The Federal Bureau of Investigation's
Control Over Weapons and Laptop Computers

Report No. 02-27
August 2002
Office of the Inspector General

Background

The FBI, which is the principal investigative arm of the Department of Justice, has investigative jurisdiction over violations of more than 200 categories of federal crimes, including counterterrorism, drugs/organized crime, foreign counterintelligence, violent crimes, and white-collar crimes.  The FBI employs approximately 11,000 Special Agents and 15,000 support personnel assigned to FBI Headquarters in Washington, DC; 56 field offices across the United States; the Training Academy at Quantico, VA; and 47 overseas offices.

As of August 2001, the FBI reported an inventory of approximately 50,000 weapons and 15,000 laptop computers to assist its employees in performing their law enforcement mission.

Weapons

Weapons used by the FBI include revolvers,¹ semi-automatic pistols, rifles, carbines, shotguns, tear gas guns, and submachine guns.  Within the FBI’s property records the term "weapons" includes not only those handguns and shoulder weapons used operationally, but also certain items called "red handles" that are used for training purposes.²  In this report, we generally treat functional weapons and "red handles" separately.

Laptop Computers

The Department’s Security and Emergency Planning Staff (SEPS), an office within the Justice Management Division, maintains records of the number of laptop computers each Department component has authorized for processing classified information.  Classified information or national security information (NSI) is information, which if disclosed, could cause harm to the national security or foreign relations of the United States.³  On September 28, 2000, the FBI reported to SEPS that there were 10,003 total laptop computers in the FBI and their security level was as follows:  5 Top Secret; 8,000 Secret; 1,711 unclassified; and 287 miscellaneous (damaged, no hard drive, unusable).⁴

FBI policy states that all laptop computers

are authorized to process classified information up to and including Secret/Collateral within the U.S. and its territories and can be connected to the FBI Secure Network (FBINET).  The processing of Top Secret and SCI [Sensitive Compartmented Information] information is not authorized on portable microcomputers without written authorization by the FBI's SPM [Security Programs Manager].⁵

It is important to note that classified information is not the only information that needs to be protected from unauthorized disclosure.  The FBI Security Handbook states in part:

Sensitive information is information that, if disclosed, could adversely affect the ability of the FBI to accomplish its mission.  Examples of sensitive information might be the identity of undercover agents, names of people under investigation, tax return information, or personal data on individuals.  While not directly affecting the national security of the United States, unauthorized disclosure of sensitive information can endanger people, hamper investigations, misdirect resources, and cause embarrassment.  All FBI information is considered sensitive and must be protected from unauthorized disclosure.⁶

Property Management Guidelines

Office of Management and Budget Circular A-123⁷ requires federal agencies to:  (1) establish a management control system that provides reasonable assurance that assets are safeguarded against waste, loss, unauthorized use, and misappropriation; and (2) ensure that transactions are promptly recorded, properly classified, and accounted for in order to prepare timely accounts and reliable financial and other reports.  The Justice Property Management Regulations⁸ require Department components to issue detailed operating procedures to protect federal property against fraud, waste, and abuse.

The FBI guidelines for the general management of property are contained in its:

• Accountable Property Manual;

• Manual of Investigative Operations and Guidelines (MIOG); and

• Manual of Administrative Operations and Procedures (MAOP). 

According to these guidelines, FBI employees are responsible for the proper and reasonable care and safeguarding of property assigned to them or located in their work area.  An employee whose negligence causes the loss of FBI property may be subject to disciplinary action.

Property Definitions – The FBI’s Accountable Property Manual classifies property into three principal categories:  capitalized; accountable (or "nonexpendable"); and expendable.

• Capitalized Property – All property with an initial acquisition value of $25,000 or more is capitalized property that must be posted to the general ledger and accounted for on the annual financial statements.

• Accountable Property – Property which, because of its value or nature, must be accounted for on an individual basis on the Property Management Application is accountable property.  The FBI treats both weapons and laptop computers as accountable (nonexpendable) property.

• Expendable – Supplies and equipment which are normally consumed within a one-year period are considered expendable.⁹

Property Management Personnel– According to the Accountable Property Manual, the Chief of the Property Procurement and Management Section of the Finance Division is the sole Property Management Officer (PMO) for the FBI.  The PMO’s duties

include, but are not limited to: the overall administration, coordination, and control of the FBI’s Property Management Program; ensuring that adequate systems exist and are documented for accountability of property within the FBI; and to communicate and monitor internal controls of the FBI for maintaining adequate property accountability.

