Departmental Management Challenges
Each year the Department identifies existing and potential management challenges, weaknesses, and areas in need of improvement. Two primary sources used to identify these issues are the Federal Manager’s Financial Integrity Act (FMFIA) reporting process, and the DOJ Office of the Inspector General (OIG) Top Ten Management Challenges.
As required under the FMFIA, the Department reports to the President all weaknesses in internal controls that the Attorney General deems material, along with detailed corrective action plans. Additionally, in November, the Inspector General issues a list of management challenges. Although the list is created from an auditor’s perspective, there are often areas of overlap between the OIG’s Top Ten Management Challenges and issues identified by the Attorney General. Both of the full reports follow.
Federal Managers’ Financial Integrity Act
Corrective Action Reports for FY 2003
|
U.S. DEPARTMENT OF JUSTICE Corrective
Action Report |
Date of Submission |
|||||||||
|
First Quarter Update: |
||||||||||
|
Second Quarter Update: |
||||||||||
|
Third Quarter Update: |
||||||||||
|
End of Year Report: |
09/30/03 |
|||||||||
|
Issue Title Computer Security Implementation |
Issue ID |
Organization Department |
||||||||
|
Date First 10/01/02 |
Original Target for Completion 12/30/04 |
Current Target for Completion 06/30/04 |
Actual Date of Completion |
Issue Type Program Material Weakness |
||||||
|
Source Title |
Date of Source Report |
Issue Type (DOJ Rating) Program Material Weakness |
||||||||
|
Issue Description Financial and Security Act audits and reviews conducted by the Department’s Inspector General and independent verification and validation (IV&V) reviews, penetration testing, self assessments, and certifications and accreditations continue to identify weaknesses in both classified systems and sensitive but unclassified (SBU) systems. Specific concerns include issues with management, operational, and technical controls that protect each system and the data stored on it from unauthorized use, loss, or modification. Because technical controls prevent unauthorized system access, the Department’s OIG concluded that the vulnerabilities noted in those areas were most significant. The most common vulnerability was with security standards and procedures, and password and logon management. Due to insufficient common standards and inadequate Department oversight, components have been given broad abilities to implement controls and too much latitude in establishing system settings. Additionally, vulnerabilities identified are more voluminous in the Department’s legacy networks and infrastructures. |
||||||||||
|
What We Will Do About It To address repeatable weaknesses in the Department’s implementation of computer security controls, the Chief Information Officer (CIO) released the Department’s Information Technology Strategic Plan in July 2002. The plan outlines how the Department is strengthening and refocusing its information technology (IT) program to meet the Department’s new counterterrorism mission and support the achievement of its strategic goals. In May 2003, the CIO established a Deputy CIO position at the Senior Executive Service (SES) level for IT security with responsibility for ensuring the full implementation of the Department’s IT security program to include all functions for policy and oversight. In addition, the CIO realigned resources within the CIO organization to increase the number of FTEs working on the Department’s IT security program by over 100 percent. This Staff will ensure that component classified and SBU systems have implemented the appropriate IT security controls and shall be responsible for ensuring that components identify corrective plans of action and milestones when the security controls are not met and for monitoring of these corrective action plans. In the past year, the Department has made significant progress in strengthening the Department’s IT security program and in implementing the requirements of the Federal Information Security Management Act (FISMA). These accomplishments include:
