The Office of Justice Programs Convicted Offender
DNA Sample Backlog Reduction Grant Program
Report No. 02-20
May 2002
Office of the Inspector General
APPENDIX III
AUDIT CRITERIA
CODIS was first described and authorized in the DNA Identification Act of 1994 (Act). The Act, part of the Violent Crime Control and Law Enforcement Act of 1994, authorized the FBI to establish and maintain CODIS. That authorization limited records in CODIS to those that are: based upon analyses meeting the FBI's quality assurance standards, prepared by labs undergoing external proficiency testing every 180 days, and maintained by criminal justice agencies that limit the disclosure of the information to approved groups. Access to the national CODIS database is subject to cancellation if these requirements are not met and penalties of up to $100,000 can be assessed for unauthorized disclosure or receipt of DNA samples/information. Each Program grantee signs a Statutory Assurance Certification, stating that they will comply with the provisions of the Act, which in turn means that they must require their contractors to comply with the Act, since the contractors are doing the actual DNA analysis work.
The Act also established the DNA Advisory Board (DAB), an entity that was to compose standards for quality assurance with which CODIS-participating laboratories would have to comply and which the Director of the FBI could then formally institute. The DAB produced one of the key sources of our audit criteria, as described below.
A key source of criteria for our audits of the grantee and contractor laboratories is the quality assurance standards recommended by the DAB and formally instituted by the Director of the FBI. Although two sets of standards have been instituted, only the set specific to the analysis of convicted offender samples, the Offender QAS, applies to our audits.
The Offender QAS contains 130 elements, organized under 14 headings, of pertinence to our audits of the contractor laboratories. Not included in this count are the six elements found under one heading, which are only applicable to our audits of the grantee laboratories. The remaining headings are as follows:
The Quality Assurance Program: one should exist in writing and should contain the required categories of standards. This section contains 15 elements.
Organization and Management: key roles and duties should be accounted for in writing, including the interrelation between the DNA analysis personnel. This section contains 4 elements.
Personnel: personnel filling key roles should be properly educated, trained, and should be performing duties appropriate to their position. This section contains 24 elements.
Facilities: the physical design of the laboratory and additional controls should ensure the integrity of laboratory security and minimize contamination. This section contains 6 elements.
Sample Control: the laboratory should have a documented control system and necessary internal controls to implement it, to ensure the integrity of the offender samples. This section contains 5 elements.
Validation: the laboratory should take the required steps to demonstrate (validate) that it and its analysts are capable of using certain equipment and methods properly. This section contains 8 elements.
Analytical Procedures: every procedure used by the laboratory in the DNA analysis process, including equipment and supplies required in the process, should be detailed in writing and formally approved by laboratory management. This section contains 19 elements.
Equipment Calibration and Maintenance: the laboratory should establish a written program for ensuring that equipment used for DNA analysis receives regular calibration and maintenance. Such calibration and maintenance should be clearly documented and be based upon independent national standards. This section contains 8 elements.
Reports: the laboratory should have written guidelines for maintaining documentation that would thoroughly support the conclusions made in a report regarding case evidence. Reports should contain certain specified information and written policies should exist to govern the release of such information. This section contains 2 elements.
Review: administrative and technical reviews should be conducted of all reports and supporting documentation for all evidence, to ensure the quality of the conclusions and supporting documentation. The testimony of analysts in court should also be reviewed. This section contains 3 elements.
Proficiency Testing: those actively engaged in DNA analysis should complete an external proficiency test (a test from an outside agency or commercial test provider that measures an analyst's skill in performing DNA analysis correctly) every 180 days. Such tests should be reviewed and documented as delineated in the Offender QAS. This section contains 16 elements.
Corrective Action: written procedures should exist that govern documentation and resolution of errors made during DNA analysis or a proficiency test. This section contains 2 elements.
Audits: the laboratory should undergo an audit every year, and at least every other year this audit should be conducted by an external entity. This section contains 17 elements.
Safety: the laboratory should have and follow a written environmental health and safety plan (1 element).
The Offender QAS contains six elements found under one heading, titled "Subcontractor of Analytical Testing for which Validated Procedures Exist," of pertinence to our audits of the grantee laboratories. Among more general requirements, the elements specify on-site visits, random re-analysis of samples, inclusion of quality control samples, and visual inspection of data returned by the contractor.
The grant solicitation issued by OJP serves as another source of audit criteria for our audits of the eight grantee laboratories. Per the grant solicitation, Program grantee states were required to:
select a contractor laboratory that is accredited by ASCLD/LAB (see glossary) or certified by NFSTC (see glossary), select a contractor laboratory in accordance with state procurement policies, and select a contractor laboratory within 120 days of the award of the grant;
file timely (a) Financial Status Reports, (b) Progress Reports, (c) a quality control results report, and (d) reports of hits generated from offender and no-suspect samples analyzed under the grant;
comply with the section of the Offender QAS addressing oversight of a sub-contractor;
require the regular receipt of samples from the contractor laboratory (every 30 days);
require the contractor laboratory to provide data for all 13 core STR loci in common computer language; and
analyze no-suspect cases equal to 1 percent of the offender samples that the grant paid to have analyzed.