UNITED STATED DEPARTMENT OF JUSTICE
Office of Information Law and Policy
Washinton, D.C. 20530

May 16, 1980

MEMORANDUM

TO: All Federal Departments and Agencies
          Attention: Principal Legal and Administrative Contacts on Freedom of Information Act (FOIA) Matters

FROM: Robert L. Saloschin, Director
          Office of Information Law and Policy

SUBJECT: Legal and Policy Guidance - Status of Internal Audit reports under the Freedom of Information Act, 5 U.S.C. 552.

(Note: The following memorandum1 is an interpretation of law and a statement of policy within the meaning of 5 U.S.C. § 552(a)(2)(B) which was adopted on the above date and which is being placed in the Department of Justice reading room.)

This memorandum discusses the application of the Freedom of Information Act to internal audit reports of federal agencies and offers general guidance on the advisability of releasing or withholding such documents. As used herein, the term internal audit report means a report of an audit by agency personnel of activities in the same or some other federal agency, made for purposes which, at least initially, are of a management nature, that is, to determine whether the efficiency, economy, effectiveness, financial aspects, or other features of the activities are satisfactory or should be changed. Agency auditors also perform external audits of nonagency activities for purposes such as contract or grant administration, tax administration, and/or law enforcement, but the guidance in this memorandum may not be fully applicable to reports of those types of audits.

The general rule under the Act is that "any person" is entitled upon request to have access to any "agency record" -- a term which generally covers any record which belongs to an agency -- unless the record is covered by one or more of the nine exemptions in subsection (b) of 5 U.S.C. 552. Even when a record contains exempt information, the other portions of the record must usually be released. The requester must give a reasonable description of the records he wants to see, but a general description is adequate if that is all the requester can provide and the agency is capable of identifying the records he wants. Requests for existing agency records that are made in "accordance with published rules" of the agency must either be honored, or if denied in whole or part, the denial must be based on the exemptions. The statutory term "agency record" should be broadly construed to cover any document which the agency owns, including records on computer tapes, etc.

If an agency withholds records from a requester, he may sue for them under the Freedom of Information Act, in which event the government bears the burden of proving that the records are exempt, and the court may personally examine the records being sued for.

Even exempt records may be voluntarily released by an agency (sometimes called a "discretionary release"), unless release is prohibited by some other law. The Privacy Act is an example of such a law, but that Act generally applies only to records that are part of "systems" of records within the meaning of that Act, while the Freedom of Information Act applies to all agency records. (The question whether audit reports in some agencies are parts of such "systems" is beyond the scope of this memorandum.)

The voluntary disclosure of an exempt record to one person does not ordinarily deprive the agency of the option of denying access to the same record or similar records to another person if there is a reasonable basis for the difference in treatment, unless the second person is situated similarly to the first one so that denying access on the second request would be unfair, discriminatory, or an abuse of discretion. Thus, an audit report or a draft audit report containing exempt matter might properly be shown to a former agency employee to whose work the report pertained to obtain his valuable comments or to help the employee protect his reputation without extending similar access to the world. And a discretionary release to a Congressman or to a state, local or foreign official in the interest of furthering cooperative performance of functions does not usually compel release to the world. However, as a general rule, equal treatment of requesters is preferable even in those cases where it may not be mandatory, and an agency may as a matter of policy provide by regulation for the availability to the public of certain types of audit reports in specified circumstances.

Subsection (c) of the Act states: "This section is not authority to withhold information from Congress." That provision, despite some recent confusion, has been construed generally to mean that a congressional committee or subcommittee with jurisdiction over the subject matter or the General Accounting Office cannot be denied access to any agency record on the basis of an exemption.

To maximize the chances of being correct in determining whether any given record is or is not exempt under the Freedom of Information Act, inquiry should go beyond the question what type of record it is, and should include "eyeballing", i.e., checking the actual contents of the record, and checking the circumstances and purposes of its creation or acquisition and use. Such checking will sometimes show the record is quite different from what is was assumed to be.

