Office of the Inspector General (OIG)

OIG Semi-Annual Report to Congress:
October 1, 2007 - March 31, 2008

Table of Contents

Foreword

The National Archives and Records Administration's (NARA) Office of Inspector General (OIG) maintains the same wide breadth of responsibilities and duties as other OIGs, as defined in the Inspectors General Act of 1978 (amended). However, we have one duty which is focused and specific to NARA - to help safeguard the records of our Government residing at NARA and recover those records alienated from our holdings. In supporting this mission, the news media represents a true ally by providing us with the opportunity to inform and educate the American public about the risks we face as an institution and the positive role citizens and other institutions can play in helping mitigate this pernicious threat.

Thus, it was well received when Smithsonian Magazine elected to research and ultimately run a story in the April 2008 edition focusing upon one of the NARA OIG's Archival Recovery Team's (ART) significant successes. The article, entitled "To Catch a Thief," touches on all of the facets of the program. It defines how average citizens can come to our aid by reporting the sale of suspected Federal records and the professional and skilled manner in which ART responds. This was by any measure a successful operation, and I am glad to report that this success continues. Shortly after the close of this reporting period we were able to recover two Ulysses S. Grant- authored Presidential Pardons stolen from NARA in an earlier theft.

The OIG staff is passionate and committed in all facets of our work, both audit and investigative. I am proud of my employees for their tireless devotion and numerous accomplishments. I would be remiss if I did not offer a thank you to Smithsonian Magazine and author Steve Twomey who crafted such an informative and constructive article about the investigation and recovery of documents, and the ensuing successful prosecution of the thief.

Paul Brachfeld
Inspector General

Top of Page

Executive Summary

This is the 39th Semiannual Report to the Congress summarizing the activities and accomplishments of the National Archives and Records Administration (NARA) Office of Inspector General (OIG). A summary of NARA's top challenges is provided under the section titled "Top Ten Management Challenges." The highlights of our major functions are summarized below.

Audits

In this reporting period, the Audit Division continued to examine the security of NARA's Information Technology (IT) systems and assess economy and efficiency of NARA's programs. This work had positive impact upon agency operations and related controls in these critical areas. Recommendations directed to NARA officials will, upon adoption, translate into reduced risk for the agency and increased levels of security and control over NARA's financial assets, programs, and operations.

We issued the following audit reports during the reporting period:

  • Audit of the Process of Safeguarding and Accounting for Presidential Library Artifacts. Our audit, performed at the request of United States Senator Charles Grassley's office, sought to determine if the process of accounting for and safeguarding Presidential library artifacts was adequate. The audit revealed that (a) NARA is not accounting for artifacts in a timely manner, (b) technical and management controls over the automated database (i/O) used by NARA to manage its collections need to be strengthened, (c) opportunities exist to deaccession items that do not warrant long-term retention and drain scarce resources from higher-priority artifacts, (d) some artifacts are not maintained in appropriate space, and (e) NARA does not have a comprehensive list identifying "at risk" artifacts in need of preservation. Additionally, we found that while control weaknesses varied by library, there was a near universal breakdown in controls at the Ronald Reagan Library which has resulted in the library's inability to adequately account for and safeguard its museum collections. The weaknesses identified in this report contribute to NARA's preexisting material weaknesses in the Preservation program and Collections Security. We made five recommendations that, upon adoption, will help NARA better account for, safeguard, and preserve artifacts entrusted to NARA. Management concurred with all the recommendations. (Audit Report #08-01, dated October 26, 2007).

  • Audit of NARA's Compliance with the Federal Information Security Management Act (FISMA) for Fiscal Year 2007. Our audit, which assessed the adequacy of controls over information security and compliance with information security policies, procedures, standards, and guidelines, found significant weaknesses that can be attributed to deficiencies in the design and operation of internal controls within the Office of Information Services (NH). Due to the significance of these weaknesses, NARA cannot be assured its systems and data are adequately secured. As a result, information technology (IT) security is a material weakness within NARA. Some of the weaknesses we identified in our audit have been identified in previous FISMA evaluations and in Audit Report 06-09, "Review of NARA's Information Security Program," July 31, 2006. We made 21 recommendations that, when implemented, will assist the agency in establishing an information security program meeting FISMA and NIST requirements. Management agreed with our recommendations and initiated corrective action. (Audit Report #08-05, dated March 20, 2008.)

  • Audit of NARA's Development of the Holdings Management System (HMS). This audit, which assessed the management and decision-making process used by NARA in completing and approving the HMS proposal, disclosed that the HMS system, while viable, was not developed in accordance with agency policies and procedures. NARA officials prepared the required project proposal for HMS; however, NARA management, we found, did not meet all requirements of NARA 801-2, Review of Information Technology Investments, when planning for and approving the HMS project. Specifically, we found that the (a) HMS Project Proposal was not in full compliance with Federal and NARA requirements; (b) project risks were incorrectly and inadequately identified; (c) analysis of alternatives, requirements, costs, and benefits were not sufficiently analyzed prior to approval of the project; and (d) approval of the project was not in accordance with NARA 801-2. In addition, we found that while HMS fits into NARA's enterprise architecture, NR's potential use of the Archives and Records Centers Information System (ARCIS) for inventory and space management of hardcopy permanent documents would not be in line with NARA's enterprise architecture and would duplicate some HMS functions. Overall, we made six recommendations to improve NARA's project planning and approval process. Management concurred with all the recommendations. (Audit Report #08-04, dated March 11, 2008.)

  • Audit of NARA's Fiscal Year 2007 Financial Statements. Clifton Gunderson LLP (CG), a public accounting firm, audited NARA's consolidated balance sheet as of September 30, 2007, and the related consolidated statements of net cost, changes in net position, financing, and the combined statement of budgetary resources for the year then ended. CG issued NARA an unqualified opinion on NARA's FY 2007 financial statements. This is the second year in a row NARA received an unqualified opinion. For FY 2007, GC did report one significant deficiency in internal control over financial reporting in the area of Information Technology resulting in 13 recommendations, which if implemented, should correct the matters reported. CG disclosed no material weaknesses and no instances of noncompliance with any provisions of the laws and regulations they reviewed. (Audit Report #08-03, dated November 20, 2007.)

