The Audit Division, Office of the Inspector General, has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the Tennessee Bureau of Investigation Knoxville Crime Laboratory (Laboratory). The Federal Bureau of Investigation’s (FBI) CODIS program blends forensic science and computer technology to provide an investigative tool to federal, state, and local crime laboratories in the United States, as well as those from selected international law enforcement agencies. The CODIS program allows laboratories to compare and match DNA profiles electronically to assist law enforcement in solving crimes and identifying missing or unidentified persons.¹ The FBI’s CODIS Unit manages CODIS and is responsible for developing, providing, and supporting the program to foster the exchange and comparison of forensic DNA evidence.

The FBI implemented CODIS as a distributed database with hierarchical levels that enable federal, state, and local crime laboratories to compare DNA profiles electronically. The hierarchy consists of three distinct levels that flow upward from the local level to the state level and then, if allowable, the national level. The National DNA Index System (NDIS), the highest level in the hierarchy, is managed by the FBI as the nation’s DNA database containing DNA profiles uploaded by law enforcement agencies across the United States. NDIS enables the laboratories participating in the CODIS program to compare electronically DNA profiles on a national level. The State DNA Index System (SDIS) is used at the state level to serve as a state’s DNA database containing DNA profiles from local laboratories and state offenders. The Local DNA Index System (LDIS) is used by local laboratories.

The objectives of our audit were to determine if the: (1) Laboratory was in compliance with the NDIS participation requirements; (2) Laboratory was in compliance with the Quality Assurance Standards (QAS) issued by the FBI; and (3) Laboratory’s forensic DNA profiles in CODIS databases were complete, accurate, and allowable for inclusion in NDIS.

We determined that the Laboratory was generally in compliance with those standards governing CODIS activities that we reviewed. However, we noted the two following exceptions.

• The Laboratory did not always timely notify investigators of confirmed matches. The OIG uses a standard of 2 weeks to determine whether forensic Laboratories timely notify investigators of confirmed matches. We tested 5 of 21 matches made by the Laboratory during February 22, 2002, to February 9, 2009, and found the Laboratory notified investigators late in three instances. One late notification occurred 19 days after the match confirmation, another 37 days after confirmation, and a third, 135 days after confirmation.² Laboratory staff could not explain these delays.
  
  
• We reviewed 87 of 345 forensic profiles uploaded into NDIS from August 17, 2001, through February 5, 2009. We found 18 unallowable, incomplete, or inaccurate profiles. Thirteen profiles uploaded during 2002 or earlier were unallowable because the profile belonged to a victim, someone other than a putative perpetrator, or was not obtained from crime scene evidence. Two other profiles uploaded on August 2, 2007, and January 9, 2008, were missing a value at one locus, and three profiles uploaded on November 27, 2001, March 22, 2004, and November 13, 2007, contained one or more incorrect values at one locus.

To address the Laboratory’s compliance with standards governing CODIS activities, we made three recommendations, which are discussed in detail in the Findings and Recommendations section of the report. Our audit scope and methodology are detailed in Appendix I of the report and the audit criteria are detailed in Appendix II.

We discussed the results of our audit with Laboratory officials and have included their comments in the report as applicable.