Update: New FBI management system could cost $500M

Computerworld - A new case management system being implemented by the U.S. Federal Bureau of Investigation to help fight terrorism could cost as much as $500 million, blowing away the $170 million it sank into a previous project that was abandoned a year ago, according to a government watchdog group.

In a 91-page audit report released Tuesday by the inspector general's office in the U.S. Department of Justice ( .pdf available), cost estimates for the new FBI IT system range from $400 million to $500 million, based on information provided by the FBI to congressional inquiries. An exact figure for the project is expected when the FBI finalizes a contract for the system, called Sentinel.

That contract award is officially expected sometime in the next 30 days, but Tuesday an FBI spokeswoman said that it will come shortly.

"The FBI has completed the vendor evaluations in the Sentinel contract award process," FBI spokeswoman Catherine Milhoan said in a statement. "We are currently in negotiations with one of the vendors and have advised the other vendor that their proposal was not within the competitive range. We cannot disclose the identity of either vendor at this point."

Milhoan said the number of bidders that pursued the contract and related details will also be made public when the contract matters are settled.

The inspector general's office, which was previously highly critical of the FBI's earlier failed attempts to upgrade its technology systems as a result of "poorly defined design requirements, lack of mature Information Technology Investment Management processes, and poor management continuity and oversight," was much more upbeat about the proposed Sentinel system and its planned oversight.

"With Sentinel, the FBI is relying on improved management processes, use of commercially available components and a four-phase approach over 39 to 48 months to develop a replacement for its obsolete Automated Case Support (ACS) system," the audit stated. "In reviewing the management processes and controls the FBI has applied to the pre-acquisition phase of Sentinel, we believe that the FBI has adequately planned for the project and this planning provides reasonable assurance that the FBI can successfully complete Sentinel if the processes and controls are implemented as intended."

The report added that several concerns remain, however -- for example, the program management office for the project is not yet fully staffed, and there are questions about Sentinel's ability to share information with external intelligence and law enforcement agencies. It also remains uncertain whether Sentinel can provide a common framework for other agencies' case management systems.

The audit also said the inspector general's office will continue to monitor the FBI's system security plans as the project evolves. As of December 2005, the FBI had not completed a system security plan or a required verification and validation plan. Even so, Sentinel was allowed by the FBI to proceed, the report said. According to the inspector general, the FBI said at the time that a system security plan couldn't be completed until Sentinel's vendor provides detailed information on the project's design. A separate contract will be awarded to develop an independent verification and validation (IV&V) plan. Those explanations were deemed "reasonable" by the inspector general's office. "However, in our next audit, we will monitor whether the FBI completes the system security plan and the IV&V plan during the early stages of Sentinel's development," the inspector general's report stated.