Subject to such a possibility, it can be said that audit reports generally are likely to be covered at least in part by the "deliberative privilege" under the 5th exemption. That exemption applies generally to communications within the executive branch of the government that are privileged. The purpose of the deliberative privilege is to encourage candid communications within the government in order to help arrive at better decision-making than would occur if government personnel (or decision-makers) were inhibited in expressing (or inviting) their honest opinions and recommendations for fear of outside criticism or pressures. However, the courts have generally held that internal documents of a factual nature, and factual portions of internal documents that are severable from the rest of the document, are not protected by the deliberative privilege, unless the factual material is inextricably intertwined with opinions, recommendations, or policy-making processes.2 And a record that is protected by the deliberative privilege may lose that protection if it is "adopted" or incorporated by reference in a decisional document.

The question whether the factual parts of a particular document are covered by the 5th exemption may be very difficult and uncertain even for experts on freedom of information law. However, if the factual material in an internal document is not protected under the 5th exemption, it may sometimes be covered by some other exemption.

The other exemptions that are fair possibilities for covering the factual portions of an internal audit report are exemptions 6 and 7. The 6th exemption is designed to protect individual privacy, and covers most matter in an individual's medical and personnel files as well as similar information of a personal and private nature. Depending upon the circumstances, it may protect an individual's home address and other aspects of his private life. It may also protect information about an individual's personal history in school, work, etc., particularly if such information could be prejudicial to the individual. Whether particular information about an individual is covered by Exemption 6 is often a close question, and it cannot be resolved just by considering whether the majority of people would prefer to limit circulation of that type of information about themselves. On this question, the Attorney General's "Blue Book" on the 1974 FOI Amendments has a discussion which is pertinent here,3 especially the statement that privacy is involved in "information about an individual which he could reasonably assert an option to withhold from the public at large because of its intimacy or its possible adverse effects upon himself or his family."

It is impracticable to list all the kinds of information which might fit under this principle in particular cases. If the information is of this nature, there is a further question whether the invasion of privacy from its disclosure would be "clearly unwarranted." That question depends on whether there is a significant public interest favoring release of the information which outweighs the privacy interest. If an audit report containing facts protected under the 6th exemption is sought under the Act, the solution would ordinarily be to delete either the name and other identifying information of the individual, or if the requester knows or is likely to discover the identity of such individual despite such deletion, to delete the privacy information itself, before releasing it.

The 7th exemption, which was amended in 1974, is designed to protect "investigatory records compiled for law enforcement purposes" if their disclosure would result in a type of harm specified in classes (A) through (F) of the exemption. The term "law enforcement" is narrower than "executing the laws" or "carrying out the laws," in that "law enforcement" is activity which is targeted against violations of law. Thus, the 7th exemption does not include investigations that were basically conducted for improving the management, efficiency, or the quality of government operations. This means that the 7th exemption would usually not cover reports of internal audits. To be "for law enforcement purposes" an investigation (with the exception of background personnel security investigations) must be directed against possible violations of law having some sanction, e.g., criminal prosecution, injunction, civil penalty, suspension of a license, etc. However, an internal audit initiated for normal management purposes may be converted into an investigation for law enforcement purposes if indications of fraud or other illegal conduct are found and are investigated further, thus turning the audit toward a law enforcement purpose In such a case the disclosure of an internal audit report to an employee or other person who is suspected of fraud or illegality may tend to weaken somewhat the government's ability to invoke the 7th exemption, since one of the purposes of the 7th exemption is to prevent premature disclosure of the government's case to a prospective defendant, and that would no longer seem to be a factor if the report had been shown to such a person. For an analysis of the amended 7th exemption including clause (A) through (F), see the Attorney General's "Blue Book" on the 1974 FOI Amendments, pp. 4-13.

Protection of facts in an internal audit report may be somewhat less likely under either the 2nd or 4th exemptions. The 2nd exemption is for matters "related solely to the internal personnel rules and practices of an agency." The courts have said this applies to minor internal administrative matters in which there is no significant public interest.4 For example, an internal audit report might contain information about lunch hour arrangements, parking rules, methods of collecting attendance and leave information, filing procedures, time needed to go to the copying machine, etc., to which Exemption 2 might apply.

The 4th exemption, for confidential business information is chiefly designed to protect businesses from competitive injury through disclosure of confidential commercial or financial information which theses businesses submitted to the government. It does not apply to governmentally-generated information even where the information relates to and would adversely affect a business firm. Thus, it does not protect the results of government tests on commercial products, but it would protect government-prepared reports to the extent they restate protected information from the business firm. Exemption 4 material is more likely to be found in an external rather than an internal audit report. Sometimes information which was commercially confidential when received is no longer so when a request for the record containing it is received, because time or events have taken away the information's potential for injuring the submitter's competitive position.