FY 2003 End of Year Update Milestone 1: In May 2003, an IT Security Staff, managed by a Deputy CIO was established under the CIO with responsibility for IT security policy, implementation, and oversight for both classified and SBU systems. (Closed) Milestone 2: (Closed) 17 minimum IT security implementation standards were developed. The 17 align with the NSIT areas of technical, operational, and management controls. Milestone 3: In September 2003, the Department completed an IT security architecture that is integrated into the Department’s enterprise architecture. The IT security architecture provides a security framework and structure to guide investments and systems in implementing IT security controls and provides for increased information sharing, security controls in boundary devices, network devices, and supports the Department’s PKI architecture. (Closed) Milestone 4: On-going. (Revised date of completion.) The DOJ-wide PKI requirements have been developed. DOJ drafted a certificate policy that is closely aligned with the federal policy and the Federal Bridge Certificate Authority (FBCA). In May 2003, a contract was awarded for the design and implementation of a Department root certificate authority (CA) and an FBI subordinate CA. The Department’s root CA and the first subordinate CA are expected to be operational in November 2003 and certificates will begin being issued to approximately 600 users during phase 1 in December 2003. Milestone 5: Ongoing. (Revised date.) Increase oversight and monitoring by enhancing and deploying to components a security control tool that tracks all known vulnerabilities, weaknesses, and corrective actions for both classified and SBU systems. Milestone 6: Delayed implementation due to Union coordination and piloting. On March 28, 2003, the CIO sent a memo to all DOJ employees announcing implementation of the Web-based Computer Security Awareness Training (CSAT) program. (Closed.) Milestone 7: Work is progressing. Implementation date has been accelerated. |
||||||||||
|
Milestones |
Original
Target |
Current
Target |
Actual Date of Completion |
|||||||
|
1. Establish a centralized Information Security Staff, reporting directly to the Department CIO, with responsibility for ensuring the appropriate security controls are implemented in the Department’s classified and SBU systems. |
12/02 |
01/03 |
01/03 |
|||||||
|
2. Develop minimum IT security standards for implementation of security controls for the Department’s classified and SBU systems. 12 standards have been identified. |
01/03 |
01/03 |
01/03 |
|||||||
|
3. Develop and document the Department’s IT security architecture at a high level that will be integrated into the Department’s enterprise architecture. The high level IT security architecture will provide for increased information sharing and will include boundary protection requirements, network requirements, and PKI architecture. |
09/03 |
09/03 |
09/03 |
|||||||
|
4. Plan, design and deploy a Departmentwide PKI. Establish a Project Management Office to manage the program and to coordinate with component initiatives. |
03/03 12/03 (pilot) 12/04 (deployment) |
03/03 12/03 Phase 1 (deployment) |
03/03 |
|||||||
|
5. Increase oversight and monitoring by enhancing and deploying to components the Security Management and Reporting Tool (SMART) that tracks all known vulnerabilities, weaknesses, and corrective actions. Expand oversight activities to include classified systems. |
02/03 03/03 |
02/03 03/04 (revised) |
01/03 |
|||||||
|
6. Develop and begin implementing a Departmentwide (with the exception of the FBI) web-based security awareness training tool (CSAT). |
01/03 |
04/15/03 |
03/28/03 |
|||||||
|
7. Identify common solutions and automated tools to monitor security compliance of network and system parameters and identify vulnerabilities. |
09/03 12/04 (implement) |
02/04 (revised) 06/04 (implement) |
||||||||
|
How We Will Know It Is Fixed By continuing to evolve the IT security program and meet the CIO’s IT strategic initiatives, we will be able to effectively implement IT security controls, reduce the number of vulnerabilities and repeat OIG findings, provide for greater trust of the Department’s systems, and further enable information sharing and collaboration. |
||||||||||
|
U.S. DEPARTMENT OF JUSTICE Corrective
Action Report |
Date of Submission |
|||||||||
|
First Quarter Update: |
||||||||||
|
Second Quarter Update: |
||||||||||
|
Third Quarter Update: |
||||||||||
|
End of Year Report: |
10/31/03 |
|||||||||
|
Issue Title Management of Information Technology Investments |
Issue ID |
Organization Federal Bureau of Investigation |
||||||||
|
Date First 2002 |
Original Target for Completion |
Current Target for Completion 09/04 |
Actual Date of Completion |
Issue Type Program Material Weakness |
||||||
|
Source Title OIG Audit Report 03-09 |
Date of Source Report 12/02 |
Issue Type (DOJ Rating) Program Material Weakness |
||||||||
|
Issue Description A December 2002 Office of Inspector General (OIG) audit report entitled, “Federal Bureau of Investigation’s (FBI) Management of Information Technology (IT) Investments,” stated that in the past the FBI has not given sufficient management attention to IT investments. As a result, the FBI has not fully implemented critical processes necessary for such management and has invested large sums of money on IT projects without assurance that these projects would meet intended goals. |
