THE AUDIT DIVISION
|The Audit Division is responsible for independent reviews of Department of Justice organizations, programs, functions, computer technology and security systems, and financial statement audits.|
The Audit Division (Audit) audits Department organizations, programs, functions, computer technology and security systems, and financial statements. Audit also conducts or oversees external audits of expenditures made under Department contracts, grants, and other agreements. Audits are conducted in accordance with the Comptroller Generalís Government Auditing StandardsĹand related professional auditing standards. Audit produces a wide variety of audit products designed to provide timely notification to Department management of issues needing attention.
Audit works with Department management to develop recommendations for corrective actions that will resolve identified weaknesses. By doing so, Audit remains responsive to its customers and promotes more efficient and effective Department operations. During the course of regularly scheduled work, Audit also lends fiscal and programmatic expertise to Department components.
Audit has field offices in Atlanta, Chicago, Dallas, Denver, Philadelphia, San Francisco, and Washington, DC. The Financial Statement Audit Office and Computer Security and Information Technology Audit Office also are located in Washington, DC. Audit Headquarters consists of the immediate office of the AIG for Audit, the Office of Operations, the Office of Policy and Planning, and an Advanced Audit Techniques Group.
The field officesí geographic coverage is indicated on the map below. The San Francisco office also covers Alaska, Hawaii, Guam, the Northern Mariana Islands, and American Samoa, and the Atlanta office also covers Puerto Rico and the U.S. Virgin Islands.
During this reporting period, Audit issued 199 audit reports containing more than $94 million in questioned costs and $8.5 million in funds to better use and made 337 recommendations for management improvement. Specifically, Audit issued 13 internal reports of programs funded at more than $672 million; 30 external reports of contracts, grants, and other agreements funded at more than $86 million; 70 audits of bankruptcy trustees with responsibility for funds of more than $87.9 million; and 86 Single Audit Act audits.
Significant Audit Products
INS Management of Property
We conducted an audit of INS property management to assess the INSís controls for ensuring that property is safeguarded against waste, loss, unauthorized use, and misappropriation. The INSís property inventory is valued at over $640 million.
We found that the INS (1) could not account for more than 61,000 items that cost $68.9 million, (2) failed to perform and document physical inventories, and (3) did not record the acquisition of all property in its automated database so that it could be tracked. Moreover, controls for computer equipment that may have been used to store sensitive information and controls over firearms were inadequate. In 539 instances, INS staff did not report lost, missing, or stolen weapons through proper channels. In at least six instances, we found that state or local law enforcement agencies had recovered lost, missing, or stolen INS weapons that had been linked to subsequent crimes.
We recommended corrective action, and the INS has begun implementing our recommendations. For example, the INS is revising its Personal Property Handbook and enhancing internal reviews to strengthen controls over property. The Property Accountability Manuaż was revised to make certification of personal property inventories a critical element in the annual performance appraisals for property custodians. Moreover, all property with data storage capabilities will be inventoried regardless of acquisition cost, and appropriate follow-up will be conducted on all unaccounted-for weapons. Additionally, the INS categorized property management as a material weakness in the FY 2000 Department of Justice Management Controls Report.
Department Financial Statement Audits
The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require financial statement audits of the Department. Audit oversees and issues the reports based on the work performed by independent public accountants. During this reporting period, we issued the audit report for the Department of Justice Annual Financial Statement for FY 2000.
The Department received an unqualified opinion on its FY 2000 consolidated balance sheet and statement of custodial activity and a qualified opinion on its other financial statements. A qualified opinion means that the financial statements are presented fairly in all material respects, except for matters identified in the audit report. The FY 2000 qualification resulted from the INSís inability to substantiate its earned revenues.
In FY 1999, the Department received a qualified opinion on all its financial statements. The improvement to an unqualified opinion on the balance sheet for FY 2000 required tremendous effort and cost by the Department. Many tasks had to be performed manually because the Department lacks automated systems to readily support ongoing accounting operations, financial statement preparation, and the audit process.
The auditors reported three material weaknesses and one reportable condition in the FY 2000 Report on Internal Controls, all of which were repeated from prior fiscal years:
In the Report on Compliance with Laws and Regulations, the auditors also identified five Department components that were not compliant with the Federal Financial Management Improvement Act of 1996, which specifically addresses the adequacy of federal financial management systems. In addition, two other instances of componentsí noncompliance with laws and regulations were cited. The first instance involved inadequate notification to Congress of reprogrammings, and the second involved a failure to pay accrued interest in accordance with the Prompt Pay Act of 1982.
