Compliance with Standards Governing Combined DNA Index System Activities at the State of Michigan, Department of State Police Lansing Forensic Science Laboratory

Audit Report GR-50-05-011
June 2005
Office of the Inspector General

Executive Summary

The Office of the Inspector General, Audit Division, has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the State of Michigan, Department of State Police, Lansing Forensic Science Laboratory (Laboratory).1 The audit was performed at the request of the Federal Bureau of Investigation (FBI).

The FBI began the CODIS Program as a pilot project in 1990. The DNA Identification Act of 1994 (Public Law 103-322) formalized the FBI’s authority to establish a national DNA index for law enforcement purposes. The Act specifically authorized the FBI to establish an index of DNA identification records of persons convicted of crimes, and analyses of DNA samples recovered from crime scenes. The Act further specified that the index include only DNA information that is based on analyses performed in accordance with standards issued by the FBI.

The FBI implemented CODIS as a distributed database with three hierarchical levels that enables federal, state, and local crime laboratories to compare DNA profiles electronically. The National DNA Index System (NDIS) is the highest level in the CODIS hierarchy and enables the laboratories participating in the CODIS Program to compare DNA profiles on a national level. The NDIS became operational in 1998 and is managed by the FBI as the nation’s DNA database containing DNA profiles uploaded by participating states. DNA profiles originate at the local level, flow to the state and national levels, and are compared to determine if a convicted offender can be linked to a crime, or if crimes can be linked to each other.

The FBI provides CODIS software free of charge to any state or local law enforcement laboratory performing DNA analysis. A laboratory’s profiles have to be uploaded to NDIS before the profiles benefit the system as a whole. Before a laboratory is allowed to participate at the national level a Memorandum of Understanding (MOU) must be signed between the FBI and the applicable state laboratory. The MOU defines the responsibilities of each party, includes a sublicense for the use of the CODIS software, and delineates the standards laboratories must meet in order to utilize NDIS.2

The objective of the audit was to determine if the Laboratory was in compliance with standards governing CODIS activities. Specifically, we performed testing to determine if the: (1) Laboratory was in compliance with the NDIS participation requirements; (2) Laboratory was in compliance with the quality assurance standards issued by the FBI; and (3) Laboratory’s DNA profiles in CODIS databases were complete, accurate, and allowable for inclusion in NDIS. In addition, we reviewed activities of the former CODIS Administrator, who left the Laboratory under unfavorable circumstances, to determine if the situation affected the database or its contents.

We determined that, in general, the Laboratory was in compliance with the standards governing CODIS activities. However, we noted the following exceptions:

  • Files for 2 forensic profiles, out of the 100 selected for review, were not available and could not be located. The remaining 98 profiles reviewed were complete, accurate, and allowable for inclusion in NDIS.

  • The Laboratory did not always follow standard procedures when responding to preliminary NDIS matches. In one of the eight matches reviewed, we found that the potential match was confirmed 56 days after the Laboratory was notified of the possible match. This is considerably later than the 30 days specified in the NDIS Operational Procedures manual. In two instances, the Laboratory could not provide documentation showing that the investigative agencies, which initially submitted the evidence samples for analysis, were notified of the preliminary match. Finally, in two instances, the Laboratory failed to maintain any documentation related to its actions in response to the possible matches.

  • The former CODIS Administrator did not provide personnel with the annual reminder forms to sign in 2002 or 2003, as directed by NDIS participation requirements. The purpose of these forms is to ensure that each CODIS user is annually reminded of the categories of DNA records accepted at NDIS. The new Acting Administrator fulfilled this CODIS duty for 2004.

  • Contrary to the FBI’s guidelines, the Laboratory’s position description for the CODIS Administrator did not have an explanation of the CODIS-related duties.

  • The Laboratory did not have complete training records for its personnel, as required by the NDIS operational procedures. Instead, it relied upon the individuals and others to maintain the records.

  • The Laboratory’s report resulting from the most recent internal review did not reflect that all required areas were reviewed. Further, the most recent review was not performed in a timely manner; 22 months had elapsed between the two prior reviews, which is in excess of the allowed 18-month period.

  • The Laboratory did not perform site visits to monitor a contractor that analyzed convicted offender samples.

We also determined that, although the former CODIS administrator had neglected some duties and may have had help completing a proficiency test, these questionable activities did not appear to have affected the completeness, accuracy, or allowability of the profiles included in NDIS.

We made recommendations to address the Laboratory’s compliance with standards governing CODIS activities, which are discussed in detail in the Findings and Recommendations section of the report. Our audit scope and methodology are detailed in Appendix I of the report and the audit criteria are detailed in Appendix II of the report.

We discussed the results of our audit with Laboratory officials and have included their comments in the report as applicable.


  1. DNA, deoxyribonucleic acid, is genetic material found in almost all living cells that contains encoded information necessary for building and maintaining life. Approximately 99.9 percent of human DNA is the same for all people. The differences found in the remaining 0.1 percent allow scientists to develop a unique set of DNA identification characteristics (a DNA profile) for an individual by analyzing a specimen that contains DNA.

  2. These standards were appended to the MOU as Appendix C - NDIS Procedure Manual. This manual is comprised of several operational procedures that provide specific instructions for laboratories to follow for procedures pertinent to NDIS. For our purposes, the NDIS participation requirements consist of the MOU and the NDIS operational procedures.