While many of the OIG’s audits, reviews, and investigations are specific to a particular component of the Department, other work spans more than one component and, in some instances, extends to Department contractors and grant recipients. The following describes OIG audits, reviews, and investigations that involve more than one Department component.
Reports Issued
Overtime Payments to FBI and Other Department Employees Deployed to Iraq and Afghanistan
The OIG’s Oversight and Review Division examined allegations that FBI employees deployed to Iraq received overtime pay in excess of the amounts permitted under federal pay statutes, federal regulations, and FBI policies. We determined that FBI employees, prior to 2008, uniformly claimed overtime for working 16 hours per day for every day of their 90-day tours in Iraq. However, although many FBI employees in Iraq worked long hours under difficult circumstances, few if any worked 16 hours a day, every day, for 90 days straight within the meaning of the term “work” as defined in applicable regulations and policies. Our report estimated that FBI employees deployed to Iraq received millions of dollars in excess overtime payments that were not allowable under federal pay statutes, federal regulations, and FBI policies.
In an effort to maximize compensation for FBI employees who volunteered for Iraq duty, the FBI’s Counterterrorism Division encouraged or condoned the practice of employees routinely reporting all waking activities in Iraq, up to 16 hours per day, as “work” on their time and attendance forms. The OIG determined that the FBI inappropriately permitted employees to regularly claim overtime for activities that are not compensable as “work,” such as time spent eating meals, exercising more than 3 hours per week, and socializing.
In 2008, the FBI began requiring its employees to report their time more accurately. Based on the reduced hours reported by FBI employees in 2008, the OIG estimated that from 2003 through 2007 the FBI paid its employees in Iraq approximately $6.4 million in excess overtime that was not permitted by federal regulations governing overtime pay. The report also estimated that agents received approximately $1.4 million in excess Sunday pay.
The OIG also found that FBI special agents who already receive “availability pay” – a 25 percent premium above their regular salary – for unscheduled overtime also claimed overtime pay for hours spent “standing by” or “on call” waiting for assignments. Federal pay regulations prohibit paying special agents overtime for such duty because they already receive availability pay for this purpose. In addition, the FBI violated federal regulations and FBI policy when it shifted the regular work week for employees in Iraq from Monday through Friday to Sunday through Thursday in order to obtain additional Sunday pay for FBI employees. Changing the regular work week schedule enabled FBI employees to claim a 25 percent bonus for 8 hours of regularly scheduled “Sunday work.” Although federal regulations and FBI policy permit employees to switch work weeks under certain circumstances, we found that those circumstances did not exist in Iraq.
Based on a more limited review, the OIG found similar time and attendance practices for FBI employees deployed in Afghanistan, as well as for the small number of ATF, DEA, and USMS employees deployed in Iraq and Afghanistan. Although the FBI issued several guidance documents in 2008 intended to clarify how FBI employees deployed to Iraq and Afghanistan should report their time, this guidance failed to correct some of the improper pay practices.
The OIG report recommended bringing FBI pay practices in Iraq and Afghanistan into compliance with applicable federal regulations. The FBI agreed that its employees received excess overtime payments, and said it plans to implement the OIG’s recommendations.
The OIG’s Evaluation and Inspections Division reviewed the Department’s implementation of the Sex Offender Registration and Notification Act (SORNA), which requires the Department to take steps to help identify, arrest, and prosecute sex offenders who violate registration laws and to improve the quality of information available to law enforcement and the public about registered, non-compliant, and fugitive sex offenders. The OIG review found that, although implementation of SORNA was not yet complete, the Department’s efforts have led to more investigations and arrests of fugitive sex offenders. However, we also determined that information in the national sex offender registries was incomplete and inaccurate.
The FBI maintains the National Sex Offender Registry, which is used primarily by law enforcement agencies, while the Office of Justice Programs (OJP) maintains an online portal linked to all states’ public sex offender registries, which is used mainly by the public to search for information in any of the states’ public registries.
We found that the registries that make up the national sex offender registration system are inaccurate and incomplete. The registries are missing records, existing records often fail to identify known fugitives, and the records often do not contain sufficient information to enable law enforcement or the public to accurately identify registered, non-compliant, or fugitive sex offenders. Further, some state data systems were incompatible with the FBI’s system, causing records to be rejected or lost when those states attempted to update registry records. As a result, neither law enforcement officials nor the public can rely on the registries for accurately identifying registered sex offenders, particularly those who are fugitives.