||||||||||
|
What We Will Do About It In January 2002, the FBI began implementation of an IT investment management process as a part of the FBI’s overall IT strategic management framework. To date, significant progress has been made toward creating a stronger foundation for IT management practices. Thirteen of 30 recommendations have been closed. The Department is working closely with the FBI to ensure the integration of the DOJ and FBI investment management processes and project oversight processes. Biweekly meetings are held between DOJ and the FBI on a broad range of major FBI IT issues, including the integration of the FBI IT investment management and oversight processes with the Department’s processes. DOJ representatives attend the FBI project status briefings (i.e., project management reviews) which have been initiated to review the project status on major FBI IT projects. In addition, the Department is working with the FBI to ensure the alignment of its investment management and project oversight processes with the FBI’s processes in the FBI’s “Project Management Handbook” which outlines the FBI’s IT investment management and project oversight processes. FY 2003 End of Year Update Milestones 1, 10, 11: The documents were delivered in January 2003. Milestone 2: Document delivered during August 2003. OIG noted simplified investment management process (IMP) removes the need for specialized training. Milestone 3: Project Management Functional Overview completed during last quarter of FY2003. Project Management Handbook will be completed by December 2003. OIG noted this milestone will be closed when the Project Management Handbook is delivered to them for review. Milestone 4: The project management function is residing in the Information Resources Division rather than as a separate formal Congressionally-approved entity. Milestone 5: Policy for all projects with life cycle costs of $10 million or greater is in place, but has not been implemented. Response showing project portfolio and projects with PMPs will be provided to the OIG in a November 2003 response. Milestone 6: IT asset inventory for the Information Resources Division has been completed and the OIG has closed the recommendation pertaining to completion and monitoring of the IT asset inventory. Additionally, the IT inventory assessment will begin no later than December 2004. After assessment, investment review boards will use the information as a decision-making tool. Other divisional IT assets will be inventoried and assessed over the remainder of FY 2004. Milestone 7: Document delivered during last quarter of FY2003. OIG noted it will close this recommendation when decision directives from project management and control gate reviews demonstrate key practices are regularly executed. The FBI expects to provide the OIG with feedback during November 2003. Milestone 8: Policies and procedures for identifying business needs and supporting documentation were delivered to the OIG. The OIG has closed this part of the milestone. Staff limitations have delayed the training element for this milestone. The FBI expects to have course outlines and presentation materials ready and begin holding classes for each division by December 2003. Milestone 9: IMP policy document delivered during August 2003 notes applicability of process and threshold to all funds. Milestone 12: IMP policy and procedures notes are required for architectural review. The OIG has closed this portion of the milestone. OIG expects further evidence of senior management sponsorship of all new projects and end-user involvement throughout the project life cycle. The Project Management Handbook will address these areas and is expected to be complete by November 2003. Milestone 13: The FBI’s project management functional overview, along with IMP policy and procedures, describes the FBI’s plan for IMP and system development life cycle (SDLC) methodology. Milestone 15: Baseline for Virtual Case File Delivery 1 established during September 2003. Releases 2 and 3 baselines are pending. Transportation Network Component/Information Presentation Component (TNC/IPC) revised baseline under discussion with FBI and contractor. Milestone 16: Technical requirements complete through Joint Application Development sessions. Documentation to OIG is expected during November 2003. Milestone 17: Response to Criminal Justice Information Services (CJIS) Division review completed during July 2003. Response to other two reports delayed due to lack of staff. Staff assigned to complete response were detailed to the Terrorism Screening Center as of October 2003. Plan to complete responses is on hold until adequate resources