Semiannual Report to Congress
October 1, 2005-March 31, 2006
Office of the Inspector General
While many of the OIG's audits, reviews, and investigations are specific to a particular component of the Department, other work spans more than one component and, in some instances, extends to Department contractors and grant recipients. The following audits, reviews, and investigations involve more than one Department component.
Section 1001 of the Patriot Act directs the OIG to receive and review complaints of civil rights and civil liberties abuses by Department employees, to publicize how people can contact the OIG to file a complaint, and to submit a semiannual report to Congress discussing our implementation of these responsibilities. In March 2006, the OIG issued its eighth report summarizing its Section 1001 activities. The report, covering the period from July 1, 2005, to December 31, 2005, described complaints we received under this section, cases opened for investigation, the status of these cases, and reviews we completed relating to our Section 1001 responsibilities.
The report provided an update on the discipline imposed by the BOP on corrections staff who worked at a federal prison in Brooklyn, New York, where we found abuse of detainees arrested in connection with the government’s investigation into the September 11 terrorism attacks. According to the BOP, discipline was imposed on 13 staff members: 2 were terminated from the BOP, 8 were suspended for periods ranging from 2 to 30 days, and 3 were demoted.
In addition, the report presented the results of an OIG review of the FBI’s reporting on possible violations to the President’s Intelligence Oversight Board (IOB). Under the process, FBI employees self-report potential violations to its Office of the General Counsel, which reviews the possible violations to determine whether reporting to the IOB is required. For FYs 2004 and 2005, the FBI reported to the IOB potential intelligence violations in 108 matters.
Examples of the 108 possible violations that the FBI reported to the IOB in FYs 2004 and 2005 include FBI agents intercepting communications outside the scope of the order from the Foreign Intelligence Surveillance Court, a special court created by FISA; FBI agents continuing investigative activities after the authority for the specific activity expired; and the FBI receiving information that was not requested by a National Security Letter. Not all possible violations were attributable solely to FBI conduct. According to the data we reviewed, third parties such as telephone companies were involved in or responsible for possible violations in at least one-quarter of the cases in both years we examined.
The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require annual financial statement audits of the Department. The OIG’s Audit Division oversees and issues financial statement audit reports based on the work performed by independent public accountants.
The Department received an unqualified opinion on its FYs 2005 and 2004 financial statements. The Department had previously received a disclaimer on its FY 2004 financial statements due to a disclaimer on the FY 2004 financial statements of Office of Justice Programs (OJP). However, due to restatements and re-audits of its FYs 2004 and 2003 financial statements, OJP obtained unqualified opinions on those two financial statements, as well as on its FY 2005 financial statements. Another component, ATF, had previously received a qualified opinion on its FY 2004 financial statements. ATF provided sufficient supporting documentation for its FY 2004 accounts payable accrual during FY 2005 to support unqualified opinions on its FYs 2005 and 2004 financial statements. The other eight Department components received unqualified opinions on both their FY 2005 and 2004 financial statements.
At the consolidated level, we reported two material weaknesses, compared to two material weaknesses and one reportable condition in FY 2004. Both material weaknesses in FY 2005 are repeat issues from the previous year, although the elements of the two findings varied from last year. The first material weakness involved serious issues at the component level, including the USMS’s internal control framework and management and recording of real property; OJP’s grant advance and payable estimation processes and financial reporting, monitoring, analysis, and documentation; ATF’s controls over its accounts payable accrual; and the FBI’s financial reporting and property control.
The second consolidated material weakness, which relates to information systems, was elevated from a reportable condition last year. We found new and continued deficiencies in 8 of the 10 components, as well as weaknesses in the Department’s consolidated information system general controls environment. We determined that general controls in place for the consolidated information system general controls environment were adequate to safeguard the programs and data files from unauthorized access and modification, except as noted in the overall reportable condition. Therefore, a moderate level of reliance can be placed upon the general controls associated with the consolidated information system general controls environment to promote financial statement integrity and reliability. However, the reportable condition summarized 13 issues categorized in the areas of security program, access controls, and system software. We provided 14 recommendations for improving the consolidated information system general controls environment, including monitoring background investigations and reinvestigations for contractors and employees, reviewing the Justice Secure Remote Access system audit logs at a minimum of once per week, implementing the Department’s Information Technology Security Standard 3.1, and implementing the required vendor security patches on all hosts.
At the component level, the total number of material weaknesses was unchanged from 10 in FY 2004. However, the number of reportable conditions decreased significantly from 13 in FY 2004 to 8 this year. Two components, the DEA and the Federal Prison Industries, Inc., had no material weaknesses, reportable conditions, or compliance issues.
We reported that the Department still lacks sufficient automated systems to readily support ongoing accounting operations and financial statement preparation. In addition, a shortage exists of trained financial management personnel available to perform certain internal control functions related to the financial reporting process. This shortage inhibits the ability of both Department and component management to assess financial reporting risk; design, communicate, and implement appropriate control activities; and monitor the financial reporting process. Many tasks still must be performed manually at interim periods and at year’s end, requiring extensive efforts on the part of financial and audit personnel. These significant, costly, and time-intensive manual efforts will continue to be necessary for the Department and its components to produce financial statements until automated, integrated processes and systems are implemented that readily produce the necessary information throughout the year. We agree with the Department’s efforts to obtain funding to implement a unified financial management system, supported by consistent, standardized business practices across the Department.
