The Department of Justice's
Control Over Weapons and Laptop Computers
Report No. 02-31
Office of the Inspector General
At each component, we reviewed management controls and activities related to weapons and laptop computers. Specifically, we assessed the adequacy of purchasing, receipt and assignment, physical inventories, reporting of lost items, management action in response to lost items, return of equipment from separated employees, and disposal of weapons and laptop computers. In general, we found the basic control structure was similar at each of the components. However, procedures and activities varied from component to component, oftentimes with significant effects. For example, although the FBI's internal guidelines require inventory of all controlled personal property every two years, the last complete inventory was conducted before 1993. The results of our analysis of component controls follow.
At each of the components, we reviewed a judgmental sample of purchase documents to determine if purchased property was accounted for in the official property management system. We found shortcomings in the components' recording of purchased property. The following graphs display, by component, the percentage of tested purchased property not recorded (the INS data represents all types of property, not only weapons and laptop computers).
PURCHASE TESTING RESULTS
In our judgment, the failure to record property purchases in the official property records is a significant weakness because the unrecorded property is highly susceptible to loss or abuse. We believe the components can improve in this area by integrating or reconciling their accounting and property management systems.
Joint Financial Management Improvement Program (JFMIP)29 guidelines stress the importance of integrated systems to facilitate reconciliation and improve the accuracy and completeness of all financial records. Without system integration or reconciliation, property system accuracy and completeness is reliant upon the initiative and integrity of individual property custodians to record new property acquisitions into the property system.
During our testing, we reviewed the purchasing mechanisms employed by the components. At each, laptop computer purchases were decentralized; field offices were allowed to purchase machines using purchase orders, credit cards, or other means. In contrast, weapons purchasing was centralized at the DEA, FBI, and USMS. Each of these components had a firearms unit responsible for procuring and distributing component owned weapons. This centralization was an additional control imposed due to the sensitivity of these items and may have contributed to the fact that all weapons purchases tested at the DEA and FBI were accounted for in the property management system.
Purchasing at the BOP was decentralized; institutions and local offices were allowed to purchase weapons using credit cards. We recommended that the BOP prohibit this practice to further control its weapons inventory and the BOP has initiated corrective action. This additional control is warranted because weapons are possibly the most highly sensitive type of property due to their lethal nature. We discussed the establishment of a Department-wide guideline prohibiting the use of credit cards for weapons purchases with Department officials, who agreed that such a restriction was sensible.
Receipt and Assignment
Policies and procedures for receiving and assigning property varied at the components.30 To test the accuracy of system records and the receipt and assignment of property, we physically inspected a sample of property at each component. Generally, we located all selected property and noted only minor control weaknesses. None of the components' processes appeared better than the others, and therefore we do not endorse a particular system of procedures.
Protection/Security of Weapons - Our audits at the components revealed that specific policies regarding the storage of weapons varied.
Within Component Space: The most significant difference among storage policies within component space was noted between the BOP and the rest of the components. Due to the security required within BOP institutions, employees inside BOP correctional facilities are not allowed to routinely carry lethal weapons on their persons. Instead, firearms and other weapons are generally stored in a central armory. Weapons are temporarily assigned only during emergency situations or temporarily assigned to correctional officers to accomplish specific tasks such as hospital escort trips, bus transports, or target practice.
Although this stringent control may have contributed to the fact that the BOP had the lowest number and percentage of lost weapons (see charts on pages 6 and 8), it is not practical to institute this control at all components. The investigative missions of the other components require law enforcement personnel to routinely leave component space with their weapons.
Outside Component Space: The DEA, FBI, and USMS had different policies related to the storage of weapons in vehicles. The DEA had the most stringent policy: DEA regulations prohibit the storage of handguns in unattended government vehicles at any time. The FBI allows temporary storage of weapons in unattended vehicles, provided that the vehicle doors are locked, the firearm is contained in a secure device or container that cannot be removed easily from the vehicle, and circumstances prevent more secure storage. The FBI's policies caution that, even when properly secured, firearms should not be left in unattended vehicles overnight unless required by operational circumstances.
