The Drug Enforcement Administration's
Control Over Weapons and Laptop Computers

Report No. 02-28
August 2002
Office of the Inspector General

Department of Justice (Department) components maintain a large inventory of property, such as weapons and laptop computers, that could result in danger to the public or compromise national security or law enforcement investigations if not properly controlled.  In March 2001, the Office of the Inspector General (OIG) audited the Immigration and Naturalization Service’s (INS) management of its property and found, among other things, that the INS did not have adequate controls over weapons.  In particular, the audit noted that the INS categorized more than 500 weapons as lost, missing, or stolen.  After that audit, the Federal Bureau of Investigation (FBI) reported many weapons and laptop computers were missing from its inventory.

In response to concerns about the Department’s accountability for its weapons and laptop computers, the Attorney General asked the OIG to conduct audits of the controls over the inventory of such property throughout the Department.  The OIG therefore conducted separate audits of the controls over weapons and laptop computers at the FBI, the Drug Enforcement Administration (DEA), the Federal Bureau of Prisons, and the United States Marshals Service.¹  The OIG will issue separate reports on the audits of each of these components, and a capping report describing the results from all the audits.  This report covers the audit in the DEA.

The DEA’s mission is to enforce the controlled substance laws and regulations of the United States by bringing to the criminal and civil justice system those organizations and principal members of organizations involved in the growth, manufacture, or distribution of controlled substances that are intended for illicit traffic in the United States.  At the conclusion of fiscal year 2001, the DEA had a total of 9,209 personnel (4,529 law enforcement) assigned to offices throughout the United States and foreign countries.  As of November 2001, the DEA identified an inventory of about 15,000 weapons and 6,000 laptop computers that assist the DEA in performing its law enforcement mission.  According to the DEA, of the 6,000 laptop computers in use, only one is authorized to process classified information.

Our audit objectives were to review the DEA’s:  (1) actions taken in response to the identification of lost or stolen weapons and laptop computers; and (2) management controls over these types of equipment.  Our audit focused on the period from October 1999 through November 2001.

Our audit revealed significant deficiencies in the DEA’s policies and procedures related to weapons and laptop computers.  We also found weaknesses in the DEA’s management of purchases, receipts and assignments, transfers, returns of property from employees who leave the DEA, physical inventories, and disposals.  The results of our audit are as follows.

DEA Weapons

During the 2-year period covered by our audit, 16 weapons were reported by the DEA as lost (2), missing (2), or stolen (12).  This represents about one-tenth of one percent of the current weapons inventory.  The losses occurred mainly because agents were careless or did not adhere to established policy.  Over one-third of these losses occurred when agents left their weapons unattended.

In total, 4 of the 16 weapons have been subsequently recovered by local law enforcement entities.  From the information available, we determined there was no apparent direct physical harm to the public caused by the weapons’ loss; however, it should be noted that the circumstances surrounding the weapons’ recovery were related to possible criminal activity.  The weapons were recovered as a result of local law enforcement arrests, searches, and investigations.  Two recovered weapons were being held as evidence by law enforcement entities.

We reviewed the policies and procedures followed when the 16 weapons were lost, missing, or stolen.  We found that the DEA performed an investigation in all 16 cases.  In eight cases, the agent responsible for the loss was suspended from 1 to 30 days.  However, our review also found the following deficiencies in DEA practices, which we consider significant because of the potential impact these weapons have on the public if lost, missing, or stolen:

• Three of the 16 weapons had not been entered in the National Crime Information Center (NCIC) computer system by the law enforcement agencies notified.²  The DEA should have reviewed the NCIC to ensure all weapons reported as lost, missing, or stolen were entered, and to determine whether such weapons were recovered.
• The reporting of lost, missing, or stolen weapons to DEA management and Department officials was not always timely or complete.  For 11 of the 16 weapon losses, documentation was not completed within the required 48-hour period.  Also, the DEA failed to prepare the semiannual Department Theft Report for 1999 and 2000.  In addition, the reports covering 2001 did not include all weapons that were lost, missing, or stolen.
 

We further reviewed the DEA’s policies and procedures relating to the control of the approximately 15,000 weapons in use.  The DEA recently implemented a new weapons inventory system and just prior to our audit had completed an agency-wide inventory reconciliation.  Our review of the new system, which included tests of a sample of 148 weapons, disclosed internal control weaknesses that could cause significant problems with the reliability of the inventory data.  We noted the following:

