Semiannual Report to Congress
October 1, 2004–March 31, 2005
Office of the Inspector General
While many of the OIG’s audits, reviews, and investigations are specific to a particular component of the Department, other work spans more than one component and, in some instances, extends to Department contractors and grant recipients. The following audits, reviews, and investigations involve more than one Department component.
In December 2004, the OIG completed a report that examined ongoing efforts to integrate the federal government’s law enforcement and immigration agencies’ automated fingerprint identification databases. Fully integrating the automated fingerprint systems operated by the FBI and the DHS, known as IAFIS and IDENT, respectively, would allow law enforcement and immigration officers to more easily identify known criminals and known or suspected terrorists trying to enter the United States. This OIG report is our fourth in four years that monitors the progress of efforts to integrate IAFIS and IDENT.
The December 2004 OIG report found that, while deployment of new IDENT/IAFIS workstations to Border Patrol offices and ports of entry represents a significant accomplishment, full integration of IDENT and IAFIS has not been realized. Federal, state, and local law enforcement authorities still do not have direct access to information in the IDENT database. Without such access, the FBI and the DHS fingerprint systems are not fully interoperable. Consequently, it is more difficult for federal, state, and local law enforcement agencies to identify illegal aliens they encounter.
The OIG found that the congressional directive to fully integrate the federal government’s various fingerprint identification systems has not been accomplished because of high-level policy disagreements among the Department, DHS, and State Department. In addition, the Department and the DHS still had not entered into a memorandum of understanding (MOU) to guide the integration of IAFIS and IDENT. This MOU had not been completed because of fundamental disagreements between the departments over the attributes of an interoperable fingerprint system and even the degree to which the systems should be consolidated or made interoperable.
One key issue that remained unresolved was whether US-VISIT – the new system the DHS uses to process visitors at ports of entry – would be integrated with IAFIS. Currently, US-VISIT takes two fingerprints from each visitor and checks them against a DHS “watch list.” That watch list contains records from IDENT, which in turn contains some records extracted from the FBI’s full IAFIS database. However, this extraction process originally was intended as an interim measure until IDENT and IAFIS could be integrated fully. The OIG report found that, despite this interim process, the extracted records are error prone and the data extracted from IAFIS to IDENT represent only a small portion of the more than 47 million records in IAFIS.
The OIG report recommended that the federal government adopt a technology standard and define the capabilities to be provided in the resulting interoperable fingerprint system. In addition, we recommended more frequent transmissions of known or suspected terrorist fingerprint records so that Border Patrol and immigration officers using IDENT can screen people entering the country against the most current records. We also recommended developing options to upgrade IAFIS to handle a greater volume of fingerprint checks and ensure that the system’s “downtime” (unavailability) is reduced.
Section 1001 of the USA Patriot Act directs the OIG to receive and review complaints of civil rights and civil liberties abuses by Department employees, to publicize how people can contact the OIG to file a complaint, and to submit a semiannual report to Congress discussing our implementation of these responsibilities. In March 2005, the OIG issued its sixth report summarizing our Section 1001 activities.
The report, covering the period from June 22, 2004, to December 31, 2004, described the number of complaints we received under this section, the cases we have opened for investigation, and the status of these cases.
One of the cases highlighted in the most recent report involved allegations by Muslim inmates that staff at a BOP prison, including the warden, discriminated against the inmates and engaged in retaliatory actions. The OIG substantiated many of the allegations against the warden and other BOP staff. The OIG found a disturbing pattern of discriminatory and retaliatory actions against Muslim inmates by BOP officers at this facility.
For example, we found that members of the prison’s executive staff, including the warden, unfairly punished Muslim inmates who complained about the conditions of confinement or who cooperated with the OIG’s investigation. A Muslim inmate who had filed complaints relating to his treatment at the prison was placed in the Special Housing Unit for four months for what we determined were specious reasons. In a separate incident, our review found that 5 days after the OIG interviewed a Muslim inmate, the warden inappropriately and unjustly ordered that the inmate be transferred to the Special Housing Unit for more than 120 days. After prosecution of this matter was declined by the USAO, we provided our report to the BOP for administrative action.
In addition, the report discussed several OIG reviews undertaken in furtherance of our Section 1001 responsibilities, including an update on the OIG’s December 2003 review of September 11 detainees’ allegations of abuse at the Metropolitan Detention Center in Brooklyn, New York; an ongoing review examining the FBI’s conduct related to detainees in military facilities in Guantanamo Bay and Iraq; and an ongoing review of the FBI’s implementation of the Attorney General’s Guidelines that govern general crimes and criminal intelligence investigations.
The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require annual financial statement audits of the Department. The OIG oversees and issues the reports based on the work performed by independent public accountants. During this reporting period, the OIG issued the consolidated financial statement audit report, which was included in the Department’s FY 2004 Performance & Accountability Report. We also issued 10 component audit reports.
The Department received a disclaimer of opinion on its FY 2004 financial statements that was caused by a disclaimer on OJP’s FY 2004 financial statements. Another component, the ATF, received a qualified opinion on its FY 2004 financial statements, but this had no affect on the consolidated disclaimer. The other eight components received unqualified opinions on their FY 2004 financial statements.
In FY 2004, the auditors for OJP could not perform the necessary testing to obtain an opinion in the required time frame because they were unable to rely upon OJP’s financial and IT controls used to process grant transactions. Due dates for the financial statement audits were moved up to November 15 by the Office of Management and Budget (OMB), a reduction of approximately two-and-a-half months from prior year due dates. Consequently, it was critical that the components maintain quality financial information throughout the year that can be relied upon to produce correct numbers for financial statements. As a result of OJP’s failure to maintain quality financial information throughout the year, the auditors identified material weaknesses that could not be corrected in the time frame required by the OMB.