The USMS had the most lenient policy regarding the storage of weapons in vehicles. USMS guidelines allow for weapons to be stored in unattended vehicles as long as the vehicle is secured and the weapon is in a locked container. The policy does not set any limitations on the appropriate length of time that weapons can be stored in vehicles. Therefore, it is conceivable that weapons could be stored in vehicles for extended periods of time or even on an almost permanent basis.
Although the USMS had a minimal number of weapon losses, 3 of the 6 missing weapons were stolen from unoccupied vehicles or last seen in a vehicle. In addition, according to the DEA and FBI, at least 56 other weapons were reported stolen from vehicles. We believe that strengthening the security guidelines for weapons outside of component space could reduce the number of weapon losses.
Pooled Property and Specialized Equipment - The BOP, FBI, and USMS all had rapid response teams, each with an inventory of standard and specialized equipment to utilize in the event of an emergency. We considered this an area of importance because the extraordinary nature of these items would make them particularly harmful in the hands of the public. Generally, we found this equipment to be adequately protected and accounted for.
On September 11, 2001, we were on site at Camp Beauregard, Louisiana, when the USMS Special Operations Group received its mobilization orders to respond to the terrorist attacks. We observed the highly organized weapons storage system and their mobilization efforts. A noteworthy practice that the USMS utilized was to maintain equipment and supplies in pre-palletized, barcoded containers that could be easily transferred to a transport vehicle. As a result, the team and all needed equipment were mobilized very quickly in response to the terrorist attacks.
Physical Inventory Procedures
According to guidelines established by the Department,31 controlled personal property is property that because of its nature must be subject to more stringent control and be physically inventoried at least biennially.32 The Department's definition includes property: (1) costing $1,000 or more, (2) that due to its inherent attractiveness or portability is subject to a high probability of theft or misuse, or (3) that contains sensitive information or is sensitive in nature, such as weapons or communication equipment.
Within the components, the definition of controlled personal property varies. Weapons and laptop computers were generally categorized as controlled personal property, regardless of cost. However, at the time of our audit, the INS's definition of controlled personal property excluded property costing $1,000 or less,33 even those items with data storage capability (i.e., laptop computers). Further, the USMS maintained a supply of stun guns and stun belts that were not designated as controlled personal property. These items emit electrical charges to temporarily immobilize individuals. In our judgment, policies should be revised to ensure sensitive equipment such as laptop computers at the INS and stun guns and stun belts at the USMS are subject to physical inventory and inclusion in the official property management records.
The BOP had the strongest physical inventory policy; it required all controlled personal property to be inventoried every year. The policy at the DEA, FBI, INS, and USMS was to inventory controlled personal property at least every two years. In addition, the DEA, INS, and USMS required weapons to be physically inventoried annually. We found that the BOP and USMS were generally current in their physical inventories. However, the FBI had not completed a physical inventory of controlled personal property since before 1993. In the intervening years, the FBI had attempted to conduct inventories, but these were never completed. In our judgment, the FBI's chronic failure to complete physical inventories greatly undermined its ability to manage its assets and significantly contributed to the material losses of weapons and laptop computers reported (see charts on pages 6 and 8). In addition, DEA experienced difficulties completing inventories as required.
The inventory procedures utilized at the components were generally the same, except for the USMS which conducted its inventories on a continual basis. Thus, the entire USMS is not undergoing its controlled personal property physical inventory at the same time and work in the headquarters property office can remain at a more consistent level. This consistency minimizes inaccuracies by eliminating the taxing efforts associated with conducting and reconciling a physical inventory of the entire controlled personal property universe. The method also reduces the likelihood of other property management tasks being neglected.
We were surprised to find the components' overall lack of use of technology to aid them in conducting their physical inventories. Barcodes and scanners have been commonly used during physical inventories in the private sector for a long time. However, there have been only minimal efforts within the components to use barcode scanners in an effort to simplify inventory procedures. The FBI was the only component to make widespread use of barcode scanners; however, officials attributed many of the physical inventory delays to technological problems encountered with barcode equipment.