The Special Agent in Charge or the appropriate Assistant Director is the Accountable Property Officer for each field office or Headquarters Unit.  The Accountable Property Manual states that the responsibilities of these officials

include, but are not limited to: coordinating the property management program within his/her office; providing required leadership and guidance to ensure effective internal control procedures within the office are in compliance with the requirements of the FBI; ensuring property records are created; and ensuring the property management program within their office is in compliance with the FBI’s Property Management Program.

To assist them in the performance of their duties, these Accountable Property Officers may designate one or more Property Custodians and/or Supply Technicians, depending on the size and complexity of the office.  In addition, the Accountable Property Manual states,

each employee of the Department of Justice who has use of, supervises the use or has control of Government property is responsible for that property.  Each employee is obligated to properly care for, handle, use and protect Government property issued to or assigned for the employee’s use at or away from the office.¹⁰

Automated System – The FBI employs the automated Property Management Application (PMA) "to properly and accurately account for all property that the FBI acquires, transfers, and retires." ¹¹  The PMA uses a variety of data fields to identify each item, including a barcode number assigned by the FBI, the serial number, the cost center code for the office where the item is located, a description of the item, and other necessary information.  The PMA also records a cost center code (0299) for all items assigned to individual employees rather than an office.  Finally, the PMA can generate a "Property Charged Out" report that documents all accountable property assigned to each active and separated employee.

The FBI’s Firearms Training Unit (FTU) supplements the PMA with index cards for each weapon in inventory.  Like the PMA, the index cards document the serial number, barcode number, initial assignment, and final disposal of weapons, but the index cards also track certain information that PMA was not designed to record.  For example, the index cards track the repair history of all weapons.

Prior Reviews

Automated Data Processing General Controls – The OIG audited the FBI’s automated data processing general controls in 1990.  The audit found that the FBI could not "account for over 2,000 pieces of ADP equipment some of which may contain sensitive data."¹²  The OIG recommended that the FBI "locate or reconcile" the ADP equipment in question.  In response, the FBI reported that "all FBI organizational entities" had reviewed the "items assigned which were listed on the FBI inventory" as unaccountable property.  As of July 23, 1990, the FBI stated that only 74 items, valued at $188,249, remained unaccounted for.  According to the FBI, the discrepancies originally noted by the auditors had resulted from a variety of causes, including duplicate entries in the property system, transposed serial numbers, miscoding of items, erroneously listing surplus items as unaccountable while they were pending disposal, and "rapid deployment of ADP equipment critically needed to support the investigative mission."

FBI Property Management – The OIG previously audited the FBI’s management of property in 1992.¹³  That audit found material weaknesses in "the FBI’s system of inventory and administrative controls in the property management cycle."  The OIG recommended that the FBI "locate and account for all items reported as unaccounted for," reconcile and update the inventory, and take numerous other corrective measures.  In response, the FBI reported that it had accounted for 32 of 40 items previously reported as unaccounted for in one category, and 663 of 799 items previously reported as unaccounted for in another category.

FBI Annual Financial Statement – The Chief Financial Officers Act of 1990, as amended by the Government Management and Reform Act of 1994, requires 24 agencies of the Executive Branch and other agencies designated by the Office of Management and Budget to prepare and have audited organization-wide annual financial statements.  The Inspectors General of the various departments are responsible for these audits but they may contract with independent public accountants to conduct them.  In their reports for fiscal years 1999, 2000, and 2001, the independent auditors who performed audits of the FBI’s financial statements identified material weaknesses in the area of property management.  They specifically reported the FBI needs to improve its procedures related to the timely and accurate recording, reconciliation, and reporting of property and equipment in the PMA, the subsidiary record-keeping system that supports amounts reported in the annual financial statements.¹⁴

Audit Approach

We obtained from the FBI a listing dated July 11, 2001, of weapons and laptop computers identified by the FBI as either lost or stolen.  We also asked the FBI to inventory all weapons and laptop computers and report the results to us as of September 30, 2001.  For various reasons, including the terrorist attacks of September 11, 2001, the FBI was unable to complete this task until much later.  The FBI conducted an inventory, in stages, of all accountable property.  The inventory of property charged to the various FBI divisions was completed on January 31, 2002, and the inventory of property issued to individual employees was completed on March 31, 2002.¹⁵ 

Our audit focused on the period from October 1, 1999 through January 31, 2002.  During this period, the FBI reported property losses of 212 weapons, 142 "red handles," and 317 laptop computers.¹⁶  Although our audit focused principally on those losses, we also reviewed certain losses that occurred outside this period to gain an understanding of the magnitude of the conditions noted in this report.  We reviewed the circumstances surrounding each loss and assessed the FBI’s actions to report and investigate those losses.  Further, we looked for indications that the lost property resulted in physical harm to the public or compromised national security or investigative information.  Our conclusions from the above analyses are presented in Finding I, and Appendices II and III contain a summary of our results.

