Compliance With Standards Governing
Convicted Offender DNA Sample
Backlog Reduction Program Activities
Myriad Genetic Laboratories, Inc.
Salt Lake City, Utah
July 26, 2001
Office of the Inspector General
The Office of the Inspector General, Audit Division, is conducting an audit of the Convicted Offender DNA Sample Backlog Reduction Program (Program), administered by the National Institute of Justice (NIJ). In conjunction with that effort, we have completed an audit of Myriad Genetic Laboratories, Inc., a private laboratory providing contracted DNA analysis services for several Program grantees, for compliance with standards that govern those services.
Scope and Methodology
We conducted our audit in accordance with Government Auditing Standards and included such tests as were considered necessary to accomplish the audit objectives. Our audit of Myriad Genetic Laboratories, Inc. (Myriad) generally covered the 2-year period preceding our fieldwork conducted in June 2001. See Appendix I for a detailed description of our audit scope and methodology.
The overall objective of the audit was to assess Myriad's compliance with standards governing their DNA analysis contracts with Program grantees, namely the Quality Assurance Standards for Convicted Offender DNA Databasing Laboratories, (QAS) effective April 1, 1999. See Appendix II for further details concerning our audit criteria.
Findings And Recommendations
We considered 130 elements 1 of the Offender QAS. 2 We found that Myriad complied with the Offender QAS except for two areas of noncompliance described below.
Offender Standard 10.2 states that a laboratory shall identify critical equipment and shall have a documented program for calibration of instruments and equipment. Although Myriad complied with this standard by identifying critical equipment and by having a documented calibration program, we determined that Myriad had not followed that calibration program for 1 of the 10 critical equipment items we reviewed. The item, a balance, was not calibrated between November 1999 and June 2001, a span of 19 months, during which three semi-annual calibrations were supposed to have been performed.
Myriad management stated that the missing calibrations were due to a misunderstanding in which the technician responsible for the calibrations thought that the frequency of required calibration had changed from semi-annual to "at use," when actually the reverse change had occurred. The misunderstanding was identified due to our request to see the logs. The item was calibrated while we were there and no problems with the instrument were found.
According to Myriad management officials, Myriad's comprehensive central tracking system monitors the performance of all aspects of the process and would have been able to detect analysis problems caused by a faulty balance had there been any. Supporting documentation for how the tracking system identifies analysis problems was reviewed by the auditors. Because the balance was found to be within accuracy limits and because the tracking system appears to have been capable of detecting analysis problems caused by an inaccurate balance, we conclude that the only deficiency was not performing the calibration at required intervals.
Missing Documentation of Equipment Tests
Offender Standard 10.3.1 states that new critical instruments and equipment, or critical instruments and equipment that have undergone repairs or maintenance, shall be calibrated before use. Offender Standard 10.3.2 states that written records or logs shall be maintained for the maintenance service performed on instruments and equipment, and that such documentation should be retained in accordance with federal or state law. Although Myriad personnel do maintain logs as described in Offender Standard 10.3.2, the logs did not provide sufficient documentation to demonstrate that 2 of the 10 critical equipment items reviewed had been calibrated after their most recent repairs. Myriad management stated that the equipment had been calibrated before being put back in use, as required by Offender Standard 10.3.1, and that no further problems with the items since then served as evidence that the items were fit for continued use. However, they acknowledged that the logs did not reflect the calibration work that had been performed to approve the items for continued use.
We recommend that the Director of the National Institute of Justice, through the Program grantees contracting with Myriad, ensure that:
Views Of Responsible Officials During the audit and at the exit conference, we solicited comments on our audit findings and recommendations from Myriad management and other personnel. These comments have been incorporated above in the details of each finding.
SCOPE AND METHODOLOGY
We conducted our audit in accordance with Government Auditing Standards and included such tests as were considered necessary to accomplish the audit objective. Our audit generally covered the period between June 1999 and June 2001, with certain issues of compliance applicable only to the time period during which Myriad was contracting with Program clients (beginning approximately August 2000). Also, our audit was limited to sections of Myriad involved in the analysis of Combined DNA Index System (CODIS) DNA samples for Program clients. To accomplish the audit objective, we:
For the purposes of this audit, we limited our review to Myriad's compliance with the QAS. As such, we only tested the issues of compliance and internal controls directly related to the QAS. Accordingly, we did not attach a separate Statement of Compliance with Laws and Regulations or a Statement on Management Controls to this report.
The key source of criteria for our audit is the QAS, recommended by the DNA Advisory Board and formally instituted by the Director of the FBI (see Appendix III for a description of these organizations' roles). Although two sets of standards have been instituted, only the set specific to the analysis of convicted offender samples applies to this audit: the Quality Assurance Standards for Convicted Offender DNA Databasing Laboratories effective April 1, 1999 (Offender QAS).
The Offender QAS contains 130 elements organized under 14 headings applicable to our audit. We considered all 130 elements in the completion of our audit. However, not all 130 elements were ultimately applicable to Myriad or to the specific time period we audited. For example, some elements pertained to a different analysis method than is in use at Myriad, some elements did not apply to the scope of the work Myriad is performing for the state and local laboratories (for example, Myriad does not issue formal analysis reports), and some elements pertained to issues not occurring during our audit scope (such as the corrective action elements, since no proficiency test errors occurred for the tests we reviewed).
