The Bureau of Alcohol, Tobacco, Firearms and Explosives’ and Federal
Bureau of Investigation’s Arson and Explosives Intelligence Databases

Audit Report 05-01
October 2004
Office of the Inspector General


Appendix I

Audit Objectives, Scope, and Methodology


Objectives

The objective of the audit was to examine overlap between the Bureau of Alcohol, Tobacco, Firearms, and Explosives' (ATF) and the Federal Bureau of Investigation's (FBI) databases that compile information on arson and bombing incidents and evaluate whether the Department of Justice (Department) has efficiently and effectively collected, and made available to the federal, state, and local law enforcement community, information involving arson and the criminal misuse of explosives.

Scope and Methodology

The audit was performed in accordance with Government Auditing Standards issued by the Comptroller General of the United States, and included tests and procedures necessary to accomplish the objectives.

Generally, the audit focused on the ATF's and the FBI's policies and procedures used to collect and disseminate arson and explosives data. We also evaluated the methodologies used to populate each database system with intelligence information. We tested the accuracy of a sample of information contained in each system by comparing system data with source documentation. We determined whether maintenance of both the ATF's and the FBI's databases resulted in duplication of effort. We evaluated how the law enforcement community is informed on the systems.

The audit period covered January 2001 through July 2004 and we performed fieldwork at the following locations:

ATF Headquarters Washington, D.C.
FBI Bomb Data Center Quantico, VA
Louisiana State University Baton Rouge, LA
Glendale, AZ Fire and Police Department Glendale, AZ
Maine State Fire Marshals Office Gardiner, ME

To obtain background information related to how the Department can most efficiently and effectively collect, and make available information involving arson and criminal misuse of explosives for ATF; BDC; LSU; Glendale, Arizona, Fire and Police Department; and the Maine State Fire Marshals Office, we reviewed:

  • A list of key personnel and contact information of individuals responsible for system administration and maintenance.

  • Criteria applicable to the environment and operations (laws, regulations, policies, and procedures).

  • The operations manual or plan.

  • A copy of the budgets.

  • Prior reports of audits and inspections.19

  • Policies and procedures used to collect and disseminate data included in the databases.

  • The contract between the FBI and LSU.

  • The memorandum of understanding between ATF and the Glendale, Arizona, Fire and Police Department and the Maine State Marshals Office.

To evaluate what data was collected and reported, and how collected data was imported into the databases, we:

  • Interviewed officials and reviewed written policies and procedures to determine procedures for collecting data submitted to agencies, and the protocol for access to the databases.

  • Assessed whether data was received via hard copy or electronically.

  • Interviewed officials and reviewed written policies and procedures to obtain the criteria used to determine whether information received was entered into the databases.

  • Interviewed officials and reviewed written policies and procedures to determine whether data was verified for accuracy prior to entry into the databases.

  • Interviewed officials and reviewed written policies and procedures to determine whether the databases detected duplicate entries.

  • Reviewed data documents for a sample of report data to determine the length of time from receipt of data from source documents to the date of entry into the databases.

  • Tested a sample of documents used to populate the databases with intelligence information.

To assess who had access to the databases and how access was obtained, we:

  • Interviewed officials and reviewed written policies and procedures to determine how access to the databases was allowed.

  • Interviewed officials and reviewed policies and procedures for informing and training the law enforcement community on policies and procedures concerning the availability and use of the database.

  • Interviewed officials and reviewed written policies and procedures to determine how outside requests for information from the database were processed.

To assess whether duplication of effort existed by maintaining multiple databases, we:

  • Reviewed the format and type of data provided by the databases to investigators, law enforcement personnel, and any other system users.

  • Evaluated if data outputs could be customized for individual queries.

To assess the usefulness of the ATF's Repository and the FBI's Bomb Data Center databases in conducting investigations, we:

  • Contacted representatives of the United States Fire Administration; and ATF field offices, FBI field offices, and state and local agencies that serve 11 of the largest cities in the United States.


Footnotes

  1. We found no prior audit or inspection reports that related to our audit objectives.