April 1, 2003–September 30, 2003
Office of the Inspector General
MULTICOMPONENT AUDITS, REVIEWS, AND INVESTIGATIONS
TREATMENT OF SEPTEMBER 11 DETAINEES
After the September 11 terrorist attacks, the Department used federal immigration laws to detain aliens in the United States who were suspected of having ties to the attacks or connections to terrorism or who were encountered during the course of the FBI's investigation into the attacks. In the 11 months after the attacks, 762 aliens were detained in connection with the FBI's terrorism investigation on various immigration offenses, including overstaying their visas and entering the country illegally.
In furtherance of its responsibilities under the Patriot Act, the OIG examined the treatment of these detainees, including their processing, bond decisions, the timing of their removal from the United States or their release from custody, their access to counsel, and their conditions of confinement. The OIG's 198-page report, released in June 2003, focused in particular on detainees held at the BOP's Metropolitan Detention Center (MDC) in Brooklyn, New York, and at the Passaic County Jail (Passaic) in Paterson, New Jersey, a county facility under contract with the INS to house federal immigration detainees. We chose these two facilities because they held the majority of September 11 detainees and were the focus of many complaints of detainee mistreatment.
In response to the September 11 attacks, the FBI allocated massive resources to its terrorism investigation. In addition, the amount of information and leads about the attacks the FBI received in the weeks after the attacks was staggering. As our report pointed out, the Department was faced with unprecedented challenges responding to the attacks, including the chaos caused by the attacks and the possibility of follow-up attacks. Yet, while recognizing these difficulties and challenges, we found significant problems in the way the Department handled the September 11 detainees.
Among the report's findings:
CIVIL RIGHTS AND CIVIL LIBERTIES ABUSES
Section 1001 of the Patriot Act directs the OIG to receive and review complaints of civil rights and civil liberties abuses by Department employees, to publicize how people can contact the OIG to file a complaint, and to submit a semiannual report to Congress discussing our implementation of these responsibilities. In July 2003, the OIG issued its third Section 1001 report summarizing our Patriot Act-related activities from December 16, 2002, through June 15, 2003.
The report described the status of OIG and Department investigations of alleged civil rights and civil liberties abuses by Department employees. In addition, the report highlighted several OIG reviews undertaken in furtherance of our Section 1001 responsibilities, including the review examining the treatment of September 11 detainees held on immigration charges in connection with the terrorist attacks.
On May 11, 2003, over 50 members of the Texas legislature left Texas to prevent a quorum in the Texas House of Representatives so that a proposed redistricting plan could not be voted on. At the request of members of Congress, the OIG investigated whether any Department employees were involved in or any resources expended on efforts to locate and return the missing legislators. The OIG determined that Department employees in Washington, D.C., the FBI offices in Texas and Oklahoma, and the USAO in the Western District of Texas received various inquiries and requests for assistance in connection with the absent Texas legislators. These requests came from a variety of sources, including a member of U.S. House Majority Leader Tom DeLay's staff, members of the Texas Attorney General's office, and a member of the Texas Rangers. We found that in response to these requests Department employees, with one exception, appropriately recognized that this was a state matter and did not provide any assistance to the search for the Texas legislators.
In one instance, an FBI special agent in Texas received a request for assistance from an employee of the Texas Department of Public Safety (DPS) who was searching for two of the absent legislators. To assist the DPS officer, the FBI special agent made two calls to the cell phone of an absent legislator and determined that the legislator and another absent legislator were in Oklahoma. The FBI special agent relayed this information to the DPS officer.
The OIG concluded the FBI agent should have declined the request for assistance from the DPS employee but that he did not commit misconduct or violate any FBI policy. However, the OIG recommended the FBI examine the written guidance it provides to its agents about how to respond to requests for assistance from local law enforcement.
