October 1, 2002–March 31, 2003
Office of the Inspector General
MULTICOMPONENT AUDITS, REVIEWS, AND INVESTIGATIONS
DEPARTMENT DRUG DEMAND ACTIVITIES
The OIG conducted an audit to review the Department's drug demand reduction activities, which include policies and programs dealing with drug abuse education, prevention, treatment, research, rehabilitation, drug-free workplace programs, and drug testing.
As reported in the Office of National Drug Control Policy (ONDCP) FYs 2002 and 2003 budget summaries, the total federal drug demand reduction budget for FY 2001 was $5.9 billion. During FY 2001, the Department reported $336 million in total drug demand reduction obligations, which included 19 programs administered by the BOP, COPS, DEA, and Office of Justice Programs (OJP). The OIG identified an additional program administered by OJP with FY 2001 obligations of $50 million that, in our judgment, should have been reported as drug demand reduction. We concluded that the Department programs reported to the ONDCP do not accurately reflect the Department's drug demand reduction activities. We identified ten programs with total reported obligations of $223 million that were not directly related to drug demand reduction. As a result, Department obligations directly related to drug demand reduction for the remaining ten Department programs were actually $163 million, not the $336 million reported in FY 2001.
In order to assess the effectiveness of Department drug demand reduction efforts, we analyzed the performance indicators established for each program. Our audit disclosed that none of the current performance indicators are adequate to measure the effectiveness of Department drug demand reduction programs. We also identified problems related to the data used to report results on performance indicators.
Our audit did not disclose significant duplication of drug demand reduction activities among Department components; however, because multiple programs address similar purpose areas, we recommended that the components have a mechanism for sharing information, resources, and technical assistance. We found that the Department has not established a formalized mechanism for sharing drug demand reduction program information among the components.
Finally, we found that the DEA's FY 2001 obligations dedicated to drug demand reduction consisted of only $3 million (0.2 percent) of its total obligated funds. We recommended that the DEA evaluate how much it can reduce the demand for drugs with such a small percentage of its funding devoted to this effort.
Our report offers ten recommendations to help Department components ensure that reported demand reduction activities and funding are accurate and supported by adequate documentation. In addition, we recommend that the components develop verifiable and measurable outcome-based performance indicators for drug demand reduction programs and that the Department establish a formalized mechanism for coordinating and sharing information related to drug demand reduction activities.
DEPARTMENT FINANCIAL STATEMENT AUDITS
The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require annual financial statement audits of the Department. The OIG oversees and issues the reports based on the work performed by independent public accountants. During this reporting period, we issued the audit report for the Department of Justice Annual Financial Statement for FY 2002.
For the second consecutive year, the Department received an unqualified opinion on all of its financial statements. Additionally, the number of material weaknesses reported declined from three to two. These results reflect a continued Department commitment to financial accountability and improvement in internal controls.
The Department's unqualified opinion also included unqualified opinions on all ten of the reporting components' financial statements that make up the consolidated report. Importantly, some components were able to reduce the number of material weaknesses and reportable conditions. In particular, the DEA eliminated the four material weaknesses reported in FY 2001.
Yet, while improvements in internal controls have been made, material weaknesses remain in financial accounting and reporting procedures and in information systems. These weaknesses have been persistent over the past several years. They represent significant risks that data processed on the Department's information systems is not adequately protected from unauthorized access or service disruption and that the Department will not be able to meet the accelerated reporting requirements in future years.
As in prior years, the issues related to financial accounting and reporting have only been overcome by significant year-end manual efforts. Many tasks had to be performed manually because the Department lacks automated systems to readily support ongoing accounting operations, financial statement preparation, and the audit process. Manual efforts compromise the ability of the Department to prepare financial statements timely and in accordance with generally accepted accounting principles, require considerable monetary and human resources, and represent an inefficient use of these resources. For future years, this process will be further strained by the accelerated due dates and additional requirements established by the Office of Management and Budget (OMB). Beginning with FY 2003, quarterly financial statements are due 45 days after the close of the quarter, and for FY 2004, the Performance and Accountability Report is due by November 15, 2004, nearly two and one-half months earlier than this year.
Overall, nine of ten components had weaknesses in financial accounting and reporting. This finding primarily reflected problems recording transactions in accordance with generally accepted accounting principles and meeting requirements of the Department's financial statement guidelines. Eight of ten components also had weaknesses in financial management systems' general and application controls.
In the Report on Compliance with Laws and Regulations, the auditors also identified five Department components that were not compliant with the Federal Financial Management Improvement Act of 1996, which specifically addresses the adequacy of federal financial management systems.