  • Audit of NARA's Purchase Card Program. Overall we found no abuse from the sampled items we reviewed and are encouraged by management's oversight of the Purchase Card Program. However, opportunities exist to improve management controls and expand the program. Specifically, we found that (a) access to the Citibank online system was not terminated when no longer needed, (b) OMB Circular A-123, Appendix B, requirements were not fully addressed, (c) procurement files were not adequately documented, (d) the NARA listing of cardholders and approving officials was not accurate, (e) procurement requests and transactions were not adequately supported, (f) accounting budget object classes and accounting funds were misclassified, and (g) accountable property guidance was needed. We made 20 recommendations for improvement. Management concurred with our recommendations and began management actions. (Audit Report #08-02, dated November 14, 2007.)

  • Audit of NARA's Fiscal Year 2007 Management Control Program. The OIG performs an annual review to ensure that agency managers continuously monitor and improve the effectiveness of internal controls associated with their programs. This continuous monitoring in conjunction with other periodic evaluations provides the basis for the agency head's annual assessment of, and report on, internal controls as required by Federal Managers' Financial Integrity Act (FMFIA). Our initial assessment of the agency's FY 2007 assurance statement, as conveyed in our October 23, 2007, memorandum, was that the statement was inaccurate and underreported risk associated with NARA's preservation and processing programs. Subsequently, we performed a detailed review of individual office assurance statements and found inconsistencies in conducting and reporting internal control reviews. We found that many of the staff offices did not conduct formal internal control evaluations in accordance with their internal control plans, while other offices did not maintain documentation of such reviews in accordance with agency guidance. We made three recommendations designed to address the identified weaknesses. Management agreed with our recommendations and initiated corrective action. (Audit Report #08-06, dated March 7, 2008.)

Investigations

During this reporting period, the Office of Investigations (OI) opened 12 investigations, closed 14 investigations, and recovered 122 records. The OI also received 69 complaints and closed 47 complaints. Additionally, the OI conducted joint investigations with the FBI, the Department of Veterans Affairs OIG, the General Services Administration OIG, the Department of Homeland Security's Federal Protective Service, the Department of Transportation OIG, the Army CID, and the U.S. Postal Inspection Services. At the close of the period, there remained 37 open complaints and 32 open investigations

The Office of Investigation completed investigations in areas including:

  • Theft of Civil War records
  • Wrongful disposal of accessioned records
  • Lost/stolen patents
  • Lost/stolen Presidential records
  • Lost/stolen WWII maps
  • Improper handling of classified Presidential records
  • Assault
  • Convenience store theft
  • Threats toward NARA employee
  • Unauthorized access and disclosure of tax returns

Our investigative staffing level remains inadequate to fully discharge our duties. Presently, only three special agents share the investigative burden that comes with a 3,000-person, 37-facility, nationwide agency that includes the Presidential library system. While an additional agent position has recently been authorized, our broad-based area of operations, combined with our limited staffing, hampers our efforts in meeting our statutory mission of preventing and detecting fraud and abuse in the programs and operations of the National Archives and Records Administration. At present staffing levels, we are unable to perform any proactive investigative activity. Complex fraud, procurement, and other high-profile investigations cannot be adequately staffed to insure timely and appropriate resolution. More mundane investigations are frequently pushed back and sometimes allowed to go stale due to staffing responsibilities with greater priority. But for the impressive abilities of our assembled investigative team, the successes we have achieved in the present environment would not have been possible.

Top of Page

Management Assistance

  • During the reporting period, the OIG identified, and brought to management's attention, concerns focusing upon the security and handling of classified holdings received, maintained, and shipped by a NARA facility. While conducting an investigation, critical security and management control deficiencies were identified at the facility. Our office alerted senior management and the Information Security Oversight Office to these deficiencies, and conducted a joint site visit with them. Management has since taken steps to begin addressing these deficiencies. .

  • Distributed a first-ever OIG press release when news media stories on an OIG audit of Presidential library artifacts began mischaracterizing the audit findings.

  • Referred 12 cases from the Archival Recovery Team to the Office of General Counsel pursuant to NARA Directive 1462. We also met with General Counsel staff to refine the Archival Recovery Team process for case referral and resolution.

  • Provided assistance to the Office of Regional Records Services for a potential evidence room to be used by Immigration Customs Enforcement (ICE) and other law enforcement entities, by providing materials and advising on learning the needs of the law enforcement entities so a chain of custody set up in these storage facilities would meet the needs of NARA's customers.

  • Conferred with NARA's General Counsel and the Office of Special Counsel regarding a potential Hatch Act violation by a NARA employee.

  • Assisted in drafting a Request for Quote (RFQ) for an independent audit contract for reviewing the agency's personally identifiable information support services in line with Public Law 108-447 as amended by Public Law 110-161.

  • Briefed agency declassification clients on theft prevention and security of classified material.

  • Supported agency efforts to publicize the problem of record theft by cooperating with the Smithsonian magazine in an article on the pilfering of historic documents. .

  • Assisted numerous citizens and clients of the Archives who mistakenly contacted the NARA OIG by attempting to direct them to the correct agency or organization to address their concerns.

  • Ensured a more open and accountable government by responding to Freedom of Information Act requests pertaining to OIG records.

  • Ensured a more open and accountable government by responding to Freedom of Information Act requests pertaining to OIG records.

Top of Page

Introduction

About the National Archives and Records Administration

Mission

The National Archives and Records Administration serves American democracy by safeguarding and preserving the records of our Government, ensuring the people can discover, use, and learn from this documentary heritage. Further, the agency ensures continuing access to the essential documentation of the rights of American citizens and the actions of their government; and supports democracy, promotes civic education, and facilitates historical understanding of our national experience.

Background

NARA, by preserving the nation's documentary history, serves as a public trust on which our democracy depends. It enables citizens to inspect for themselves the record of what the Government has done. It enables officials and agencies to review their actions and helps citizens hold them accountable. It ensures continuing access to essential evidence that documents the rights of American citizens, the actions of Federal officials, and the national experience.

