Compliance with Standards Governing Combined DNA Index System Activities at the Tennessee Bureau of Investigation, Forensic Services Division, Nashville Laboratory, Nashville, Tennessee

Audit Report GR-40-06-006
May 2006
Office of the Inspector General


Executive Summary


The Office of the Inspector General, Audit Division has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the Tennessee Bureau of Investigation, Forensic Services Division, Nashville Laboratory (Laboratory).1 The Federal Bureau of Investigation (FBI) began the CODIS Program as a pilot project in 1990. The DNA Identification Act of 1994 (Act) formalized the FBIís authority to establish a national DNA index for law enforcement purposes.2 The Act authorized the FBI to establish an index of DNA identification records of persons convicted of crimes and analyses of DNA samples recovered from crime scenes. The Act further specified that the indices include only DNA information that is based on analyses performed in accordance with quality assurance standards issued by the FBI.

The FBI implemented CODIS as a distributed database with three hierarchical levels that enables federal, state, and local crime laboratories to compare DNA profiles electronically. The National DNA Index System (NDIS) is the highest level in the CODIS hierarchy and enables the laboratories participating in the CODIS Program to compare DNA profiles on a national level. NDIS became operational in 1998 and is managed by the FBI as the nationís DNA database containing DNA profiles uploaded by participating states. DNA profiles originate at the local level, flow upward to the state and national levels, and are compared to determine if a convicted offender can be linked to a crime, or if crimes can be linked to each other. Thus, a laboratoryís profiles have to be uploaded to NDIS before the profiles benefit the system as a whole.

The FBI provides CODIS software free of charge to any state or local law enforcement laboratory performing DNA analysis. Before a laboratory is allowed to participate at the national level a Memorandum of Understanding (MOU) must be signed between the FBI and the applicable state laboratory. The MOU defines the responsibilities of each party, includes a sublicense for the use of the CODIS software, and delineates the standards laboratories must meet in order to utilize NDIS.3

The objective of the audit was to determine if the Laboratory was in compliance with standards governing CODIS activities. Specifically, we performed testing to determine if the: (1) Laboratory was in compliance with the NDIS participation requirements; (2) Laboratory was in compliance with the quality assurance standards issued by the FBI; and (3) Laboratoryís DNA profiles in CODIS databases were complete, accurate, and allowable.

We determined that the Laboratory was in compliance with the standards governing CODIS activities with some exceptions. Specifically, we noted the following.

  • NDIS Operational Procedures require that all CODIS users be approved by the FBI. In one instance, the CODIS Administrator had not submitted the required documents to the FBI to add an individual to the system as a CODIS user. The individual was given limited access to the system by the CODIS Administrator, who mistakenly believed that FBI approval was not necessary because the technician did not place records in CODIS. During the audit, the CODIS Administrator removed the technicianís user identification from CODIS.

  • Laboratories must forward external evaluation reports to the NDIS Custodian within 30 days of laboratoryís receipt of the report. The Nashville Laboratory forwarded its most recent evaluation report 70 days after receipt. The Laboratory delayed the submission while it addressed the reportís findings.

  • Only DNA samples obtained at the crime scene may be placed in NDIS and forensic profiles unambiguously attributed to victims may not be entered into NDIS. We sampled 100 forensic profiles and found 14 unallowable profiles. Twelve of the unallowable profiles were from crime scene DNA matching victims. The other two unallowable profiles were from samples not obtained at a crime scene. In one instance, the DNA sample was from a fingernail scraping taken from the suspect after he was in custody. In the other instance, the DNA sample came from money found on the suspect after he was custody. Most of the unallowable profiles were from 1998 through 2001 during which time the Laboratory staff considered any crime scene DNA to be a forensic unknown eligible for entry into NDIS. In 2002 the Laboratory stopped uploading profiles that could unambiguously be attributed to a victim. The CODIS Administrator deleted the 14 unallowable profiles during the audit.

  • Forensic profiles are required to have specimen identification numbers that can accurately tie the profile to the case and the exhibit it was obtained from. Our review of 100 forensic profiles identified 2 profiles with incorrect or incomplete specimen identification numbers, which were corrected during the audit.

  • Convicted offender profiles entered in CODIS are required to contain all values for each of the required 13 loci. We sampled 100 convicted offender profiles and found 1 profile that was incomplete. At one locus, only one allele value was entered into CODIS. The CODIS Administrator corrected the profile during the audit.

We made three recommendations to address the Laboratoryís compliance with standards governing CODIS activities, which are discussed in detail in the Findings and Recommendations section of the report. Our audit scope and methodology are detailed in Appendix I of the report and the audit criteria are detailed in Appendix II of the report.

We discussed the results of our audit with Laboratory officials and have included their comments in the report as applicable.



Footnotes

  1. DNA, deoxyribonucleic acid, is genetic material found in almost all living cells that contains encoded information necessary for building and maintaining life. Approximately 99.9 percent of human DNA is the same for all people. The differences found in the remaining 0.1 percent allow scientists to develop a unique set of DNA identification characteristics (a DNA profile) for an individual by analyzing a specimen that contains DNA.

  2. Pub. L. No. 103-322 (1994).

  3. These standards were appended to the MOU as Appendix C - NDIS Procedure Manual. This manual is comprised of several operational procedures that provide specific instructions for laboratories to follow for procedures pertinent to NDIS. For our purposes, the NDIS participation requirements consist of the MOU and the NDIS operational procedures.