GAO: FBI enterprise architecture growing

The FBI falls short of a fully operational enterprise architecture, but it has made significant improvements since the days when it had no enterprise architecture at all, according to a new report from the Government Accountability Office.

GAO auditors used their enterprise architecture maturity framework to assess the FBI’s efforts to establish an overarching structure connecting its business processes with its information technology systems.

The bureau has suffered a number of high-profile technology setbacks in recent years, in part because it had no enterprise architecture. Most recently, the Virtual Case File, a $170 million effort to allow FBI agents to electronically circulate investigation reports, imploded amid changing requirements and uncertain management.

The FBI has completed 15 of the 31 conditions GAO uses to gauge the effectiveness of agency architectures, including most of the stage two requirements and all of the stage three requirements. In the GAO framework, stage five signifies the most mature phase, when agencies are using enterprise architectures to manage change.

Agencies achieve a stage two ranking when they are building the management foundations for an enterprise architecture. A stage three ranking is for when they are developing architecture products, such as documenting the current state of the enterprise and developing a plan for achieving a more rationalized future.

The FBI’s status is a far cry from the last GAO review of the bureau’s architecture in late 2003, when GAO found that the FBI had neither an architecture nor the means to develop and enforce one. “FBI top management has demonstrated commitment to the EA program,” GAO auditors wrote.

But work remains. It’s not until most of stages four and five are completed that agencies have an effective enterprise architecture. Until then, the FBI “remains at risk of developing systems that do not effectively and efficiently support mission operations and performance,” the GAO report states.

The FBI architecture program office lacks sufficient resources, which is one of the conditions that remain unsatisfied, according to GAO. FBI officials said they have enough money, but many key positions are vacant. The program office also lacks a defined methodology for creating architecture products.

GAO auditors also recommended that the FBI change its contracting relationship with the private-sector contractor it uses to build its enterprise architecture. Rather than continuing the fixed-price contract now in place, GAO recommended using a performance-based approach.

The bureau lacks the means for assessing the quality of the contractor’s work and does not exercise enough oversight, according to the report.

In the bureau’s response, Zalmai Azmi, the FBI’s chief information officer, said the fixed-price contract has been successful because “the contractor assumes the risk for any cost overrun incurred.” However, the FBI will move to performance-based contracting where appropriate, Azmi added.