If an internal audit report contains facts given in confidence by an employee, so that release of the facts would breach the confidence of the employee, there may nevertheless be real difficulty in finding a legal basis (an exemption) to withhold such facts. If the facts relate to the employee himself, access sought by others may be deniable under Exemption 6, as discussed above. Where the facts do not relate to the employee except that he is the source of such facts, his privacy may still justify withholding his identity as the source if disclosing his identity would subject him to likely injury, harassment or similar adverse effects. If he furnished the facts as a part of a selective or argumentative presentation of his recommendation or views on a question of what the agency should do, the deliberative privilege under Exemption 5 may apply. Finally, in cases in which an audit had taken on the aspects of a law enforcement investigation as discussed above, information from an employee given in confidence, at least to the extent the information would tend to reveal his identity, would be protected under the 7th exemption, clause (D). However, in the unlikely event that an internal audit report is filed and retrieved in such a manner as to be part of a "system" of records under the Privacy Act, a request for access by the individual who is the subject of the report can be denied, as to the parts of the report which pertain to him, only under both Privacy Act exemptions and FOIA exemptions.

It should be remembered at all times that the thrust of FOIA is toward disclosure, and that compliance with the Act is monitored by the courts, congressional committees, the Justice Department, the press, various public interest groups, and others. Requests under the Act must be processed promptly in accordance with the time limits provided in the 1974 amendments and with agency regulations. It is not necessary to obtain the approval of the audited organization before a report is released, although it is sometimes wise to consult informally with those who are the subject of audits to assist in making a determination of the applicability of an exemption or of the current desirability of voluntarily releasing despite the exemption. Where certain parts of a report contain exempt material that is to be withheld, the balance of the report should normally be released. Also, the passage of time often tends to erode the practical justification for using exemptions, and it sometimes also changes the facts upon which the legal availability of an exemption may have previously rested.

Further guidance on the interpretation of the Freedom of Information Act can be obtained from the general counsel's office in your agency, which is expected to consult the Justice Department's Office of Information Law and Policy (OILP) on FOIA matters involving uncertain, important, or novel questions. OILP also provides various written reference and guidance materials for agency personnel working on FOIA matters, including a quarterly newsletter, FOIA Update.

_________________________________________

1 This memorandum evolved from advice originally prepared In February 1973 at the request of the internal audit staff of this Department. The 1973 advice was revised in October 1975 to take account of the 1974 FOIA Amendments and of experience in using the advice in counseling other agencies on questions about their records of internal audit, activities. The continued rapid development of FOIA caselaw and the continued need for guidance on this subject led to another revision in April 1980 which was circulated to this Department's Freedom of Information Committee and, with minor modifications, appears herein.

2 On the question whether to use the deliberate privilege in particular cases, see "Policy Guidance -- When to Assert the Deliberative Privilege under FOIA Exemption Five" in FOIA Update, Vol. 1, No.1, Autumn 1979, issued by DOJ-OILP, pp. 3-5, summarizing our nine-page memorandum of June 6, 1979 on the same subject.

3 "Attorney General's Memorandum on the 1974 Amendments

to the Freedom of Information Act," February 1975, at pp. 9-10. (The discussion cited is not of exemption 6 as such but of very similar language in exemption 7(C).)

4 The 2nd exemption also has a bearing on whether manuals of instructions to auditing personnel can be withheld under the Act. There are court decisions going in both directions on the question whether certain manuals for the guidance of auditors in IRS, DOD, and other agencies are covered. In general, they are likely to be withholdable under Exemption 2 only to the extent that disclosure would materially prejudice auditing when it is conducted for law enforcement. When Exemption 2 is used for internal instructions on sensitive techniques for law enforcement work or the like, it is known as "high-2". Interpretations of law or of regulations in such manuals are generally not withholdable. Audit reports themselves, as distinguished from manuals for auditors, are unlikely to contain high-2 material.

Go to: Table of Contents // DOJ FOIA Page // Justice Department Home Page