The table below compares FYs 2005 and 2004 audit results for the Department’s consolidated audit as well as for the 10 individual component audits.
The Department’s IT budget for FY 2005 is $2.2 billion for 320 systems, including 22 major systems that cover more than one Department component. To more effectively manage its IT investments in compliance with legislation and regulations, the Department is in the early stages of developing Enterprise Architecture and Information Technology Investment Management (ITIM) processes.
The OIG’s Audit Division performed an audit to determine if the Department is effectively managing its Enterprise Architecture and ITIM efforts. The OIG has identified IT systems planning and utilization as one of the Department’s Top 10 Management Challenges, and the Department has faced significant obstacles in meeting this challenge.
Our audit found that the Department is in the process of developing both Enterprise Architecture and ITIM processes based on Department-developed frameworks, and the Department has begun to improve its oversight and guidance of the components’ Enterprise Architectures and ITIM processes. However, additional oversight is needed to ensure the success of the Capability Delivery Model and the IT Strategic Management (ITSM) framework.
We made seven recommendations for improving the Department’s IT management, including completing the Department-wide Enterprise Architecture, providing guidance to components for the development and maintenance of Enterprise Architectures, tracking and reviewing the development of component-level Enterprise Architectures, implementing the phases outlined by the ITSM framework, ensuring that components requiring ITIM processes develop them, assisting components in developing and implementing ITIM processes, and establishing a clear schedule for completing the ITSM framework and a mature ITIM process. The Department concurred with all of our recommendations.
The Federal Information Security Management Act (FISMA) requires the OIG for each agency to perform an annual independent evaluation of the agency’s information security programs and practices. The evaluation includes testing the effectiveness of information security policies, procedures, and practices of a representative subset of agency systems. To oversee the implementation of policies and practices relating to information security, the Office of Management and Budget (OMB) has issued guidance to agencies for their FISMA requirements.
For FY 2005, we reviewed the security programs of four major components within the Department: the FBI, BOP, DEA, and Justice Management Division. We also reviewed four component mission-critical systems: the FBI’s Automated Case Support (classified system), the DEA’s El Paso Intelligence Center Information (classified system), the BOP’s Inmate Telephone System II (sensitive but unclassified system), and the DEA’s El Paso Intelligence Center Seizure (sensitive but unclassified system). We submitted a response to the OMB questionnaire on October 7, 2005, which provided updated information about the overall effectiveness of the Department’s IT security program. Separate reports will be issued in FY 2006 for each component and system evaluated.
The following are examples of cases involving more than one component that the OIG’s Investigations Division investigated during this reporting period:
As directed by Congress, the OIG is evaluating whether investigations conducted by the Department’s crime task forces are well coordinated to ensure officer safety; avoid duplication of effort; and assist state, local, and tribal efforts to reduce violent crime. The review will focus on the FBI’s Safe Streets Task Forces, ATF’s Violent Crime Impact Teams, DEA’s Mobile Enforcement Teams, and USMS’s Regional Fugitive Task Forces during FYs 2003, 2004, and 2005.
In accordance with the requirements of the Department’s FY 2006 Appropriations Conference Report, the OIG was directed to compile and present to the House and Senate Appropriations Committees an inventory of major Department IT systems and report on research, plans, studies, and evaluations that the Department has produced, or is in the process of producing, concerning its information systems. In response the OIG is conducting: 1) an unaudited report of the Department’s major IT system investments by investment title/component, investment description, implementation status, and FYs 2005 through 2007 actual and projected costs; 2) an audited verification of the information detailed in the unaudited report; and 3) a report providing details on the Department’s research, plans, studies, and evaluations along with an analysis identifying the depth and scope of the problems the Department has experienced in the formulation of its IT plans.
The OIG is reviewing the FBI’s progress toward achieving interoperability between its Integrated Automated Fingerprint Identification System (IAFIS) and two automated fingerprint systems of the Department of Homeland Security (DHS), the Automated Biometric Identification System (IDENT) and the U.S. Visitor and Immigrant Status Indicator Technology. The review will assess actions the FBI and the Department have taken since the OIG’s December 2004 report on the status of IDENT/IAFIS integration.
The Department measures its counterterrorism efforts in part by reporting terrorism-related statistics in its performance plans and statistical reports. The OIG initiated an audit to determine if Department components and the Department as a whole accurately report terrorism-related statistics.
The Integrated Wireless Network (IWN) is intended to link approximately 80,000 federal, state, and local law enforcement officers and public safety agencies in a secure interoperable wireless service that provides consolidated nationwide integrated communications in support of law enforcement, first responder, and homeland security requirements. The OIG is evaluating the Department’s planning and contracting for the IWN by determining whether: 1) the Department has the structure and process in place to manage and control costs and schedules, 2) the Department’s assessment of the vendors’ technical and management capabilities ensure that the vendors are able to carry out the project successfully, and 3) legacy communication systems comply with the National Telecommunications and Information Administration’s requirements.
The OIG is reviewing the grant closeout processes used by COPS, OJP, and Office on Violence Against Women. In conducting the audit, the OIG will determine whether the grant closeout processes are adequate to ensure that expired grants are closed in a timely manner; grant funds are drawn down in accordance with federal regulations, Department policy, and the terms and conditions of the grant; and remaining grant funds are deobligated prior to closeout.