In early 1995, the Assistant Attorney General for Administration (AAG/A) requested that the Inspections Division, Office of the Inspector General (OIG) and the Asset Forfeiture Management Staff (AFMS), provide information concerning implementation of the Consolidated Asset Tracking System (CATS) as of January 1, 1995. On August 21, 1995, following completion of the status review, members of the OIG team briefed the AAG/A and members of his staff on our results. The AAG/A requested that the OIG perform additional work to determine user satisfaction with CATS. We conducted a user survey in the Fall of 1995 in response to the AAG/A's second request. This report summarizes the results of the status review and the follow-up user survey. Our scope and methodology are provided in Appendix I.
With the enactment of the Organized Crime Control Act of 1970 and the Comprehensive Drug Abuse Prevention and Control Act of 1970, the Department of Justice (DOJ) began using asset seizure and forfeiture as law enforcement tools against drug trafficking and organized crime. In the ensuing years, additional legislation has further enhanced the importance of asset forfeiture. The Comprehensive Crime Control Act of 1984 broadened the DOJ's forfeiture activities by establishing the Assets Forfeiture Fund. It also authorized equitable sharing of Federal forfeiture proceeds with state and local law enforcement agencies.
The Comprehensive Crime Control Act of 1984 gave the DOJ the necessary legal authority to institute a national asset forfeiture program. The DOJ Asset Forfeiture Program provides the means for the federal government to seize real and personal property and monetary instruments (cash, stocks, bonds, etc.), used or acquired through illegal activities, and to take the assets or proceeds from sale of the assets and distribute them for use in federal, state, local and international law enforcement activities.
Subsequent asset forfeiture legislation including the Anti-Drug Abuse Acts of 1986 and 1988; the Financial Institutions Reform, Recovery and Enforcement Act of 1989; the Customs and Trade Act of 1990; and the Crime Control Act of 1990 have provided additional authority to the program. The Anti-Drug Abuse Act of 1988 required the Attorney General and the Secretary of the Treasury to coordinate and consolidate a plan for post-seizure administration of assets between the DOJ and the United States Customs Service (USCS).
In 1989, the Attorney General reported the asset forfeiture program as a material weakness in the Annual Federal Managers Financial Integrity Act Report to the President. Also in 1989, the Office of Management and Budget (OMB) designated the Federal asset forfeiture program as one of its 100 "high risk" programs requiring close OMB oversight. The General Accounting Office (GAO) also found problems with the program and designated the management of seized and forfeited assets, including both the DOJ and the USCS operations, as one of the 14 program areas in the Executive Branch warranting special audit and review.
The Attorney General, in an October 30, 1989 memorandum, stated that the program had outgrown the informal systems and control processes that functioned previously and needed closer coordination of forfeiture activities at the highest levels of the Department. In an effort to address these program management concerns, the Executive Office for Asset Forfeiture (EOAF) was established to oversee all aspects of the Department's forfeiture program.
In addition to EOAF, the DOJ's asset forfeiture program initially consisted of six other DOJ components and five non-DOJ organizations. The EOAF handled program planning, policy development, coordination and oversight. The United States Attorneys' Offices and the Criminal Division's Asset Forfeiture Office conducted the program's litigation activities, while the investigative responsibilities were handled by the Drug Enforcement Administration (DEA); the Federal Bureau of Investigation (FBI); the Immigration and Naturalization Service (INS); the United States Park Police (USPP); the United States Postal Service (USPS); and three Department of the Treasury (Treasury) organizations: the Internal Revenue Service (IRS); the Bureau of Alcohol, Tobacco and Firearms (ATF); and the United States Secret Service (USSS). The United States Marshals Service (USMS) was given responsibility for controlling seized assets from the time of the seizure through the storage and final disposition of the assets.
A reorganization plan, submitted to the Attorney General on April 30, 1991, formally proposed the establishment of EOAF as a permanent organizational entitywithin the Office of the Deputy Attorney General. [ Prior to the establishment of the Department's EOAF, the DOJ's asset forfeiture program functioned under the direction of the Associate Attorney General.] The reorganization became effective on October 1, 1991. The Attorney General left basic operational responsibilities with the DOJ components, but mandated that EOAF establish uniform procedures for documenting and processing forfeiture actions, recommending any reorganization or transfer of function needed to achieve an efficient and effective DOJ forfeiture program and implementing a single DOJ forfeiture information system.