The auditors recommended that the Departmentís chief financial officer establish department-wide financial statement reporting requirements and monitor componentsí efforts to correct all deficiencies noted. The Department concurred with the recommendations.
The following table depicts the audit results for the Departmentís consolidated audit as well as for the ten individual component audits for FY 2000.
Consolidated Asset Tracking System
The Consolidated Asset Tracking System (CATS) was established to support the Departmentís Asset Forfeiture Program and provide an integrated asset information system for the Department and other agencies. The system was fully implemented in 1998 at a cost of about $150 million. CATS stores over 300,000 seized and forfeited property records with an estimated value of over $7 billion. We performed our audit at the request of Justice Management Division (JMD) to assess the effectiveness of CATS.
Based on our audit tests and feedback from CATS users, we determined that the system met its original objectives. Most importantly, it provides a national telecommunications network through which all program offices can track and share asset information. In addition, users said that CATS is an improvement over previous asset tracking systems and has made it easier to track an asset from seizure to disposition.
We did, however, identify weaknesses and make recommendations in the areas of computer security, user training, user IDs and passwords, updating system technology, and the lack of performance measures to evaluate how well CATS supports the Asset Forfeiture Program. As a result, JMD agreed to strengthen policies and procedures governing data entered into CATS, identify and catalog training needs, and develop a curriculum to meet usersí needs. In addition, more stringent controls over user IDs and passwords will be implemented. Furthermore, JMD has begun to incorporate technology improvements and relevant performance measures in the Automated Information System plan for CATS.
Combined DNA Index System Laboratory Audits
To date, Audit has conducted reviews of ten laboratories that participate in the FBIís Combined DNA Index System (CODIS). The laboratories reviewed during this reporting period are located in Little Rock, Arkansas, and St. Paul, Minnesota. CODIS is a national information repository maintained by the FBI that permits the storing, maintaining, tracking, and searching of DNA specimen information to facilitate the exchange of DNA information by law enforcement agencies. Participating states and localities submit the DNA profiles to the FBI.
The laboratory audits were conducted at the request of the FBI to assess compliance with the FBIís Quality Assurance Standards and National DNA Index System requirements and to evaluate the accuracy and appropriateness of the data the states and localities have submitted to the FBI. The Quality Assurance Standards (QAS) place specific requirements on laboratories, and the National DNA Index System (NDIS) requirements establish the responsibilities and obligations for laboratories that participate in the program. DNA profiles that clearly match a victim of a crime or another known person other than the suspected perpetrator cannot be included in the FBIís system. In addition, state legislation establishes the specific crimes for which the DNA profiles of convicted offenders must be obtained and may be submitted to the FBI.
We found, for example, the following exceptions for the Arkansas State Crime Laboratory (Laboratory):
The INSís Airport Inspection Facilities
Concerned about the overall adequacy of inspection facilities at airports, the INS asked Audit to review the adequacy of INS inspection facilities at selected international airports. In 1998, the INS processed 39.7 million alien passengers through inspection facilities at about 150 airports. Along with other federal inspection agencies, the INS approves the design of inspection facilities, which are provided by individual airlines and airport authorities to prevent smuggling and illegal entry.
The INS designates which airports may receive international passengers and may withdraw such designations if suitable landing stations are not provided in accordance with the Immigration and Nationality Act of 1952 (Act). We performed on-site reviews at 12 of the countryís busiest international airports and surveyed INS staff on the conditions at 30 additional airports. These 42 airports accounted for 75 percent of international passengers processed through inspection facilities in FY 1998.
We found deficiencies at all 42 airports. Three airports Ė John F. Kennedy, Los Angeles, and Miami Ė handled the largest number of passengers, and their facilities needed some of the most extensive modifications. We found that inspection facilities were badly designed and had faulty monitoring, surveillance, and communication systems. Hold rooms used to confine potentially inadmissible aliens were too small and did not permit separate confinement of male, female, and juvenile detainees. Thirteen airports had no hold rooms. As a result, the airports were vulnerable to illegal entry,[escapes, injuries, health hazards, and the hiding or disposing of contraband or documents.
