While many of the OIGís audits, reviews, and investigations are specific to a particular component of the Department, other work covers more than one component and, in some instances, extends to Department contractors and grant recipients. The following describes OIG audits, reviews, and investigations that involve more than one Department component.
The OIGís Evaluation and Inspections Division examined the readiness of the Department and its components to respond to a potential WMD incident. The OIG review found that while the FBI has taken appropriate steps to prepare to respond to a potential WMD attack, the Department as a whole and other components within the Department had not implemented adequate WMD response plans. As a result, we concluded that the Department was not fully prepared to provide a coordinated response to a potential WMD attack.
In addition to examining the Departmentís readiness at the headquarters level to respond to a potential WMD, this report also examined the readiness of Department componentsí field offices in the District of Columbia and nearby jurisdictions in Virginia and Maryland (the National Capital Region) to respond in a coordinated way to a WMD incident in the greater Washington area.
A WMD is defined by a National Security Presidential Directive as including any device intended to cause death or serious bodily injury to a significant number of people through the release of toxic chemicals, disease organisms, or radioactive material. One of the greatest concerns is that a WMD may fall into the hands of terrorists or that terrorists will develop their own WMD.
Our review found that the FBI has taken appropriate steps to prepare to respond to a potential WMD attack. For example, the FBI has implemented a program that has established WMD response plans, provides WMD training to its staff on responding to a WMD incident, and regularly conducts and participates in WMD response exercises.
However, the Department had not implemented adequate WMD response plans. We found, for example, that the Department did not assign one entity or individual with the responsibility for the central oversight or management of WMD incident response. The Department had not updated its policies to reflect recent national policies for responding to a WMD incident, and the Departmentís operational response policies and plans had not been fully implemented.
In addition, no Department law enforcement component other than the FBI had specific WMD operational response plans or provides training and exercises on responding to a WMD incident. While the DEA, ATF, and the USMS each have groups that manage all-hazards responses, they do not include specific preparations for WMD incidents and they do not regularly participate in national, state, or local exercises involving WMD incidents.
The National Response Framework, issued in January 2008 by the Department of Homeland Security (DHS) and approved by the President, is designed to prepare federal agencies for responding to all domestic emergencies, including a WMD incident. Under the National Response Framework, the Department is assigned the responsibility for coordinating federal law enforcement activities in response to a WMD attack and for ensuring public safety and security if the incident overwhelms state and local law enforcement. The Department designated ATF as the lead agency to fulfill these responsibilities under the National Response Framework. Our review found that neither the Department nor ATF was prepared to fulfill this responsibility. For example, the Department and ATF had not made personnel assignments to manage these activities, and ATF had not developed a catalog of law enforcement resources Ė people and equipment Ė available to be deployed in the event of a WMD incident. In addition, ATF had only trained its personnel in field offices in states prone to hurricane activity for an incident activation resulting from a hurricane; it had not provided training on responding to a WMD incident.
Our review also found that, in the National Capital Region, law enforcement agencies coordinate and plan regularly for all types of incidents (including a WMD) when they prepare for the frequent special events held here, such as presidential inaugurations and visits by heads of state. However, we found that with the exception of preparing for special events, WMD incident response planning depends primarily on FBI resources and capabilities. For example, the FBIís Washington Field Office is the only Department component field office in the National Capital Region with a written plan and checklist to respond specifically to a WMD incident. Moreover, the DEA, ATF, and the USMS in the National Capital Region have conducted little or no planning specifically for responding to a WMD incident and do not have defined roles in the FBIís WMD response plans. Our review also found that some officials in these field offices were not even aware of the Departmentís responsibilities under the National Response Framework or that the Department had designated ATF as the lead agency for ensuring public safety and security if state and local law enforcement is overwhelmed in the aftermath of a WMD incident.
The OIG made five recommendations to help the Department better prepare to respond to a WMD incident, including designating a person or office at the Department level with the authority to manage the Departmentís WMD operational response program, updating the Departmentís and componentís response policies to conform to recent national policies, establishing effective oversight to ensure that components maintain WMD response plans and participate in WMD training and exercises, and ensuring the Department is prepared to fulfill its responsibilities under the National Response Framework. †
In response to our report, the Department concurred with our recommendations and assigned to the Associate Deputy Attorney General for National Security the responsibility for coordinating all Department policies associated with continuity of operations, continuity of government, and emergency response at the scene of an incident. The Department also established a committee to develop policy, training, and strategies to ensure that the Department as a whole is ready to respond to a WMD event.†
The Federal Information Security Management Act (FISMA) requires the Inspector General for each agency to perform an annual independent evaluation of the agencyís information security programs and practices. The evaluation includes testing the effectiveness of information security policies, procedures, and practices of a representative subset of agency systems. The Office on Management and Budget (OMB) has issued guidance to agencies for their FISMA requirements.