are provided. In the interim, the FBI has completed and is following DOJ-sanctioned Trilogy risk management plan. Milestone 18: New IMP requires feedback from all impacted entities before a project is approved. Milestone 20: Contract to assist technical field staff awarded. Training for Microsoft Windows 2000 certification is ongoing. Since March 2001, 300 electronics technicians have received Trilogy-specific training. Classroom and web-based training for end-users has been offered. As of October 2003, 3,521 staff had been trained. VCF web-based training is under development. FBI Academy Learning Management System is operational and providing office software training to Trilogy users. Milestone 22: Initial set of tools deployed into Enterprise Operations Center during the second quarter of FY2003. Additional tools will be delivered under Trilogy full site capability deployment. Milestone 23: FBI has selected PureEdge eForms product to support both the existing macros and web-based forms, providing a standard format for all documents. The product will provide word processor features as well as digital signatures, email interfaces, and document management interfaces. FBI purchased licenses to create 75 eforms and has created 25 eforms to replace Word-Perfect macros. Milestone 24: Assignment for this plan has not been delegated. Process will be tested for one entire budget cycle to determine if it is effective. |
||||||||||
|
Milestones |
Original
Target |
Current
Target |
Actual Date of Completion |
|||||||
|
1. Establishment of regularly scheduled meetings with standing agendas for the investment boards and of specific roles and responsibilities for each board member. |
06/02 |
06/02 |
06/02 |
|||||||
|
2. Establishment of education and training plans to ensure that board members acquire required core competencies. |
03/03 |
12/03 |
08/03 |
|||||||
|
3. Implementation of official project management guidance. |
06/03 |
12/03 |
||||||||
|
4. Establishment and operation of a project management office. |
06/03 |
09/03 |
n/a |
|||||||
|
5. Approval of a project management plan for each IT project by the Project Oversight Committee. |
09/03 |
12/03 |
||||||||
|
6. Completion and consistent upkeep of the IT inventory and use of it by the boards as a decision-making tool. |
06/03 |
09/04 |
09/03 |
|||||||
|
7. Execution of key process activities necessary for the investment review boards to maintain effective oversight. |
09/03 |
09/03 |
09/03 |
|||||||
|
8. Establishment of and training on policies and procedures for identifying the business needs and users of IT projects. |
09/03 |
12/03 |
||||||||
|
9. Application of IMP to all IT project proposals, including those funded through base funding. |
09/03 |
09/03 |
07/03 |
|||||||
|
10. Implementation of recommendations on expanding the policies and procedures set forth in the post-implementation review. |
06/02 |
06/02 |
06/02 |
|||||||
|
11. Incorporation of input from various ITIM users into the development and refinement of the control and evaluate phases. |
08/02 |
08/02 |
08/02 |
|||||||
|
12. Performance of a business architecture compliance review of IT proposals to ensure support of the Bureau's mission. |
06/03 |
06/03 |
06/03 |
|||||||
|
13. Implementation of a plan for integration of the IMP with a system development life-cycle methodology. |
06/03 |
06/03 |
07/03 |
|||||||
|
14. Development of the first phase of a comprehensive enterprise architecture and implementation of a maturation plan. |
04/03 |
06/03 |
06/03 |
|||||||
|
15. Establishment and monitoring of baselines for Trilogy. |
03/03 |
01/04 |
||||||||
|
16. Definition and dissemination of the technical requirements for Trilogy's User Application Component. |
03/03 |
09/03 |
||||||||
|
17. Preparation and monitoring of an action plan to address the risks identified by the three internal reports on Trilogy. |
03/03 |
12/03 |
||||||||
|
18. Establishment of a process for future IT deployments wherein field offices can submit input and receive feedback from HQ. |
06/03 |
06/03 |
06/03 |
|||||||
|
19. Correction of Trilogy service support contractor deficiencies. |
03/03 |
03/03 |
01/03 |
|||||||
|
20. Resolution of outstanding issues related to the Trilogy on-line training system and a training plan specifically designed for IT specialists and electronic technicians. |
09/03 |
09/03 |
||||||||
|
21. Delivery of remaining Extended Fast Track computers. |
02/03 |
03/03 |
03/03 |
|||||||
|
22. Procurement of trouble-shooting equipment for Trilogy. |
03/03 |
03/03 |
03/03 |
|||||||
|
23. Creation of a web-based replacement approach for WordPerfect macros. |
06/04 |
06/04 |
||||||||
|
24. Integration of the IT strategic planning process, the IMP, and the performance goals in the Department IT plan. |
