Compliance with Standards Governing Combined DNA Index System Activities at the United States Army Criminal Investigation Laboratory, Forest Park, Georgia

Report No. GR-40-05-002
October 2004
Office of the Inspector General

Executive Summary

The Office of the Inspector General, Audit Division, has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the U.S. Army Criminal Investigation Laboratory (Laboratory).1 The Federal Bureau of Investigation (FBI) began the CODIS Program as a pilot project in 1990. The DNA Identification Act of 1994 (Public Law 103-322) formalized the FBI's authority to establish a national DNA index for law enforcement purposes. The Act specifically authorized the FBI to establish an index of DNA identification records of persons convicted of crimes, and analyses of DNA samples recovered from crime scenes. The Act further specified that the index include only DNA information that is based on analyses performed in accordance with standards issued by the FBI.

The FBI implemented CODIS as a distributed database with three hierarchical levels that enables federal, state, and local laboratories to compare DNA profiles electronically. The National DNA Index System (NDIS) is the highest level in the CODIS hierarchy and enables the laboratories participating in the CODIS Program to compare DNA profiles on a national level. The NDIS became operational in 1998 and is managed by the FBI as the nation's DNA database containing DNA profiles uploaded by participating laboratories.2 DNA profiles primarily originate at the local level, flow to the state and national levels, and are compared to determine if a convicted offender can be linked to a crime, or if crimes can be linked to each other.

The FBI provides CODIS software free of charge to each law enforcement laboratory performing DNA analysis. A laboratory's profiles have to be uploaded to NDIS before the profiles benefit the system as a whole. Before a laboratory is allowed to participate at the national level a Memorandum of Understanding (MOU) must be signed between the FBI and the applicable law enforcement laboratory. The MOU defines the responsibilities of each party, includes a sublicense for the use of the CODIS software, and delineates the standards laboratories must meet in order to utilize NDIS.3

The objective of the audit was to determine if the Laboratory was in compliance with standards governing CODIS activities. Specifically, we performed testing to determine if the: 1) Laboratory was in compliance with the NDIS participation requirements; 2) Laboratory was in compliance with the quality assurance standards issued by the FBI; and 3) Laboratory's DNA profiles in CODIS databases were complete, accurate, and allowable.

We determined that the Laboratory was in compliance with the standards governing CODIS activities with some exceptions. Specifically, we noted the following:

  • Six of the Laboratory's 15 CODIS users had not completed the required annual reminder form for the categories of DNA data accepted at NDIS for calendar year 2003. However, all CODIS users had completed the annual reminder form for calendar year 2004.

  • The Laboratory's last external evaluation report was not submitted to the NDIS Custodian within the required 30 days.

  • Of the 200 DNA profiles reviewed (100 forensic and 100 convicted offender profiles), we found that the Laboratory had uploaded 2 unallowable profiles to NDIS as forensic unknowns. In one case, the profile was attributable to the victim; NDIS participation requirements prohibit the uploading of DNA profiles that are unambiguously attributable to a victim. In the second case, the profile was not developed from evidence obtained from the crime scene. NDIS participants requirements state that a forensic unknown is a specimen that originates from a forensic sample, defined as a biological sample found at the scene of a crime. Laboratory officials agreed that these profiles were unallowable and removed them from NDIS. Of the 100 convicted offender profiles reviewed, the Laboratory did not have conviction information available for 72 profiles to permit us to confirm whether these profiles were allowable in NDIS.

We made two recommendations to address the Laboratory's compliance with standards governing CODIS activities, which are discussed in detail in the Findings and Recommendations section of the report. Our audit scope and methodology are detailed in Appendix I of the report and the audit criteria are detailed in Appendix II of the report.

We discussed the results of our audit with Laboratory officials and have included their comments in the report as applicable.


  1. DNA, deoxyribonucleic acid, is genetic material found in almost all living cells that contains encoded information necessary for building and maintaining life. Approximately 99.9 percent of human DNA is the same for all people. The differences found in the remaining 0.1 percent allow scientists to develop a unique set of DNA identification characteristics (a DNA profile) for an individual by analyzing a specimen that contains DNA.

  2. According to the FBI, laboratories operated by the 49 states, the U.S. Army, the FBI, and Puerto Rico were NDIS participants as of April 2004. For purposes of our report, we will consider these NDIS participants to be law enforcement laboratories and the U.S. Army Laboratory to operate within the CODIS program in a capacity similar to a state DNA Index laboratory (i.e., the U.S. Army Laboratory develops DNA profiles and contributes profiles to NDIS but, unlike other state DNA index laboratories, it does not receive profiles from local laboratories to contribute to NDIS).

  3. These standards were appended to the MOU as Appendix C - NDIS Procedure Manual. This manual is comprised of several operational procedures that provide specific instructions for laboratories to follow for procedures pertinent to NDIS. For our purposes, the NDIS participation requirements consist of the MOU and the NDIS operational procedures.