Compliance with Standards Governing Combined DNA Index System Activities at the
Massachusetts State Police Crime Laboratory, Sudbury, Massachusetts

Audit Report GR-70-06-012
September 2006
Office of the Inspector General

Executive Summary

The U.S. Department of Justice (DOJ), Office of the Inspector General (OIG), Audit Division, completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the Massachusetts State Police Crime Laboratory (Laboratory).1 The Federal Bureau of Investigation (FBI) began the CODIS Program as a pilot project in 1990. The DNA Identification Act of 1994 (Act) formalized the FBI’s authority to establish a national DNA index for law enforcement purposes.2 The Act specifically authorized the FBI to establish an index of DNA identification records of persons convicted of crimes and analyses of DNA samples recovered from crime scenes. The Act further specified that the index include only DNA information that is based on analyses performed in accordance with standards issued by the FBI.

The FBI implemented CODIS as a distributed database with three hierarchical levels that enables federal, state, and local crime laboratories to compare DNA profiles electronically. The National DNA Index System (NDIS) is the highest level in the CODIS hierarchy and enables the laboratories participating in the CODIS Program to compare DNA profiles on a national level. The NDIS became operational in 1998 and is managed by the FBI as the nation’s DNA database containing DNA profiles uploaded by participating states. DNA profiles originate at the local level, flow to the state and national levels, and are compared to determine if a convicted offender can be linked to a crime, or if crimes can be linked to each other. Thus, a laboratory’s profiles have to be uploaded to NDIS before the profiles benefit the system as a whole.

The FBI provides CODIS software without charge to any state or local law enforcement laboratory performing DNA analysis. Before a laboratory is allowed to participate at the national level a Memorandum of Understanding (MOU) must be signed between the FBI and the applicable state laboratory. The MOU defines the responsibilities of each party, includes a sublicense for the use of the CODIS software, and delineates the standards laboratories must meet in order to utilize the NDIS.3

The objective of the audit was to determine if the Laboratory was in compliance with standards governing CODIS activities. Specifically, we performed testing to determine if the: (1) Laboratory was in compliance with the NDIS participation requirements; (2) Laboratory was in compliance with the quality assurance standards issued by the FBI; and (3) Laboratory’s DNA profiles in CODIS databases were complete, accurate, and allowable.

We determined that the Laboratory generally complied with the standards governing CODIS activities, with the following exceptions.

  • We tested 12 cases where the CODIS software indicated a candidate match between a known or unknown perpetrator and crime scene evidence. In one case tested, we could not determine if the Laboratory confirmed the convicted offender’s DNA profile as the NDIS standards require because the Laboratory did not properly document the confirmation of the match case with the Casework Laboratory.

  • In one candidate match test case, Laboratory officials did not confirm the convicted offender’s DNA profile with the Casework Laboratory within the 30-day timeframe established by the NDIS standards. The laboratory confirmed the match almost 8 months after the CODIS software produced a valid match.

  • We found the Laboratory received an external evaluation for the year 2005 but it did not forward the results of the evaluation to the NDIS Custodian upon receipt of the report as the NDIS standards require. The NDIS Custodian did not receive the Laboratory’s report for almost 7 months.

  • We tested 100 convicted offender and 100 forensic profiles and found 12 forensic profiles were incomplete because Laboratory officials did not attempt analysis of all the required loci and loaded fewer than the 10 required loci into the NDIS.

  • One forensic profile tested was inaccurate because one of the values uploaded for one locus did not match the value identified during analysis.

  • One forensic profile tested was inaccurate because Laboratory officials incorrectly entered the same profile into the NDIS under two different Specimen Identification Numbers.

  • One forensic profile we tested was both inaccurate and incomplete. The profile was incomplete because the Laboratory did not attempt analysis of all the required loci and Laboratory officials loaded fewer than the 10 required loci. The profile was inaccurate because officials incorrectly entered the same profile into the NDIS under two different Specimen Identification Numbers.

Our recommendations to improve the Laboratory’s compliance with the NDIS standards are discussed in detail in the Findings and Recommendations section of this report. Our audit scope and methodology are detailed in Appendix I of the report and the audit criteria are detailed in Appendix II.

We discussed the results of our audit with Laboratory officials and have included their comments in the report as applicable. In addition, we requested a written response to a draft of our audit report from the Laboratory and the FBI. In its response, the Laboratory neither agreed nor disagreed with our findings and recommendations. However, laboratory officials acknowledged that documentation supporting candidate matches was not always complete, they could not provide documentation to support the timely submission of one external audit report to the NDIS Custodian, and some profiles they entered into the NDIS were incomplete or inaccurate. Laboratory officials indicated they: (1) revised standard operating procedures for documenting interstate candidate match confirmations, (2) instituted a review of all interstate candidate matches to confirm the required documentation is included in the files, (3) revised procedures for forwarding audits to the NDIS Custodian, and (4) implemented a procedural change that includes an administrative review of all questioned profiles entered into the CODIS. In its response the FBI said it was reviewing both recommendations and requesting additional information from the Laboratory. The Laboratory’s and the FBI’s comments are included in the report as Appendices III and IV, respectively.


  1. DNA, deoxyribonucleic acid, is genetic material found in almost all living cells that contains encoded information necessary for building and maintaining life. Approximately 99.9 percent of human DNA is the same for all people. The differences found in the remaining 0.1 percent allow scientists to develop a unique set of DNA identification characteristics (a DNA profile) for an individual by analyzing a specimen that contains DNA.

  2. Pub. L. No. 103-322 (1994).

  3. These standards were appended to the MOU as Appendix C - NDIS Procedure Manual. This manual is comprised of several operational procedures that provide specific instructions for laboratories to follow for procedures pertinent to NDIS. For our purposes, the NDIS participation requirements consist of the MOU and the NDIS operational procedures.