STREAMLINING OF COPS AND OJP ADMINISTRATIVE ACTIVITIES AND GRANT FUNCTIONS
To identify activities and functions that could be streamlined to increase the operational efficiency of the Department's federal financial assistance programs, we conducted an audit of the two offices primarily responsible for managing those programs: the Office of Justice Programs (OJP) and the Office of Community Oriented Policing Services (COPS). We concluded that the Department's assistance programs are fragmented, resulting in reduced efficiency and higher costs to award and administer federal financial assistance funds to state and local agencies.
During the last several years, the Department's federal financial assistance programs have grown substantially in number and dollar value, reaching approximately $5 billion for FY 2002. Since COPS was created in 1994, it has relied on OJP to perform services related to the COPS program. In recent years, COPS's management and administration (M&A) costs per program dollar have been higher than OJP's. COPS's M&A costs per grant administered have increased, while OJP's have decreased. Moreover, we determined that COPS grants for hiring personnel and purchasing equipment and grants awarded by OJP under the Local Law Enforcement Block Grants program overlapped and that no formal coordination existed between COPS and OJP to ensure that grantees did not receive funds for similar purposes from both agencies. We also found that COPS had not developed a capability to receive grant applications online and to download the application information directly into its grant management system. Instead, grantees must submit applications on paper, and COPS must manually input the data.
Since OJP was established in 1984, it has experienced dramatic growth that has included many new financial assistance programs created by Congress. Many of these programs overlap and have caused duplication and inefficiency within OJP. OJP management has developed a reorganization plan to improve OJP's efficiency and effectiveness in awarding and administering federal financial assistance programs. We concluded, however, that even after implementation of the plan, some duplication between grants awarded by different OJP offices will remain and some inefficiencies will not be fully addressed. For example, we found that OJP does not have a fully effective automated system to manage its grants or the capability for all potential grantees to apply for grants online.
Our report contains eight recommendations, including improving the coordination between COPS and OJP to eliminate duplication of effort and ensure that awards are not made to the same grantee for similar purposes. COPS and OJP agreed with our recommendations and are in the process of implementing corrective actions.
INTEGRATION OF THE INS'S AND FBI'S FINGERPRINT SYSTEMS
Over the past several years, the OIG has examined the Justice Management Division's (JMD) efforts to integrate the INS's Automated Biometric Identification System (IDENT) and the FBI's Integrated Automated Fingerprint Identification System (IAFIS). In December 2001, we reported that the integration project was a year behind schedule. We also reported that the INS planned to implement several interim measures to enhance IDENT until it was integrated with IAFIS.
In June 2003, we issued a follow-up report that reviewed the progress made in integrating IDENT and IAFIS and found that the project continues to be delayed. When we issued our December 2001 report, the next major milestone for the integration project was the deployment of the initial integrated version of IDENT/IAFIS. At that time, deployment had been delayed from December 2001 to December 2002. Our June 2003 review found JMD had missed the December 2002 deployment date and now plans to deploy the initial integrated version in December 2003 - two years later than originally planned.
According to JMD officials, the deployment date has been delayed until December 2003 because the contractors and INS staff dedicated to the integration project were redirected in June 2002 to implement the National Security Entry-Exit Registration System (NSEERS). We found that despite the mounting delays, JMD did not prepare a revised schedule for completing the integration of IDENT and IAFIS. We also found that JMD did not develop a transition plan for continued management of the project once the INS transferred to the DHS in March 2003. Consequently, the integration project, already behind schedule, is likely to experience further delays.
The delays are significant because the interim enhancements to IDENT have shown the importance of integrating INS and FBI fingerprint information. Specifically, the INS and the FBI entered into IDENT 152,200 National Crime Information Center "wants and warrants" fingerprint records on individuals who were likely to be aliens. As a result of entering these records, the INS matched approximately 4,820 fingerprints of apprehended individual aliens with the fingerprint records of suspects wanted for a variety of serious criminal offenses. The INS also added to IDENT 179,500 fingerprint records of aliens from countries subject to NSEERS registration, which resulted in 3,440 individual matches from September 2002 to mid-April 2003.