Federal records reflect and document America's development over more than 200 years. They are great in number, diverse in character, and rich in information. NARA's traditional holdings amount to 29 million cubic feet of records. These holdings also include, among other things, architectural/engineering drawings, maps, and charts; moving images and sound recordings; and photographic images. Additionally, NARA maintains 543,544 artifact items and 4.7 billion logical data records.

NARA involves millions of people in its public programs, which include exhibitions, tours, educational programs, film series, and genealogical workshops. In FY 2007, NARA had 34.9 online visits in addition to hosting 2.9 million traditional museum visitors, all while responding to 1.2 million written requests from the public. NARA also publishes the Federal Register and other legal and reference documents forming a vital link between the Federal Government and those affected by its regulations and actions. Through the National Historical Publications and Records Commission, NARA helps preserve and publish non-Federal historical documents that also constitute an important part of our national heritage. Additionally, NARA administers 12 Presidential libraries preserving the papers and other historical materials of all past Presidents since Herbert Hoover.

Resources

In FY 2008, NARA was appropriated an annual budget of approximately $411.1 million and 2,855 Full-time Equivalents (FTEs), which included appropriations of $315 million for operations, $58 million for the Electronic Records Archives (ERA) program, $28.6 million for repairs and restorations of facilities, and $7.5 million for grants. NARA operates 37 facilities nationwide.

About the Office of Inspector General (OIG)

The OIG Mission

The OIG's mission is to ensure that NARA protects and preserves the items in our holdings, while safely providing the American people with ready access to essential evidence of their rights and the actions of their government. We accomplish this by providing high-quality, objective audits and investigations; and serving as an independent, internal advocate for economy, efficiency, and effectiveness.

Background

The Inspector General Act of 1978, as amended, establishes the OIG's independent role and general responsibilities. The Inspector General reports to both the Archivist of the United States and the Congress. The OIG evaluates NARA's performance, makes recommendations for improvements, and follows up to ensure economical, efficient, and effective operations and compliance with laws, policies, and regulations. In particular, the OIG

  • assesses the effectiveness, efficiency, and economy of NARA programs and operations
  • recommends improvements in policies and procedures to enhance operations and correct deficiencies
  • recommends cost savings through greater efficiency and economy of operations, alternative use of resources, and collection actions
  • investigates and recommends legal and management actions to correct fraud, waste, abuse, or mismanagement

Further, the OIG investigates criminal and administrative matters concerning the agency; helping ensure the safety and viability of NARA's holdings, customers, staff, and resources.

Resources

The FY 2008 OIG budget is approximately $2,736,000 for operations. Prior to this reporting period, the OIG was authorized 17 FTEs, but during the period the OIG received authorization for two new FTEs: one for a new auditor position and another for a special agent position. At the close of the period the OIG was in the process of filling these two FTEs. When at full staffing, the OIG will have 19 FTEs: one Inspector General, three support staff, eight FTEs devoted to audits, six FTEs devoted to investigations, and a counsel to the Inspector General.

Top of Page

Activities

Involvement in the Inspector General Community

President's Counsel on Integrity and Efficiency (PCIE) and Executive Counsel on Integrity and Efficiency (ECIE) Legislation Committee

The IG served as one of two ECIE representatives to the Investigations Committee. The mission of the Investigations Committee is to advise the IG community on issues involving investigative functions, establishing investigative guidelines, and promoting best practices. The Investigations Committee relies on its Investigations Advisory Subcommittee to assist it in these efforts. The goal, therefore, is to continuously enhance professionalism within our investigator community.

Council of Counsels to Inspectors General (CCIG)

The OIG counsel participated in meetings of the CCIG and communicated regularly with fellow members. Multiple topics were raised, discussed, and addressed including Federal records regulations, issues involving electronic discovery, personal liability of government employees, issuing retired law enforcement credentials, protecting privileged federal documents from civil subpoena, civil actions by the DoJ, and information sharing in the law enforcement community

Federal Audit Executive Council (FAEC)

The Assistant Inspector General for Audits (AIGA) continued to serve as an ECIE representative to the FAEC. During the period, the AIGA attended FAEC's meeting to discuss topics such as financial statement audit issues, audit training, opinion reports on internal controls, and information security.

Response to Congressional Items

Presidential Artifacts Audit

During the last reporting period, Senator Charles E. Grassley, as Ranking Member of the Committee on Finance, with oversight responsibility of the National Archives, requested a detailed audit of the operations of NARA's Presidential libraries to include the security of Presidential artifacts. Presidential artifacts include collections of priceless and irreplaceable items, some of significant historical value. After completing fieldwork where OIG staff visited six Presidential libraries, the final report, "Process of Accounting for and Safeguarding Library Artifacts", was issued during this reporting period. Our audit revealed several deficiencies, including a near universal breakdown in controls at the Ronald Reagan Library, which resulted in the library's inability to adequately account for and safeguard its museum collections. Several recommendations were provided, and management concurred with all of them. (Audit Report #08-01, dated October 26, 2007.)

U.S. House of Representatives Committee on Oversight and Government Reform Request for Information

Pursuant to a request from the Chairman of the Committee on Oversight and Government Reform, the OIG prepared and submitted a report detailing all recommendations made by the OIG since January 1, 2001 which had not been implemented by agency officials. Management has consistently worked to implement OIG recommendations. The 113 page response included all "open" audit recommendations, including those management disagreed with and those which management agreed with, but had not yet completed corrective action. Concerning the most recent audits in 2007 and 2008, it should be noted that NARA management has agreed with us on the majority of the audit findings. However, they remain unimplemented because there has simply not been enough time for the process to work itself through to the point where the finding can be closed.

Third Party Privacy and Data Protection Review

In previous reports we disclosed that under the Consolidated Appropriations Act, 2005, Division H, Title V, Section 522 (Public Law 108-447), NARA was required to have an independent, third-party review of its privacy and data protection procedures to determine the accuracy of the description of the use of information in identifiable form; determine the effectiveness of privacy and data protection procedures; ensure compliance with stated privacy and data protection policies of the agency; and ensure that all technologies used to collect, use, store, and disclose information in identifiable form allow for continuous auditing of compliance with stated privacy policies and practices governing the collection, use, and distribution of information in the operation of the program. While this statute required the Inspector General to contract with an independent third-party; no funds were ever allocated, and this review was never done. During this reporting period, the law was amended by the Consolidated Appropriations Act, 2008, Division D, Title VII, Section 742 (Public Law 110-161), to delete the third-party contract requirement. However, funds have now been made available, and the OIG is currently working with NARA officials to secure a third-party contractor to review these important areas and come into compliance with this mandate.

