Combined DNA Index System Operational and Laboratory Vulnerabilities

Audit Report 06-32
May 2006
Office of the Inspector General

In planning and performing our audit of CODIS, we considered the FBI’s internal controls for the purpose of determining our auditing procedures. In addition, we evaluated the process used by the FBI to monitor the compliance of CODIS participants. The evaluation of the FBI was not made for the purpose of providing assurance on the internal control structure as a whole; however, we noted certain matters that we consider to be reportable conditions under the generally accepted Government Auditing Standards. Reportable conditions involve matters coming to our attention relating to significant deficiencies in the design or operation of the internal control structure that, in our judgment, could adversely affect the FBI’s ability to administer the CODIS Program. We noted deficiencies relating to the FBI’s administration of CODIS, specifically the use of self-certification alone as a control over NDIS-participant compliance with specific NDIS requirements, discussed in Findings I and III. We also noted deficiencies concerning the FBI’s monitoring of NDIS-participants’ compliance with the QAS and the tracking of instances of non-compliance, as discussed in Finding II. However, we did not consider these deficiencies to be a result of systemic internal control issues. Because we are not expressing an opinion on the FBI’s internal control structure as a whole, this statement is intended solely for the information and use of the FBI in administering CODIS.