We made four recommendations to JMD to better manage the IDENT/IAFIS project and prevent further delays, and JMD concurred with our recommendations.
AUDIT OF THE SEPTEMBER 11 VICTIM COMPENSATION FUND
The Air Transportation Safety and Stabilization Act (Act) established the September 11 Victim Compensation Fund of 2001 (Fund) to compensate individuals who were injured or relatives of individuals who were killed in the terrorist attacks of September 11. The Attorney General, acting through a special master, promulgated rules and procedures and administers the program. Funds totaling $5.12 billion were requested for FYs 2002, 2003, and 2004 under a permanent and indefinite appropriation established by the Act.
Our audit concluded that Fund officials have developed rules and procedures in accordance with the Act, and awards are being processed in a consistent and timely manner. Adequate fraud controls were established to minimize the risks of fraudulent payments, and delays in processing appear largely attributable to the slow submission of documentation by the claimants. At the time of our audit, the requested funds appeared adequate to pay all of the awards. Fund officials stated they were preparing for an anticipated surge in the number of claims filed as the application deadline approaches, most likely by adding additional contract personnel and hearing officers.
FOLLOW-UP AUDIT OF THE DEPARTMENT'S COUNTERTERRORISM FUND
The Department's Counterterrorism Fund (Fund) was established in 1995 to reimburse its components for the unanticipated costs of responding to and preventing terrorism. Although the initial legislation provided reimbursement only to Department components, since 1996 Congress has allowed over $167 million to be passed through the FBI, JMD, and OJP to federal, state, and local users outside the Department. JMD, the administrative arm of the Department, administers the Fund and enters into reimbursement agreements with Department components to disburse the funds.
The OIG previously reviewed the Fund in a September 1999 report that covered Fund activities between FYs 1995 and 1997. We identified over $4 million in dollar-related findings and concluded that JMD needed to strengthen its controls over the distribution and use of Fund monies, particularly funds passed through to non-Department users. As a result of the audit, $4.3 million was returned to the Fund.
In this follow-up audit, the OIG reviewed activities for FYs 1998 through 2002. The OIG tested more than $38 million in expenditures, including about $36 million expended directly by Department components and over $2 million passed through to other users.
The OIG again found weaknesses in the management and administration of the Fund and identified about $3 million in dollar-related findings, including the following:
The OIG offered 13 recommendations to JMD for improving its administration of the Fund, including a recommendation that JMD increase its oversight of the components' management of Fund monies. JMD concurred with our recommendations.
DEPARTMENT FINANCIAL STATEMENT AUDITS
The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require annual financial statement audits of the Department. The OIG oversees and issues the audits based on the work performed by independent public accountants. During this reporting period, we issued ten FY 2002 financial statement audit reports on Department components:
Each of these audits was in support of the FY 2002 consolidated Department of Justice audit, which was issued in the OIG's prior semiannual reporting period. For the second consecutive year, the Department received an unqualified opinion on its consolidated financial statement. Additionally, the number of material weaknesses reported at the consolidated level declined from three to two. These results reflect a continued commitment by the Department to financial accountability and improvement in internal controls.
The Department's unqualified opinion also included unqualified opinions on all ten of the reporting components' financial statements that make up the consolidated report. Importantly, some components were able to reduce the number of material weaknesses and reportable conditions. Overall, the material weaknesses reported at the various components declined from 13 to 9. In particular, the DEA eliminated the four material weaknesses reported in FY 2001.
While improvements in internal controls have been made, several material weaknesses remain in financial accounting and reporting procedures and in information systems. These weaknesses have been persistent over several years. They represent significant risks that data processed on the Department's information systems is not adequately protected from unauthorized access or service disruption and that the Department will not be able to meet the accelerated reporting requirements in future years.