The audit recommended that the Department make revisions to the Departmentwide financial statement reporting requirements and monitor components' compliance and efforts to correct all deficiencies noted. The Department concurred with the recommendations.
The following table compares the FY 2002 and the FY 2001 audit results for the Department consolidated audit as well as for the ten individual component audits.
|Comparison of FY 2002 and FY 2001 Audit Results|
|Reporting Entity||Auditors' Opinion On |
|Number of |
|Number of |
|Consolidated Department of Justice||Unqualified||Unqualified||2||3||0||0|
|Offices, Boards and Divisions||Unqualified||Unqualified||1||0||1||2|
|Assets Forfeiture Fund and Seized Asset Deposit Fund||Unqualified||Unqualified||0||0||1||0|
|Federal Bureau of Investigation||Unqualified||Unqualified||3||3||0||1|
|Drug Enforcement Administration||Unqualified||Unqualified||0||4||2||1|
|Office of Justice Programs||Unqualified||Unqualified||0||0||1||3|
|Immigration and Naturalization Service||Unqualified||Unqualified||3||3||0||1|
|U.S. Marshals Service||Unqualified||Unqualified||0||1||2||2|
|Federal Bureau of Prisons||Unqualified||Unqualified||0||0||2||0|
|Federal Prison Industries, Inc.||Unqualified||Unqualified||1||2||1||2|
|Working Capital Fund||Unqualified||Unqualified||1||0||0||0|
COMPUTER SECURITY AUDITS IN RESPONSE TO GISRA
The Government Information Security Reform Act (GISRA) directs the OIG to perform an annual independent evaluation of the Department's information security program and practices. Our FY 2002 GISRA audits examined three classified and five SBU mission-critical Department computer systems. During this reporting period, we issued those eight individual FY 2002 GISRA audit reports on the FBI's Automated Case Support and DRUGX Trusted Guard; the USMS's Warrant Information Network and Witness Security Network; the INS's Central Index System and Integrated National Communications Network; OJP's Enterprise Network System; and the BOP's Inmate Telephone System II.
We also issued two individual audit reports that examined classified and SBU mission-critical Department computer systems originally scheduled as part of our FY 2001 GISRA review. These audit reports were issued on the FBI's Intelligence Information System Network and JMD's Justice Consolidated Network. Although they were conducted under slightly different OMB guidance applicable to the FY 2001 GISRA process, technical difficulties delayed their issuance until FY 2002.
Our audit results revealed progress by the Department, particularly with the revamping of the Chief Information Officer (CIO) position and initiatives undertaken by the new CIO. However, many deficiencies found in the FY 2001 GISRA reviews were found again in this year's review.
Our audit of the Department's systems - both the classified and SBU - revealed vulnerabilities with management, operational, and technical controls that protect each system and the data stored on it from unauthorized use, loss, or modification. Of these three control areas, we concluded that the vulnerabilities noted in technical controls are most significant because technical controls are used to prevent unauthorized access to system resources by restricting, controlling, and monitoring system access.
Additionally, our review of the Department's computer security management procedures identified inconsistencies in the oversight of computer security that we attribute to the bifurcation of responsibility between the Security and Emergency Planning Staff and Information Management and Security Staff offices in JMD. In fact, we found that reviews of the Department's systems are uneven or inadequate and major systems and applications lacked elemental protections that the Department's accreditation process is intended to ensure are in place. Based on these audit results, we remain concerned that the Department's functions and roles have not been centralized and clarified sufficiently to provide the vigorous enforcement oversight - supported by a substantial, technically proficient workforce - the Department needs.
Overall, our evaluation disclosed that the Department's IT security program requires improvement at both the Department and component levels. We assessed the Department's IT security program as "fair," using a scale of excellent, good, fair, and poor. This assessment takes into consideration the Department's computer security when the positive and negative features of its protections and controls are weighed in their totality at the time of this audit.
To address the deficiencies noted within Department systems, we recommend that components increase oversight, development documented procedures, and implement Department required system settings to improve computer security.
COPS GRANT AUDITS
We continue to audit grants awarded by COPS. During this reporting period, we issued 24 audit reports on the implementation of COPS hiring and redeployment grants. Our audits identified more than $17 million in questioned costs, and more than $11 million in funds to better use. Examples of findings reported in our audits of COPS grants follow.
