Combined DNA Index System Operational and Laboratory Vulnerabilities

Audit Report 06-32
May 2006
Office of the Inspector General

Appendix III
Audit Criteria


In this appendix, we summarize the sources of criteria that we used in the completion of this audit. Note that we only list criteria specific to our audit of the FBI, versus the audit criteria used to complete the OIG’s CODIS laboratory audits (addressed in Appendix IV), the results of which we analyzed for this audit.

Federal Legislation

Various pieces of legislation have been enacted over the past 11 years that have helped shape the CODIS program. Two of these have been the primary instruments of creation and change, The DNA Identification Act of 1994 and the Justice for All Act of 2004.55 We used these items of legislation as criteria to evaluate the FBI’s administration of CODIS (Objective number one and two) and the FBI’s implementation of corrective actions in response to previous OIG audit findings (Objective number three).

The DNA Identification Act of 1994

This Act authorized the FBI to establish and maintain CODIS. The Act also established the DNA Advisory Board to compose standards for quality assurance with which CODIS-participating laboratories would have to comply and which the Director of the FBI could then formally institute. The Act also required the FBI to institute physical and electronic controls over the information in CODIS, which led to the creation of the NDIS Requirements.56

Justice for All Act of 2004

This Act consists of three sections, The Debbie Smith Act which expands the database and allows for one-time keyboard searches, the DNA Sexual Assault Justice Act which requires all laboratories to be accredited by October 30, 2006, and the Innocence Protection Act of 2004, which establishes various provisions for post conviction DNA testing. A more detailed description of each section is as follows.57

Debbie Smith Act of 2004. Requires laboratories to implement corrective action to findings identified in QAS audits, giving greater emphasis to the NDIS Audit Review Panel and the DNA community auditing organizations. Expands CODIS to include samples from indicted criminals, and expands the offenses for the Federal Convicted Offender Program to all felons. This section also expands the authority for keyboard searches and increases the penalties for misuse. It also, requires the FBI to report to Congress if changes are made to the CODIS "core genetic markers."

The DNA Sexual Assault Justice Act of 2004. Requires laboratories who receive grant funds to be accredited, and reiterates the requirement for biannual external audits that demonstrate compliance with the QAS. Also requires accreditation by October 30, 2006.

Innocence Protection Act of 2004. This Act deals primarily with post-conviction DNA testing, when and how that testing will be made available, and how the results will be interpreted, including what is entered into NDIS and when those profiles can be retained.

NDIS Participation Requirements

We considered one of the NDIS procedures, Review of External Audits, as part of our audit criteria, and tested compliance with the requirements that apply to the FBI’s performance, as excerpted below.

Quality Assurance Standard Audit Review – General Overview (Section 5.0):

In response to a finding by the Office of the Inspector General (June, 2001) that the self-certification of compliance with the FBI Director’s QAS was insufficient to ensure that audit findings, if any, were appropriately resolved, the FBI Laboratory developed a program to review the external QAS audits conducted at NDIS Participating Laboratories. Therefore, to fulfill its obligations under the DNA Identification Act of 1994, the FBI Laboratory will review all external QAS audits of laboratories seeking to participate in NDIS and NDIS Participating Laboratories to evaluate any findings and determine if further action is warranted.

To facilitate the review process, NDIS Participating Laboratories shall forward the audit report to the NDIS Custodian upon their receipt of the report. The NDIS Custodian will review the report and if there are no findings, the review shall be deemed complete and the documentation returned to the NDIS Participating Laboratory. If there are findings that do not relate to DNA and or a laboratory’s participation in NDIS, the review shall also be deemed complete and the documentation returned to the NDIS Participating Laboratory. However, if there are any findings relating to DNA or a laboratory’s participation in NDIS, the report shall be forwarded to the NDIS Audit Review Panel, which will review the audit report and determine if the findings have been addressed and resolved, as necessary. If there are no findings but comments are present, the external audit report shall be forwarded to the chairperson of the NDIS Audit Review Panel for review and possible action. If further action is warranted, the chairperson of the NDIS Audit Review Panel will follow up with the NDIS Participating Laboratory to resolve any outstanding issues. In the event that the NDIS Participating Laboratory fails to respond to the NDIS Audit Review Panel or that there appears to be non-compliance with the QAS, the matter shall be referred to the NDIS Procedures Board ( see Section 6.3) for further action in accordance with the DNA Identification Act of 1994.

All audit documents and related communications will be returned to the NDIS Participating Laboratory for filing upon completion of the review process.