A formal system requirements analysis and feasibility study was completed in late 1990. The study concluded that it was in the best interest of the asset forfeiture program to proceed with a consolidated asset forfeiture information system. Based on this study, the Deputy Attorney General approved, in September 1990, the Program Charter for the development of a system, the Consolidated Asset Tracking System, that would perform a number of specific tasks. The Deputy Attorney General also directed the EOAF to use the Assets Forfeiture Fund to proceed with the design and development of the system. CATS was supposed to:
· Track assets through their entire life cycle from seizure to final disposition.
· Provide consistent, modern technology among the agencies to perform tasks that were previously done manually and make automated tasks more efficient.
· Provide current information to field personnel on the status and results of their cases and tie all program offices together into a national telecommunications network.
· Integrate financial analysis capabilities with the inventory management process and provide a rational process for estimating program income and expenses.
· Provide a formal basis for assessing staffing requirements and a capability for agency and Department managers to review asset forfeiture program activity on a continuous basis.
The feasibility study estimate for developing the system was $24 million. However, this amount did not include the development and implementation of the telecommunications network that CATS would require. The EOAF projected that the system would be implemented by December 1992. A CATS User Group was created to assist the EOAF and to ensure that all DOJ and non-DOJ system users were represented during system development. In October 1990, the Deputy Attorney General requested that agencies participating in the CATS program (hereafter referred to as "participant agencies" or "agencies") designate a representative capable of understanding and evaluating the effect that key decisions might have on his or her agency's forfeiture program and be in a position to ensure that any necessary policy changes would be implemented in his or her agency. The EOAF also required participant agency validation of the system at each stage of development.
All agencies, with the exception of the USPP, were requested to detail personnel to the project team for the duration of the project, or for a minimum of 6 months, in order to provide continuity and make agency expertise available to the project. The USPP has no forfeiture authority and its seizures are adopted by the FBI for forfeiture action. Based on this, the USPP has no requirements for CATS other than the ability to view the status of its cases adopted by the FBI. Therefore, no representative was requested or furnished from the USPP.
As part of the system development process, a government contractor developed a proposed physical model that documented the functions, data elements, forms and reports that would be part of CATS. In 1991, the program management staff conducted a two-week conference for the system users to inform and train them on the proposed physical model's contents and functions.
Following the conference, the users were required to sign a "CATS Proposed Physical Model Review Sign-Off Sheet." The users certified that CATS (as depicted in the proposed physical model and with the problem issues that were raised during the conference successfully resolved) would meet the needs of their agencies' asset forfeiture programs. To further ensure that CATS would meet the information requirements of the participant agencies' asset forfeiture program, the Director of EOAF requested that a high-ranking official from each of the agencies sign an affirmation memorandum stating that CATS, based on the proposed physical model, would meet the information requirements of the asset forfeiture program in his or her agency. By the Spring of 1992, all participant agencies, with the exception of the USSS and the USPP, affirmed that CATS would meet their asset forfeiture information needs. Although the USSS was one of the original participant agencies, a USSS representative told us that the USSS did not sign an affirmation sheet because it did not participate in the initial development phase of CATS in 1990. The USPP did not sign an affirmation sheet because, as noted previously, it has no forfeiture authority.
In September 1993, the Directors for the EOAF in the Departments of Justice and the Treasury (EOAF-T), signed a memorandum of understanding stating that both agencies agreed to employ common automated systems and telecommunications services for administering their respective asset forfeiture programs and supporting related enforcement functions. The memorandum further stated that ". . .it is the mutual objective of the [DOJ and the Treasury] to support CATS' evolution as the single asset forfeiture system for all Federal forfeiture programs. To that end, both Departments agree to develop, implement, manage, operate, enhance and support CATS as the primary automated system used by all agencies participating in the Justice Assets Forfeiture Fund and the Treasury Forfeiture Fund for asset tracking and management."
In May and July 1994, at the request of the Deputy Attorney General, EOAF prepared two decision coordinating papers that again evaluated the status of the DOJ asset forfeiture program and presented organizational options for the oversight and management of EOAF. In the Fall of 1994, the Deputy Attorney General made a decision to reorganize EOAF. The reorganization received Congressional approval in December 1994 and resulted in the division of EOAF functions between the Criminal Division and the Justice Management Division (JMD). EOAF's policy and oversight functions, as they pertain to the asset forfeiture program activities, were reassigned from the Deputy Attorney General to the Criminal Division's Asset Forfeiture Office. The Deputy Attorney General placed the administrative management and operational functions, which included the development of the consolidated asset forfeiture information system, under a new office in JMD, the AFMS. The Director, AFMS is responsible for the development, implementation, operation and contract support of CATS, as well as oversight of the system and the CATS User Group. See Table I for a synopsis of asset forfeiture program actions.