As in prior years, issues related to financial accounting and reporting have only been overcome by significant year-end manual efforts. Many tasks had to be performed manually because the Department lacks automated systems to readily support ongoing accounting operations, financial statement preparation, and the audit process. Manual efforts compromise the ability of the Department to prepare financial statements that are timely and in accordance with generally accepted accounting principles, require considerable monetary and human resources, and represent an inefficient use of these resources. The manual processes are being strained further by the accelerated due dates and additional requirements established by the Office of Management and Budget (OMB). During FY 2003, quarterly financial statements were due 45 days after the close of the quarter, and for FY 2004, the Performance and Accountability Report is due by November 15, 2004, nearly 2˝ months earlier than the current OMB reporting deadline.
Overall, nine of ten components had weaknesses in financial accounting and reporting. This finding primarily reflected problems in recording transactions in accordance with generally accepted accounting principles and meeting requirements of the Department's financial statement guidelines. Eight of ten components also had weaknesses in financial management systems' general and application controls. In the Report on Compliance With Laws and Regulations, the auditors also identified five Department components that were not compliant with the Federal Financial Management Improvement Act of 1996, which specifically addresses the adequacy of federal financial management systems. The auditors recommended that the Department revise the departmentwide financial statement reporting requirements and monitor components' compliance and efforts to correct all deficiencies noted. The Department concurred with the recommendations.
The following table compares the FY 2002 and 2001 audit results for the Department's consolidated audit as well as for the ten individual components' audits.
|Comparison of FY 2002 and 2001 Audit Results|
|Reporting Entity||Auditors' Opinion on |
|Number of |
|Number of |
|Consolidated Department of Justice||Unqualified||Unqualified||2||3||0||0|
|Assets Forfeiture Fund and Seized Asset Deposit Fund||Unqualified||Unqualified||0||0||1||0|
|Drug Enforcement Administration||Unqualified||Unqualified||0||4||2||1|
|Federal Bureau of Investigation||Unqualified||Unqualified||3||3||0||1|
|Federal Bureau of Prisons||Unqualified||Unqualified||0||0||2||0|
|Federal Prison Industries, Inc.||Unqualified||Unqualified||1||2||1||2|
|Immigration and Naturalization Service1||Unqualified||Unqualified||3||3||0||1|
|Offices, Boards and Divisions||Unqualified||Unqualified||1||0||1||2|
|Office of Justice Programs||Unqualified||Unqualified||0||0||1||3|
|U.S. Marshals Service||Unqualified||Unqualified||0||1||2||2|
|Working Capital Fund||Unqualified||Unqualified||1||0||0||0|
1 INS was audited through February 28, 2003.
DEPARTMENT'S INFORMATION SECURITY PROGRAM AND PRACTICES
To assess the overall condition of the Department's IT security, the OIG evaluated broader themes and concerns extracted from ten IT security reports we issued in FYs 2001 and 2002 in response to the Government Information Security Reform Act(GISRA). In a consolidated report issued in FY 2003, we assessed the Department's IT security program as "fair," using a scale of excellent, good, fair, and poor, and concluded the program requires improvement at both the Department and component levels.
Our past GISRA audits have reported progress by the Department in improving aspects of its IT security program, particularly with the new chief information officer's initiatives that include plans to establish a central IT security office. Many deficiencies found in FY 2001 GISRA reviews, however, were found again in FY 2002. Our audit of the Department's classified and sensitive but unclassified systems revealed vulnerabilities in the management, operational, and technical controls that protect each system and its data from unauthorized use, loss, or modification. Of these three control areas, we concluded the vulnerabilities noted in technical controls were the most significant because those controls prevent unauthorized access to system resources by restricting, controlling, and monitoring system access.
Additionally, we found inconsistencies in the oversight of computer security, which we attributed to the bifurcation of responsibility between JMD's Security and Emergency Planning Staff and its Information Management and Security Staff offices. Reviews conducted by these two offices of the Department's IT systems were uneven or inadequate and major systems and applications lacked elementary protections that the Department's accreditation process was intended to ensure were in place. Our consolidated report made nine recommendations for improving management of computer security, and the Department concurred with our recommendations.