Overall, the auditors for OJP reported five material weaknesses regarding OJP financial information, four of which were determined to be reasons for the disclaimer of opinion. Specifically, the auditors found that a material weakness existed in relation to controls over changes made to data in the computerized information systems, integrity of data passed between the systems, and access to system information that directly impacted the integrity of grant data. Additionally, the auditors identified a material weakness with regard to the assumptions used by OJP to estimate its grant accounts payable and grant advance balances. The auditors also reported a material weakness regarding OJP’s inability to provide adequate documentation to support grant and non-grant differences between the general ledger and subsidiary ledger.
While the Department previously received an unqualified opinion on its FY 2003 financial statements, it was subsequently withdrawn and reissued as a disclaimer. This was caused by the withdrawal of the FY 2003 OJP opinion due to uncertainties raised during the FY 2004 audit.
At the consolidated level, the auditors reported two material weaknesses and one reportable condition, an increase of one material weakness from FY 2003. The new financial material weakness involved issues related to data quality, monitoring, and the methodology utilized to calculate OJP’s grant accrual and advance. The other financial material weakness and the IT reportable condition are both repeat issues, although elements of the two findings varied from last year. The financial material weakness included additional OJP issues, the accounts payable accrual at the ATF, separation of duties issues at the USMS, and financial reporting and property issues at the FBI.
At the component level, the number of material weaknesses increased from 9 in FY 2003 to 10 in FY 2004, and the number of reportable conditions rose from 10 in FY 2003 to 13 in FY 2004. Four components also were identified as not compliant with the Federal Financial Management Improvement Act of 1996, which requires compliance with federal financial management systems requirements, applicable federal accounting standards, and the U.S. standard general ledger at the transaction level. The four non-compliant components were OJP, the ATF, FBI, and USMS. The USMS and OJP also were cited for noncompliance with the Prompt Payment Act, and OJP was cited for noncompliance with the Improper Payments Information Act.
The following table compares the FYs 2004 and 2003 audit results for the Department’s consolidated audit as well as for the 10 individual (11 in FY 2003) components’ audits.
The Federal Information Security Management Act (FISMA), which replaced the Government Information Security Reform Act, directed OIGs to perform an annual independent evaluation of their departments’ information security programs and practices and required the results to be submitted to OMB.
For FY 2004, we reviewed the Department’s information security program and practices performance measurement tools. According to the Department, the performance measurement tools were revised to correlate directly with its information security orders and standards to determine the effectiveness of its information security policies, procedures, and practices. We also reviewed the Department’s reorganization of its information security staff assigned to perform oversight of the Department components’ adherence to FISMA requirements.
To examine the Department’s information security program, we reviewed the security programs of three major components – the USMS, FBI, and DEA. From each of these components, we also reviewed a mission-critical system. All reviews have been completed, and we anticipate issuing one overall consolidated Department report, one report for each component reviewed, and individual reports for each of the systems reviewed by April 2005.
The two principal federal agencies responsible for compiling data related to arson and explosives incidents in the United States are the FBI and the ATF. To collect and manage this data, the FBI created the Bomb Data Center and the ATF created the Arson and Explosives National Repository. Both databases collect and disseminate information for statistical analysis and research, investigative leads, and intelligence.
Our audit examined overlap between the agencies’ arson and explosives intelligence databases. We also evaluated whether the Department has efficiently and effectively collected and made available to the federal, state, and local law enforcement communities information involving arson and the criminal misuse of explosives.
We found that similar responsibilities of the FBI and the ATF in compiling data have resulted in confusion, lack of uniformity in the reporting process, and duplicative reports of incidents by state and local law enforcement agencies. We provided one recommendation to the Department, one recommendation to the ATF, and two recommendations to the FBI to improve the operations of these databases. Our main recommendation was for the Department to consolidate explosives-related investigations and databases within the ATF. Consolidation would eliminate duplication of effort, ensure consistency in reporting practices, and facilitate sharing of intelligence among law enforcement agencies. Two of the recommendations were accepted and two are being resolved.
The following are some of the investigations completed by the OIG during this reporting period that involved multiple components of the Department:
The OIG is completing its evaluation of the FBI’s Joint Terrorism Task Forces, National Joint Terrorism Task Force, and Foreign Terrorist Tracking Task Force; the USAOs’ Antiterrorism Advisory Councils; and the Deputy Attorney General’s National Security Coordination Council to: 1) determine if they are achieving their purposes; 2) evaluate gaps, duplication, and overlap in terrorism coverage; and 3) identify how the performance of each task force and council is measured.
The OIG is examining the Department’s management of its IT investments and Enterprise Architecture. We are assessing the Department’s progress in meeting the criteria for establishing a mature Enterprise Architecture and IT investment management process.
The OIG is conducting a review of polygraph examinations in the Department. The review is examining the use of polygraph examinations in the Department components and determining whether the Department components are managing their polygraph examinations in compliance with federal and professional standards.
The Department’s Joint Automated Booking System (JABS) is designed to automate information on persons booked for criminal offenses by federal authorities so information can be shared electronically by law enforcement agencies to improve criminal identification. The goals of JABS are to streamline the booking process through automation and eliminate duplication, allow updates to prisoner data, standardize data, and improve the process to identify repeat offenders and persons with outstanding charges. The OIG is examining the extent to which JABS has been implemented throughout the Department and whether it is meeting its goals and objectives.
The OIG is reviewing the Department’s background investigation program, which is administered by the Security and Emergency Planning Staff (SEPS). We are evaluating the background investigations that SEPS manages, SEPS Compliance Review Group’s oversight of background investigations delegated to the Department’s components, and SEPS’s role in establishing Department policy on background investigations.