|TABLE I - HISTORY OF ASSET FORFEITURE PROGRAM ACTIONS|
|DATE OF ACTION||ASSET FORFEITURE PROGRAM ACTION|
|1970||With the enactment of the Organized Crime Control Act and the Comprehensive Drug Abuse Prevention and Control Act, the DOJ began using asset seizure and forfeiture as a law enforcement tool against drug trafficking and organized crime.|
|1984||The Comprehensive Crime Control Act of 1984 broadened the DOJ's forfeiture activities by establishing the Assets Forfeiture Fund (AFF). The Act also gave the DOJ the necessary legal authority to institute a national asset forfeiture program.|
|1986-1990||Subsequent asset forfeiture legislation, including the Anti-Drug Abuse Acts of 1986 and 1988; the Financial Institutions Reform, Recovery and Enforcement Act of 1989; and the Customs and Trade Act of 1990, provided additional authority to the asset forfeiture program.|
|1989||The Attorney General reported the asset forfeiture program as a material weakness. Additionally, the OMB designated the Federal asset forfeiture program as one of its 100 "high risk" programs requiring close OMB oversight.|
|OCTOBER 1989||The Attorney General established the EOAF to oversee all aspects of the DOJ's forfeiture program.|
|1990||GAO designated the management of seized and forfeited assets as one of 14 areas in the Executive Branch warranting special audit and review.|
|1990||The Crime Control Act of 1990 required the Attorney General and the Secretary of the Treasury to coordinate and consolidate a plan for post-seizure administration of assets between DOJ and USCS.|
|SEPTEMBER 1990||The Deputy Attorney General approved the Program Charter for the development of a consolidated asset tracking system.|
|LATE 1990||A formal information requirements analysis and feasibility study was completed.|
|1991||In April 1991, the Deputy Attorney General proposed establishment of EOAF as a permanent organizational entity within the Office of the Deputy Attorney General. The reorganization was effective in October 1991.|
|SEPTEMBER 1993||Memorandum of Understanding signed by the DOJ and Treasury to employ common automated systems and telecommunications services for administering their respective asset forfeiture programs and supporting related enforcement functions.|
|MAY & JULY 1994||At the request of the Deputy Attorney General, the EOAF prepared two decision coordinating papers evaluating the status of the asset forfeiture program and presented organizational options for the oversight and management of EOAF.|
|FALL 1994||The Deputy Attorney General decided to reorganize EOAF.|
|DECEMBER 1994||Congress approved the reorganization of EOAF. EOAF functions were divided between the Criminal Division and the JMD and the AFMS was established.|
Source: Asset Forfeiture Management Staff, Justice Management Division, Department of Justice.
Office of the Inspector General and General Accounting Office Reports
Between April 1990 and August 1995, the OIG issued five inspection reports focusing on various aspects of the DOJ's asset forfeiture program. Among these reports was a June 1992 report titled "Coordination of the DOJ Asset Forfeiture Program by the Executive Office for Asset Forfeiture (EOAF)" and a March 1994 report titled "The Executive Office for Asset Forfeiture Consolidated Asset Tracking System." The 1992 report suggested that the EOAF enhance its oversight role and take all necessary steps to ensure the successful implementation of the new Computerized Asset Tracking System, later known as the Consolidated Asset Tracking System (CATS). The 1994 report noted that, "the overall intended outcomes for CATS appear attainable. However, there has been slippage of the scheduled implementation date and obligations have exceeded the initial budget estimate."
Between September 1990 and November 1995, the OIG issued 15 audit reports consisting primarily of audited financial statements and management report letters for the various funds supporting the DOJ asset forfeiture programs. A September 1990 report titled "Management of Seized and Forfeited Assets in the Department of Justice" found that the DOJ lacked accurate, consolidated information on seized and forfeited assets and stated that the absence of accurate, consolidated information and the presence of duplicative information systems produced a number of adverse effects. The report concluded that management was not effectively monitoring or evaluating the forfeiture initiative at the DOJ or agency level.
In 1990, the GAO began reviewing and reporting on the Federal program areas it considers high risk because they were particularly susceptible to waste, fraud, abuse and mismanagement. In 1990, the GAO identified 18 high risk areas, one of which was the asset forfeiture programs of the DOJ and Treasury. In February 1995, GAO reported that, "Justice and Treasury are pursuing consolidation of asset tracking systems. Both departments have agreed to develop . . . and support [CATS]. The CATS is intended to be the primary automated system for asset tracking and management used by all agencies participating in both the Justice and Treasury asset forfeiture program . . . ."
The 1995 GAO report continued, "The success of a single automated tracking system is dependent on the participation of all agencies, including [USCS]. We encourage Justice and Treasury to continue to . . . pursue options for consolidation, such as their efforts with CATS." See Appendix II for a list of the OIG inspection and audit reports and the GAO reports cited above.
RESULTS OF THE CATS STATUS REVIEW
The Deputy Attorney General transferred responsibility for the CATS program to JMD beginning January 1, 1995. The AAG/A requested that we work with the AFMS to collect documentation on the status of CATS implementation in the following areas: CATS software, system security, procurement actions, system costs, current problems pertaining to site preparation and data conversion, training, planned migration to an open system environment, and the roles and responsibilities of the various contractors involved in the CATS project.
With the assistance of JMD staff, we collected data in each of these areas. We found that, although a number of problems existed, user satisfaction was critical to successful system implementation. We identified other issues including program costs, contract monitoring and system security classification that were affecting full system implementation. We briefed the AAG/A and members of his staff on the results of the review in August 1995.
We conducted interviews with AFMS officials, CATS User Group representatives and asset forfeiture program managers in the DEA, the USMS and the IRS. We also spoke with representatives of the USCS--a Treasury agency with significant asset forfeiture responsibilities--to determine the agency's reasons for not participating in CATS. During our interviews, we were told that ongoing problems with the DEA and USMS had adversely affected system implementation. Additionally, we were told that the IRS was withdrawing from CATS.
During our review, we identified several issues that have contributed to a lack of user satisfaction among some CATS participant agencies. The issues that participant agencies most often commented on were (1) implementation delays, (2) information requirements not being met and (3) the lack of site preparation coordination. In addition, agency representatives mentioned several other issues that contributed, to a lesser degree, to a lack of user satisfaction. These issues include a lack of standard operating procedures defining participant agencies' roles in CATS, the absence of timely data conversion from participant agencies' asset forfeiture systems (legacy systems) into CATS and the necessity of entering data into both legacy systems and the CATS data base. We reported these issues to AFMS officials. They also stated that an additional issue the AFMS faces is the lack of contractor security clearances. Contractors are required to have appropriate security clearances prior to arriving at CATS sites. However, in some instances, contractors have arrived at sites without the appropriate clearances. As a result, contractors could not enter the work sites and installations had to be postponed and rescheduled.
The delays in implementing CATS have been a concern for many agencies participating in the project. The CATS Program Charter, approved by the Deputy Attorney General in September 1990, projected that the system would be implemented by December 1992. In March 1994, we issued an inspection report on CATS, noting that, at that time, the system was not yet fully operational and the estimated implementation date had been revised to October 1994. In early 1995, the Director of the AFMS stated that the planned CATS implementation date had been revised again to December 1995.
The DEA and USMS asset forfeiture program managers we interviewed stated that they, too, had been told the planned date for full system implementation was December 1995. They were concerned because CATS implementation had been delayed and they did not believe that the AFMS had the staff available to ensure CATS would be implemented by December 1995. The managers did state, however, that they believed that the AFMS was making a concerted effort to correct implementation delays. The CATS was not fully implemented as of December 1995 and the AFMS now projects full CATS implementation by the Spring of 1997. [ The full implementation date for CATS has remained a moving target throughout this review. The latest date was provided during a June 1996 meeting with the CATS project staff. This date was reaffirmed at the September 1996 exit conference.]
The IRS expressed concerns similar to those of the DEA and USMS. The IRS, which was an original CATS participant agency, withdrew from the project in July 1995. The Chief of the IRS Asset Seizure and Forfeiture Section sent a letter to the AFMS stating that IRS was withdrawing from the CATS project because, among a number of other reasons, ". . .the CATS installation process is significantly behind schedule and will not be available nationwide in the foreseeable future."
Information Needs Not Met
The DEA and USMS representatives told us that CATS was not meeting their information needs. Specifically, the DEA representative said that CATS requires the input of data that DEA does not capture because its legacy system does not require the same information. The USMS representative said that CATS does not generate the ad hoc reports it sometimes requires.
The IRS representative noted that CATS was not providing the type of information the IRS requires for its end of year reports and the system cannot compile and produce the information and reports the IRS needs to comply with the reporting requirements of the Chief Financial Officers Act of 1990. In July 1995, the IRS ceased site preparation and installation of CATS equipment and informed the AFMS that any further IRS participation in CATS would depend on whether an electronic bridge could be established between its tracking system and CATS.