NDIS Audit Review Panel (Section 6.2)

Once the audit documentation is received and forwarded by the NDIS Custodian, the chairperson of the NDIS Audit Review Panel shall review the documentation to ensure that the findings have been resolved and if necessary, follow up with the NDIS Participating Laboratory.

There shall be multiple NDIS Audit Review Panels sufficient to address the number of external QAS audits requiring review. An NDIS Audit Review Panel shall consist of five qualified or previously qualified DNA examiners or analysts who have successfully completed the training on the QAS Audit Document: (1) at least two of whom shall be representatives of state or local forensic DNA laboratories; and (2) at least two of whom shall be representatives of the FBI. The FBI shall designate someone who shall serve as chairperson of each such Review Panel and shall have voting privileges. NDIS Audit Review Panel members shall provide their comments, if any, to the chairperson of the NDIS Audit Review Panel.

NDIS Audit Review Panel members shall have 30 days to complete their review and communicate their findings to the chairperson of the NDIS Audit Review Panel. In the event any NDIS Audit Review Panel member is unable to perform their review within the 30 days, the Review Panel member shall notify the chairperson of the NDIS Audit Review Panel.

NDIS Procedures Board (Section 6.3)

The NDIS Procedures Board shall review all external QAS audits referred to it by the NDIS Custodian.

In instances in which the NDIS Audit Review Panel is unable to resolve a matter because of the NDIS Participating Laboratory’s failure to clarify its position or provide additional information, the NDIS Procedures Board shall send a written request to the Laboratory Director requesting the clarification or information within two weeks. In the event that the Laboratory Director does not respond to the request for clarification or information within the requisite timeframe, the NDIS Procedures Board shall notify the Laboratory Director in writing (with a copy to the appropriate Agency head) that the Participating Laboratory’s failure to respond within one week shall result in cancellation of that Laboratory’s access to NDIS in accordance with the DNA Identification Act of 1994.

In instances in which the NDIS Audit Review Panel found that the NDIS Participating Laboratory did not comply with the external QAS audit or QAS, the NDIS Procedures Board shall send a written request to the Laboratory Director requesting a response within two weeks. In the event that the Laboratory Director does not respond within the requisite timeframe, the NDIS Procedures Board shall notify the Laboratory Director in writing (with a copy to the appropriate Agency head) that the Participating Laboratory’s failure to respond within one week shall result in cancellation of that Laboratory’s access to NDIS in accordance with the DNA Identification Act of 1994.

Quality Assurance Standards

The QAS are one of the key sources of criteria for audits of CODIS‑participating laboratories. Two sets of standards have been instituted: (1) the Quality Assurance Standards for Forensic DNA Testing Laboratories effective October 1, 1998; and (2) the Quality Assurance Standards for Convicted Offender DNA Databasing Laboratories effective April 1, 1999. While we did not use the QAS as direct criteria for this audit, we did rely upon evaluations of QAS compliance completed by scientists within the DNA community for our assessment of QAS findings and trends. Consequently, we include here a general description of the QAS sections and the topics covered by each section.

  • QAS Section 3 addresses standards regarding a laboratory’s quality assurance program.

  • QAS Section 4 addresses standards governing a laboratory’s organization and management, including requirements for specific personnel roles and duties.

  • QAS Section 5 addresses standards governing personnel qualifications and responsibilities.

  • QAS Section 6 addresses standards governing facility security and quality control.

  • QAS Section 7 addresses standards governing evidence or sample control, security, and handling.

  • QAS Section 8 addresses standards governing validation of methods and procedures.

  • QAS Section 9 addresses standards governing the scope, quality control, and monitoring of analytical procedures.

  • QAS Section 10 addresses standards governing equipment calibration and maintenance.

  • QAS Section 11 addresses standards governing reports and corresponding case file records.

  • QAS Section 12 addresses standards governing reviews of analytical results, reports, and court testimony.

  • QAS Section 13 addresses standards pertaining to proficiency testing, including its nature, frequency, and documentation.

  • QAS Section 14 addresses standards pertaining to corrective action documentation and procedures.

  • QAS Section 15 addresses standards governing requirements for internal and external audits.

  • QAS Section 16 addresses standards governing laboratory safety.

  • QAS Section 17 addresses standards pertaining to outsourcing DNA analysis to a contract laboratory.


Footnotes

  1. Pub. L. No. 103-322 (1994); Pub. L. No. 108-405 (2004).

  2. Pub. L. No. 103-322 (1994).

  3. Pub. L. No. 108-405 (2004).


« Previous Table of Contents Next »