Top of Page

Audits

Overview

This period, we issued:

  • six final audit reports

We completed fieldwork on the following assignment:

  • an audit of NARA's Researcher Card Program to determine whether management controls are adequate to ensure researcher information is accurate, verifiable, and properly safeguarded
  • an audit of NARA's Mail Management Program to determine whether controls are adequate and whether NARA is in compliance with Federal mail management policy and procedures
  • a survey of NARA's Configuration Management Program to assess risk associated with documenting, managing, controlling, and tracking changes.

We also continued work on the following assignments:

  • an audit of ERA contract invoices to determine if the invoice costs were reasonable and supported by sufficient documentation
  • an audit of NARA's Central Receiving Function to evaluate the effectiveness and efficiency of management controls
  • an audit of Management Controls over Accounting for Lost Property to assess whether management controls are adequate and provide reasonable assurance that lost inventory is properly documented and accounted for in NARA records
  • an audit of NARA's Workers' Compensation Program (WCP) to determine whether management controls are adequate for ensuring the efficiency, effectiveness, and integrity of the program
  • an audit of NARA's Vehicle Fleet Management to determine if fleet vehicles are appropriately used and fleet resources are properly controlled.

Audit Summaries

Audit of the Process of Safeguarding and Accounting for Presidential Library Artifacts

The Presidential Library system is comprised of 12 Presidential Libraries nationwide. This network of libraries is administered by the Office of Presidential Libraries, a part of NARA, located in College Park, MD. These are not traditional libraries, but rather repositories for preserving and making available historical materials (e.g., papers, records, artifacts) of U.S. Presidents since Herbert Hoover. Items received from the President or his representatives, or acquired from other sources, are to be added to the museum collection of the library, and responsible care is to be provided for them at all times. Among the holdings entrusted to these libraries are approximately 540,000 artifacts maintained by the Presidential libraries' museum staffs. These items include gifts from foreign heads of state, luminaries, and common citizens. Holdings range from high-value items, including firearms, jewelry, and works of art, coins, and currency, to tee shirts, trinkets, and curiosities. Museum staff is responsible for preserving and exhibiting artifacts to promote public understanding of the Presidential administration, the history of the period, and the career of the President.

The OIG performed an audit of the controls over artifacts to determine if the process of accounting for and safeguarding Presidential library artifacts was adequate. This audit was identified in the OIG's FY 2006 annual work plan. In addition, as field work commenced, the OIG received an inquiry from United States Senator Charles Grassley's office asking us to conduct a detailed audit of the operations of Presidential libraries and the activities of NARA to protect and preserve these collections.

Our audit revealed opportunities to strengthen accountability and control over artifacts. We found that (a) NARA is not accounting for artifacts in a timely manner, (b) technical and management controls over the automated database (i/O) used by NARA to manage its collections need to be strengthened, (c) opportunities exist to deaccession items that do not warrant long- term retention and drain scarce resources from higher-priority artifacts, (d) some artifacts are not maintained in appropriate space, and (e) NARA does not have a comprehensive list identifying "at risk" artifacts in need of preservation. As a result of these weaknesses, NARA lacks assurance that (1) current collections represent all of the artifacts with which NARA was originally entrusted, (2) missing items will be identified in a timely manner, and (3) items receive the conservation treatment necessary to ensure their continued preservation.

We also found that while control weaknesses varied by library, there was a near universal breakdown in controls at the Ronald Reagan Library, which has resulted in the library's inability to adequately account for and safeguard its museum collections. Of the approximately 100,000 artifacts maintained by the Ronald Reagan Library, we found the library had the information necessary to locate less than 20 percent of them. Based on sampling performed, we were unable to locate and adequately account for 13 items, one of them a vase noted as being located during the FY 2006 inventory of high-value objects. At the time of this audit, the OIG investigative unit was responding to allegations of theft of artifacts specific to the Reagan Library. This investigation was being adversely impacted due to internal control deficiencies cited in the body of the full audit report. Finally, we noted deteriorating items, broken picture frames and glass, and valuable vases and sculptures at risk of damage due to inappropriate storage in a locale noted for the potential of seismic activity.

Our report contained five recommendations, some containing sub-recommendations. Management concurred with the findings and recommendations and has undertaken action to address the findings. (Audit Report #08-01, dated October 26, 2007.)

Audit of NARA's Compliance with the Federal Information Security Management Act (FISMA) for Fiscal Year 2007

The overall audit objective was to assess the adequacy of controls over information security and compliance with information security policies, procedures, standards, and guidelines. Specifically, we determined the effectiveness of the NARA information security program by testing the information security policies, procedures, and practices over a representative sample of the agency's systems.

To accomplish our objective, we determined whether (a) NARA had plans and procedures to ensure continuity of operations for information systems supporting the operations and assets of the agency; (b) NARA had a certification and accreditation process consistent with Federal requirements; (c) NARA had procedures for detecting, reporting, and responding to security incidents; (d) NARA completed Privacy Impact Assessments for all systems identified as needing one; (e) NARA provided IT security awareness training for all personnel, including contractors, volunteers, Foundation staff, and any other users of information systems supporting the operations and assets of NARA.

Some of the weaknesses we identified in our audit were identified in previous FISMA evaluations and in Audit Report 06-09, "Review of NARA's Information Security Program," July 31, 2006. We continued to find significant weaknesses that can be attributed to deficiencies in the design and operation of internal controls within the Office of Information Services. Due to the significance of these weaknesses, NARA cannot be assured its systems and data are adequately secured. Strengthening management controls over the information security program by revising policy and procedures and then enforcing compliance with the procedures will help to ensure that control weaknesses are corrected and NARA complies with applicable laws and regulations in the future.

