GAO: FBI, GSA mismanaged Trilogy contractors

FBI: Weak Controls over Trilogy Project Led to Payment of Questionable Costs and Missing Assets

The FBI and the General Services Administration lacked sufficient management controls to prevent more than $17 million in potential overcharging and lost or stolen equipment in the FBI’s Trilogy information technology modernization program, the Government Accountability Office said today in a new report.

“FBI’s review and approval process for Trilogy contractor invoices, which included [the GSA] review in its role as contracting agency, did not provide an adequate basis to verify that goods and services billed were actually received by FBI or that the amounts billed were appropriate,” the report found.

The FBI must shape up its control of contractor payments or risk overpayments on future projects that involve contractors, the report states. That includes Sentinel, the bureau’s new $425 million comprehensive case management system.

Sentinel will replace the failed $170 million Virtual Case File system. VCF was to be part of Trilogy but was abandoned after repeated cost and schedule overruns.

Originally budgeted at $380 million, Trilogy eventually cost $536.9 million, the report states. The program succeeded in upgrading the FBI’s IT infrastructure but failed to meet its goal of improving the FBI’s investigative capabilities, it states.

GAO found $10.1 million in questionable Trilogy contractor payments to Computer Sciences Corp., Mitretek and Science Applications International Corp., including:

• $5.5 million in direct costs lacking adequate supporting documentation.


• $2.1 million in potential overcharging of labor rates.


• $2 million in subcontractor labor costs lacking adequate supporting documentation.


• $400,000 in excessive overtime costs.


• $69,800 in unauthorized first-class travel and other excessive travel costs.


• $26,300 in duplicate payments of subcontractor labor invoices.

The report also found that the FBI is missing 1,205 pieces of equipment worth a total of $7.6 million. These “accountable” assets – items worth $1,000 or more or the loss of which poses a security risk – include computers, servers, printers and other hardware.

The FBI allowed theft to go undetected because it did not use bar codes to track items individually or use its inventory process correctly to identify all potentially missing assets, the report found.

In the report, GAO officials made 27 recommendations to improve management of interagency contracting, lower the risk of paying for ineligible expenses in reimbursable contracts and bolster how the FBI protects and accounts for its computer equipment.

The report addressed the recommendations directly to FBI Director Robert Mueller and GSA’s acting administrator, David Bibb.

Among the suggestions, GAO said the FBI should establish a policy requiring FBI staff members to immediately identify accountable assets and put bar codes on them. The FBI should also issue and manage all bar codes centrally, GAO officials said.

The FBI agreed with the report’s findings and said it is implementing changes to ensure the problems are mitigated or eliminated. GSA agreed with most of the report’s findings but disagreed with GAO’s recommendations to prevent overspending on travel.

GAO’s findings on Trilogy point to other areas of concern, the report states. “The significance of the issues identified during our review may be indicative of more systemic contract and financial management problems at FBI and GSA, in particular when using cost-reimbursable type contracts and interagency contracting vehicles,” according to the report.

The misspending found in the report may not be the only cases that occurred, the report states. The FBI’s poor invoice control makes it impossible to tell the full extent of mismanagement, and GAO did not look at all FBI payments to Trilogy contractors.

Wasted money isn’t the only reason the FBI’s inability to safeguard its equipment warrants concern, the report states. Unauthorized users could gain access to confidential or sensitive information on the equipment and pose real threats to cybersecurity and national security.