Report No. 02-01
November 2001
Office of the Inspector General
APPENDIX IV
OBJECTIVES, SCOPE, AND METHODOLOGY
Objectives
Our objectives were to determine whether the Department has:
- developed an effective plan for protecting its critical infrastructure;
- identified its physical mission essential infrastructure; and
- adequately assessed the vulnerabilities of its mission essential infrastructure and developed remedial plans to address the risks identified.
Scope and Methodology
The audit began in March 2001. The audit was performed in accordance with generally accepted government auditing standards, and included tests and procedures necessary to accomplish the audit objectives. Generally, our audit focused on three versions of the Department's critical infrastructure protection plan and its effort to identify its mission essential infrastructure:
- the Department of Justice Critical Infrastructure Protection Plan Version 1, dated November 11, 1998;
- the Department of Justice Critical Infrastructure Protection Plan Version 1.1, dated April 22, 1999;
- the Department of Justice Critical Infrastructure Protection Plan, Initial Operating Capability, dated April 24, 2000; and
- the Mission Essential Infrastructure, signed January 16, 2001.
Our work was performed at the offices of the IMSS within the Justice Management Division, located in Washington, DC.
To accomplish the audit objectives, we:
- reviewed PDD 63 as well as guidance on implementing PDD 63 issued by the Critical Infrastructure Assurance Office;
- reviewed PDD 67;
- interviewed personnel in the IMSS and SEPS within the Justice Management Division; and
- reviewed the three versions of the Department's critical infrastructure protection plan discussed above.