We made 21 recommendations that, when implemented, will assist the agency in establishing an information security program meeting FISMA and NIST requirements. Management agreed with all our recommendations. (Audit Report # 08-05, dated March 20, 2008.)

Audit of NARA's Development of the Holdings Management System (HMS)

The OIG evaluated the development of the Holdings Management System (HMS) to assess the management and decision-making process used by NARA in completing and approving the HMS proposal. To accomplish our objectives, we evaluated whether (a) Federal and NARA capital planning policies and procedures were followed; (b) analysis of alternatives and costs/benefits had been adequately performed; (c) requirement analysis had been executed; (d) project plans had been fully developed; and (e) performance metrics have been established.

Our review found that the HMS system, while viable, was not developed in accordance with agency policies and procedures. While NARA officials did prepare the required project proposal for HMS, NARA management we found did not meet all the requirements of NARA 801-2, Review of Information Technology Investments, when planning for and approving the HMS project. Specifically, we found that the (a) HMS Project Proposal was not in full compliance with Federal and NARA requirements; (b) project risks were incorrectly and inadequately identified; (c) analysis of alternatives, requirements, costs, and benefits were not sufficiently analyzed prior to approval of the project; and (d) approval of project was not in accordance with NARA 801-2. In addition, we found that while HMS fits into NARA's enterprise architecture, NR's potential use of the Archives and Records Centers Information System (ARCIS) for inventory and space management of hardcopy permanent documents would not be in line with NARA's enterprise architecture and would duplicate some HMS functions.

Using HMS as an example, our audit identified several improvements to be made in NARA's Information Technology (IT) Capital Investment Process. Overall, we made six recommendations to improve NARA's project planning and approval process. Management agreed with all recommendations. (Audit Report # 08-04, dated March 11, 2008.)

Audit of NARA's Fiscal Year 2007 Financial Statements

Clifton Gunderson LLP (CG), an independent public accounting firm, examined and reported on NARA's consolidated balance sheet as of September 30, 2007, and the related consolidated statements of net cost, changes in net position, and combined statement of budgetary resources for the year then ended.

CG issued an unqualified opinion of the FY 2007 and 2006 financial statements. CG reported one significant deficiency in internal control over financial reporting in the area of Information Technology resulting in 13 recommendations, which if implemented, should correct the matters reported. CG disclosed no material weaknesses and no instances of noncompliance with certain provisions of laws and regulations. Management concurred with CG's assessment and agreed to initiate corrective action.

We monitor CG's performance of the audit to ensure the audit is conducted in accordance with the terms of the contract and in compliance with GAO issued Government Auditing Standards and other authoritative references, such as OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements. We are involved in the planning, performance, and reporting phases of the audit through participation in key meetings, discussion of audit issues, and reviewing of CG's work papers and reports. Our review disclosed no instances wherein CG did not comply, in all material respects, with the contract or Government Auditing Standards. (Audit Report #08-03, dated November 20, 2007.)

Audit of NARA's Purchase Card Program

The objectives of the Purchase Card Program audit were to assess (1) compliance with laws and regulations, (2) efficiency of operations, and (3) adequacy of management controls to help prevent fraud, waste, and abuse by cardholders or others who attempt to manipulate the program.

The purpose of the Federal Purchase Card Program is to minimize the paperwork needed to make purchases, using proper authorization. Although purchase cards provide efficiency and savings to the Government, Purchase Card Programs are high-risk because they allow the same individual to order, pay for, and receive goods and services. This offers the potential for fraud, abuse, and improper transactions if not carefully monitored.

From November 24, 2005, through November 24, 2006, NARA processed 21,367 transactions at a value of $11,479,509. Opportunities exist to improve management controls and expand the Purchase Card Program. Specifically, we found the following:

  • Access to the Citibank Online Systems needs to be updated to prevent users who no longer need access from accessing the purchase card related data, and to ensure proper authority of users.
  • NARA's Purchase Charge Card Management Plan (Plan) does not address all the elements required by OMB Circular A-123, Appendix B, Improving the Management of Government Charge Card Programs.
  • Procurement files maintained by the Acquisitions Service Division lacked documentation supporting delegation of authority, spending limits, and training.
  • NARA's listing of cardholders and approving officials maintained by the Finance Branch differs in spending limits, cardholders, and approving officials from those reported in the Citibank Online System. We found two approving officials who were also cardholders within the system hierarchy and could potentially approve their own transactions.
  • In our test of a sample of transactions, we found instances wherein 1) sufficient documentation did not exist supporting procurement requests and/or transactions, 2) transactions over the micro-purchase threshold were not matched to purchase orders, 3) cardholders did not classify expenditures to the most appropriate budget object class code or fund, 4) accountable property was not recorded in NARA's Personal Property Management System, and 5) split purchases occurred.

We made 20 recommendations that, when implemented by management, will assist the agency in enhancing the purchase card program to meet OMB Circular A-123, Appendix B, requirements. Management concurred with all 20 of our recommendations and began implementation efforts. (Audit Report #08-02, dated November 14, 2007.)

Audit of NARA's Fiscal Year 2007 Management Control Program

The Federal Managers' Financial Integrity Act (FMFIA) of 1982 (Public Law 97-255) requires ongoing evaluations and reports of the adequacy of internal accounting and administrative control of each executive agency. The Act requires the head of each agency to annually prepare a statement on the adequacy of the agency's systems of internal accounting and administrative control. OMB Circular A-123 (Revised), Management's Responsibility for Internal Control, contains guidance for implementing FMFIA and requires management to annually report on internal control in its Performance and Accountability Report (PAR), including a report on identified material weaknesses and corrective actions. It also provides that the agency head, in preparing the annual assurance statement, should consider input from the Office of Inspector General.

Annually, the OIG performs a review to ensure that agency managers continuously monitor and improve the effectiveness of internal controls associated with their programs. This continuous monitoring in conjunction with other periodic evaluations provides the basis for the agency head's annual assessment of, and report on, internal controls as required by FMFIA.

Our initial assessment of the agency's FY 2007 assurance statement, as conveyed in an October 23, 2007, memorandum to the Archivist of the United States, determined that the statement was inaccurate and underreported risk associated with NARA's preservation and processing programs.