In FY 2003, we reviewed the Department's systems pursuant to the Federal Information Security Management Act (FISMA), which was enacted into law as Title III of the E-Government Act of 2002 (Public Law 107-347, December 17, 2002). FISMA replaced GISRA and contained stronger permanent provisions, including requirements for minimum mandatory information security standards.
FISMA directs the OIG to perform an annual independent evaluation of the Department's information security program and practices and requires the results to be submitted to the OMB. For FY 2003, we selected five mission-critical Department computer systems - two from the FBI and one each from the DEA, USMS, and ATF. Additionally, we are reviewing the Department's oversight initiatives with respect to computer security.
While we concluded that these components have made some progress in enhancing aspects of their computer security, continued improvements are needed in program oversight and vulnerability management. Of the five systems we reviewed, we assessed three systems as "high risk" and two systems as "medium risk" to protection from unauthorized use, loss, or modification. "High risk" is defined as presenting a strong need for corrective measures. "Medium risk" is defined as needing corrective actions and requiring a plan be developed to incorporate these actions within a reasonable period.
COPS GRANT AUDITS
We continue to audit grants awarded by COPS. During this reporting period, we issued 14 audit reports on the implementation of COPS hiring and redeployment grants. Our audits identified more than $7.6 million in questioned costs and more than $1.4 million in funds to better use. Examples of findings reported in our audits of COPS grants include the following:
STATE AND LOCAL EQUITABLE SHARING AUDIT
The Department's equitable sharing program exists to enhance cooperation among federal, state, and local law enforcement agencies by sharing federal forfeiture proceeds. State and local law enforcement agencies may receive equitable sharing revenues by participating directly with Department components in joint investigations leading to the seizure or forfeiture of property. The amount shared with the state and local law enforcement agencies is based on the degree of the agencies' direct participation in a case.
During this reporting period, we audited the Compton, California, Police Department's accountability and use of more than $2.3 million in cash and proceeds received through the equitable sharing program during a 9-year period. We found that the city of Compton and its police department were in material noncompliance with Department of Justice guidelines governing the accountability and use of equitable shared forfeited assets. For example, the city of Compton improperly transferred in excess of $1.4 million from the equitable sharing fund account to the city's general fund account, and more than $1.9 million reportedly used for police department salary expenditures was not supported by documentation. As a result, we questioned in excess of $2.1 million in equitable sharing funds - all of the revenues received and interest earned by the Compton Police Department through 2000.
In September 2000, the Compton Police Department was dissolved, and the Los Angeles County Sheriff's Department took over the policing responsibilities in Compton. We found the sheriff's department to be in general compliance with Department of Justice guidelines and did not question any equitable sharing funds awarded to the sheriff's department.
SUPERFUND AUDIT FOR FYS 2000 AND 2001
The Comprehensive Environmental Response, Compensation, and Liability Act of 1980 (known as Superfund) provides for liability, compensation, cleanup, and emergency response for hazardous substances released into the environment and for uncontrolled and abandoned hazardous waste sites. The Department conducts and controls all litigation arising under Superfund and is reimbursed through interagency agreements with the Environmental Protection Agency (EPA). These agreements authorize reimbursement to the Department's Environment and Natural Resources Division (ENRD) for direct and indirect litigation costs. The EPA authorized $28.6 million and $28.4 million under the agreements in FYs 2000 and 2001, respectively, and the ENRD contracted with an accounting firm to maintain a system of accounting controls for these funds.
Our audit compared reported costs on the contractor-developed Accounting Schedules and Summaries for FYs 2000 and 2001 to those recorded on the Department's accounting records and reviewed the cost distribution system used by the ENRD to allocate incurred costs to Superfund and non-Superfund cases. Based on the results of the audit, in our judgment the ENRD provided an equitable distribution of total labor costs, other direct costs, and indirect costs to Superfund cases during FYs 2000 and 2001.
