The Office of the Inspector General, Audit Division, has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the Texas Department of Public Safety Headquarters Laboratory (Headquarters). Our audit covered two distinct laboratories within the Headquarters: the DNA Section, which analyzes case evidence, and the CODIS Section, which analyzes convicted offender samples. Since the laboratories were independent of one another, audit results are reported separately by section.
CODIS is a national computerized information repository maintained by the FBI that permits the storing, maintaining, tracking, and searching of DNA specimen information in order to facilitate the exchange of DNA information by law enforcement agencies. Laboratories that participate in CODIS perform DNA analysis on specimens from convicted offenders or crime-scene evidence. These laboratories use special software, provided free of charge by the FBI, to organize and manage the DNA profiles and related information. The software also compares DNA profiles from participating laboratories and notifies the appropriate laboratories when two or more DNA profiles match.
The DNA Identification Act of 1994 authorized CODIS and specified several standards for laboratories that contribute profiles to the FBI National DNA Index System (NDIS). Each participating laboratory must certify that it is performing DNA analysis in compliance with the FBI standards governing laboratory operations. Further, a Memorandum of Understanding (MOU) is enacted between the FBI and participating state laboratories, establishing the responsibilities of each party as part of CODIS. The MOU establishes general and specific standards that are to be followed by a laboratory in order to participate in CODIS and utilize NDIS, including the upload of DNA profiles to NDIS.
Our audit generally covered the period from the start of the DNA and CODIS Sections' participation in NDIS in May 1998 through January 2001. The overall objective of the audit was to determine the extent of the DNA and CODIS Sections' compliance with standards governing CODIS activities. To address the overall objective, we considered:
- the extent to which the Sections complied with the FBI NDIS participation requirements,
- the extent to which the Sections complied with federally legislated laboratory Quality Assurance Standards (QAS) for laboratories, and
- the appropriateness of the DNA Section's forensic profiles and the CODIS Section's convicted offender profiles contained in CODIS databases.
We found the following deficiencies with the DNA and CODIS Sections' compliance with the standards governing CODIS activities that we tested.
- With respect to the DNA Section's compliance with QAS requirements, we found that: (1) the quality assurance program was missing the QAS-required "Audits" category of information; (2) the equipment maintenance and calibration program did not include guidance for one type of critical instrument (ABI genetic analyzers); (3) documentation could not be located for 1 of the 10 instruments we reviewed to substantiate that semi-annual calibrations were performed as required; (4) the testimony of one of the nine testifying analysts was not monitored in 1999; and (5) a walk-in freezer used for long-term evidence storage was not secured independently of the security of the DNA Section space. Subsequent to audit fieldwork, Laboratory management provided us with documentation that the walk-in freezer was being independently secured by instituting a policy of locking the freezer at the end of each workday. Further, we were supplied with a copy of the new quality assurance program being completed by Headquarters management that they stated will address all the QAS-required categories of information.
- With respect to the CODIS Section's compliance with the QAS requirements, we found that: (1) the documented training program was still in draft form and had not been formally approved and implemented; (2) the analytical procedures had not been approved by management or the technical leader; (3) the equipment maintenance and calibration program did not include a critical equipment list and exhibited pervasive problems that called into question its meaningfulness; (4) documentation for two semi-annual calibrations could not be located for one of the nine instruments we reviewed; (5) written records were not kept for the service performed on one type of critical instrument (ABI genetic analyzers); (6) Section manuals did not contain written procedures for the release of information specific to database samples; (7) Section manuals did not contain written procedures for the reviewing of database sample results; (8) Section policies and practices concerning proficiency testing did not meet QAS requirements, as clarified by the NDIS requirements, for the 2-year period reviewed; and (9) long-term sample storage was not secured independently of the security of the Section space.
- With respect to NDIS requirements, we found that, of the 100 casework profiles we reviewed, 1 profile was incomplete and 1 profile was unallowable. The incomplete profile did not contain all of the values obtained during analysis and the unallowable profile was from sample taken from a known suspect rather than from case evidence. The NDIS requirements limit laboratories to uploading DNA profiles from case evidence only. While collecting supporting documentation for our audit, DNA Section staff discovered the known suspect profile that had been inadvertently included in CODIS and had removed it prior to the start of our audit fieldwork. In addition, DNA Section staff corrected the incomplete profile prior to the conclusion of our fieldwork.
We also found that, of the 100 convicted offender profiles we reviewed, 8 were not allowable for inclusion in CODIS since the profiles were from offenders that had not been convicted of one of the crimes given in the state legislation warranting inclusion in CODIS. Subsequent to audit fieldwork, the CODIS Section Administrator provided us with documentation that the profiles had been removed from CODIS.
The audit results are discussed in greater detail in the Findings and Recommendations section of the report. Appendix I discusses our audit scope and methodology. Appendix II provides the audit criteria. Appendix III contains general background information. Appendix IV covers the history and status of DNA testing and CODIS use at the Laboratory.