• The financial system was not integrated with the weapons inventory system to ensure the inventory accuracy.  Although our sample of 60 purchased weapons showed that all purchased weapons were recorded in the weapons inventory, we recommend that the DEA should institute an automatic interface between the financial system and this system.  This would greatly increase the DEA’s accountability for all future purchases of weapons by ensuring weapons are recorded and safeguarded from fraud, waste, or abuse.
• The automated system we observed does not provide an audit trail to ensure that all edits made to the weapons inventory are tracked with an automated exception report.  As a result, it would be easy to make inventory edits without management’s knowledge.
• The accuracy of the weapons inventory depends heavily on the manual submission of property records to the Firearms Training Unit (FTU) in Quantico, Virginia.  This condition raises concerns over the timeliness and completeness of the inventory since the DEA is a worldwide organization.  During our site visits our tests of a sample of 148 weapons showed that one weapon was assigned on the inventory to an agent who had retired (the weapon was returned) and two weapons were incorrectly assigned.  These inconsistencies resulted from the timing delays inherent in this system.
• The duties at the FTU were not adequately segregated.  The same FTU individual was able to receive the weapon, verify the completeness of the shipment, and enter the weapon into the inventory database.  The lack of segregation of duties causes additional concern when it is combined with the lack of automatic interface between the financial system and this system, as described above.  Without the combination of these controls, purchases could go undetected.
• Not all DEA units conducted an annual physical inventory of weapons in accordance with the DEA’s Firearms Policy.  Two weapons had not been inventoried in 13 years.  Also, the weapon inventory duties at the FTU were not adequately segregated.  Persons conducting the inventory also had the ability to modify weapon inventory records.
• Employee Clearance Records for separated employees did not include descriptive detail, such as serial numbers, makes, and models, for weapons returned by employees who leave the DEA.
 
• The DEA does not obtain written confirmation of receipt of weapons that are excessed to other law enforcement agencies.

DEA Laptop Computers

As stated previously, the DEA has over 6,000 laptop computers, of which 5,286 are inventoried in the Fixed Asset Subsystem (FAS) and 848 are inventoried in the Technical Equipment Information System (TEIS).  Our audit disclosed that the DEA has significant internal control deficiencies relating to its FAS property inventory, which includes laptop computers.  During our fieldwork, the DEA was not able to provide us with a reliable list of lost, missing, and stolen laptop computers covering our audit period on which to base our audit tests.  We therefore are unable to report accurately on the number of the DEA’s lost, missing, or stolen laptop computers, and cannot determine if any lost, missing, or stolen DEA laptop computers resulted in a compromise of national security or investigative information.   The DEA has since informed us that it has completed a reconciliation of its property inventory and has determined that 229 laptop computers are unaccounted for.

The DEA stated that the inventory in FAS contained a significant amount of unreliable data, and the DEA was performing an agency-wide reconciliation and inventory validation of its property (excluding weapons).  According to the DEA, problems with the inventory data occurred after the DEA converted its previous property system, the M-204 system, to the FAS in October 2000.  At the conclusion of our fieldwork, the DEA’s reconciliation and validation still had not been completed.

As part of our audit, we tested the DEA’s policies and procedures related to the control of the laptop computers in use.  Of the 110 laptop computers we sampled on-site, we found that 15 had inventory record errors.  Errors included incorrectly recorded serial numbers, property descriptions, locations assigned, and individuals having actual custody of the laptop computer.  These errors confirmed the unreliability of the FAS inventory data; however, in our judgment, errors of this nature were not caused by the October 2000 system conversion, but rather point to a lack of internal controls and a failure by DEA employees to adhere to established policies and procedures.  Our audit also identified the following internal control weaknesses:

• Some DEA units did not have a valid inventory of laptop computers for several years because biennial physical inventories of accountable property were not performed and the Headquarters Property Management Unit did not validate the inventory results.  We also noted an instance where physical inventory duties were not segregated.  Further, we noted that the manual inventory procedures in place were prone to error and were less efficient than an automated inventory procedure using barcode scanners.
• The financial system was not fully integrated with the FAS to ensure the accuracy of the inventory for laptop computers.  When we sampled 74 laptop computers recently purchased, we found one that was not recorded in the inventory.  This condition occurred because the system relies mainly on the initiative of the unit’s Property Custodial Assistant (PCA) to ensure purchases made are subsequently included into FAS.
• Laptop computers were assigned in the FAS to the PCA instead of the specific individual who had actual custody.  Also, property records maintained by some PCAs were inadequate because the tracking of assigned laptop computers was left to the discretion of the PCA.
• Policy was not always followed to ensure that PCAs were notified when new or transferred laptop computers were sent to their location.  As a result, the item may not be identified in the division’s inventory until the biennial inventory is conducted.
• Hand receipt confirmations on transferred laptop computers were not used systematically throughout the DEA.  This condition increases the chance that items would not be traceable to the individuals who had last possession.
• Employee Clearance Records for separating employees did not include sufficient descriptive detail, such as the DEA property code and property description, for laptop computers returned by employees who leave the DEA.  As a result, items may not be returned, or may not be identified until after a biennial inventory is conducted.

In this report, we offer several recommendations that we believe will assist the DEA to improve its management of weapons and laptop computers.  Generally, the recommendations include: completing the property inventory and providing a valid inventory to all PCAs; developing internal controls, policies, and procedures for the Weapons property system; developing and implementing policies, procedures, and regulations to strengthen system controls and the reporting of losses; integrating the financial system and the property management system; and issuing advisories to responsible employees.

The details of the audit results are contained in the Findings and Recommendations section of the report.  Additional information on our audit objectives, scope, and methodology is contained in Appendix I.

1. Since we completed an audit of the INS’s management of property in March 2001, we did not include the INS in the review of weapons and laptop computers.
2. The NCIC is a nationwide criminal justice information system maintained by the FBI. This system provides the criminal justice community with immediate access to information such as stolen weapons, missing persons, vehicles, and criminal history records. The DEA relies on local law enforcement entities to input lost, missing, or stolen weapons.