We concluded that these conditions existed mainly because the INS dealt ineffectively with airlines and airport authorities. By failing to enforce provisions of the Act, the INS undermined its ability to influence airlines and airport authorities to meet federal standards. We recommended that the INS reinforce airlinesí and airport authoritiesí understanding of design and construction standards and apply sanctions permitted by the Act, where appropriate, at airports not providing suitable facilities. We also recommended that the INS develop, in accordance with the Government Performance and Results Act (GPRA), performance indicators pertaining to facilities and also that the INS work with other federal inspection agencies to make improvements. The INS concurred with all of our recommendations and is implementing the necessary corrective action.
Federal Cost Recovery and Program Monitoring in the Equitable Sharing Program
The Departmentís Equitable Sharing program is designed to enhance cooperation among federal, state, and local law enforcement agencies through the sharing of proceeds resulting from federal forfeitures. State and local law enforcement agencies generally receive equitable sharing revenues by participating directly with Department components in joint investigations that lead to the seizure and forfeiture of property. The amount of forfeiture proceeds shared with state and local law enforcement agencies after recovery of federal expenses is based on the degree of the agenciesí direct participation in a case. In FY 1999, the Department shared approximately $231 million in cash and other proceeds with state and local law enforcement agencies.
We reviewed equitable sharing activities conducted by the Criminal Division, JMD, and USMS. Our objectives were to determine whether federal program costs for administering the program are being recovered and whether the Criminal Division adequately monitored participating agencies to ensure compliance with program requirements.
We concluded that case-related contract costs, directly related to equitable sharing cases, are not recovered from gross forfeiture proceeds before Department personnel determine the amounts available for equitable sharing. Our report contains an example showing that approximately $12 million in FY 1999 case-related contract costs were not deducted from gross forfeiture receipts before determining amounts available for equitable sharing with state and local law enforcement agencies. Instead, the costs were borne entirely by the federal government. This condition reduces resources available in the Assets Forfeiture Fund that could be used for other law enforcement purposes. We also determined that the Criminal Division could improve file maintenance and monitoring efforts, while the USMS could improve the timeliness of equitable sharing disbursements.
The Criminal Division and the USMS have taken corrective action sufficient to close the recommendations concerning file maintenance, monitoring, and timeliness of disbursements. The recommendation concerning recovery of case-related contract costs is resolved pending a consistent department-wide policy to identify and recover costs before they are shared with state and local law enforcement agencies.
Intergovernmental Jail Agreement Audit of Guam
We completed an audit of the costs incurred by the Government of Guam (Guam) Department of Corrections (DOC) to house USMS prisoners and INS detainees for the Department in accordance with the Intergovernmental Service Agreement (IGA) between the USMS and Guam DOC. For the period October 1, 1998, through September 30, 2000, the USMS and INS paid Guam a total of $13.5 million for 236,043 jail days.
Our audit was initiated in response to a sharp increase in detention costs related to a massive influx of illegal immigrants on Guam. From the period January 3 through April 17, 1999, federal and local agencies apprehended nearly 600 Chinese immigrants attempting to enter the United States illegally via sea vessels destined for Guam. To accommodate the influx of illegal immigrants, the INS and Army Corps of Engineers, in coordination with the DOC, erected a temporary tent facility within the main facility compound. The objectives of the audit were to establish audited jail-day rates for the main and tent facilities based on allowable incurred costs and jail days used during the audit period and to determine whether Guam was properly reimbursed.
Based on our audited jail-day rates, we determined that the Department overpaid Guam $3.6 million for the review period.
The INSís System Data Pertaining to Secondary Inspections at Selected Preclearance Airports
The INSís inspection program at airports relies daily on INS inspection data maintained in the Treasury Enforcement Communications System (TECS) Ė a mainframe-based enforcement and inspection support system used by the Customs Service, INS, and other federal agencies. TECS allows inspectors to review travel history, including the results of prior inspections, when determining the admissibility of persons seeking entry into the United States.
Audit tested INS system data pertaining to secondary inspections Ė inspections of travelers that require a more detailed review than the standard inspection. Our objectives were to determine whether the INSís data in TECS accurately reflected referrals of travelers to secondary inspections and included secondary inspection results. In addition, we examined whether the INSís workload statistics compiled from monthly POE data transmissions accurately reflected the number of secondary inspections performed. We tested data for 3 of the 11 preclearance airports Ė Montreal, Toronto, and Vancouver. According to the INS, during FY 2000 the three airports tested performed approximately 76 percent of the secondary inspections at all preclearance airports.