Subsequently, we performed a detailed review of individual office assurance statements and found inconsistencies in conducting and reporting internal control reviews. We found that many of the staff offices did not conduct formal internal control evaluations in accordance with their internal control plans, while other offices did not maintain documentation of such reviews in accordance with agency guidance. This was the result of a lack of familiarity with NARA 114, an incomplete understanding of internal controls, and management control plans that were improperly or too narrowly scoped. Due to a lack of, improperly documented, or improperly scoped internal control reviews, NARA inadequately identifies and manages inappropriately its assurance risks.

We made three recommendations. Management concurred with our findings and recommendations. (Audit Report #08-06, dated November 14, 2007.)

Investigations

Investigations Overview

During this reporting period, the Office of Investigations (OI) opened 12 investigations, closed 14 investigations, and recovered 122 records. The OI also received 69 complaints and closed 47 complaints. Additionally, the OI conducted joint investigations with the FBI, the Department of Veterans Affairs OIG, the General Services Administration OIG, the Department of Homeland Security's Federal Protective Service, the Department of Transportation OIG, the Army CID, and the U.S. Postal Inspection Services. At the close of the period, there remained 37 open complaints and 32 open investigations.

Updates on Previously Reported Investigations

Alleged Wire Fraud, Theft of Public Money, Money Laundering

An active duty sergeant in the U.S. Army was found to have removed multiple Official Military Personnel Folders from the National Personnel Records Center in St. Louis, MO. Upon recovery of the records, the OIG referred the case to the service member's command. The service member has transferred out of St. Louis. The case is under review by the U.S. Army Office of the Judge Advocate General.

Violation of NARA Security Policy

Several researchers were provided with special access to classified information to be reviewed in a NARA Classified Research Room, which is also a Sensitive Compartmented Information Facility or SCIF. While reviewing this information, multiple external contacts were allowed to be made from within the SCIF via the use of cell phones by the researchers in violation of NARA security policies. This case was declined for prosecution and is currently under review by NARA for potential administrative action.

Improper Access to Classified Material

A former NARA employee, now a volunteer and contractor, was provided inappropriate access to classified materials, during which he improperly removed copies of these materials in violation of NARA's classified information security policy. This investigation revealed that the individual was reviewing classified material in an attempt to secure business for his employer. While the individual possessed a security clearance, he did not have a need to know the information he accessed. This access violated NARA's policies and procedures governing classified information. This case was declined for prosecution and is currently under review by NARA for potential administrative action.

Top of Page

New Investigation Highlights

Missing World War II Maps

Target charts for the Hiroshima and Nagasaki bombing missions had been checked out of NARA by the Department of Defense in 1962. The maps were never returned to the Archives, are considered missing, and will be posted on the NARA OIG missing documents web page.

Violation of the Taxpayer Browsing Protection Act

A joint investigation with the Treasury Inspector General for Tax Administration (TIGTA) revealed that certain NARA employees had wrongfully inspected and disclosed the tax return information of various famous individuals. Disclosures were then made to persons not having a need to know and not employed with the U.S. Federal Government. The case was declined for prosecution. Two employees were suspended and one was issued a counseling letter.

Improper Handling of Classified Material

A Reagan administration official left Federal service with 193 boxes of Presidential records. He ultimately contacted NARA to turn over this material to the Archives. Archives staff began a review of the material and discovered two classified documents at which point the OIG was contacted. The OIG, working jointly with FBI, recovered the material from a storage facility in Virginia. A document-by-document review, conducted by the OIG, NARA staff, and the FBI, revealed 191 classified documents. The classified material was secured in a Sensitive Compartmented Information Facility (SCIF). The Department of Justice declined prosecution.

Missing Wright Brothers' Flyer Patent

This investigation substantiated that the original 1903 Wright Brothers' Flyer Patent file is missing. Copies of the patent file are maintained in NARA's Treasure Vault. The original patent file had been loaned to the Smithsonian for an exhibition in 1980. Upon its return to NARA, it subsequently disappeared, and is considered missing. It will be posted on the NARA OIG missing documents web page.

Suspicious Activity at Presidential Library

NARA staff at a Presidential library reported two men acting in a suspicious manner in the museum complex. The men were observed via the video surveillance system and appeared focused on the structural and security aspects of the facility, rather than on the exhibits. The men were observed throughout their visit and left the parking area in a rental vehicle. Both individuals were interviewed. No criminal or administrative violations were substantiated, and neither individual was deemed to pose a threat to NARA.

Assault

A contract security guard at NARA assaulted his supervisor inflicting minor injuries. The Department of Homeland Security Federal Protective Service responded to the incident and arrested the guard. The guard was removed from the contract and terminated by the contractor. He plead guilty to simple assault and was sentenced to supervised probation for one year and has to attend anger management classes.

False Claims

A subject contractor submitted claims for hours worked by unqualified personnel. This violated the terms of the contract with NARA. An assistant United States attorney declined the case for criminal prosecution. A United States civil attorney is considering the case for action.

Other Office of Investigation Activity

Archival Recovery Team (ART)

During this period, the Archival Recovery Team fielded 21 new complaints, and 14 complaints and 8 ongoing investigations were closed. In addition, 12 ART noncriminal cases were referred to NARA for a recovery determination. At the close of the period, 29 ART complaints and 8 ART investigations remained open.

As part of the ART outreach program, Office of Investigations staff attended the following exhibitions to educate the public about the NARA OIG and the ART:

  • In November 2007, ART members attended and displayed a table at the Autumn Gettysburg Civil War Show in Pennsylvania.

  • In November 2007, ART members attended and displayed a table at the 27th Annual Capital of the Confederacy Civil War Show in Richmond, VA.

  • In December 2007, ART members attended and displayed a table at the Middle Tennessee Civil War Show in Nashville, Tennessee. In addition, ART members attended the Heritage Auctions display near the show.

  • In December 2007, ART members attended the Second Annual Washington Capital Area Autograph and Manuscript Show.

  • In March 2008, an ART member spoke at the 2008 Annual Conference for the Society for History in the Federal Government. The subject matter was "Saving Government History." The presentation was titled "Archival Recovery Team - Pursuit of Stolen Treasure."

