78

APPENDIX 2: THE FBI'S PROGRESS TOWARD IMPLEMENTING


IT RECOMMENDATIONS 80

APPENDIX 3: OTHER REPORTS RELATING TO THE FBI'S IT


PROGRAM 132

APPENDIX 4: GLOSSARY OF ABBREVIATIONS AND ACRONYMS 139

APPENDIX 5: FBI'S RESPONSE TO THE DRAFT REPORT 141

APPENDIX 6: OIG, AUDIT DIVISION ANALYSES AND


SUMMARY OF ACTIONS NECESSARY TO
CLOSE REPORT 145
FEDERAL BUREAU OF INVESTIGATION'S IMPLEMENTATION
OF INFORMATION TECHNOLOGY RECOMMENDATIONS

EXECUTIVE SUMMARY

Following the September 11, 2001, terrorist attacks, the


Attorney General and the Director of the Federal Bureau of Investigation
(FBI) made clear that prevention of terrorism is the top priority of the
Department of Justice (DOJ) and the FBI. Effective use of information
technology (IT) is crucial to the FBI's ability to meet this priority as well as its
other critical responsibilities. For FY 2003, the FBI allocated nearly
$606 million to information technology projects.

As computer technology has advanced, federal agencies have become


increasingly dependent on information systems to carry out operations and
process, maintain, and report essential information. The FBI's computerized
information systems affect many mission-critical activities, such as financial
management, security of sensitive and classified data, and investigative
work.

Recognizing the importance and vulnerability of data processed,


maintained and reported by the FBI, the Office of the Inspector General
(DIG), the General Accounting Office (GAO), and other entities have
conducted audits, investigations, and reviews of the FBI's management of IT.
For years, reviews have found major weaknesses associated with the FBI's
IT. The FBI has made upgrading its information technology one of its top ten
priorities.

To assess the FBI's progress in improving its IT, the OIG conducted this
audit of the FBI's implementation of prior OIG and GAO recommendations.
To perform our audit, we conducted 27 interviews with officials from the FBI,
OIG, and GAO. The FBI officials interviewed were from the Inspection
Division, Information Resources Division, and National Infrastructure
Protection Center. Additionally, we reviewed over 100 documents including
prior GAO and OIG reports, Congressional testimony, and documentation on
the FBI's process for tracking the resolution of recommendations.