The OIG recommended that the Department and its components provide additional assistance to state, territorial, and tribal jurisdictions to ensure that information in the national registries is accurate and complete. Department components concurred with the recommendations and are taking steps to implement them.
The Department’s Litigation Case Management System
The OIG’s Audit Division examined the Department’s progress toward developing a Department-wide Litigation Case Management System (LCMS). Our audit concluded that the LCMS project, which the Department began in 2004, is more than 2 years behind schedule, approximately $20 million over budget, and at significant risk of not meeting the Department’s requirements for litigation case management.
Each of the Department’s litigating divisions maintains their own case management system, and these individual systems are unable to share information with other Department case management systems. The Department began the LCMS project to develop an information technology (IT) infrastructure for effectively storing case information once, managing it centrally, and making it available to the approximately 14,500 authorized users in the Department’s seven litigating divisions.
The Department initially estimated the LCMS would be implemented in the EOUSA and USAOs by March 2008, with implementation in the six other litigating divisions by December 2010. The Department now estimates that the LCMS will not be fully implemented in EOUSA and USAOs until July 2010, more than 2 years later than estimated and only 5 months before the initial estimated completion date for all seven litigating divisions. The Department also initially estimated that the primary contract to develop and implement the system would cost approximately $42 million, of which about $35 million was for implementation of the LCMS in EOUSA and USAOs. However, as of January 2009 the Department estimated the cost of implementing the LCMS in EOUSA and USAOs at about $61 million, 75 percent higher than the initial estimate and $18 million more than the initial estimated cost of implementing the LCMS in all seven litigating divisions.
Because implementation of the LCMS in EOUSA and USAOs is significantly behind schedule and over budget, the Department has postponed any further work related to the other litigating divisions and does not have current schedule and cost estimates for completing the LCMS in the other divisions. Moreover, we found that officials in the remaining six litigating divisions are uncertain that the LCMS will meet their needs.
The OIG review found that causes for the delays and budget overruns included: 1) the requirements planning process was not effective, and requirements were modified and added after significant work had been done; 2) system integration and user acceptance testing revealed severe defects, including data migration errors, access restrictions, and other errors that required an extensive amount of time to correct; and 3) the Department’s oversight efforts identified severe difficulties the contractor was having meeting the schedule and cost requirements, but the Department’s actions did not minimize the schedule and cost overruns.
We concluded that both the Department and the contractor share responsibility for the significant delays and budget overruns in this project. We recommended that the Department’s Chief Information Officer reevaluate the viability of implementing the LCMS in the other litigating divisions. The Department agreed with our recommendation.
The Department’s Management of IT Security Vulnerabilities
The Federal Information Security Management Act (FISMA) requires the Inspector General for each federal agency to perform an annual independent evaluation of the agency’s information security programs and practices. The evaluation includes testing the effectiveness of information security policies, procedures, and practices of a representative subset of agency systems. To oversee the implementation of policies and practices relating to information security, the Office on Management and Budget (OMB) has issued guidance to agencies for their FISMA requirements.
In May 2008, the Department received an “A+” from the House Committee on Oversight and Government Reform for its efforts to successfully document required IT security processes. However, the grade did not assess whether the Department has actually implemented these processes, nor did it assess the actual security of the Department’s IT systems.
During this reporting period, the OIG’s Audit Division assessed the Department’s efforts to manage its IT security vulnerabilities and found that, while the Department has implemented sound processes and procedures for identifying IT vulnerabilities, it has not fully implemented procedures to remedy the vulnerabilities. Our audit concluded that the Department lacks effective methodologies for tracking the remediation of identified IT vulnerabilities, applying Department-wide remedies for known vulnerabilities, and ensuring that monthly system scans cover the Department’s entire IT environment. These vulnerabilities increase the risk of unauthorized users gaining access to Department IT systems and potentially compromising sensitive Department information.
We made four recommendations to assist the Department in its efforts to address IT vulnerabilities, and the Department agreed with each.
Federal Information Security Management Act Audits
As part of the FISMA requirements, for FY 2008 the OIG audited the security programs of four Department components: the FBI, ATF, DEA, and Justice Management Division (JMD). Within these components, we selected for review two classified systems within the FBI and three sensitive but unclassified systems: ATF’s Arson and Explosives Incident System, DEA’s Validation Integrity and Penetration Response System, and JMD’s Automated Configuration and Engineering System.
