Compliance with Standards Governing Combined DNA Index System Activities at the Alabama Department of Forensic Sciences Birmingham Laboratory, Birmingham, Alabama

Audit Report GR-40-07-002
November 2006
Office of the Inspector General

Executive Summary

The Office of the Inspector General, Audit Division has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the Alabama Department of Forensic Sciences, Birmingham Laboratory (Laboratory).1 The Federal Bureau of Investigation (FBI) began the CODIS Program as a pilot project in 1990. The DNA Identification Act of 1994 (Act) formalized the FBI’s authority to establish a national DNA index for law enforcement purposes.2 The Act authorized the FBI to establish an index of DNA identification records of persons convicted of crimes and analyses of DNA samples recovered from crime scenes. The Act further specified that the indices include only DNA information that is based on analyses performed in accordance with quality assurance standards issued by the FBI.

The FBI implemented CODIS as a distributed database with three hierarchical levels that enables federal, state, and local crime laboratories to compare DNA profiles electronically. The National DNA Index System (NDIS) is the highest level in the CODIS hierarchy and enables the laboratories participating in the CODIS Program to compare DNA profiles on a national level. NDIS became operational in 1998 and is managed by the FBI as the nation’s DNA database containing DNA profiles uploaded by participating states. DNA profiles originate at the local level, flow upward to the state and national levels, and are compared to determine if a convicted offender can be linked to a crime, or if crimes can be linked to each other. Thus, a laboratory’s profiles have to be uploaded to NDIS before the profiles benefit the system as a whole.

The FBI provides CODIS software free of charge to any state or local law enforcement laboratory performing DNA analysis. Before a laboratory is allowed to participate at the national level a Memorandum of Understanding (MOU) must be signed between the FBI and the applicable state laboratory. The MOU defines the responsibilities of each party, includes a sublicense for the use of the CODIS software, and delineates the standards laboratories must meet in order to utilize NDIS.3

The objective of the audit was to determine if the Laboratory was in compliance with standards governing CODIS activities. Specifically, we performed testing to determine if the: (1) Laboratory was in compliance with the NDIS participation requirements; (2) Laboratory was in compliance with the quality assurance standards issued by the FBI; and (3) Laboratory’s DNA profiles in CODIS databases were complete, accurate, and allowable.

We determined that the Laboratory was in compliance with the standards governing CODIS activities with some exceptions. Specifically, we noted the following.

  • The Laboratory’s CODIS users did not complete their annual reminder forms for calendar year 2006 at the beginning of the year as required. The forms were signed by the users in May and June 2006. The CODIS Administrator told us the delay occurred because the Laboratory was being relocated to its new facilities during the beginning of the calendar year and this disrupted its operations. However, we reviewed the forms for calendar years 2003 and 2004, and found that those forms also were not completed in a timely manner.

  • The Laboratory did not confirm the 2 NDIS offender candidate matches within the required 30 days. For one case the Laboratory confirmed the offender match 34 days after it received the Match Report. For the other case the Laboratory confirmed the offender match 75 days after it received the Match Report. The CODIS Administrator told us the delay occurred because the Laboratory was being relocated to new facilities and the analysis section was not operating during that period. We verified that confirmations were timely for the periods before and after the Laboratory relocation.

  • The Laboratory had uploaded one potentially unallowable forensic profile into NDIS. The Laboratory has never received a reference sample from the victim in this case, and consequently does not possess the victim’s DNA profile. As a result, at the time of the testing of the forensic profile, the Laboratory was unable to determine if the uploaded profile matched the victim’s profile. The Laboratory’s internal audit controls in place at the time this occurred did not alert the analyst to recognize that the specimen may have originated from the victim. When the case file was reviewed in preparation for our audit, the Laboratory recognized for the first time that the specimen may have originated from the victim and removed the profile from NDIS.

We made two recommendations to address the Laboratory’s compliance with standards governing CODIS activities, which are discussed in detail in the Findings and Recommendations section of the report. Our audit scope and methodology are detailed in Appendix I of the report and the audit criteria are detailed in Appendix II of the report.

We discussed the results of our audit with Laboratory officials and have included their comments in the report as applicable. In addition, we requested a written response to a draft of our audit report from the Laboratory and the FBI. The Laboratory’s response is included as Appendix III and the FBI’s response is included as Appendix IV.


  1. DNA, deoxyribonucleic acid, is genetic material found in almost all living cells that contains encoded information necessary for building and maintaining life. Approximately 99.9 percent of human DNA is the same for all people. The differences found in the remaining 0.1 percent allow scientists to develop a unique set of DNA identification characteristics (a DNA profile) for an individual by analyzing a specimen that contains DNA.

  2. Pub. L. No. 103-322 (1994)

  3. These standards were appended to the MOU as Appendix C - NDIS Procedure Manual. This manual is comprised of several operational procedures that provide specific instructions for laboratories to follow for procedures pertinent to NDIS. For our purposes, the NDIS participation requirements consist of the MOU and the NDIS operational procedures.