INTERGOVERNMENTAL JAIL AGREEMENT AUDIT OF ORLEANS PARISH
The Department depends on state and local governments to provide detention space and services for federal prisoners and detainees. To obtain detention space and services, Department components enter into formal IGAs with state and local governments. The OIG completed an audit of the costs incurred by the Orleans Parish Criminal Sheriff's Office (OPCSO), New Orleans, Louisiana, to house INS detainees and USMS prisoners under an IGA from October 1, 1999, through September 30, 2001.
During FYs 2000 and 2001, the Department paid the OPCSO $10 million for 228,024 jail days. Our audit found that the jail day rate used during this period included costs that were unallowable, unallocable, or unsupported in accordance with OMB guidance. As a result, we found that the OPCSO overbilled the INS and USMS $3.2 million during the 2-year period. We further calculated that if Department components used a jail day rate based on our audited rate, they could save approximately $1.4 million annually on current and future IGAs with the OPCSO.
THE U.S. TRUSTEE PROGRAM'S EFFORTS TO PREVENT BANKRUPTCY FRAUD AND ABUSE
The Executive Office for U.S. Trustees (EOUST), through regional U.S. Trustees (UST), manages the bankruptcy system and is largely responsible for maintaining the integrity of the system. Collectively, the EOUST and the USTs constitute the U.S. Trustee Program. The UST Program is the "watchdog" over the entire bankruptcy process and is responsible for promoting the efficiency of the bankruptcy system and securing the just, speedy, and economical resolution of bankruptcy cases. Given the vulnerability of the bankruptcy system to fraud and abuse and the UST Program's stated role to deter and detect such fraud and abuse - especially during the current period of escalating bankruptcies - the OIG audited the UST Program.
We found that the USTs rely substantially on the initiative of private trustees and on tips to detect most fraud. The UST Program has begun initiatives to target certain types of fraud, specifically the use of false identities or false social security numbers and unscrupulous bankruptcy petition preparers. However, we found that the UST Program does not have an ongoing, systematic process to identify vulnerabilities in the bankruptcy system and it has not established uniform internal controls to detect common, higher-risk frauds such as a debtor's failure to disclose all assets. In fact, the management controls in place did not address most fraud indicators and instead focused primarily on fraud that might be committed by trustees and their employees rather than by debtors.
In 1988 the UST Program established a Criminal Referral Tracking System for reporting performance measurement and monitoring fraud referrals to law enforcement authorities. However, we found that the tracking system, which depends on complete and accurate data submissions by UST regional offices, was inaccurate. The usefulness of the system was limited because of inaccurate, missing, or inconsistent data, lack of standard data protocols, and lack of review by UST and EOUST personnel. In addition, the system did not record data on the USTs' efforts to investigate bankruptcy fraud cases.
Among the recommendations we made to the EOUST are to establish a uniform system of management controls to prevent and detect the more common and higher risk frauds such as concealment of assets; ensure uniform, complete, and timely reviews of trustees' reports; provide specific guidance, performance expectations, and enhanced training for trustees if they are to bear primary responsibility for preventing and detecting fraud; improve the accuracy, completeness, and consistency of the data in the National Tracking and Management System; and establish a nationwide data system, or adapt an existing data system, to track civil enforcement actions.
The OIG contributes to the integrity of the bankruptcy program by conducting performance audits of trustees under a reimbursable agreement with the EOUST. During this reporting period, we issued 35 reports on the Chapter 7 bankruptcy practices of private trustees under Title 11, United States Code (Bankruptcy Code).
The Chapter 7 trustees are appointed to collect, liquidate, and distribute personal and business cases under Chapter 7 of the Bankruptcy Code. As a representative of the bankruptcy estate, the Chapter 7 trustee serves as a fiduciary protecting the interests of all estate beneficiaries, including creditors and debtors.
The OIG conducts performance audits on Chapter 7 trustees to provide U.S. Trustees with an assessment of the trustees' compliance with bankruptcy laws, regulations, rules, and the requirements of the Handbook for Chapter 7 Trustees. Additionally, the audits assess the quality of the private trustees' accounting for bankruptcy estate assets, cash management practices, bonding, internal controls, file maintenance, and other administrative practices.
Our audits found that some trustees were deficient in documenting monthly bank reconciliations of estate accounts, maintaining receipts logs, investing estate funds properly, depositing estate funds timely and in appropriate accounts, developing disaster recovery plans for financial and administrative records, implementing computer security, separating cash handling and recording duties, and maintaining support and authorization for receipts and disbursements.
