Compliance with Standards Governing Combined DNA Index System Activities
Kentucky State Police Forensic Laboratory
Frankfort, Kentucky

Audit Report GR-40-01-004
May 2001
Office of the Inspector General

The Office of the Inspector General, Audit Division, has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the Kentucky State Police Forensic Laboratory (Laboratory). CODIS is a national computerized information repository maintained by the Federal Bureau of Investigation (FBI) that permits the storing, maintaining, tracking, and searching of DNA specimen information in order to facilitate the exchange of DNA information by law enforcement agencies. Laboratories that participate in CODIS perform DNA analysis on specimens from convicted offenders or crime-scene evidence. These laboratories use special software, provided free of charge by the FBI, to organize and manage the DNA profiles and related information. The software also compares DNA profiles from participating laboratories and notifies the appropriate laboratories when two or more DNA profiles match.

In addition to authorizing CODIS, the DNA Identification Act of 1994 specified several standards for laboratories that contribute profiles to the FBI National DNA Index System (NDIS). A laboratory must certify that it is performing DNA analysis in compliance with the FBI standards governing laboratory operations. Further, a Memorandum of Understanding (MOU) is enacted between the FBI and participating state laboratories establishing the responsibilities of each party as part of CODIS. The MOU establishes general and specific standards that are to be followed by a laboratory in order to participate in CODIS and utilize NDIS, including the upload of DNA profiles to NDIS.

Our audit covered the period from the implementation of CODIS at the Laboratory in February 1995 through November 2000. The overall objective of the audit was to determine the extent of the Laboratory’s compliance with standards governing CODIS activities. To address the overall objective, we considered:

• the extent to which the Laboratory complied with the FBI NDIS participation requirements,

• the extent to which the Laboratory complied with federally legislated laboratory Quality Assurance Standards (QAS) for laboratories, and

• the appropriateness of the Laboratory’s DNA profiles contained in CODIS databases.

With the following exceptions, we found that the Laboratory complied with standards governing CODIS activities that we tested.

• With respect to QAS requirements, we noted that the Laboratory had not identified in writing the reagents it considered critical and had not monitored the testimony of two of its four analysts who have testified during the preceding 2 years. Laboratory officials stated that they would amend their Quality Control/Quality Assurance Protocol to specify which reagents they consider critical, and that they would institute procedures that would ensure the testimony of all analysts are monitored on an annual basis in the future.

• With respect to NDIS requirements, we noted that of the 200 DNA profiles reviewed, the Laboratory uploaded three DNA profiles to NDIS that it should not have. Two DNA profiles were those of convicted offenders who had not violated a Kentucky statute for which DNA collection was permitted. The third profile matched the DNA profile of a crime victim. The NDIS requirements prohibit laboratories from uploading DNA profiles that are unambiguously attributable to a victim. In all three instances, the Laboratory removed the unallowable profile from the CODIS databases prior to our departure from the audit site and provided us documentation to that effect.