Reporting of Lost and Stolen Weapons and Laptop Computers
Each of the components required missing controlled personal property to be reported at various levels both within and outside the organization. The specific procedures and timetables for communicating the details and circumstances varied from component to component.
Initial Written Reports - All of the components required employees to report property losses. We found that the BOP and FBI imposed no timetable for reporting lost items, including weapons. Consequently, losses of a significant number of FBI weapons were not documented timely and initial loss reports ranged from the same day to 23 years after discovery of the loss. The average time for the loss to be reported in the FBI was 4.3 years.
Although the BOP did not have a time requirement, we did not detect severe reporting delays.34 However, at the BOP, as well as at the DEA, FBI, and USMS, we were unable to analyze the timing of some loss reports because in many instances the documents did not provide the date the loss was discovered. Generally, the forms did not have a field in which to record such data.
For those cases in which we could determine timeliness, the average reporting times for weapon and laptop computer losses appear in the following graphs.
NCIC Records - The National Crime Information Center (NCIC)35 is generally regarded by law enforcement agencies to be the primary nationwide mechanism for tracking stolen firearms. While the DEA, FBI, INS, and USMS required lost weapons to be entered into NCIC, the BOP did not. The following table displays the differences in policies and practices and the percentage of weapons not entered into NCIC.
COMPONENT REPORTING OF LOST WEAPONS TO NCIC
|DEA||YES||Within 48 hours||19|
|INS||YES||As soon as possible||73|
|USMS||YES||No time requirement||0|
DEA officials could not explain why the weapon losses were not entered into NCIC as each had been reported to local law enforcement for entry into the database. In response to our audit at the INS, officials explained that they were in the process of obtaining access to NCIC.
A notable policy at the FBI was to require that all losses of uniquely serialized government property be entered into NCIC, including laptop computers. In our judgment, this policy increases the potential for recovery of this type of sensitive equipment.
Reporting to SEPS - Department regulations36 require all components to submit a semiannual report to the Department's Security Officer summarizing losses of property that occurred during the previous six months. Each component's Security Programs Manager is required to prepare and submit the reports by January 31 and July 31 for the preceding six-month periods. We reviewed these reports and determined that they were incomplete, untimely, or not submitted. In general, component officials could not fully explain the discrepancies noted.
BOP: Generally, the semiannual reports were timely. However, they did not include 24 of the 27 lost or stolen laptop computers or the 2 missing weapons.
DEA: No reports for 1999 and 2000 were submitted and the first report for 2001 was submitted 36 days late. In addition, the DEA's records included four weapons reported as lost in 2001, but only one appeared on the semiannual report.
FBI: The reports for 2000 and 2001 were submitted from 6 to 106 days late. According to the FBI's inventory records, 232 functional weapons, 127 training weapons, and 152 laptop computers were reported lost or stolen during the periods covered by these reports. However, only 9 weapons and 26 laptop computers appeared on the semiannual reports.
USMS: The 2000 and 2001 reports were submitted approximately one month late. Two laptop computers, reported lost in 2000, were not reported to the Department.
In our judgment, these reports were unreliable. Further, the Department was not utilizing them as a means to assess the losses of sensitive property, as discussed on page 29.
Action on Lost and Stolen Weapons and Laptop Computers
According to Department guidelines, all components should establish a Board of Survey or alternative investigative mechanism (Board) to investigate the circumstances surrounding the loss, theft, damage, destruction, and other circumstances adversely affecting personal property. Based upon the recommendations of the Board, component heads are authorized to assess pecuniary liability and dispense disciplinary action.
All components had policies and procedures for referring losses to a Board or alternative investigative unit. We reviewed the referrals to the Boards, the timeliness of the Boards' reviews, and the actions taken as a result of the losses.
Board of Survey Referrals and Reviews - The components did not have consistent policies and practices related to Board referrals and reviews, and many reviews were not timely. Review times ranged from 6 to 588 days after the written loss report.