In these five audits, we identified deficiencies in configuration management, privacy program leadership, and security awareness training. We provided more than 25 recommendations for improving implementation of the Department’s information security program and practices for its sensitive but unclassified, classified, and national security systems.
Civil Rights and Civil Liberties Complaints
Section 1001 of the USA Patriot Act directs the OIG to receive and review complaints of civil rights and civil liberties abuses by Department employees, to publicize how people can contact the OIG to file a complaint, and to submit a semiannual report to Congress discussing our implementation of these responsibilities. On February 12, 2009, the OIG issued its 14th report summarizing its Section 1001 activities covering the period from July 1, 2008, to December 31, 2008. In addition to describing the number of complaints we received under this section and the status of investigations conducted by the OIG and Department components, the report summarized the findings of our audit of the FBI’s Terrorist Threat and Suspicious Incident Tracking System, which falls under our civil rights and civil liberties oversight responsibilities.
The Section 1001 report also described several ongoing OIG reviews and audits examining civil rights/civil liberties-related issues that are expected to be completed in the coming months: review of the Department’s involvement with an NSA surveillance program, follow-up on the FBI’s watchlist nomination process, and investigation of the FBI’s use of exigent letters.
The Department’s Financial Statement Audits
The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require annual financial statement audits of the Department. The OIG’s Audit Division oversees and issues the reports that are based on the work performed by independent public accountants. During this reporting period, we issued the audit report for the Department’s Annual Financial Statement for FY 2008.
The Department received an unqualified opinion on its FYs 2008 and 2007 financial statements. At the consolidated level, the Department had two significant deficiencies, both of which were repeat issues. The first significant deficiency related to weaknesses in the general and application controls for five of the Department’s nine reporting components. The Department’s other significant deficiency related to financial reporting and consisted of several serious but isolated issues, including the USMS’s financial accounting and reporting quality-control and assurance and funds management controls; ATF’s accounts payable process; FBI’s financial reporting process; OJP’s grant advances and grant de-obligation process; Offices, Boards and Divisions’ preparation, review, and approval of journal entries; and Assets Forfeiture Fund and Seized Asset Deposit Fund’s financial reporting environment, obligations and disbursements controls, and seized and forfeited property controls.
However, the Department has continued making progress in its financial management systems and has continued addressing the major problems identified in our previous annual financial statement audits. For example, at the component level the number of material weaknesses decreased from four in FY 2007 to one in FY 2008. We concluded that the Department and its components deserve significant credit for these improvements.
The Department still does not have a unified financial management system to readily support ongoing accounting operations and preparation of financial statements. As discussed in past years, we believe the most important challenge facing the Department in its financial management is to successfully implement an integrated financial management system to replace the disparate and, in some cases, antiquated financial systems used by components.
In the FY 2008 consolidated Report on Compliance and Other Matters, no instances of significant non-compliance with applicable laws and regulations or other matters were identified during the audit. Although instances of non-compliance were reported at some of the components, the consolidated auditors determined that none of the component level non-compliance issues caused the Department as a whole to be in significant non-compliance.
| Comparison of FY 2008 and FY 2007 Audit Results | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Reporting Entity |
Auditors’ Opinion On Financial Statements |
Number of Material Weaknesses1 |
Number of Significant Deficiencies2 |
|||||||
| Financial | Information Systems |
Financial | Information Systems |
|||||||
| 2008 | 2007 | 2008 | 2007 | 2008 | 2007 | 2008 | 2007 | 2008 | 2007 | |
| Consolidated DOJ | U3 | U | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 |
| OBDs | U | U | 0 | 0 | 0 | 0 | 1 | 2 | 0 | 1 |
| AFF/SADF | U | U | 0 | 0 | 0 | 0 | 3 | 2 | 1 | 1 |
| FBI | U | U | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 |
| DEA | U | U | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| OJP | U | U | 0 | 0 | 0 | 0 | 1 | 2 | 1 | 1 |
| USMS | U | U | 1 | 2 | 0 | 0 | 1 | 0 | 1 | 1 |
| BOP | U | U | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 |
| FPI | U | U | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 |
| ATF | U | U | 0 | 1 | 0 | 0 | 1 | 0 | 0 | 1 |
| Component Totals | 1 | 3 | 0 | 1 | 8 | 6 | 5 | 8 | ||
1. Material weakness – A significant deficiency (see below), or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected by the Department’s internal control.