Archivist's Special Achievement Award

Special Agent Kelly Maltagliati received a Special Achievement Award from the Archivist of the United States for outstanding achievement in the investigation and recovery of Civil War records stolen from the National Archives. Her investigation led to a 15-month incarceration of the subject, and the recovery of 163 Civil War records stolen from the NARA-Mid Atlantic Region (Philadelphia).

Computer Crimes Unit

The Office of Investigations continues to support the development of its computer forensics lab. During this period, we sent staff to the Defense Cyber Investigations Training Academy's (DCITA) Online Undercover Techniques (OUT) course. Subsequently, we configured a workstation dedicated to online reconnaissance and online undercover work. The lab and our computer forensic examiner routinely supported a wide variety of criminal investigations throughout the reporting period.

OIG HOTLINE

The OIG Hotline provides a confidential channel for reporting fraud, waste, abuse, and mismanagement to the OIG. In addition to receiving telephone calls at a toll-free Hotline number and letters to the Hotline post office box, we also accept e-mail communication from NARA's internal network or the Internet through the Hotline e-mail system. Walk-ins are always welcome. Visit http://www.archives.gov/oig/ for more information, or contact us:

  • By telephone - Washington, DC Metro area: (301) 837-3500 Toll-free and outside the Washington, DC Metro area: (800) 786-2551

  • By mail - NARA OIG Hotline P.O. Box 1821 Hyattsville, MD 20788-0821

  • By e-mail - oig.hotline@nara.gov

The Office of Investigations promptly and carefully reviews calls, letters, and e-mail to the Hotline. We investigate allegations of suspected criminal activity or civil fraud and conduct preliminary inquiries on noncriminal matters to determine the proper disposition. Where appropriate, referrals are made to the OIG audit staff, NARA management, or external authorities.

Hotline contacts are captured as complaints in the Office of Investigations. The following table summarizes complaints received and Hotline activity for this reporting period:

Complaints received 69
Complaints closed pending response from NARA 15
Complaints closed final 32
Complaints Open to Investigations 10

Top of Page

Top Ten Management Challenges

Overview

Under the authority of the Inspector General Act, the NARA OIG conducts and supervises independent audits, investigations, and other reviews to promote economy, efficiency, and effectiveness and to prevent and detect fraud, waste, and mismanagement. To fulfill that mission and help NARA achieve its strategic goals, we have aligned our programs to focus on areas we believe represent the agency's most significant challenges. We have identified those areas as NARA's top ten management challenges, and they are listed below.

1. Electronic Records Archives (ERA)

NARA's challenge is to build a system that will accommodate past, present, and future formats of electronic records. The ERA Program did not meet its September 2007 goal of producing an initial operating capability for ERA with planned incremental improvements that will eventually result in full system capability. Instead, the ERA program has experienced delivery delays, budgeting problems, and contractor staffing problems. Now the program has shifted to a series of "drops," implementing the software in smaller increments, with an initial operating capacity pushed back to late June 2008. Further, the system component to handle White House e-mails has now been segregated out and is being pursued down a separate line of programming. The success of this mission-critical program is uncertain. The challenge will be to deliver and maintain a functional ERA system that will preserve electronic records for as long as needed.

2. Electronic Records Management (ERM)

NARA directs the Electronic Records Management (ERM) initiative, one of 24 Government-wide initiatives. The ERM initiative provides guidance to agencies in managing and transferring to NARA, in an increasing variety of data types and formats, their permanent electronic records. NARA and its Government partners are challenged with determining how to manage electronic records, and how to make ERM and e-Government work more effectively.

3. Improving Records Management

Part of NARA's mission is to ensure that Federal officials and the American public have access to essential evidence and documentation as soon as legally possible. NARA must work with Federal agencies to make scheduling, appraisal, and accessioning processes more effective and timely. The challenge is how best to accomplish this component of our overall mission and identify and react to agencies with critical records management needs.

4. Information Technology Security

Information technology continues to present major challenges for NARA. The authenticity and reliability of our electronic records and information technology systems are only as good as our IT security infrastructure. Each year, the risks and challenges to IT security continue to evolve. NARA must ensure the security of its data and systems or risk undermining the agency's credibility and ability to carry out its mission.

5. Expanding Public Access to Records

In a democracy, the records of its archives belong to its citizens. NARA's challenge is to more aggressively inform and educate our customers about the services we offer and the essential documentation to which we can provide access. Of critical importance is NARA's role in ensuring the timeliness and integrity of both the process for accessioning records into our collection and the process of declassifying classified material held at NARA.

6. Meeting Storage Needs of Growing Quantities of Records

NARA-promulgated regulation 36 CFR Part 1228, "Disposition of Federal Records," Subpart K, "Facility Standards for Records Storage Facilities," requires all facilities housing Federal records to meet defined physical and environmental requirements by FY 2009. NARA's challenge is to meet physical storage space needs while ensuring compliance with these regulations internally as well as by other agencies housing Federal records.

7. Preservation Needs of Records

As in the case of our national infrastructure (bridges, sewer systems, etc.), NARA holdings grow older daily and are degrading. The Archivist previously identified preservation as a material weakness under the Federal Managers' Financial Integrity Act (FMFIA) reporting process. However, in FY 2006, preservation was downgraded to a reportable condition. The OIG strongly disagrees with this. Preserving and providing access to records is a fundamental element of NARA's duties to the country. The current backlog of records needing preservation is growing. NARA is challenged to address this backlog and future preservation needs.

8. Improving Project Management

Effective project management is essential to obtaining the right equipment and systems to accomplish NARA's mission. Complex and high-dollar contracts require multiple program managers, often with varying types of expertise. NARA is challenged with planning projects, developing adequately defined requirements, analysis and testing to support acquisition and deployment of the systems, and oversight to ensure effective or efficient results within costs. These projects must be managed and tracked to ensure that cost, schedule, and performance goals are met.

9. Physical and Holdings Security

The Archivist has identified security of collections as a material weakness under the FMFIA reporting process. NARA must maintain adequate levels of security to ensure the safety and integrity of persons and holdings within our facilities. This is especially critical in light of the security realities facing this nation and the risks that our holdings may be pilfered, defaced, or destroyed by fire or other man-made and natural disasters.

