Compliance with Standards Governing Combined DNA Index System Activities at the Colorado Bureau of Investigation Department of Public Safety DNA Laboratory, Denver, Colorado
Audit Report GR-60-05-005
Office of the Inspector General
The Office of the Inspector General, Audit Division, has completed an audit of compliance with standards governing Combined DNA Index System (CODIS) activities at the Colorado Bureau of Investigation Department of Public Safety DNA Laboratory (Laboratory).1 The Federal Bureau of Investigation (FBI) began the CODIS Program as a pilot project in 1990. The DNA Identification Act of 1994 (Public Law 103-322) formalized the FBIís authority to establish a national DNA index for law enforcement purposes. The Act specifically authorized the FBI to establish an index of DNA identification records of persons convicted of crimes, and analyses of DNA samples recovered from crime scenes. The Act further specified that the index include only DNA information that is based on analyses performed in accordance with standards issued by the FBI.
The FBI implemented CODIS as a distributed database with three hierarchical levels that enables federal, state, and local crime laboratories to compare DNA profiles electronically. The National DNA Index System (NDIS) is the highest level in the CODIS hierarchy and enables the laboratories participating in the CODIS Program to compare DNA profiles on a national level. The NDIS became operational in 1998 and is managed by the FBI as the nationís DNA database containing DNA profiles uploaded by participating states. DNA profiles originate at the local level, flow to the state and national levels, and are compared to determine if a convicted offender can be linked to a crime, or if crimes can be linked to each other.
The FBI provides CODIS software free of charge to any state or local law enforcement laboratory performing DNA analysis. A laboratoryís profiles have to be uploaded to NDIS before the profiles benefit the system as a whole. Before a laboratory is allowed to participate at the national level a Memorandum of Understanding (MOU) must be signed between the FBI and the applicable state laboratory. The MOU defines the responsibilities of each party, includes a sublicense for the use of the CODIS software, and delineates the standards laboratories must meet in order to utilize NDIS.2
The objective of the audit was to determine if the Laboratory was in compliance with standards governing CODIS activities. Specifically, we performed testing to determine if the: 1) Laboratory was in compliance with the NDIS participation requirements; 2) Laboratory was in compliance with the quality assurance standards issued by the FBI; and 3) Laboratoryís DNA profiles in CODIS databases were complete, accurate, and allowable.
We determined that the Laboratory was in compliance with the standards governing CODIS activities, including NDIS participation requirements and quality assurance standards, with some exceptions regarding Laboratory profiles in CODIS. Specifically, we noted the following.
We determined that 95 of the 100 forensic profiles we reviewed were properly included in NDIS, i.e., complete, accurate, and allowable. Of the remaining five profiles, we determined that two were inaccurate, two were incomplete, and one was unallowable for inclusion in NDIS.
In each of the four incomplete or inaccurate profiles, only one of the approximately two dozen values within the profile were problematic. Also, we determined that the profiles were uploaded prior to the implementation of additional controls that require the CODIS Administrator to review each forensic profile uploaded, along with supporting case documentation, to confirm the completeness and accuracy of the uploads. During fieldwork, Laboratory management provided documentation to us that confirmed that the profiles had been corrected.
The unallowable profile matched the victimís DNA profile, and therefore should not have been uploaded. Upon further review, we determined that the improper upload of the profile occurred due to a situation in which evidence was supplied to the Laboratory, analyzed, and a profile uploaded, months prior to receiving comparison samples needed to determine the victimís DNA profile. Upon the receipt of the comparison samples, the analyst should have confirmed whether or not the profile that had already been uploaded should be retained in CODIS. The analyst involved in this case stated that she inadvertently overlooked doing this confirmation. We were provided with documentation that the profile was removed from CODIS. In addition, we were provided with documentation that the Technical Manager immediately issued a policy statement intended to prevent other profiles from being incorrectly retained in CODIS in similar circumstances in the future.
Due to the fact that each of the problematic profiles identified during our audit were remedied during our fieldwork, we make no further recommendations for corrective action. The results of our audit are discussed in the Findings section of the report. Our audit objective, scope and methodology are detailed in Appendix I of the report and the audit criteria are detailed in Appendix II of the report.
We discussed the results of our audit with Laboratory officials and have included their comments in the report as applicable. In addition, we requested a written response to a draft of our audit report from the FBI and the Laboratory. No response was provided from either the FBI or the Laboratory, since our report contained no recommendations.