Audit tests showed that the INSís data in TECS for the inspections performed at Montreal and Vancouver were reliable; in general, inspectors accurately designated whether travelers were referred to secondary inspection and routinely recorded the results of secondary inspections in TECS. However, the data for the inspections at Toronto were unreliable. Torontoís inspectors entered the required referral designation and secondary inspection results in TECS for only 3 percent of the approximately 51,000 secondary inspections performed during the audit period. Audit tests also showed that the INSís workload statistics for the number of secondary inspections performed at Montreal and Toronto were reliable; however, the statistics for Vancouver were significantly overstated.
We recommended that the INS standardize record-keeping and ensure that secondary referrals and the results of secondary referrals are reported in TECS. We also recommended that the INS consider expanding this type of review to other POEs. INS officials agreed with all of our recommendations and started implementing procedures to ensure that the INSís data in TECS accurately reflect referrals of travelers to secondary inspections and include secondary inspection results. In addition, the INS will ensure its workload statistics accurately reflect the number of secondary inspections performed.
Computer Security at Department Data Centers
JMD maintains two major data processing centers to support the computer needs of the Department (excluding the FBI). An assessment of the general controls environment for these two data centers was performed in support of the FY 1999 financial statement audit of the Department. Independent public accountants, with oversight by Audit, performed the assessment in accordance with the General Accounting Officeís (GAO) Federal Information System Controls Audit Manual. The assessment focused on evaluating the adequacy of management and internal controls.
Three reportable conditions and eleven management letter comments addressed the areas of program change management, business continuity planning and tape back-up, and entity-wide security policies and procedures. The three reportable conditions and seven of the management letter comments were repeat issues. Although the assessment identified these control weaknesses, the independent public accountants concluded that the general controls in place were adequate to safeguard the programs and data files processed at the data centers. JMD concurred with the recommendations. The audit report is not publicly available because disclosure of the report could compromise data processed by the Departmentís computer systems.
Department Monitoring of Internet Site Access
The Treasury and General Government Appropriations Act of 2001 required the OIG to determine whether Department Internet sites or third parties working for the Department collect personally identifiable information from users who access Department Internet sites. ďCookiesĒ are small software files placed on computers, without a personís knowledge, that can track their movement on an Internet site. Cookies capture user-specific information transmitted by the Internet server onto the userís computer so the information might be available for later access. Internet servers automatically gain access to relevant cookies whenever the user establishes a connection to them, usually in the form of Internet requests.
Our review disclosed that Department Internet sites tested were not collecting, reviewing, or obtaining personally identifiable information relating to any individualís access or viewing habits. When we tested all 56 Department Internet sites, we were not asked to accept Department or third-party cookies, and, upon examining the browserís cookies log, we found that no Department or third-party cookies had been recorded.
Water and Sewer Payments to the District of Columbia
In response to the Consolidated Appropriations Act of 2001, Public Law 106-554, we conducted a review to determine if the Department made timely payments to the Treasury account entitled ďFederal Payment for Water and Sewer ServicesĒ (Treasury Fund). The fund is used to reimburse the District of Columbia (DC) Water and Sewer Authority (WASA) for water and sewer services.
We found that no Department component occupying space in DC paid directly into the Treasury Fund for WASA services. Rather, the Department made rental payments to the General Services Administration (GSA) for space occupied in federal buildings or in privately owned buildings where GSA acts as the agent. GSA then made payments to the Treasury Fund for the Departmentís share of water and sewer services.
Critical Infrastructure Protection Ė Planning for the Protection of Computer-Based Infrastructure
Presidential Decision Directive (PDD) 63 requires the Department and other government agencies to prepare plans for protecting their critical infrastructure. The infrastructure includes systems essential to the minimum operations of the economy and government, such as telecommunications, banking and finance, energy, and transportation. The plans ordered by PDD 63 must include an inventory of the Departmentís mission-essential assets, the vulnerability of each, and plans to remedy those vulnerabilities.
As part of an effort sponsored by the Presidentís Council on Integrity and Efficiency (PCIE), we audited the Departmentís planning and assessment activities for protecting its critical computer-based infrastructure. We focused on the Departmentís May 2000 draft critical infrastructure plan.