For FY 2009, the OIG audited the security programs of five Department components:† the BOP, FBI, Federal Prisons Industries, Inc. (FPI), Justice Management Division (JMD), and the USMS. Within these components, we selected for review two classified systems within the FBI and four sensitive but unclassified systems in the other components:† BOPís Hires System, FPIís Services Business Group, JMDís Interim Procurement System, and USMSís Automated Prisoner Scheduling System. In these audits, we identified deficiencies in configuration management, certification and accreditation processes, account management, plans of action and milestones management, contingency plan testing, security awareness training, and privacy plan management. We provided more than 90recommendations for improving implementation of the Departmentís information security program and practices for its sensitive but unclassified, classified, and national security systems.
For FY 2010, we are reviewing the security programs of eightDepartment components:† the U.S. National Central Bureau of INTERPOL (INTERPOL), Executive Office for U.S. Attorneys (EOUSA), Office of Justice Programs (OJP), National Security Division, FBI, ATF, DEA, and JMD. Within these components, we selected for review five classified systems within NSD, FBI, DEA, and JMD. In addition, we also selected four sensitive but unclassified systems in the other components:† INTERPOLís Envoy System, EOUSAís Case Management Enterprise System, OJPís National Criminal Justice Reference Service, and ATFís National Field Office Case Information System.† The OIG plans to issue separate reports evaluating each of these systems.
Section 1001 of the USA Patriot Act directs the OIG to receive and review complaints of civil rights and civil liberties abuses by Department employees, to publicize how people can contact the OIG to file a complaint, and to submit a semiannual report to Congress discussing our implementation of these responsibilities. In August 2010, the OIG issued its 17th report summarizing its Section 1001 activities covering the period from January 1, 2010, to June 30, 2010. The report described the number of complaints we received under this section and the status of investigations conducted by the OIG and Department components.
Single Audit Act Reports
OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, establishes audit requirements for state and local governments, colleges and universities, and nonprofit organizations receiving federal financial assistance. Entities that expend more than $500,000 in federal financial assistance must have a ďsingle auditĒ performed annually covering all federal funds. Single audits are conducted by state and local government auditors and by independent public accounting firms. The OIG reviews these audit reports when they pertain to Department funds in order to determine whether the single audit reports meet the requirements of OMB Circular A-133 and generally accepted government auditing standards. In addition, the OIG reviews single audit reports to determine if they contain audit findings related to Department grants. As a result of the OIGís review of the single audits, during this semiannual period the OIG issued to the Departmentís granting agencies 64 single audit reports encompassing 365 contracts, grants, and other agreements totaling more than $140 million. The OIG also monitors these audits through the resolution and closure process.
The single audits disclosed that costs charged to Department grants were not always adequately supported, and that required financial reports were inaccurate and frequently were not filed in a timely manner. The state and local government auditors and independent public accounting firms who conducted the single audits also found examples of inadequate controls over the procurement process and the equipment and assets purchased with Department grant funds. They also reported that grantees did not adequately monitor their grant sub-recipients to ensure that the sub-grantees were properly accounting for the grant funds and ensuring compliance with the terms and conditions of the grant.
The FBI and the Departmentís National Security Division share responsibility for identifying, investigating, and prosecuting persons who provide financial support to terrorist organizations. The OIG is examining whether the FBI and the National Security Division are appropriately handling and coordinating these responsibilities.
The OIG is reviewing the Departmentís use of material witness warrants. The review is examining trends in the Departmentís use of material witness warrants over time, controls over their use, and the Departmentís treatment of material witnesses in national security cases, including issues such as length of detention, conditions of confinement, and access to counsel.
Integrated Wireless Network
The OIG is conducting a review of the Departmentís Integrated Wireless Network program, which is a joint effort of the Department, DHS, and the Department of the Treasury to provide a secure, interoperable nationwide wireless communications network.
The OIG is evaluating the operation of the Electronic Intergovernmental Agreement system, which is used by the Office of the Federal Detention Trustee and the USMS to determine compensation for state and local detention facilities who house federal detainees.
Justice Security Operations Center
The OIG is reviewing the Justice Security Operations Center, which helps protect the Departmentís information technology infrastructure and sensitive data from cyber attacks. This audit is evaluating the Centerís capabilities regarding intrusion incidents and assessing its coordination and information-sharing with other Department and federal agencies.
The OIG is examining the management of the FBI and DEA aviation operations.
The Departmentís International Prisoner Treaty Transfer Program
The OIG is reviewing the Departmentís role in the repatriation of non-citizens incarcerated in federal prisons through the international prisoner treaty transfer process. The review is assessing the Departmentís process to approve or deny inmatesí requests to serve their sentences in the foreign countries in which they are citizens.