SINGLE AUDIT ACT
The Single Audit Act of 1984, as amended, requires recipients of more than $300,000 in federal funds to arrange for audits of their activities. Federal agencies that award federal funds must review these audits to determine whether prompt and appropriate corrective action has been taken in response to audit findings. During this reporting period, the OIG reviewed and transmitted to OJP 46 reports encompassing 200 Department contracts, grants, and other agreements totaling more than $41 million. These audits report on financial activities, compliance with applicable laws, and the adequacy of recipients' management controls over federal expenditures.
TREATMENT OF SEPTEMBER 11 DETAINEES
In furtherance of our responsibilities under the USA PATRIOT Act, the OIG is completing its review of the Department's treatment of detainees held on immigration charges in connection with the September 11, 2001, terrorist attacks. We are assessing the detainees' conditions of confinement at two facilities - the BOP's Metropolitan Detention Center in Brooklyn, New York, and the Passaic County Jail in Paterson, New Jersey. Among the issues we examined are allegations of physical and verbal abuse, restrictions on visitation, medical care, duration of detention, and housing conditions. In addition, we examined a variety of other matters related to the September 11 detainees, including their access to legal counsel and the government's timing for issuing immigration charges, and procedures related to immigration hearings, bonds, and deportation and removals.
INTEGRATION OF THE INS'S AND FBI'S FINGERPRINT SYSTEMS
This review is a follow-up to our report, Status of IDENT/IAFIS Integration, issued in December 2001. That report provided an overview of efforts to integrate the INS's Automated Biometric Fingerprint Identification System (IDENT) with the FBI's Integrated Automated Fingerprint Identification System (IAFIS). This follow-up review will identify progress made in integrating IDENT and IAFIS, the status of future integration plans, and issues that confront the timely and successful integration of the two systems.
PROTECTION OF CRITICAL CYBER-BASED INFRASTRUCTURE
This audit, the third in a 4-phase effort by 21 OIGs, focuses on the Department's plans for protecting its critical cyber-based infrastructures. We are reviewing the Department's plans for mitigating risks, managing emergencies, coordinating resources with other agencies, meeting resource and organizational requirements, and recruiting, educating, and maintaining awareness related to protecting critical cyber-based infrastructures.
THE DEPARTMENT'S COUNTERTERRORISM FUND
Congress established the Department of Justice Counterterrorism Fund (Fund) in July 1995 to reimburse Department components for the costs incurred in reestablishing the operational capabilities of facilities damaged through terrorist acts. The Fund is to be used for the payment of expenses beyond what a component's appropriation could reasonably be expected to fund. This audit is assessing whether Fund expenditures for FYs 1998 through 2002 were authorized, supported, and used in accordance with the intent of the law and whether reimbursement agreements were finalized in an expeditious manner and excess funds deobligated.
STREAMLINING OF ADMINISTRATIVE ACTIVITIES AND GRANT FUNCTIONS
From FY 1993 through FY 2002, OJP and COPS awarded more than $37 billion in grants. OJP has five bureaus and six program offices that manage grant funds. COPS awards grants under numerous programs to fund community policing across the country. This audit is reviewing the administrative activities and grant functions within OJP and between COPS and OJP to determine whether there are activities and functions that could be streamlined to increase operational efficiency.
AUDIT OF THE SEPTEMBER 11TH VICTIM COMPENSATION FUND
Congress established the September 11th Victim Compensation Fund (the Fund) in September 2001 as part of the Air Transportation Safety and Stabilization Act "to provide compensation to any individual (or relatives of a deceased individual) who was physically injured or killed as a result of the terrorist-related aircraft crashes of September 11, 2001." In exchange for compensation from the Fund, claimants waive their rights to file civil actions for damages from the terrorist attacks. This audit is assessing the consistency and timeliness of the award process and the effectiveness of the fraud controls used to identify fraudulent claims.
OMB CIRCULAR A-50
OMB Circular A-50, Audit Follow-Up, requires audit reports to be resolved within six months of the audit report issuance date. The OIG monitors the status of open audit reports to track the audit resolution and closure process. As of March 31, 2003, the OIG had closed 193 audit reports and was monitoring the resolution process of 449 open audit reports.
AUDITS OVER SIX MONTHS OLD WITHOUT MANAGEMENT DECISIONS OR IN DISAGREEMENT
As of March 31, 2003, the following audits had no management decision or were in disagreement:
Department of Justice Order 2900.10, Follow-up and Resolution Policy for Inspection Recommendations by the OIG, requires reports to be resolved within six months of the report issuance date. As of March 31, 2003, there are no unresolved reports.