10. Strengthening Human Capital

The GAO has identified human capital as a Government-wide high risk. NARA's challenge is to adequately assess its human capital needs in order to effectively recruit, retain, and train people with the technological understanding and content knowledge NARA needs for future success.

Top of Page

Reporting Requirements

STATISTICAL SUMMARY OF INVESTIGATIONS
Investigative Workload
Complaints received this reporting period 69
Investigations pending at the beginning of the reporting period 34

Investigations opened this reporting period

 12

Investigations closed this reporting period

 14

Investigations carried forward this reporting period

 32
Categories of Closed Investigations

Fraud

 0

Conflict of Interest

 0

Contracting Irregularities

 0

Misconduct

 2

Larceny (theft)

 7

Other

 5
Investigative Results

Cases referred - accepted for prosecution

7

Cases referred - declined for prosecution

 1

Cases referred - pending prosecutive decision

 3

Arrests

 1

Indictments and informations

 2

Convictions

 4

Fines, restitutions, judgments,, and other civil and administrative recoveries

 0

NARA holdings recovered

 122
Administrative Remedies

Employee(s) terminated

 0

Employee(s) resigned in lieu of termination

 1

Employee(s) suspended

 2

Employee(s) given letter of reprimand/warned/counseled

 2

Employees taking a reduction in grade in lieu of administrative action

 0

Contractor (s) removed

 1

SUMMARY OF PROSECUTORIAL REFERRALS Requirement 5(a) (4)

Accepted for Prosecution

Communicating Threats

A NARA employee who had been terminated subsequently began making threatening telephone calls to his former supervisor. The local district attorney's office accepted the case for criminal prosecution. The subject was found guilty of menacing and telephone harassment and was sentenced to a $500 fine and two years of unsupervised probation with an order of no contact with his former supervisor.

Fraudulent Receipt of Veteran's Benefits

Subject is alleged to have manipulated his service verification, performed by NARA, in order to fraudulently receive veteran's benefits. Subject has been indicted, and an assistant United States attorney has accepted the case for prosecution.

Assault

A contract security guard at NARA assaulted his supervisor inflicting minor injuries. The Department of Homeland Security Federal Protective Service responded to the incident and arrested the guard. The guard was removed from the contract and terminated by the contractor. He plead guilty to simple assault, was sentenced to supervised probation for one year, and has to attend anger management classes.

Declined for Prosecution

Suitability

A NARA contractor was removed from a contract for providing false information on his Declaration for Federal Employment. The individual was under criminal investigation at his previous agency, and his misconduct there had been substantiated. The contractor subsequently lied to the NARA OIG regarding his prior misconduct and was removed from the contract. An assistant United States attorney declined to prosecute this case.

Pending Prosecutorial Determination

Theft of Funds

Subject used a Presidential Library Foundation's credit card to purchase $70,000 to $140,000 of personal items and services. An assistant United States attorney is considering the case for prosecution.

Workers' Compensation Fraud

Subject is alleged to have falsely claimed an on-the-job injury in order to wrongfully receive benefits under the Federal Employees' Compensation Act. An assistant United States attorney is considering the case for prosecution.

Requirement 5(a)(6)LIST OF REPORTS ISSUED
Report No. Title Date Questioned Costs Un-supported Costs Funds Put to Better Use
08-01 Audit of the Process of Safeguarding and Accounting for Presidential Library Artifacts 10/26/2007 0 0 0
08-02 Audit of NARA's Purchase Card Program 11/14/2007 0 0 0
08-03 Audit of NARA's FY 2007 Financial Statements 11/20/2007 0 0 0
08-04 Audit of NARA's Development of the Holdings Management System 03/11/2008 0 0 0
08-05 Audit of NARA's Compliance with the Federal Information Security Management Act for FY 2007 03/20/2008 0 0 0
08-06 Audit of NARA's Fiscal Year 2007 Management Control Program 03/07/2008 0 0 0

 

AUDIT REPORT(S) WITH QUESTIONED COSTS
Category Number of
Reports 		DOLLAR VALUE
Questioned
Costs 		Unsupported
Costs

A. For which no management decision has been made by the commencement of the reporting period
1
$236,335
$0

B. Which were issued during the reporting period
0
$0
$0

Subtotals (A + B)
1
$236,335
$0

C. For which a management decision has been made during the reporting period
1
$236,335
$0

(i) dollar value of disallowed cost
0
$0
$0

(ii) dollar value of costs not disallowed
1
$236,235
$0

D. For which no management decision has been made by the end of the reporting period
0
$0
$0

E. For which no management decision was made within 6 months
0
$0
$0

AUDITS REPORTS WITH RECOMMENDATIONS THAT FUNDS
BE PUT TO BETTER USE
Requirement 5(a)(9)
CATEGORY NUMBER DOLLAR VALUE

A. For which no management decision has been made by the commencement of the reporting period

 0 $0

B. Which were issued during the reporting period

 0 0

Subtotals (A + B)

 0 0

C. For which a management decision has been made during the reporting period

 0 0

(i) dollar value of recommendations that were agreed to by management

 0 0

Based on proposed management action

 0 0

Based on proposed legislative action

 0 0

(ii) dollar value of recommendations that were not agreed to by management

 0 0

D. For which no management decision has been made by the end of the reporting period

 0 0

E. For which no management decision was made within 6 months of issuance

0 0


REQUIREMENT CATEGORY SUMMARY
5(a)(3) Prior significant recommendations unimplemented

None

5(a)(4)

Summary of prior referrals

None

5(a)(5)

Information or assistance refused

None

5(a)(10)

Prior audit reports unresolved

None

5(a)(11)

Significant revised management decisions

None

5(a)(12)

Significant revised management decisions with which the OIG disagreed

None

Top of Page

PDF files require the free Adobe Reader.
More information on Adobe Acrobat PDF files is available on our Accessibility page.

The U.S. National Archives and Records Administration
8601 Adelphi Road, College Park, MD 20740-6001
Telephone: 1-86-NARA-NARA or 1-866-272-6272