Semiannual Report to Congress
April 1, 2005-September 30, 2005
Office of the Inspector General
While many of the OIG's audits, reviews, and investigations are specific to a particular component of the Department, other work spans more than one component and, in some instances, extends to Department contractors and grant recipients. The following audits, reviews, and investigations involve more than one Department component.
The Department's terrorism task forces - the Deputy Attorney General's National Security Coordination Council; the U.S. Attorneys' Anti-Terrorism Advisory Councils (ATAC); and the FBI's Joint Terrorism Task Forces (JTTF), the National Joint Terrorism Task Force, and the Foreign Terrorist Tracking Task Force - are responsible for coordinating and integrating intelligence and law enforcement functions to eliminate terrorist networks, prevent terrorist operations, and prosecute the perpetrators of terrorist acts. Their establishment within different components and with diverse membership is intended to allow the Department to more effectively use specialized expertise and create a coordinated counterterrorism effort nationwide.
The OIG's Evaluation and Inspections Division examined whether these terrorism task forces and councils were achieving their goals and whether gaps, duplication, and overlap existed in counterterrorism coverage. Our evaluation found that the task forces and councils generally were achieving their intended purpose by providing distinct, yet complementary, forums for investigating terrorist threats and sharing counterterrorism information, particularly among federal, state, and local law enforcement agencies. However, we also identified a series of management and resource problems affecting the operation of the task forces and advisory councils. Those problems included the need for more stable leadership among the task forces and councils, better training for participants, greater involvement by the DEA, additional resources, and increased coverage of remote areas.
The OIG report provided 28 recommendations to help the Department improve the operations of its various counterterrorism task forces and councils. Among the recommendations: 1) develop and implement national training plans for task forces and ATACs and a standard orientation program for new task force members; 2) increase the DEA's membership on JTTFs; 3) develop coordinated and consistent strategies to provide counterterrorism information and training to law enforcement and first responders in remote areas of the country; and 4) develop performance measures that assess the accomplishments of the task forces and their members in fulfilling the Department's counterterrorism strategy. The Department, FBI, DEA, Criminal Division, and Executive Office for United States Attorneys (EOUSA) generally agreed with the recommendations.
Section 1001 of the USA Patriot Act directs the OIG to receive and review complaints of civil rights and civil liberties abuses by Department employees, to publicize how people can contact the OIG to file a complaint, and to submit a semiannual report to Congress discussing our implementation of these responsibilities. In August 2005, the OIG issued its seventh report summarizing our Section 1001 activities.
The report, covering the period from January 1, 2005, to June 30, 2005, described complaints we received under this section, the cases we opened for investigation, and the status of these cases. During this period, the OIG identified 13 matters that we believed warranted opening a Section 1001 investigation or conducting a closer review to determine if Section 1001-related abuse occurred. Of the 13 new matters, the OIG retained 7 for investigation because the allegations were of a potentially criminal or egregious nature. For example, one new OIG matter involved a complaint from a former BOP correctional officer alleging that staff members referred to certain inmates as terrorists and displayed offensive posters depicting Muslim prisoners throughout the facility.
The OIG referred six matters that appeared to raise mostly administrative issues to Department components for further investigation or review and requested that the components report their findings to the OIG. The other complaints to the OIG either did not fall within the OIG's jurisdiction, raised management issues, or did not warrant further investigation.
In addition, the report discussed several OIG reviews undertaken in furtherance of our Section 1001 responsibilities, including an update on the OIG's December 2003 review of September 11 detainees' allegations of abuse at the Metropolitan Detention Center in Brooklyn, New York; an ongoing review examining the FBI's observations of alleged mistreatment of detainees in military facilities in Guantanamo Bay and Iraq; and an ongoing review of the FBI's erroneous identification of a latent fingerprint found on evidence from the March 2004 Madrid train bombing.
The Federal Information Security Management Act (FISMA) requires the Inspector General for each agency to perform an annual independent evaluation of the agency's information security programs and practices. The evaluation includes testing the effectiveness of information security policies, procedures, and practices of a representative subset of agency systems.
For FY 2005, the OIG's Audit Division reviewed the security programs of four major components within the Department - the FBI, BOP, DEA, and Justice Management Division (JMD). As part of our review, we also examined two classified systems - the FBI's Automated Case Support System and the DEA's El Paso Intelligence Center Information System - and two sensitive but unclassified systems - the BOP's Inmate Telephone System II and the DEA's El Paso Intelligence Center Seizure System. We will issue separate reports in December 2005 for each component and the four mission-critical systems we evaluated.
On October 7, 2005, we responded to an Office of Management and Budget (OMB) questionnaire with the results of our review, which generally found the Department performs oversight of its information systems and has developed, implemented, and is managing a Department-wide plan of action and milestone process. We also assessed the Department's certification and accreditation process, according to the OMB's response categories, as "good." However, we found weaknesses resulting in the implementation of the process to ensure that all of its systems are certified and accredited in accordance with the Department's guidelines.
Improper and erroneous payments are payments that should not have been made or were made for incorrect amounts because of errors, poor business practices, or intentional fraud or abuse. Recent estimates indicate that improper and erroneous payments exceed $45 billion annually throughout the federal government. Recent legislation, including Public Law 107-300, the Improper Payments Information Act of 2002, and 107-107, the National Defense Authorization Act for Fiscal Year 2002, require government agencies to conduct program inventories and assess the improper payment risk in each identified program. In addition, agencies annually must report on progress made in identifying and recovering improper payments.
The OIG's Audit Division assessed the Department's compliance with this legislation and evaluated its efforts to identify, prevent, and recover improper and erroneous payments. The audit assessed improper payments in the FBI, BOP, USMS, and OJP. The components were selected based on the dollar amount of vendor payments, compliance with reporting requirements, FY 2004 financial statement audit results, and current recovery audit activities. We found the following weaknesses: 1) risk assessments were not always adequate to completely measure the risk of improper payments; 2) risk assessments did not include analysis or consideration of any material weaknesses, reportable conditions, or non-compliance matters resulting from the components' annual financial statement audits; 3) improper payment reports did not always contain a complete description of the risk assessments performed; and 4) certain policies and procedures used to prevent improper payments were inadequate.
The audit also found that certain components failed to implement processes to determine the full extent of their improper payments, and none of the components audited had established a fully-documented program to recover improper payments. In addition, formalized guidance was not provided for the implementation of a Department-wide recovery audit program, and no official reporting mechanism was in place to allow oversight of component recovery audit activities on a periodic basis. The OIG provided 22 recommendations to the audited components and JMD. They concurred with all of the recommendations.
The Joint Automated Booking System (JABS) helps federal law enforcement agencies book, identify, and share information quickly about persons in federal custody. The Department's law enforcement components book offenders in their own automated booking systems by collecting fingerprints and photographs and recording information about the arrest and charges, the person's identity, address, physical description, and other information. However, JABS allows each participating agency to communicate electronically with the FBI's fingerprint system, the Integrated Automated Fingerprint Information System (IAFIS). IAFIS then matches JABS data against FBI information to identify offenders and responds electronically to the submitting offices.
The OIG's Audit Division assessed the status of JABS implementation throughout the Department. At the time of our audit, the JABS program had partially met its stated goals by: 1) automating the booking process for Department components, including providing an automated interface with IAFIS that ensures the rapid and positive identification of offenders at deployed locations; 2) enabling users to share information by viewing and printing information created by other components; and 3) establishing an offender tracking system. However, the JABS program had not:
Additionally, JABS had been deployed widely throughout the Department, but we found that not all Department arrests were recorded in the program and transmitted electronically to IAFIS. Our report contained six recommendations, including that JMD develop, document, and implement a plan to complete or revise the project goals to share and exchange information in ways that reduce redundant steps between components. Moreover, we recommended that JMD require all federal offenders arrested by Department components to be booked through JABS, develop a plan for the future expansion of JABS, and coordinate with the USMS regarding the need to deploy JABS to all USMS sites taking custody of federal arrestees. JMD agreed with our recommendations and is in the process of implementing them.
The Department's Security and Emergency Planning Staff (SEPS) has responsibility for managing background investigations on 27,000 of the Department's 103,000 employees. Primarily for staffing reasons, SEPS delegates to seven of the Department's components the responsibility for managing the background investigations of their employees. SEPS retains the responsibility to manage the background investigations for political appointees and attorneys in all components, plus all other employees in the components that do not have delegated authority. SEPS also issues all of the Department's national security clearances for access to the most sensitive classified information.
The OIG's Evaluation and Inspections Division examined SEPS's management of the Department's background investigations. Our review found that SEPS generally met federal regulatory requirements for adjudicating background investigations and responded to component needs for providing national security clearances for access to sensitive information. SEPS had achieved these results despite the fact that, after September 11, 2001, its workload of background investigation adjudications and information clearances more than doubled, but it received no additional resources.
However, the OIG reported that SEPS had not yet provided updated guidance or conducted adequate oversight of background investigations delegated to components. In addition, we found that SEPS did not have the capability to maintain electronic copies of background investigation files.
The OIG report contained six recommendations designed to improve SEPS's management of background investigations. The Department agreed to implement all of the recommendations.
The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require annual financial statement audits of the Department. The OIG's Audit Division oversees and issues the reports based on the work performed by independent public accountants.
The Department received a disclaimer of opinion on its FY 2004 financial statements, which was caused by the disclaimer on the OJP FY 2004 financial statements. The ATF received a qualified opinion on its FY 2004 financial statements, but this had no affect on the consolidated disclaimer. The other eight components received unqualified opinions on their FY 2004 financial statements. During this reporting period, we reaudited the FYs 2003 and 2004 financial statements of OJP and reissued these reports as unqualified opinions. This allows the Department to potentially earn an unqualified opinion for FY 2005, as it established audited beginning balances for OJP.
At the consolidated level for the FY 2004 financial statement audit, we reported two material weaknesses and one reportable condition, an increase of one material weakness from FY 2003. The new financial material weakness involved issues related to data quality, monitoring, and the methodology utilized to calculate OJP's grant accrual and advance. The other financial material weakness and the IT reportable condition are both repeat issues, although elements of the two findings varied from last year. The financial material weakness included additional OJP issues, the accounts payable accrual at the ATF, separation of duties issues at the USMS, and financial reporting and property issues at the FBI.
Our financial statement audits reported that the Department still lacks sufficient automated systems to readily support ongoing accounting operations and financial statement preparation. Many tasks still must be performed manually at interim periods and year-end, requiring extensive efforts on the part of financial and audit personnel. Most components' management systems are not integrated with their financial accounting systems, requiring manual reconciliations between the two systems to support amounts reported on the financial statements. These significant, costly, and time-intensive manual efforts will continue to be necessary for the Department and its components to produce financial statements until automated, integrated processes and systems are implemented that readily produce the necessary information throughout the year. We encourage the Department to continue its current efforts to implement a unified financial management system supported by consistent, standardized business practices across the Department.
The following table compares the FYs 2004 and 2003 audit results for the Department's consolidated audit as well as for the 10 individual (11 in FY 2003) components' audits, as adjusted for reissuance of OJP's FYs 2004 and 2003 reports.
Some Department portable computers can be used to store, process, and transmit classified information. However, before any computer is authorized to process classified information, the computer must be certified and accredited to operate according to a specific set of standards. In response to a November 2003 Department order, the Department's Chief Information Officer (CIO) developed and issued new standards for portable computers processing classified information.
The OIG's Audit Division examined policies and practices in the Department related to processing classified information on portable computers. Overall, we found that the CIO's Classified Laptop and Standalone Computers Security Policy contained three areas of concern: 1) it used references to policies that do not apply to portable or standalone computers that process, store, or transmit classified information; 2) it did not address the systems that process Classified National Security Information and Sensitive Compartmented Information separately; and 3) it included incomplete guidance and instructions.
Our report made 12 recommendations to assist the Department in improving its use of portable computers to process classified information. The recommendations included revising a policy to remove any references to statute, policy, or procedures that are not applicable to processing classified information; indicating what policy applies when classified portable computers are allowed to be connected to classified networks; and addressing systems that process Classified National Security Information independently from those that process Sensitive Compartmented Information.
We also recommended that the Department consider using two separate, removable hard drives for processing both classified and unclassified information on the same portable computer. We made additional recommendations related to the use of encryption, tracking devices, streamlining accreditation procedures, and sending alerts to systems administrators when classified devices are improperly connected to the Internet. The components that were a part of this audit concurred with all of the recommendations.
The USMS houses approximately 53,000 detainees throughout the nation and is responsible for their detention from the time they are brought into federal custody until they either are acquitted or incarcerated. To house the detainees, the USMS often executes Intergovernmental Service Agreements with state and local governments to rent jail space. According to the USMS, 75 percent of the detainees in USMS custody are detained in state, local, and private facilities.
During this reporting period, we completed an audit of an IGA that the USMS awarded to the Blount County, Tennessee, Sheriff's Office for the housing and transportation of federal detainees. The BOP also housed prisoners at the facility under the terms of the IGA between the USMS and the Sheriff's Office. Our audit determined that the Sheriff's Office's allowable costs did not support the jail daily rate paid by the USMS and the BOP for FYs 2003 and 2004 and the first 8 months of FY 2005. During this period, the USMS could have saved more than $1.2 million by paying the audit calculated rate instead of the rate it agreed to, while the BOP could have saved more than $36,000. In addition, the USMS could have saved more than $730,000 by paying the audit calculated rate for the period June 1, 2005, through September 30, 2005. The BOP could have saved over $17,000 by paying the audit determined rate for the same time period. Both the USMS and the BOP currently are preparing responses to the OIG.
The OIG is examining the Department's management of its IT investments and Enterprise Architecture. We are assessing the Department's progress in meeting the criteria for establishing a mature Enterprise Architecture and IT investment management process.
The OIG is conducting a review of polygraph examinations in the Department. The review will describe the administration and use of polygraph examinations among the Department's components and assess whether they are conducting polygraph examinations in compliance with federal and professional technical standards.