While many of the OIG’s activities are specific to a particular component of the Department, other work covers more than one component and, in some instances, extends to Department contractors and grant recipients. The following describes OIG audits, evaluations, inspections, special reviews, and investigations that involve more than one Department component.
The OIG issued a report on the status of the Department’s implementation of the Unified Financial Management System (UFMS), a project to upgrade and consolidate six accounting systems used by the Department and its components. The OIG conducted this review of whether the UFMS project was on budget and being implemented according to schedule.
During our review, we found that the scope of the UFMS project had been significantly reduced. As a result of an Office of Management and Budget (OMB) review in 2010, the Department cut 20 percent of the UFMS project budget and will not pursue a single, unified financial system as planned. Rather than a single, unified financial system that previously was envisioned, the Department is planning to operate two financial management systems, UFMS and the Financial Management Information System 2 (FMIS2).
We found that the Department’s effort to implement the UFMS project experienced schedule delays and increased costs. In 2002, the UFMS project was expected to take 8 years to implement and cost $357.2 million, which included operation and maintenance coverage until 2012. The Department revised its cost estimate in April 2010 to $1.041 billion, adding an additional 3 years to the completion date, and extending the operation and maintenance coverage to 2021. As a result of the OMB review, the Department reduced UFMS project costs to $851 million.
We found that UFMS has only been implemented at two of the Department’s components, the DEA in January 2009 and ATF in October 2010. Following the DEA and ATF implementations, the Department will implement UFMS at the USMS and FBI. We believe that significant challenges remain with the implementation at the USMS and FBI, because these two components use more antiquated financial management systems than the systems that were in use at the DEA and ATF prior to the implementation of UFMS.
As a result of the changes made to the program by the Department after OMB’s review, UFMS will not be implemented at the BOP, Office of Justice Programs (OJP), and the Department’s Offices, Boards and Divisions. Instead, these Department components will continue to utilize FMIS2. The possibility remains that UFMS will be implemented at the BOP, OJP, and the Department’s Offices, Boards, and Divisions in the future; however, this conversion would be a separate project from the current UFMS project, and this new project would require both OMB approval and additional funding.
The OIG examined 10 Department conferences that cost $4.4 million. Overall, the Department hosted or participated in 1,832 conferences in FYs 2008 and 2009, at a cost of $121 million. This audit follows a 2007 OIG report that identified extravagant costs associated with food and beverages and event planning activities — categories identified as most potentially susceptible to wasteful spending.
* The Department did not compile conference expenditure reports for FY 2007 because there were no requests from Congress or legislative requirements to compile and report this information.
The current audit found that while the Department has instituted conference cost guidance since the 2007 report, individual components are not taking all necessary steps to minimize conference-related costs and eliminate wasteful spending. The audit found that two components, OJP and the Office on Violence Against Women (OVW), spent approximately $600,000 at five conferences to procure event planning services from training and technical assistance providers without demonstrating that these firms offered the most cost effective logistical services. The audit found that neither OJP nor the OVW required event planners to track and report salary and benefit costs. As a result, the congressionally mandated Department conference costs reports did not include over $500,000 of the $600,000 spent on event planning services for the five conferences we examined where training and technical assistance providers were used to plan conferences.
In addition to reviewing event planning services, the audit also reviewed the meals and refreshment charges from the 10 selected conferences. The audit found that some Department components did not minimize conference costs as required by federal and Department guidelines and had incurred costs that appeared extravagant and wasteful.
We also found that because the Department policy limiting meal and refreshment costs did not apply to conferences planned under cooperative agreements — funding vehicles used when components expect to be substantially involved in the work performed — certain components could circumvent meal and refreshment cost limits by funding conferences with cooperative agreements.
The report makes 10 recommendations, including that the Department uses training and technical assistance providers for planning conferences only when it can be demonstrated that it is the most cost-effective method of providing logistical services; that recipients of Department funds for conference planning be required to track their time and activities associated with such services; and conference cost reports provided to Congress include all event planner costs charged to the government. Overall, the Department generally concurred with the OIG recommendations.
After publication of the report, we received additional documents and information concerning the food and beverage costs at one of the ten conferences we reviewed. After further review of the newly provided documentation and information, and after discussions with the hotel that hosted the conference and the Department, we determined that our initial conclusions concerning some of the itemized costs of refreshments at this conference were incorrect. We issued a revised report in October 2011 reflecting the corrected information.
