We completed an audit of ATF’s control over weapons, laptop computers, ammunition, and explosives. The purpose of the audit was to determine: (1) the adequacy of the ATF’s actions taken in response to weapons, laptop computers, ammunition, and explosives identified as lost, stolen, or missing; and (2) the effectiveness of the ATF’s internal controls over weapons, laptop computers, ammunition, and explosives.
We performed the audit in accordance with the Government Auditing Standards and included such tests of the records and procedures that we considered necessary. Our testing generally covered the period between October 1, 2002, and August 31, 2007.
We observed the control environment for weapons and laptop computers from the Materiel Management Division at ATF headquarters. We also observed the control environment for ammunition and explosives from the Training and Professional Development and the Explosives Industry Operations Divisions at ATF headquarters. We performed on-site audit work between July 2007 and April 2008 at ATF headquarters (including the training facilities in Front Royal and Fort A.P. Hill, Virginia, and Glynco, Georgia and division branches in Martinsburg, West Virginia) and at field offices in Atlanta, Georgia; Kansas City, Missouri; Las Vegas, Nevada; Little Rock, Arkansas; Los Angeles, Riverside, and San Francisco, California; New Orleans and Shreveport, Louisiana; Philadelphia and Pittsburgh, Pennsylvania; St. Louis, Missouri; and Washington, D.C.
To examine ATF’s efforts to identify lost, stolen, or missing weapons, laptop computers, ammunition, and explosives, we obtained documentation of such losses that had occurred since October 1, 2002, and reviewed the available files and the circumstances surrounding those losses. For lost, stolen, or missing weapons, we queried NCIC to determine if those losses had been reported and if weapons had been subsequently recovered.
For laptop computers, we sought to determine if the loss resulted in compromised classified or sensitive information. We could not independently verify the sensitivity of the information lost. Therefore, we relied on statements from investigative reports and from information reported to DOJCERT for each lost, stolen, or missing laptop to ascertain whether classified or sensitive information was compromised.
In addition to the testing detailed above, we: (1) reviewed applicable laws, policies, regulations, manuals, and memoranda; (2) interviewed appropriate personnel; (3) tested internal controls; (4) reviewed property and accounting records (with an emphasis on activity since October 1, 2002); and (5) physically inspected property. We tested internal controls pertaining to weapons and laptop computers in the following areas:
- purchasing and recording in the official property database;
- receipt and assignment, including weapons and laptop computers not assigned to specific individuals (pooled property), and the return of items from separated employees;
- physical inventories, including separation of duties; and
- disposals, including property record deletions.
We tested these controls through a sample from the 22,476 weapons and 7,505 laptop computers reported in the property management system as of August 2007. In total, we reviewed 2,823 items, including 1,790 weapons and 1,033 laptop computers. Details about the universe from which these samples were taken and about the samples themselves may be found in Appendix II. Our tests also included:
- samples of weapons purchased between October 1, 2002, and August 31, 2007, as recorded in purchase documents, to ensure that the items were recorded in the property management system;
- samples of pooled property to ensure that the property was accounted for and the records reflected the correct status;
- samples of weapons and laptop computers found during an on-site inventory at each audited ATF location to ensure that the item was accurately reflected in the property management system; and
- samples of weapons and laptop computers assigned to ATF personnel to ensure the items were accounted for and the property records were complete (staff testing).
The samples described above are delineated by test, property type, and location, in the table in Appendix II. We also reviewed the documentation between October 1, 2002, and August 31, 2007, related to 30 former ATF personnel, to determine if all weapons and laptop computers were returned. Moreover, we reviewed disposal actions initiated between October 1, 2002, and August 31, 2007, to ensure these actions were adequately supported.