The USMS policy did not specifically require laptop computer or weapon losses to be referred to the Board for investigation. However, USMS officials stated that, in practice, all weapon losses are referred to the Board. In addition, at the time of our audit, the USMS Board of Survey had not met since November 2000 (16 months); as a result, 50 of the 62 weapon and laptop computer losses had not been adjudicated.
At the FBI, the Office of Professional Responsibility (OPR) provided evidence that only 71 of the 212 lost functional weapons were referred to its office for review.37 Further, only 10 of the FBI's 317 laptop computer losses had been referred. Prior to March 9, 2001, FBI policy did not require the routine reporting of lost or stolen laptop computers to the OPR. On March 9, 2001, the Director of the FBI issued a memorandum requiring employees to report all losses of laptop computers to OPR without exception.
INS policy required lost weapons to be reported to its Office of Internal Affairs (OIA) on the first working day after the loss. Between January 1, 1996, and September 30, 1999, the OIA received 45 referrals, while a total of 74 weapon losses were entered into NCIC.
The DEA required weapons-related property losses to be referred to its Board of Professional Conduct for investigation. We found that 15 of the 16 weapon losses had been referred and reviewed; the Board's decisions were rendered 61 to 431 days from the date of loss. The remaining instance involved an employee who had left the DEA and, as a result, the Board made no recommendation.
The BOP required all weapons and laptop computer losses to be referred to its Board for review. All losses were referred and reviewed and review times ranged from 6 to 588 days.
Management Action - After the Boards have completed their reviews, component heads are responsible for acting on the findings and recommendations. This can include assessing financial liability, pursuing collection, and implementing disciplinary action.
In total, we found evidence that only 15 of the 400 laptop computer losses (4 percent) and 41 of the 23638 weapon losses (17 percent) have so far resulted in recommendations for disciplinary action. These low percentages are primarily attributable to the fact that, as noted above, many losses have not been referred to or reviewed by the Boards. In our judgment, these numbers could suggest to employees that the components are not taking the loss of these items seriously and that there is a good chance that no action will be taken on sensitive property losses.
For those instances in which the Boards have completed their reviews, the percentage of cases in which disciplinary action was recommended is significantly higher. At the DEA, 10 of the 15 weapon losses (66 percent) reviewed by the Board resulted in disciplinary actions, including letters of reprimand and recommendations for suspensions without pay. At the FBI, 37 of 70 (53 percent) completed reviews of weapon and laptop computer losses resulted in disciplinary action; 11 investigations were pending at the time of our audit. Disciplinary actions included letters of censure and recommendations for suspensions without pay. Following review by the Board at the USMS, 9 of 12 weapon and laptop computer losses (75 percent) resulted in advisory letters to the responsible offices. The BOP did not execute any disciplinary action for the 29 weapon and laptop computer losses reviewed.
Return of Equipment from Separated Employees
Department guidelines39 stipulate that components must have effective procedures to provide assurance that assets do not leave the possession of the government. However, the components' procedures were not effective,40 and property assigned to departed employees was unaccounted for. For example, in June 2001, the FBI's Firearms Training Unit found that 31 weapons of separated agents could not be accounted for. About one month later, two FBI weapons were recovered at the scene of an accidental shooting. These weapons had been assigned to an agent who died in April 2001 and the FBI had not taken the appropriate steps to retrieve the firearms. In addition, we noted that the BOP, DEA, and INS also experienced problems regarding the return of property by separated employees.
The components must strengthen their procedures for retrieving and documenting the return of sensitive property from separated employees. This is an area in which controls can be strengthened and losses can be significantly minimized.
Disposal of Sensitive Property
Department regulations41 state that information technology systems that have processed, stored, or transmitted sensitive but unclassified and/or classified information shall not be released from a component's control until the equipment is sanitized and all stored information has been cleared. We tested laptop computer disposals at the components and found that the majority of the records at the BOP and the FBI did not specify the contents of the machines or contain a certification that all sensitive information had been removed. We believe that it is essential that this step be taken and documented to ensure that all sensitive information has been protected and that the public is not harmed through the disclosure of sensitive information.