2. Significant deficiency – A control deficiency, or combination of control deficiencies, that adversely affects the Department’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with U.S. generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the Department’s consolidated financial statements that is more than inconsequential will not be prevented or detected by the Department’s internal control over financial reporting. A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis.
3. Unqualified opinion – An auditor’s report that states the financial statements present fairly, in all material respects, the financial position and results of operations of the reporting entity, in conformity with generally accepted accounting principles.
Single Audit Act Reports
OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, establishes audit requirements for state and local governments, colleges and universities, and nonprofit organizations receiving federal financial assistance. Entities that expend more than $500,000 in federal financial assistance must have a “single audit” performed annually covering all federal funds. Single audits are conducted by state and local government auditors and by independent public accounting firms. The OIG reviews these audit reports when issued to determine whether they meet the requirements of OMB Circular A-133 and whether they contain any audit findings related to Department grants. During this semiannual period, the OIG issued to the Department’s granting agencies 103 single audit reports encompassing 705 contracts, grants, and other agreements totaling more than $483 million. The OIG also monitors these audits through the resolution and closure process.
Ongoing Work
American Recovery and Reinvestment Act of 2009
The American Recovery and Reinvestment Act of 2009 (Recovery Act) provides $4 billion to the Department to fund grant programs to enhance state, local, and tribal law enforcement; to combat violence against women; and to fight Internet crimes against children. The Recovery Act also provides $2 million for the OIG to provide oversight of the funds awarded by the three Department grant-making agencies: OJP, Office of Community Oriented Policing Services (COPS), and Office on Violence Against Women (OVW).
The OIG’s Recovery Act efforts include: 1) providing advice and training to Department grant administrators on improving grant management processes, managing the potential for fraud, issuing grant solicitations, improving performance measures, reviewing grant applications, improving guidance for grantees, improving performance and risk management plans, and developing other materials for grantees; 2) conducting audits of the Department’s administration of Recovery Act funds; and 3) meeting with state administering and oversight agencies to discuss management of Recovery Act programs, the potential for fraud, and the OIG’s role in the oversight process. Our Recovery Act efforts are described in more detail later in this semiannual report
Review of the Department’s Involvement with a National Security Agency Surveillance Program
The OIG is reviewing the Department’s involvement with an NSA surveillance program. We are examining the Department’s control over and use of information related to an NSA program and the Department’s compliance with legal requirements governing the program.
Protection of the Federal Judiciary and Federal Prosecutors
The OIG is examining the USMS’s efforts to protect federal judges and prosecutors. We also are examining the role that EOUSA plays in the protection of federal prosecutors.
Coordination of FBI and ATF Explosives Investigations
The OIG is reviewing the coordination between the FBI and ATF on explosives investigations, including the determination of lead investigative agency at incident scenes, training programs, and laboratory operations. Additionally, we are following up on our October 2004 audit recommendation to consolidate the Repository and Bomb Data Center databases under ATF management.
Staff Sexual Abuse of Federal Inmates
The OIG is reviewing the Department’s efforts to prevent sexual abuse of federal inmates and detainees by BOP and USMS staff. Our review examines the Department’s policies and procedures for addressing sexual abuse issues, investigating allegations of abuse, and prosecuting substantiated cases.
Deployment, Use, and Policies Governing Less-Lethal Weapons
The OIG is examining the types of less-lethal weapons used by the Department’s law enforcement components, the circumstances in which the weapons are used, and the policies governing their use. This review covers components’ training, reporting, and investigations concerning the use of less-lethal weapons by Department personnel.
Combating Gangs and Gang Violence
The OIG is reviewing the intelligence and coordination activities of the National Gang Intelligence Center and the National Gang Targeting, Enforcement, and Coordination Center. We are examining how these two organizations contribute to the Department’s anti-gang initiatives by assessing the effectiveness of their respective structures and organizations and whether each entity is achieving its stated mission to assist multi-jurisdictional gang investigations and prosecutions.
Federal Employees’ Compensation Act
The OIG is reviewing the Department’s administration and oversight of its Federal Employees’ Compensation Act program, including whether controls are in place to effectively administer the program, whether Department management has implemented controls to prevent improper payments and opportunities for claimant fraud, and whether effective initiatives and practices exist for reducing the cause and duration of extended leave related to occupational injuries.