The OIG conducted performance audits of trustees under a reimbursable agreement with the Executive Office for U.S. Trustees (EOUST). During this reporting period, we issued 110 reports on the Chapter 7 bankruptcy practices of private trustees under Title 11, United States Code (Bankruptcy Code).
The Chapter 7 trustees are appointed to collect, liquidate, and distribute personal and business cases under Chapter 7 of the Bankruptcy Code. As a representative of a bankruptcy estate, the Chapter 7 trustee serves as a fiduciary protecting the interests of all estate beneficiaries, including creditors and debtors.
Our audits found that some trustees were deficient in documenting monthly bank reconciliations of estate accounts, maintaining receipts logs, investing estate funds properly, depositing estate funds in a timely manner, developing disaster recovery plans for financial and administrative records, implementing computer security, separating cash handling and recording duties, and maintaining support and authorizations for receipts and disbursements.
The OIG will not enter into a reimbursable agreement with the EOUST to perform Chapter 7 trustee audits in FY 2004 and instead will conduct more OJP grant audits and program reviews.
SINGLE AUDIT ACT
The Single Audit Act of 1984, as amended, requires recipients of more than $300,000 in federal funds to arrange for audits of their activities. Federal agencies that award federal funds must review these audits to determine whether prompt and appropriate corrective action has been taken in response to audit findings. During this reporting period, the OIG reviewed and transmitted to OJP 93 reports encompassing 569 Department contracts, grants, and other agreements totaling more than $1 billion. These audits report on financial activities, compliance with applicable laws, and the adequacy of recipients' management controls over federal expenditures.
The following are some of the cases investigated by the OIG during this reporting period that involved multiple components of the Department:
PROTECTION OF CRITICAL CYBER-BASED INFRASTRUCTURE
The Department and other government departments and agencies are required to prepare and implement plans for protecting critical infrastructure. The infrastructure includes systems essential to the minimum operations of the economy and government, such as telecommunications, banking and finance, energy, and transportation. In this ongoing audit, we are focusing on the adequacy of the Department's implementation activities for protecting critical computer-based infrastructure. Specifically, we are reviewing activities in the areas of risk mitigation, emergency management, interagency coordination, resource and organization requirements, the recruitment and education of IT personnel, and computer security awareness.
COLLECTION AND DISSEMINATION OF ARSON AND EXPLOSIVES INTELLIGENCE
The OIG is conducting an audit of the FBI's Bomb Data Center and the ATF's Arson and Explosives Information System. Our objective is to determine how the Department can most efficiently and effectively collect - and make available to the law enforcement community - information on arson and criminal misuse of explosives.
DEPARTMENT ACQUISITION PROCESSES
The Department is one of the federal agencies with the largest dollar expenditures for the acquisition of products and services, averaging approximately $4 billion a year in contracts. JMD has oversight responsibilities for acquisitions by Department components. This audit is evaluating the acquisition processes used by the bureaus and JMD's oversight of acquisitions. The focus of the audit is to assess whether needed products are acquired in a timely manner for an economical price within governing regulations.
THE DEPARTMENT'S COUNTERTERRORISM TASK FORCES
The OIG is examining how the Department's counterterrorism task forces support the Department's efforts to detect, deter, and disrupt terrorism. The review is specifically evaluating the purpose, priorities, membership, functions, lines of authority, and accomplishments for the USAOs' Anti-Terrorism Task Forces, the FBI's Joint Terrorism Task Forces and Foreign Terrorist Tracking Task Force, and the Deputy Attorney General's National Security Coordination Council.
OJP'S TECHNICAL ASSISTANCE AND TRAINING GRANTS
This audit is evaluating OJP's methods for approving technical assistance and training grants and assessing the management, quality, and extent of the technical assistance and training provided.