In planning and performing our audit, we considered internal controls at DOJ components for the purpose of determining our auditing procedures. We also reviewed various controls over the payment processes at these components to develop an understanding of those processes. In addition, we conducted a limited review of the controls, including policies and procedures, which the OBDs, FPI, DEA, and ATF represented were in place to prevent improper payments. However, these reviews did not include an overall assessment or testing of the internal control structure. Therefore, these reviews were not made for the purpose of providing assurance on the internal control structure as a whole. However, we noted certain matters that we consider to be reportable conditions under generally accepted Government Auditing Standards.

Reportable conditions involve matters coming to our attention relating to significant deficiencies in the design or operation of the internal control structure that, in our judgment, could increase the risks for making improper payments or could hinder the implementation of cost-effective recovery audit programs. We noted deficiencies relating to the prevention of improper payments, discussed in Finding 1. We also noted deficiencies concerning the identification and recovery of improper payments, discussed in Finding 2. However, we did not consider these deficiencies to be a result of systemic internal control issues.

Because we are not expressing an opinion on the components’ internal control structure as a whole, this statement is intended solely for the information and use of JMD, OBDs, FPI, DEA, and ATF in overseeing each component’s compliance with the IPIA, and with implementing and administering a recovery audit program within each component.