We completed a follow-up audit of the FBI’s control over weapons and laptop computers. The purpose of the follow-up audit was to assess whether adequate corrective action had been taken on findings and recommendations in the August 2002 audit report. Those recommendations stated that the FBI should: (1) revise its policy for protecting equipment from loss and for disciplining employees when they do not follow FBI policy; (2) establish deadlines for reporting, documenting, and investigating losses, (3) ensure that the FBI conducts periodic inventories of weapons and laptop computers; (4) reconcile the property records to the financial records; (5) ensure that departing employees return all property that was entrusted to them; and (6) improve documentation showing that excess property had been properly disposed. The FBI agreed with these recommendations and outlined a plan for taking corrective action.

We performed the follow-up audit in accordance with the Government Auditing Standards and included such tests of the records and procedures that we considered necessary. Our testing covered the period between February 1, 2002, and September 30, 2005.

We obtained an understanding of the control environment for weapons and laptop computers from the Property Procurement and Management Section of the Finance Division at FBI headquarters. We performed on-site audit work between October 2005 and June 2006 at FBI headquarters (including the Training Academy at Quantico, Virginia) and at field offices in New York, New York; Miami, Florida; Los Angeles, California; Chicago, Illinois; and Washington, D.C.

To examine the FBI’s efforts to identify lost and stolen weapons and laptop computers, we obtained a list of all such losses that occurred since February 1, 2002, and reviewed the available files and the circumstances surrounding those losses. We also obtained DOJ Semi-annual Reports of lost or stolen property that were submitted to the DOJ Security Officer. For lost or stolen weapons, we queried NCIC to determine if those losses had been reported and if weapons had been subsequently recovered. We also queried the ATF National Tracing Center database to determine if any of those weapons had been recovered through subsequent law enforcement activities.

For laptop computers, our objective was to determine if the loss resulted in compromised classified or sensitive information. We could not independently verify the sensitivity of the information due to the loss of the machines. Therefore, we relied on assertions from the Reports of Lost or Stolen Property (Form FD-500) submitted for each lost or stolen laptop to ascertain whether classified or sensitive information was comprised.

In addition to the testing detailed above, we: (1) reviewed applicable laws, policies, regulations, manuals, and memoranda; (2) interviewed appropriate personnel; (3) tested internal controls; (4) reviewed property and accounting records (with an emphasis on activity since February 1, 2002); and (5) physically inspected property. We tested internal controls pertaining to weapons and laptop computers in the following areas:

• purchasing and recording in the official property database, the PMA;

• receipt and assignment, including weapons and laptop computers not assigned to specific individuals (pooled property), specialized equipment, and the return of items from separated employees;

• physical inventories, including separation of duties; and

• disposals, including property record deletions.

We tested these controls through a sample from the 52,263 weapons and 26,166 laptop computers reported in the PMA as of November 2005. In total, we reviewed 974 items, including 497 weapons and 477 laptop computers. Details about the universe from which these samples were taken and about the samples themselves may be found in Appendix II. Our tests also included:

• samples of weapons and laptop computers purchased between February 1, 2002, and September 30, 2005, as recorded in purchase documents, to ensure that the items were recorded in the PMA;

• samples of pooled property to ensure that the property was accounted for and the records reflected the correct status;

• samples of weapons and laptop computers found during an on-site inventory at each audited FBI location to ensure that the item was accurately reflected in the PMA; and

• samples of weapons and laptop computers assigned to FBI personnel to ensure the items were accounted for and the property records were complete (staff testing).

The samples described above are delineated by test, property type, and location, in the table in Appendix II. We also reviewed the documentation between February 1, 2002, and September 30, 2005, related to 50 former FBI personnel, to determine if all weapons and laptop computers were returned. Moreover, we reviewed disposal actions initiated between February 1, 2002, and September 30, 2005, to ensure these actions were adequately supported.