An AFMS representative told us that the USCS had been invited to participate in the CATS program. However, a USCS representative we spoke with stated that from the beginning her agency knew it could not use CATS. USCS needed an asset tracking system that tied into its accounting system because of its financial reporting requirements. As CATS development and implementation progressed, USCS would then consider linking its system with CATS. The USCS is developing its own Seized Asset and Case Tracking System (SEACATS).
According to the CATS Project Manager, the CATS data base contains the information the IRS needs to meet the reporting requirements of the Chief Financial Officers Act of 1990; however, she acknowledged the information cannot be compiled and produced in the report format the IRS requires. She also stated that the IRS' withdrawal has caused additional implementation delays because AFMS had to reconfigure the system at locations where IRS had been a CATS telecommunications hub site. Throughout the CATS project, the participant agencies with the largest concentrations of data communications equipment, typically the DEA and in some cases the IRS, have served as centralized telecommunications centers; i.e., hub sites, for a specific area. If an agency can no longer serve as a hub site, as in the case of the IRS, the system must be reconfigured and a new hub site designated.
In a September 1995 letter to the IRS, the Executive Office for United States Attorneys, writing on behalf of the Attorney General's Advisory Committee and the United States Attorneys, expressed concern about the IRS' decision to withdraw from CATS. According to the Advisory Committee, the IRS' withdrawal from CATS will have a particularly negative impact on the asset forfeiture program in the United States Attorneys' offices because the IRS is the lead agency for many judicial asset forfeiture cases. To mitigate the impact of the IRS' withdrawal, AFMS is funding a contract employee to input and update IRS assets in CATS.
In a September 26, 1995, response to the Attorney General's Advisory Committee and United States Attorneys, the IRS stated that the USCS recently received final approval and funding from the Treasury Forfeiture Fund to proceed with its SEACATS. The letter also noted that a Treasury official stated that it is ". . .hopeful that SEACATS will become the system of record for the seized and forfeited property of all Treasury enforcement bureaus." The IRS' letter also stated that, "This step, in conjunction with the prior [EOAF-T] decision to remove all seized property from [DOJ] control further obviates the interdepartmental aspects of CATS."
Changing Agency Requirements
The CATS Project Manager told us that continual changes in agency system requirements have been a major roadblock to the timely implementation of CATS. She said that, although agencies signed an affirmation stating that CATS would meet their specific needs, these same agencies continue to request changes and additions to the system (such as, software enhancements, relocation of CATS equipment and changes in the number of system users).
The CATS Project Manager stated that during the initial system development, each participant agency was requested to detail one representative to the project to ensure CATS, when completed, would meet the needs of each agency. She stated that some agencies, such as the INS and FBI, were responsive to this request, while others, such as the DEA, were not. She added that it was important for participant agencies to provide representatives during the program development phase to ensure the final product would meet the asset forfeiture needs of the individual agencies. Although participant agencies' representatives initially certified that the system would meet their needs, the requirements have changed substantially since their 1991 acceptance of the proposed physical model.
Obtaining Reimbursable Work Authorizations
Before any on-site work can be done in a General Services Administration (GSA) controlled building, a Reimbursable Work Authorization (RWA) is required between the tenant agency and the GSA. The AFMS representative responsible for working with the GSA to obtain RWAs stated that he considers any site requiring a RWA to be a "problem site" because of the time and coordination of intra-agency effort required.
Lack of Site Preparation Coordination
Representatives of the DEA, USMS and EOAF-T complained that site preparation work had not been properly coordinated. For instance, contractors did not have specific work orders, lacked appropriate security clearances and frequently did not schedule their visits. The DEA and USMS officials stated that, due to a lack of coordination among participant agencies, CATS contractors and the AFMS, on numerous occasions, contractors arrived at work sites without office floor plans and work orders specifying work to be completed. These officials also stated that contractors often arrived unannounced at agency CATS site locations. In some cases, CATS equipment was not yet on-site and, as a result, rescheduling was required.
Lack of Contractor Security Clearances
Obtaining security clearances for contractor personnel has also delayed system implementation. For example, DOJ used a Treasury telecommunications contractor, Computer Systems Corporation (CSC), to install the CATS telecommunications network. The CATS Project Manager stated that, although Treasury required that all installers receive a security clearance prior to being allowed to work on-site, Treasury had not confirmed the contractor complied with this requirement. The DOJ and Treasury agencies denied access to some installers at CATS site locations because they were not cleared and, as a result, site visits had to be rescheduled.