We found that the Department submitted its initial critical infrastructure protection plan to the Critical Infrastructure Assurance Office, as required, and then revised the plan according to comments received. However, the Departmentís plan was incomplete in the following areas:
We recommended that the Department (1) properly inventory its mission-essential infrastructure, (2) complete vulnerability assessments of the mission-essential infrastructure by December 31, 2000, (3) develop remedial plans to address weaknesses identified by the vulnerability assessments, and (4) develop a multi-year funding plan to remedy vulnerabilities. The Department concurred with the findings and agreed with the recommendations but advised that it could not meet the December 31, 2000, date for completion of vulnerability assessments.
Community Oriented Policing Services Grant Audits
We continue to maintain extensive audit coverage of the COPS grant program. The Violent Crime Control and Law Enforcement Act of 1994 authorized $8.8 billion over six years for grants to add 100,000 police officers to the nationís streets. During this reporting period, we performed 22 audits of COPS hiring and redeployment grants. Our audits identified more than $16 million in questioned costs and more than $5 million in funds to better use.
The following are examples of findings reported in our audits of COPS grants during this period:
Audit contributes significantly to the integrity of the bankruptcy program by conducting performance audits of trustees under a reimbursable agreement with the EOUST. During this reporting period, Audit issued 70 reports on the Chapter 7 bankruptcy practices of private trustees under Title 11, United States Code (Bankruptcy Code).
The Chapter 7 trustees are appointed to collect, liquidate, and distribute personal and business cases under Chapter 7 of the Bankruptcy Code. As a representative of the bankruptcy estate, the Chapter 7 trustee serves as a fiduciary, protecting the interests of all estate beneficiaries, including creditors and debtors.
We conduct performance audits on Chapter 7 trustees to provide U.S. Trustees with an assessment of the trusteesí compliance with bankruptcy laws, regulations, rules, and the requirements of the Handbook for Chapter 7 Trustees. Additionally, the audits assess the quality of the private trusteesí accounting for bankruptcy estate assets, cash management practices, bonding, internal controls, file maintenance, and other administrative practices.
Single Audit Act
The Single Audit Act of 1984 requires recipients of federal funds to arrange for audits of their activities. Federal agencies that award federal funds must review these audits to determine whether prompt and appropriate corrective action has been taken in response to audit findings.
During this reporting period, Audit reviewed and transmitted to the Office of Justice Programs (OJP) 86 reports encompassing 454 Department contracts, grants, and other agreements totaling more than $230 million. These audits report on financial activities, compliance with applicable laws, and the adequacy of recipientsí management controls over federal expenditures.
Audits in Progress
During the reporting period, Audit performed work on several significant projects that are in the process of being completed. We anticipate issuing the following audits in the next reporting period:
OMB Circular A-50
Office of Management and Budget (OMB) Circular A-50, Audit Follow-Up, requires audit reports to be resolved within six months of the audit report issuance date. Audit continuously monitors the status of open audit reports to track the audit resolution and closure process. As of March 30, 2001, the OIG had closed 138 audit reports and was monitoring the resolution process of 429 open audit reports.
Every three years, Audit is required by Comptroller General standards to undergo a quality control review by a separate external entity. In November 2000, the Federal Deposit Insurance Corporation (FDIC) OIG completed its external quality control review of Audit. The FDIC OIG issued an unqualified opinion stating that the system of quality control for the Department of Justice OIG audit function was designed in accordance with the quality standards established by the PCIE. In addition, Audit completed an external quality control review of the Social Security Administration (SSA) OIGís Office of Audit and issued an unqualified opinion stating that the system of quality control for the SSA OIG audit function was designed in accordance with the quality standards established by the PCIE.
Growing Backlog of Single Audit Act Reports Ė Dispute Between COPS and OJP
The OIG monitors corrective action of states and local units of government pursuant to audits conducted under the Single Audit Act of 1996, as amended. OJP has traditionally been the component within the Department to follow up on Single Audits. However, approximately one year ago, OJP stopped processing Single Audit reports in which the preponderance of Department money was related to COPS grants. The dispute appears to relate to a funding issue, with OJP seeking reimbursement from the COPS Office for processing COPS-related Single Audit Act reports. However, as a result of this dispute, the OIGís backlog of Single Audits awaiting resolution currently stands at approximately 85 reports.
Audits Over Six Months Old Without Management Decisions
As of March 31, 2001, the following audits had no management decisions: