In planning and performing our audit of the DOJ Victim Notification System (VNS), we considered the Executive Office for U.S. Attorneys’ (EOUSA) control structure over the VNS for the purpose of determining our audit procedures. This evaluation was not made for the purpose of providing assurances on its internal control structure as a whole. However, we noted certain matters involving internal controls that we consider reportable matters under the Government Auditing Standards.

Reportable conditions involve matters coming to our attention relating to significant deficiencies in the design or operations of the internal control structure that, in our judgment, could adversely affect EOUSA’s ability to effectively oversee the VNS. We identified weaknesses in: (1) the management of the VNS, (2) the effectiveness of the VNS, and (3) the information security of the VNS. We discussed these issues in the Findings and Recommendations section of the report. Because we are not expressing an opinion on EOUSA’s internal control structure as a whole, this statement is intended for the information and use of EOUSA’s management of the VNS.