Not included in the tally of 130 elements count is 1 heading containing 6 elements applicable only to the state and local laboratories that contract out the analysis of their samples, and not the actual contractor. The section, number 17, is titled "Subcontractor of Analytical Testing for which Validated Procedures Exist." The remaining headings include standards on such issues as: the laboratory's quality assurance program and what it contains; roles, duties, and documentation for laboratory organization, management and personnel; care and security of facilities, equipment, and samples; validation of and analytical procedures for analysis processes used by the laboratory; policies on reports, reviews and safety; and documentation of proficiency testing, corrective action, and audits.
We did not review Myriad against provisions unique to each of its Program client contracts, as that will be done during the review of selected state laboratories as part of the overall audit of the Program.
Combined DNA Index System
CODIS, as the System is commonly called, allows law enforcement agencies to compare DNA specimen information with that of other law enforcement agencies around the country, with the goal of matching case evidence to other previously unrelated cases or to persons already convicted of other violent or sexual crimes. Laboratories that participate in CODIS perform DNA analysis on specimens from convicted offenders or crime-scene evidence. These laboratories use special software, provided free of charge by the FBI, to organize and manage the DNA profiles and related information. The software also compares DNA profiles from participating laboratories and notifies the appropriate laboratories when two or more DNA profiles match.
CODIS was first described and authorized by the DNA Identification Act (Act) of 1994. The Act authorized the FBI to establish and maintain a national CODIS database and also contained guidelines for the inclusion of DNA profiles, the participation of state and local laboratories, and the penalty 3 for failure to comply with the guidelines.
The Act also established the DNA Advisory Board-an entity commissioned by the FBI to compose standards for quality assurance with which CODIS-participating laboratories are to comply. The Board, comprised of representatives from the FBI as well as state and local laboratories, completed this task by recommending for issuance the QAS that were subsequently issued by the Director of the FBI. All CODIS laboratories are responsible for complying with the Act, including the QAS and disclosure and proficiency testing requirements, as well as ensuring that any contractors they use for the analysis of CODIS profiles do the same.
Offender Backlog Reduction Program
The Convicted Offender DNA Sample Backlog Reduction Program provides funding to State DNA laboratories for outsourcing to private labs the analysis of large quantities of backlogged convicted offender samples for expedited entry into the national CODIS database. A total of $14.4 million was dispersed through grants to 21 state laboratories in the first year of the program (FY 2000). Funds were provided to the state laboratories based upon the number of samples those laboratories had awaiting analysis multiplied by an estimated cost for analysis of $50 per offender sample. Based on these calculations, NIJ management have estimated that approximately 290,000 samples will be added to CODIS as a result of the Program's first year grants. A planned second round of grants is expected to be announced at the end of FY 2001.
MYRIAD GENETIC LABORATORIES, INC.
Myriad Genetics, Inc., is a biopharmaceutical company focused on the development of novel therapeutic products derived from its proprietary technologies. The Company has established two wholly owned subsidiaries: Myriad Pharmaceuticals, Inc., and Myriad Genetic Laboratories, Inc.
Myriad Genetic Laboratories, Inc., (Myriad) develops and markets proprietary predictive medicine and personalized medicine products. Myriad was started in 1994 and employs approximately 400 people. The three departments involved in the CODIS contracts, which account for approximately 125 of the staff, are the Laboratory Operations Department, the Informatics (Information Technology) Department and the Quality Assurance Department.
History of CODIS-Related Services
In 1997, through some interactions with the Royal Canada Mounted Police, Myriad said they began looking into forensic database applications of their systems already in place for clinical genetic sequencing and gene discovery research. Then, as they became aware of the rising national issues on offender backlogs, they realized that they were already in a position to meet the need for high-throughput offender sample analysis. Officials said they spent 1997 and 1998 performing validation work, primarily of their Laboratory Information Management System or LIMS, which is the "brain" behind their entire process. In general terms, the LIMS gathers information from the computers and analysis equipment throughout the laboratory in order to track the equipment and supplies used to analyze each sample, to approve each sample for the next stage in the analysis process based upon the evaluation of the data generated from the previous stage, to maintain a comprehensive chain-of-custody, and to alert staff to problem samples or areas of the process that need attention.
Documentation reviewed demonstrated that Myriad was certified by the National Forensic Science Technology Center for the first time in 1998. According to Myriad officials, they received their first offender sample contract in 1999 (with New Jersey State Police) and their second contract in February 2000 (with the Oregon Department of State Police). However, Myriad officials stated that the impetus for doing CODIS-related analysis was the Program contracts they were awarded in 2000 by the following state laboratories: Texas Department of Public Safety, California Department of Justice, New York State Police, Ohio Bureau of Criminal Identification and Investigation, Arizona Department of Public Safety, Minnesota Bureau of Criminal Apprehension, New Jersey State Police (a continuation of the existing contract), and Utah Department of Public Safety.
Myriad's stated mission for their Felon Database Program is to achieve accuracy, security, high-capacity, and quality excellence. Myriad officials said that their laboratory is equipped to accept whole blood tubes, bloodstained cards, and buccal swabs, although their process is primarily designed for bloodstained cards.