Lack of Cooperation
When we interviewed the CATS Project Manager in 1995, she stated that AFMS would not meet the December 1995 implementation deadline, in part, due to acrimonious relationships that affected the implementation of the system as originally envisioned. For example, she cited numerous problems involving the DEA. These problems include DEA's temporary withdrawal from the project and DEA's refusal to admit CATS contractors to its Houston and Dallas site locations. These delays, in turn, required AFMS to redesign the system ensuring DEA is no longer a CATS telecommunications hub site. The CATS Project Manager stated that these problems have significantly delayed system implementation. In September 1995, the AFMS requested that DEA clarify its commitment to the implementation of CATS. DEA responded, in October 1995, that it had ". . . always been a staunch supporter of this project and will ". . . work hand in hand with AFMS to accomplish its goal."
The DEA and USMS representatives we spoke with also expressed several other concerns that they have with CATS. Their concerns focused on the lack of (1) coordination between contractor personnel, the AFMS and CATS participant agencies, (2) timely conversion of data from participant agencies' asset forfeiture systems and specific time frames for completion of data entry into CATS, (3) standard operating procedures defining participant agencies' roles in CATS and (4) maintaining legacy systems. While CATS is being implemented, the DEA and the USMS must enter data into both their legacy systems and the CATS data base. The DEA and the USMS representatives told us that they believe the AFMS will be addressing these concerns.
In 1990, the initial cost estimate for implementation of CATS was $24 million. According to the CATS Project Manager, this did not include the development and implementation of the telecommunications network that CATS would require, later estimated at $20.5 million. The CATS Project Manager stated that the cost of developing and implementing the network was not included in the initial estimates because the EOAF believed that the Department's telecommunications services staff would develop and implement the network. In a November 1993 memorandum to the Attorney General, EOAF estimated $12 million in additional costs primarily due to expanded user requirements, bringing the total to $36 million. During our status review, data showed that CATS had cost about $62.4 million through the end of
FY 1994, which included some telecommunications costs. Based on a schedule provided by the AFMS and an expected implementation date by the end of FY 1996, the AFMS estimated the costs of CATS implementation through FY 1996 to be an additional $43.8 million. This will bring the total estimated cost of system implementation to $106.2 million at the end of FY 1996. The CATS staff estimated that $45 million of the total costs will be for telecommunications development and installation.
Based on a revised implementation date of the Spring of 1997, we believe that the total cost will increase. The future cost of CATS will increase as further system enhancements and changes to sites and users occur. The AFMS estimated the original cost of the system based on approximately 2,000 users, 500 sites and 60 data entry screens. However, additional agencies (ATF, USPP and USSS) and new functions were added to CATS after its initial design. At the time of our 1994 inspection, the system requirements had essentially doubled, with CATS featuring about 150 screens and being installed in about 1,000 sites with 4,000 users. In July 1995, an AFMS official estimated that when CATS is fully implemented, it will feature approximately 150 screens (an increase of 150 percent over original projections) and will be installed in about 1,200 sites (an increase of 140 percent over original projections) with approximately 3,000 users (an increase of 50 percent over original projections). [ In June 1996, the CATS Project Manager told us that when CATS is fully implemented, it will feature approximately 375 screens and will be installed in about 754 sites with approximately 1,900 users.] An AFMS official told us that the number of users may fluctuate as some participant agencies change their resource commitment to CATS.
The cost of CATS' design and development, which is funded through the Assets Forfeiture Fund, has continued to rise since the system's inception in 1990. For example, the original $24 million cost estimate for the system (not including telecommunications network costs later estimated at $20.5 million), was based on 2,000 users, 500 sites and 60 screens. The current cost estimate through FY 1996 is $106.2 million, based on 3,000 users, 1,200 sites and 150 screens. System enhancements and fluctuations in the number of users, sites and screens are legitimate explanations for increased cost estimates. Also, when agencies' requirements change, it can result in either technical or software modifications which, in turn, affect costs. Despite the substantial cost increase, none of the officials we interviewed cited the escalating cost of the system as a concern for their agency. We believe that the reason officials did not cite escalating costs as a concern is because the CATS design and development is funded through the Assets Forfeiture Fund, not appropriated funds.
CONTRACT AND SECURITY ISSUES
Difficulty in monitoring the large number of contracts involved in the CATS project and questions concerning the security classification of the system have also affected the implementation of CATS.
Many DOJ contracts, interagency agreements and reimbursable agreements have been used to obtain the required services and equipment for CATS. During our status review, the AFMS financial manager said that it is a difficult task to monitor the many different contracts associated with CATS, particularly the non-DOJ contracts. Furthermore, we believe that because AFMS has not developed a firm site implementation schedule, its ability to effectively coordinate contractor deliverables may be limited. See Table II for the contracts supporting CATS and Table III for the cost of each contract as of the end of FY 1994.
