Government auditors credit the FBI with making great strides in modernizing its IT operations, but say the law-enforcement agency still fails to employ needed structures and practices to manage technology.

These weaknesses can be seen in cost and schedule problems in the FBI's ongoing IT-modernization program, known as Trilogy, according to a report presented to the Senate Appropriations' Committee Subcommittee on Commerce, Justice, State, and the Judiciary. The report was authored by Congress' investigative arm, the General Accounting Office.

At the subcommittee hearing Tuesday, FBI director Robert Mueller read a prepared statement, saying, "We have made great progress, but our work is not yet finished."

Trilogy consists of three components: transportation network (LANs and WANs, authorization security, and encryption of data transmissions and storage); information presentation (mostly desktop hardware and software); and user applications (commonly referred to as Virtual Case File), which include investigative case-management apps that would give agents multimedia and data-sharing capabilities.

In January 2002, the FBI revised Trilogy's original 2000 design to introduce more functionality and capability, and received $78 million to accelerate the project's completion. Based on the redesign, the transportation network and information-presentation components of Trilogy were slated for completion in July 2002. The third component was scheduled to be finished in December. However, the GAO says, the project's components have collectively experienced cost overruns and schedule delays totaling $120 million and at least 21 months, respectively.

Over the last several years, the auditors say, key bureau leadership positions, including the CIO, have experienced frequent turnover. For instance, the CIO has changed five times in the past 24 months. The current CIO--who's also the CIO at the Department of Justice's Executive Office of the U.S. Attorneys--is only temporarily detailed to the FBI for 6 months. In addition, the IT official responsible for developing the bureau's enterprise architecture has changed five times in the past 16 months.

"Development and implementation of key management controls, such as enterprise architecture, have not benefited from sustained management attention and leadership and thus have lagged," the GAO report states.

The FBI hasn't even given its part-time CIO, Zalmai Azmi, bureauwide IT-management authority and responsibility. Rather, the GAO says, authority and responsibility for managing IT is diffused across and vested in the bureau's divisions.

The acting CIO told auditors that the bureau is considering centralizing IT leadership in time to formulate the fiscal 2006 budget. But the GAO said the FBI may not be able to use IT as a bureauwide resource until the plan being considered takes effect.

The GAO applauded steps the FBI is taking in creating an enterprise architecture. It noted that the FBI director now requires all divisions to identify a point of contact that can authoritatively represent his or her division in the development of the architecture. In addition, a project-management plan has been drafted that identifies roles and responsibilities and delineates plans and a set of actions to develop the architecture.

The FBI also is in the process of hiring a contractor to help develop the architecture. Current plans call for an initial version of the architecture in June, but the GAO says that until the enterprise architecture is developed, the FBI will continue to manage IT without a bureauwide, authoritative framework. That, in turn, will constrain its continuing and substantial IT investments, putting at risk its ability to implement modernized systems in a way that minimizes overlap and duplication and maximizes integration and mission support, the report states.

In his testimony before the Senate subcommittee, Mueller reminded the panel that he became FBI director eight days before Sept. 11, 2001, and that the bureau's IT infrastructure was antiquated, with many legacy systems almost 30 years old. "Our personnel were working on hand-me-down computers from other federal agencies," Mueller said. "We had little to no Internet connections in our field offices, and our networks couldn't do something as simple as transmit a digital photo."

By last March, Mueller said, the bureau had implemented a wide area network on schedule, giving nearly 500 counterterrorism and counterintelligence FBI employees in the headquarters desktop access to the bureau's Top Secret/Sensitive Compartmented Information system. That networked system gives approved personnel classified E-mail and message delivery, he said, as well as an electronically searchable archive on their desktop.

Data warehousing has improved dramatically in the past year, he said, reducing person-hours that once were devoted to manual searches. In the past few years, the bureau has deployed nearly 30,000 new computers.

Mueller conceded that the FBI encountered some setbacks in implementing parts of Trilogy, but that it's moving quickly to address them. For the fiscal year beginning Oct. 1, the FBI has requested an additional $20 million to implement new systems. Some of that money will be used to give 10 field offices desktop access to the Top Secret/Sensitive Compartmented Information network and expand headquarters access.