We also reviewed the FBI’s management controls over the purchase, receipt and assignment, inventory, and disposal of FBI-issued laptop computers and weapons.  We assessed these controls by reviewing property management activities at FBI Headquarters and four selected field locations.¹⁷  At each site we:  (1) evaluated relevant property management controls; (2) reviewed documentation practices; and (3) physically inspected property.  We also tested, on a sample basis, the accuracy and completeness of the property records.  The results of the above analyses are presented in Finding II; Appendix VI shows the geographic distribution of the sampled property.

1. On August 20, 2001, the FBI’s Firearms Training Unit issued a memorandum directing the recall of all issued revolvers.  According to the memorandum, "revolvers cannot be integrated into pistol qualification courses" and, consequently, firearms instructors had to "expend finite training time to run additional qualification courses exclusively for revolver shooters."  The memorandum also cited the costs of maintaining spare parts and ammunition for revolvers as reasons for the recall.

2. These items include "red handles," which are incapable of firing live ammunition, "blue handles," which can fire only blanks, and "simunition" weapons that can fire only special "paint marking" ammunition.  Some "red handles" were originally purchased to fire live ammunition and later converted by FBI gunsmiths, while others were purchased from the manufacturer as "red handles."  The FBI’s Firearms Training Unit considers it unlikely that anyone would convert a "red handle" back to a functional weapon because the process would be tedious, time-consuming, and far more expensive than the cost of a new weapon.  According to the FBI, converting a "red handle" back to a functional weapon would require the services of a skilled gunsmith and the acquisition of parts available only from the manufacturer or a licensed gun dealer.

3. Classified National Security Information (NSI) is information that has been determined pursuant to Executive Order 12958 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.  There are three classification levels of classified NSI.  Each level is a measurement of the sensitivity of that information and the damage it could cause to the United States national security if disclosed.  These are the only levels authorized for classified NSI:

   TOP SECRET –Applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.

   SECRET –Applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.

   CONFIDENTIAL – Applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe.

   Additionally, there is a category of information known as "Sensitive Compartmented Information" (SCI), or "Codeword," which is afforded more stringent protection because of its extreme sensitivity.  Access to SCI is closely controlled and is granted only after a need for such access has been clearly established.  (U.S. Department of Justice, Security and Emergency Planning Staff, Classified National Security Information: Reference Booklet, June 1998, pp. 1 and 3)

4. At the start of our audit in August 2001, approximately 11 months after the report to SEPS, the FBI provided us with data showing a total inventory of 15,077 laptop computers.  We relied on this figure during our audit.

5. The FBI’s Manual of Investigative Operations and Guidelines, Section 35-9.4.6(4).  The FBI uses the term "portable microcomputer" interchangeably with the term "laptop computer."

6. FBI Security Handbook, page 1.

7. Management Accountability and Control, dated June 21, 1995.

8. Department of Justice Order (DOJ Order) 2400.3, dated August 6, 1998.

9. Accountable Property Manual, Introduction and Section 2, paragraphs 2-4 and 2-22.

10. Section 1, paragraph 1-5.

11. Accountable Property Manual, Section 2, Paragraph 2-38.

12. OIG Audit Report 90-15, The Federal Bureau of Investigation’s Automatic Data Processing General Controls, dated September 1990.

13. OIG Audit Report number 92-13, Federal Bureau of Investigation Property Management, dated July 1992.

14. OIG Audit Report 00-15, Federal Bureau of Investigation Annual Financial Statement, Fiscal Year 1999, dated July 2000, and OIG Audit Report 01-14, Federal Bureau of Investigation Annual Financial Statement, Fiscal Year 2000, dated May 2001.  The financial statement audit report for FY 2001 has not been issued yet, but the auditors found similar weaknesses in that year as well.

15. See Appendix VII for a summary of the results as of March 31, 2002 as they relate to weapons and laptop computers.  In this report, we take note of the March 31, 2002 results, but we did not audit them because our fieldwork was completed before that date.

16. See Appendix IX for the process by which we arrived at those figures.

17. We judgmentally selected Denver, CO; Jacksonville, FL; Los Angeles, CA; and, New Haven, CT, to include large, medium, and small offices and to achieve a geographical distribution.