The AFMS financial manager also told us that there is always a potential risk that a contractor will not meet its obligations and the contract may have to be terminated. Should this type of situation arise with CATS, it would most likely mean implementation delays. We reported on just such an occurrence in our 1994 review of CATS. In July 1992, the initial CATS integration and telecommunications contract with Cincinnati Bell Information Systems, Incorporated (CBIS) was terminated for the convenience of the government and no usable product was delivered. As a result, the
CATS program office had to select a replacement contractor and implementation of CATS was delayed 10 months. Because of the large number of contracts now in use for the CATS program, and because some of them are not direct DOJ contracts, close monitoring by the AFMS is especially critical.
II - CONTRACTS SUPPORTING CATS
|VENDOR||LEAD AGENCY||AREA OF RESPONSIBILITY||PROCUREMENT TYPE|
|THE LEARNING GROUP (TLG)||OPM||Training||Reimbursable agreement with OPM|
|PRC [ PRC was previously known as the Planning Research Corporation.]||NAVY||Systems integration and testing||Reimbursable agreement with Navy|
|COMPUTER SCIENCES CORPORATION (CSC)||TREASURY||Tele- communications network||Memorandum of Understanding with Treasury|
|WESTCO AUTOMATED SYSTEMS AND SALES, INCORPORATED (WESTCO) [WESTCO and SYSTEMHOUSE have switched contractor and sub-contractor roles.]||JMD||ADP technical and support services||8 (a) Vendor; Contract awarded by JMD; initial subcontractor-Systemhouse. Systemhouse was a subcontractor of WESTCO.|
|SYSTEMHOUSE FEDERAL SYSTEMS,
[WESTCO and SYSTEMHOUSE have switched contractor and sub-contractor roles.]
|USPS||Software development and maintenance||Memorandum of Understanding with USPS. WESTCO was a subcontractor of Systemhouse.|
|JUSTICE DATA CENTER (JDC)||JMD||Mainframe computer usage.||Reimbursable agreement with JDC.|
|DYNCORP, SUPPORT SERVICES DIVISION (DYNCORP)||JMD||Administrative support services.||JMD awarded contract.|
|DYNAMIC DECISIONS, INCORPORATED||JMD||Equipment purchase||8 (a) Contract awarded by JMD.|
Source: Asset Forfeiture Management Staff, Justice Management Division, Department of Justice.
- CATS CONTRACTOR COSTS AS OF FISCAL YEAR 1994
SOURCE:Asset Forfeiture Management Staff, Justice Management Division.
The proper security classification of CATS has been an unresolved issue for some time. Representatives of JMD's Computer and Telecommunications Security Staff (CTSS), who are responsible for reviewing and approving security plans for computer systems used for sensitive information processing, told us that they believed the system should be classified as sensitive. The CTSS contended, further, that if CATS is classified as sensitive, it would require additional security measures not currently incorporated in the system.
System security plans for CATS, which were completed by EOAF in 1993 and 1994, indicated that the system should be classified as sensitive. This classification was based on the system protection requirements table found in the system security plan that is used to describe information sensitivity. The Director of AFMS stated that it is important to understand the difference between system sensitivity and data sensitivity. The AFMS has concluded in the most recent system security plan, dated December 23, 1994, that "CATS information is not sensitive as it relates to the confidentiality requirement because the information can be obtained by individuals through other sources." However, the security plan further states that ". . .unauthorized or unintentional modification of CATS data could embarrass DOJ; therefore, the system is categorized as sensitive because of integrity and availability security requirements and concerns."
As of August 1995, the CTSS had not yet completed a system certification review of the December 1994 submission, but representatives of CTSS told us that if a system contains sensitive information, such as probable cause statements and tax information, it should be classified as a sensitive system. The CTSS believed that the system contained sensitive information and therefore the system should be classified as sensitive.
In November 1995, the CATS Security Officer stated that the AFMS and the CTSS determined that the current security measures for CATS were sufficient and the security issue had been resolved. The CATS Security Officer said that the system will not be classified as sensitive and the Acting Deputy Director of CTSS confirmed that the security issue had been resolved, "with AFMS certifying CATS internally." At that time, we were unable to obtain from either source, documentation clearly explaining how the security issue was resolved. During our status review, a DEA official stated that his agency was entering sensitive data into CATS. Specifically, he stated that the DEA is entering probable cause statement information into the system and that he believed CATS should be classified as a sensitive system. He stated that if CATS was not classified as a sensitive system, the DEA would reconsider the level of their participation in the program. In October 1995, the DEA reaffirmed its commitment to CATS, while noting that program security issues still need to be addressed.
