Summary: The FBI has spent over $900 million on the Trilogy and Sentinel information technology (IT) projects intended to provide FBI with an upgraded IT infrastructure and an automated case management system to support FBI agents and analysts. In February 2006 and July 2008, GAO reported on significant internal control weaknesses related to FBI's contract administration, processing of contractor invoices, and accountability for equipment acquired for these projects. GAO made 27 recommendations to the FBI to address these deficiencies. The FBI concurred with all 27 recommendations. This report provides an assessment of (1) the FBI's corrective actions to address GAO's 27 recommendations and (2) whether there were any indications of implementation issues related to the policies and procedures the FBI developed to address 17 of the 27 recommendations. GAO reviewed FBI policies and procedures, performed walk-throughs, and conducted detailed tests on statistically and nonstatistically selected samples of transactions.
The corrective actions developed by FBI were sufficient to address 21 of the 22 Trilogy recommendations and all 5 Sentinel recommendations. The FBI substantially addressed: 17 Trilogy recommendations related to contract administration, invoice processing, and property accountability by establishing or revising policies and procedures; 4 by contracting for follow-up audits of the Trilogy costs; and the 5 Sentinel recommendations by revising Sentinel policies and procedures. The one Trilogy recommendation that FBI did not address completely was related to 1,205 missing, lost, or stolen Trilogy assets. As of February 2011, the FBI had researched and determined the status of all but 134 of these assets. FBI officials stated that almost all of these assets had a useful life of 7 years, and if they were not already returned or destroyed, they are now obsolete. There are diminishing returns to continue to pursue these assets, which included several information technology items that could potentially contain sensitive information. However, if the FBI is able to determine the status of any of these assets in the future, officials stated that they will make the entries to properly record them in FBI's property management application (PMA). In assessing implementation of the policies and procedures developed in response to GAO's 17 Trilogy recommendations related to contract administration, invoice processing, and property accountability, GAO found that policies and procedures related to the 4 recommendations dealing with contract administration, including interagency agreements, were effectively implemented but also identified a new issue. Specifically, GAO found that forms--required by the Federal Acquisition Regulation to support the use of interagency agreements to conveniently or economically obtain supplies and services--were not timely completed for 15 of 54 statistically selected interagency agreements tested, and found that FBI's monitoring did not identify this deficiency. GAO estimates that as much as 39.5 percent of FBI's fiscal year 2009 interagency agreements did not meet this requirement, increasing the risk that funds may have been disbursed for goods or services that were not in the best interest of the government. In addition, GAO's testing of FBI's implementation of polices and procedures for the remaining 13 recommendations that were related to invoice processing and property accountability found indications of implementation issues in 3 areas. (1) Regarding the review of contractors' invoices, 5 invoices (of the 37 tested) that had been reviewed and approved by FBI officials included labor rates that were not fully supported by the contract documentation. Without verifying labor charges against the contractor's proposal as required by FBI policy, there is an increased risk of disbursing funds for unallowable charges. (2) For property accountability, GAO found instances in which FBI (1) did not record accountable property items in its system in a timely manner and (2) did not accurately record key accountability information, such as location and serial numbers, as required by FBI's policies. These shortcomings increase the risk that assets could be lost or stolen and not be detected and investigated in a timely manner. GAO makes three new recommendations to improve interagency agreement controls and determine if additional actions are necessary to improve controls for invoice processing and property accountability. The FBI concurred with all three recommendations and discussed actions it has initiated to address GAO's recommendations.