The OIG reviewed the operations of the Justice Security Operations Center (JSOC), which was established in 2007 to protect the Department’s information technology systems from cyber intrusions, attacks, espionage, and other cyber incidents. The audit assessed JSOC’s capabilities, and its cooperation and coordination with components and the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT), which provides response support and defense against cyber incidents and attacks for the Executive Branch. In addition to providing cyber incident response planning, training, and assistance to all components, JSOC works with components to prevent, monitor, mitigate, and resolve cyber incidents and attacks on the Department.
The OIG audit found that JSOC has many processes and procedures that appear to provide effective monitoring of network traffic and of information received from components and offices. The audit also found that JSOC reports cyber incidents to US-CERT and coordinates with components, and that components are generally satisfied with JSOC.
However, the OIG also identified needed improvements to JSOC’s monitoring and coordination activities. For example, the audit found that JSOC policy allows more time — potentially up to twice as long — for reporting incidents to US-CERT than US-CERT advises, and that JSOC has not developed specific guidance defining when a cyber incident is “widespread,” a category of incident that requires more immediate reporting to US-CERT. The audit also found that JSOC’s documentation of some cyber incidents is insufficient to enable adequate monitoring and resolution of the incident, and as a result, incidents can remain unresolved for an extended time.
The audit also concluded that six components have not provided all available information feeds to JSOC, thereby limiting JSOC’s ability to monitor cyber activity. Additionally, the audit concluded that the FBI does not report to JSOC incidents that the FBI categorizes as “under investigation,” a practice that may prevent JSOC from maintaining a comprehensive view of the network. These limitations on JSOC’s monitoring activities potentially increase the Department’s vulnerability to cyber intrusion or attack. We recommended that JSOC obtain necessary information feeds and incident reports from all components, including establishing a policy for the periodic reporting of incidents categorized as under investigation, to ensure that it can adequately monitor networks and respond effectively to cyber incidents.
The report made 20 recommendations to improve JSOC’s ability to report and manage information pertaining to cyber incidents and enhance the effectiveness of coordination between JSOC and components and offices, and the Department concurred with the recommendations.
This audit examined the Department’s processing of clemency petitions. The Department assists the President in the exercise of his constitutional power to grant clemency by providing advice and counsel on which to base his decisions. Requests for executive clemency are directed to the Office of the Pardon Attorney (OPA), which consults with other Department components, conducts necessary investigations, and prepares recommendations for the Deputy Attorney General, prior to transmittal to the White House for the President’s decision.
The audit found that the backlog of pending clemency petitions increased by 92 percent over 6 years, from 2,459 petitions at the beginning of FY 2005 to 4,714 petitions at the end of FY 2010. During this same time, the number of petitions processed by the OPA increased by 61 percent.
In addition, the audit found that, during the audit period, it took on average almost two years to process clemency petitions from the OPA’s receipt of the petition to the President’s final decision. We determined that a significant cause of the delay in processing clemency petitions was that components often did not respond to the OPA’s referrals within the period of time required by the components’ internal guidelines or the period of time requested by the OPA. Despite these guidelines, we found the average response time for a component receiving a referral was 124 days (4.1 months) per petition, ranging from 30 days (1 month) to more than 489 days (16.3 months).
|Average Referral Response Time Per Petition,
FYs 2005 – 2010
|Referral Agency||Average Time at
at Each Agency
|BOP (Referrals to Wardens Only)||105 days||15 days|
|USAOs||153 days||30 days|
|Civil Rights Division||263 days||30 days|
|FBI||343 days||120 days|
|Criminal Division||489 days1||30 days|
Although 8 of the 10 components receiving referrals from the OPA have established internal guidelines that require them to respond to the OPA, or to advise the OPA if an unusual delay is anticipated, the OIG found that these components generally did not comply with the 30 day timeframe and did not notify the OPA if additional time was required to provide a response to a referral. In addition, the OPA often did not follow up on outstanding referrals within the 60 days required by internal OPA policy. The OIG recommended that the OPA improve its procedures to ensure timely follow-up with components, processing referrals electronically when appropriate, and ensuring that the OPA’s case management system is updated regularly and accurately reflects changes in the status of referrals.
In addition to the average 9.8 months needed for the OPA to complete its initial review and recommendations, we found that petitions also remained pending with the Office of the Deputy Attorney General for an average of 142 days (4.7 months) as that office reviewed the OPA’s report and recommendation. The OIG recommended that the Office of the Deputy Attorney General develop policies, procedures, and timeframes for reviewing the OPA’s clemency reports and recommendations to help ensure that it responds to the OPA in a timely manner.
While the audit found that it took a total of almost 2 years to process clemency petitions from the OPA’s receipt of the petition to the President’s final decision, included in that figure was the average of 282 days (9.4 months) that petitions were at the White House awaiting a final decision by the President.
The OIG made 10 recommendations to assist the Department components in processing clemency petitions and referrals in a more efficient manner and in reducing the backlog of pending petitions at the Department. Nine out of ten components included in this audit agreed with the OIG recommendations and the OIG is working with the remaining component to resolve the disagreement.
The Federal Information Security Management Act (FISMA) requires the Inspector General for each agency to perform an annual independent evaluation of the agency’s information security programs and practices. The evaluation includes testing the effectiveness of information security policies, procedures, and practices of a representative subset of agency systems. OMB issued guidance to agencies for the FY 2011 FISMA requirements. OMB instructed agency Chief Information Officers, Inspectors General, and Senior Agency Officials for Privacy to report FY 2011 FISMA results to OMB by November 15, 2011.
For FY 2010, the OIG audited the security programs of eight Department components: the U.S. National Central Bureau of INTERPOL (INTERPOL), Executive Office for U.S. Attorneys (EOUSA), OJP, NSD, FBI, ATF, DEA, and JMD. Within these components, we selected for review four classified systems within the DEA, NSD, FBI, and JMD and four sensitive but unclassified systems in the other components: INTERPOL’s Envoy System, EOUSA’s Case Management Enterprise System, OJP’s National Criminal Justice Reference Service, and ATF’s National Field Office Case Information System. In these audits, we identified deficiencies in configuration management and security training. We provided 69 recommendations for improving implementation of the Department’s information security program and practices for its sensitive but unclassified, classified, and national security systems. The components agreed with our recommendations.
For FY 2011, we are reviewing the security programs for six Department components: the FBI, JMD, the BOP, USMS, Criminal Division, and the Tax Division. Within these components, we selected for review two classified systems within the FBI. In addition we also selected four sensitive but unclassified systems in the other components: JMD’s Endpoint Lifecycle Management System, the BOP’s TrueFone System, USMS’s Justice Prisoner and Alien Transportation System, the Criminal Division’s Justice Consolidated Office Network IIA, and the Tax Division’s Tax Office Automation System. The OIG plans to issue reports evaluating each of these systems.
In addition, FISMA requires an annual evaluation of the information security programs and practices of Intelligence Community (IC) agencies, which include the FBI. The Office of the Director of National Intelligence has the responsibility for analyzing, summarizing, and consolidating the IC OIG FISMA reports into one capstone annual report. Therefore, on September 9, 2011, we submitted IC FISMA Metrics Report for the FBI to the Office of the Director of National Intelligence.
Section 1001 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Patriot Act) directs the OIG to receive and review complaints of civil rights and civil liberties abuses by Department employees, to publicize how people can contact the OIG to file a complaint, and to submit a semiannual report to Congress discussing the OIG’s implementation of these responsibilities. In August 2011, the OIG issued its 19th report summarizing its Section 1001 activities covering the period from January 1 – June 30, 2011. The report described the number of complaints we received under this section and the status of investigations conducted by the OIG and Department components.
The following is an example of a case involving more than one component that the OIG’s Investigations Division investigated during this reporting period:
- On May 3, 2011, the Federal Express Corporation agreed to pay $8 million to settle allegations that the company and its affiliates violated the federal False Claims Act related to a contract with the government. In the wake of the 2001 terrorist attacks in New York and Washington, D.C., Federal Express couriers used “delivery exception codes” to reflect that increased security measures at government facilities were causing delays in the timely delivery of overnight Federal Express packages. A joint investigation conducted by the Department’s OIG Fraud Detection Office, the General Services Administration OIG, and the Department of Agriculture OIG determined that, even after heightened security measures subsided or became routine procedures for entering government locations, Federal Express couriers used “delivery exception codes” in order to excuse their own failures to deliver Priority Overnight packages by the specified time, thus avoiding the obligation to reimburse government customers under the company’s money-back-guarantee policy.