In September 1996, the inspection team reviewed documentation provided by the AFMS and conducted additional interviews with the Acting Deputy Director for the Information Management and Security Staff (IMSS), successor to the CTSS, and found that the system certification process has not been completed and that the system security classification issue has not been resolved.
The Acting Deputy Director, IMSS stated on September 24 and 25, 1996, that the IMSS has still not reviewed and approved the revised CATS System Security Plan as required by DOJ Order 2640.2C and that the appropriate system security certifications were not obtained. He stated that CATS cannot be fully implemented and operational without approval of the system security plan by the IMSS. It is our opinion that a definitive and final resolution of this matter is required and that the Director, AFMS, in conjunction with the IMSS, should expeditiously complete the system certification process, resolve the CATS system security classification issue and document this resolution.
The participant agencies' representatives that we interviewed during our status review were dissatisfied with the continual delays in implementing CATS, the system's inability to meet their agencies' information needs and a lack of site preparation coordination. We believe that these issues are important because they reflect serious problems with CATS. Further, the withdrawal and potential withdrawal of Treasury agencies threatens the success of a consolidated asset forfeiture system. This is important because CATS is an essential element of the Congressionally-mandated consolidated asset forfeiture program.
The explanation that changing agency requirements have contributed to implementation delays and increasing costs is undoubtedly true to some extent. However, in our opinion, the AFMS, in an attempt to address agency requests, has spent more time addressing agency specific, detailed concerns, rather than broad systemwide problems, such as installation of a telecommunications network. By continually allowing participant agencies to request changes to the system, we believe that the AFMS has lost sight of the overall goal of implementing a consolidated asset tracking system within a reasonable time frame.
The CATS Project Manager stated that if the primary philosophy of CATS was to have the system fully implemented by an established date, the AFMS would have made different decisions regarding the development of the system. The Director, AFMS stated that CATS was intended to unify the asset forfeiture community and, as a result, the design and development of the system focused on meeting end user needs -- not implementing the system according to a set schedule. We question the wisdom of this philosophy. Our interviews with agency asset program managers revealed that implementation delays have alienated, rather than unified some users. With most design and development work completed, we believe that the AFMS should implement the remaining phases of CATS according to a specific schedule and budget. The system will be considered implemented when all participant agencies' sites are fully operational.
Program costs for CATS have escalated significantly since the inception of the project. System implementation costs, which were originally estimated at $24 million plus telecommunication costs originally estimated to be an additional $20.5 million - or a total of $44.5 million - had risen to a total of an estimated $106.2 million at the end of FY 1996. The $106.2 million includes system implementation costs of $61.2 million and telecommunications costs of an estimated $45 million. While we accept the fact that system enhancements and changes in the number of users, sites and screens legitimately affect system costs, we do not believe that these adjustments fully explain the dramatic rise. In our opinion, there appears to be no real incentive to assess how money is being expended in developing and implementing CATS.
We believe that funds for developing and implementing CATS have been readily available because funding for the project is provided by the DOJ's Assets Forfeiture Fund and not from individual participant agencies' appropriated funds. In our opinion, as a result of this situation, there is no incentive for participant agencies to assist the AFMS in containing costs associated with system development and implementation.
From our limited review, we did not assess how effectively the AFMS was monitoring the many contracts used on the CATS project. Further, the security classification of the system, which has been an issue of debate within JMD for some time, has yet to be fully determined. Although we were told that the misunderstanding about the system's proper security classification has been resolved, the final resolution has never been documented or provided to us.
At the conclusion of our status review, we briefed the AAG/A and members of his staff. We told the AAG/A that, based on original schedule and cost estimates, CATS was seriously behind schedule and significantly over budget. We advised the AAG/A of the need to assess the viability of CATS. We suggested that he set measurable goals and meaningful milestones for CATS implementation, conduct a survey to determine user satisfaction with CATS and determine the security classification of CATS at full system implementation.
Further, because interagency cooperation is essential for the success of a consolidated system, the AAG/A should attempt to facilitate a dialogue between the DOJ and Treasury regarding the future cooperation and coordination of the CATS project.
At the conclusion of our briefing for the AAG/A, he requested that we conduct a user survey to obtain more information on CATS user satisfaction. We conducted the user survey as requested and the results follow.