Compliance with Standards Governing Combined DNA Index System Activities at the Wisconsin State Crime Laboratory, Milwaukee, Wisconsin
Audit Report GR-50-07-003
March 2007
Office of the Inspector General
The Office of the Inspector General, Audit Division, has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the Wisconsin State Crime Laboratory at Milwaukee, Wisconsin (Laboratory).1 The Federal Bureau of Investigation (FBI) began the CODIS Program as a pilot project in 1990. The DNA Identification Act of 1994 (Act) formalized the FBI’s authority to establish a national DNA index for law enforcement purposes.2 The Act authorized the FBI to establish an index of DNA identification records of persons convicted of crimes and analyses of DNA samples recovered from crime scenes. The Act further specified that the indices include only DNA information that is based on analyses performed in accordance with quality assurance standards issued by the FBI.
The FBI implemented CODIS as a distributed database with three hierarchical levels that enables federal, state, and local crime laboratories to compare DNA profiles electronically. The National DNA Index System (NDIS) is the highest level in the CODIS hierarchy and enables the laboratories participating in the CODIS Program to compare DNA profiles on a national level. NDIS became operational in 1998 and is managed by the FBI as the nation’s DNA database containing DNA profiles uploaded by participating states. DNA profiles originate at the local level, flow upward to the state and national levels, and are compared to determine if a convicted offender can be linked to a crime, or if crimes can be linked to each other. Thus, a laboratory’s profiles have to be uploaded to NDIS before the profiles benefit the system as a whole.
The FBI provides CODIS software free of charge to any state or local law enforcement laboratory performing DNA analysis. Before a laboratory is allowed to participate at the national level a Memorandum of Understanding (MOU) must be signed between the FBI and the applicable state laboratory. The MOU defines the responsibilities of each party, includes a sublicense for the use of the CODIS software, and delineates the standards laboratories must meet in order to utilize NDIS.3
The objective of the audit was to determine if the Laboratory was in compliance with standards governing CODIS activities. Specifically, we performed testing to determine if the: (1) Laboratory was in compliance with the NDIS participation requirements; (2) Laboratory was in compliance with the quality assurance standards issued by the FBI; and (3) Laboratory’s DNA profiles in CODIS databases were complete, accurate, and allowable for inclusion in NDIS.
We determined that the Laboratory was in compliance with the standards governing CODIS activities with some exceptions. Specifically, we noted the following:
All Laboratory personnel had access to the CODIS system terminals located in the offices of the DNA analysts. Affording non-DNA laboratory personnel unlimited access to the DNA office area fails to meet the NDIS requirement that access to the CODIS system be limited to the minimum number of personnel needed to complete the work. This unrestricted access to the offices by non-DNA staff presents opportunities for inadvertent or deliberate misuse of the CODIS system or the alteration of information.
The Laboratory’s CODIS users’ annual reminder forms for calendar years 2005 and 2006 were not signed by the users at the beginning of the calendar year, as required by NDIS procedures. Instead, the forms were signed in July 2005 and March 2006, respectively. In addition, 2006 user forms from five staff members could not be provided. Finally, one person listed as a user since 2000 signed his first annual reminder form in December 2006.
We tested 100 DNA forensic profiles and found that 1 profile uploaded to NDIS was inaccurate because 1 of the values at 1 locus did not match the value identified during analysis.4 The profile was corrected during our fieldwork. The other 99 profiles we reviewed were complete, accurate, and allowable for upload to NDIS.
NDIS procedures require a laboratory to submit its external audit to the FBI within 30 days after receiving it. However, the Laboratory audit report for 2006 was submitted more than 6 months after it had been received, and the Laboratory had not requested an extension from the FBI. A Laboratory official explained that during this time the Laboratory was preparing its responses to the findings.
According to the NDIS MOU, laboratories must ensure that appropriate personnel are provided copies of, understand, and abide by the NDIS Procedures Manual. However, the DNA staff did not have access to the manual. The CODIS administrator corrected this exception by making available to the DNA staff a copy of the manual on a compact disc, and said he had also placed a copy of the manual on the Laboratory’s shared computer drive, where it could be accessed by all Laboratory personnel.
We discussed the results of our audit with Laboratory officials and have included their comments in the report as applicable. We made two recommendations to address the Laboratory’s compliance with standards governing CODIS activities, which are detailed in the Findings and Recommendations section of the report. Our audit scope and methodology are detailed in Appendix I of the report and the audit criteria are detailed in Appendix II of the report. Laboratory officials and the FBI were provided an opportunity to comment on our draft report; their formal responses are contained in Appendices III and IV, respectively.
DNA, deoxyribonucleic acid, is genetic material found in almost all living cells that contains encoded information necessary for building and maintaining life. Approximately 99.9 percent of human DNA is the same for all people. The differences found in the remaining 0.1 percent allow scientists to develop a unique set of DNA identification characteristics (a DNA profile) for an individual by analyzing a specimen that contains DNA.
These standards were appended to the MOU as Appendix C - NDIS Procedure Manual. This manual is comprised of several operational procedures that provide specific instructions for laboratories to follow for procedures pertinent to NDIS. For our purposes, the NDIS participation requirements consist of the MOU and the NDIS operational procedures.
Return to OIG Home Page |