Summary: As of August 1999, the FBI had renovated, tested, and certified as Year 2000 compliant all but one of its 43 mission-critical systems. The FBI had developed system-level contingency plans for all but two of them. Also, the FBI had made some progress in its Year 2000 business continuity planning, but this important effort is running late. Moreover, the FBI lacks many of the management controls and processes needed to effectively guide its continuity planning effort in the short time remaining before the Year 2000 deadline. By not using the management rigor and discipline specified in GAO's Year 2000 business continuity planning guide, the FBI will be unable to ensure that it (1) properly focuses its planning effort on the agency's most critical operations; (2) chooses the best strategies to protect these operations; (3) has enough resources and staff to implement continuity plans; and (4) can efficiently and effectively invoke its continuity plans, if necessary. GAO recommends that the Justice Department clarify its expectations for Year 2000 business continuity planning for all of its bureaus and that the FBI establish and implement (1) a plan for developing and testing business continuity plans and (2) effective controls and structure for managing Year 2000 business continuity planning.