The OIG is reviewing the Department’s use of the material witness warrant statute, 18 U.S.C. Section 3144. The review is examining trends in the Department’s use of material witness warrants over time, controls over their use, and the Department’s treatment of material witnesses in national security cases, including issues such as length of detention, conditions of confinement, and access to counsel. Pursuant to the OIG’s responsibility under Section 1001 of the Patriot Act, the review is also addressing allegations of civil rights and civil liberties abuses in the Department’s post-September 11th use of the statute in the national security context.
The OIG is reviewing ATF's firearms trafficking investigation known as Operation Fast and Furious, and other investigations with similar objectives, methods, and strategies. The review is examining the development and implementation of the investigations; the involvement of the Department (including ATF, the Criminal Division, and USAOs) and other law enforcement or government entities in the investigations; the guidelines and other internal controls in place and compliance with those controls during the investigations; and the investigative outcomes.
The OIG is reviewing the Department’s role in the transfer of foreign national inmates incarcerated in federal prisons through the international prisoner treaty transfer program. The review is assessing the Department’s process to approve or deny inmates’ requests to serve their sentences in the foreign countries in which they are citizens.
The FBI and NSD share responsibility for identifying, investigating, and prosecuting persons and entities who provide financial support to terrorist organizations. The OIG is examining whether the FBI and NSD are appropriately handling these responsibilities and coordinating their efforts.
The OIG is conducting a follow-up audit of the Department’s internal controls over its terrorism reporting. The audit will determine whether the NSD, EOUSA, and the FBI took appropriate actions to implement the recommendations from the 2007 audit. We are also reviewing whether corrective actions implemented improved the components’ ability to gather, track, classify, verify, and report accurate terrorism-related statistics.
The OIG is conducting a follow-up audit of the Department’s Integrated Wireless Network project to evaluate its cost, schedule, and performance and assess progress in resolving concerns identified in the previous audit. The Integrated Wireless Network is a joint effort of the Department, and the Departments of Homeland Security and the Treasury to provide a secure, interoperable nationwide wireless communications network.
Administrative Suspension, Debarment, and Other Internal Remedies within the Department
Suspension and debarment actions preclude individuals or entities from participating in government contracts, subcontracts, loans, grants, and other assistance programs. Federal agencies can suspend or debar a party for reasons such as a conviction, an indictment for a criminal offense, or a willful failure to perform to the terms of a contract or grant. The OIG is evaluating the Department’s implementation and oversight of suspension, debarment, and other enforcement tools designed to ensure federal agencies award federal funding only to responsible parties.
The OIG is conducting an audit of the Department’s reporting and maintenance of statutory debarment actions. The audit objectives are to determine the extent that cases qualifying for statutory debarment are reported for inclusion in the Excluded Parties List System (EPLS) by the litigating components of the Department, the completeness and accuracy of records uploaded to the EPLS for statutory debarment actions maintained by the Department, and the timeliness of reporting statutory debarment actions to the EPLS.
The OIG is performing an audit of the Department’s efforts to address mortgage fraud. Additionally, this audit will review component efforts to implement Department policy guidance, focusing on headquarters level programs and the coordination of components at the national level.
The OIG is conducting an audit of the Department’s efforts to ensure a safe, secure, and humane environment for federal detainees held in non-federal detention facilities. This audit originally focused on the Office of the Federal Detention Trustee’s efforts, but was expanded to recognize the role of other Department components, including the USMS.
Vetting Job Applicants
The OIG is reviewing the Department’s process for checking the references of applicants being hired across a variety of job areas within both the excepted and competitive services.
Components’ Security ClearancesThe OIG review will examine whether the Department effectively manages the security clearance process for employees and contractors to meet component mission and security requirements. It will also assess if there are backlogs throughout the Department and the Department’s success in meeting timeliness and reciprocity requirements of the Intelligence Reform and Terrorism Prevention Act of 2004.
- The average time includes three petitioners who were prosecuted by the Criminal Division’s former Counterespionage Section, which is now part of the NSD. We found these to be valid referrals because the referrals occurred during the time that the Counterespionage Section was a part of the Criminal Division and the Criminal Division was the primary prosecuting agency. Nonetheless, if these petitions were removed from our calculation, the average response time for the Criminal Division would be 233 days (7.8 months) per petition.