09/04 |
09/04 |
||||||||
|
How We Will Know It Is Fixed Addressing the recommendations assists the FBI in further maturing the IT Strategic Management Framework. The FBI’s progress toward implementation will be measured against GAO’s “ITIM Framework for Assessing and Improving Process Maturity.” The FBI is working to integrate strategic planning, budgeting, enterprise architecture, investment management, and project management into an overall framework that meets GAO’s guidelines, OMB direction, and DOJ policy in a manner that supports the FBI’s mission. FBI IT projects will stay within budget and on schedule and result in successful program operations. |
||||||||||
|
U.S. DEPARTMENT OF JUSTICE Corrective
Action Report |
Date of Submission |
||||||
|
First Quarter Update: |
|||||||
|
Second Quarter Update: |
04/22/03 |
||||||
|
Third Quarter Update: |
|||||||
|
End of Year Report: |
|||||||
|
Issue Title Prison Crowding |
Issue ID 1985-6201 |
Organization Bureau of Prisons |
|||||
|
Date First 1985 |
Original Target for Completion 09/95 |
Current Target for Completion |
Actual Date of Completion CLOSED |
Issue Type Material Weakness |
|||
|
Source Title BOP |
Date of Source Report 1985 |
Issue Type (DOJ Rating) Material Weakness |
|||||
|
Issue Description Note: The Department of Justice (DOJ) has reassessed Prison Crowding and has removed it from its list of material weaknesses. DOJ first reported Prison Crowding in 1985, and the crowding rate peaked at 69% over rated capacity in 1990. However, the crowding rate is now down to 33% over rated capacity, and the construction and budget plans continue to maintain that rate. The low incidents of escapes (0) from, and homicides (4) and assaults (4,000) in, prisons from FY 2002 through the present also support removing this from DOJ’s list of material weaknesses. BOP recognizes that Prison Crowding is a serious management challenge and is constantly reviewing its processes and evaluating ways to better manage the prison population. In 1985 the Bureau's Executive Staff recognized crowding as a material weakness. The crowding rate grew through 1990 to a high of 69% over the Bureau's rated capacity. As of September 30, 2002, the crowding rate was 33% over rated capacity. The Bureau continues to rely on funding for contract beds and the construction of additional federal facilities to keep pace with a growing inmate population and to gradually reduce our crowding rate, thereby ensuring the manageable operation of the system. The total Federal Prison Population was 163,436 as of September 30, 2002, reflecting an increase of 6,864 for FY 2002. We project the total Bureau population will continue to grow and should reach 192,941 by September 30, 2007. Through the construction of new facilities and expansion projects at existing institutions, our Long Range Capacity Plan projects a rated capacity of 127,920 beds by September 30, 2007. Should new construction and expansion plans continue through FY 2007 as planned, crowding is projected to be 33% over the projected rated capacity. |
|||||||
|
What We Will Do About It Increase the number of beds in the Bureau to keep pace with the projected increases in the federal inmate population. Efforts to reach this goal include expanding existing institutions, acquiring surplus properties for conversion to correctional facilities, constructing new institutions, utilizing contract facilities, and exploring alternative options of confinement for appropriate cases. There will often be discrepancies between projected and actual numbers with this type of data due to the unpredictable environment in prisons. Plans are developed based on historical data, past experience, population projections, and best faith efforts to project for the future. |
|||||||
|
How We Will Know It Is Fixed Results are measured as a new institution or expansion project is activated and resulting increases in rated capacity are established. A corresponding decrease in the crowding percentage rate will also be a tangible measurement of the results. Progress on construction projects at new and existing facilities can be validated via on-site inspections of each facility or by review of monthly construction progress reports. Incidents of escapes, homicides, and assaults will be minimal. |
|||||||
|
U.S. DEPARTMENT OF JUSTICE Corrective
Action Report |
Date of Submission |
|||||||||
|
First Quarter Update: |
||||||||||
|
Second Quarter Update: |
04/04/03 |
|||||||||
|
Third Quarter Update: |
||||||||||
|
End of Year Report: |
||||||||||
|
Issue Title
|
Issue ID
|
Organization Office of Detention Trustee; U.S. Marshals Service; Immigration and Naturalization Service |
||||||||
|
Date First 09/30/89 |
Original Target for Completion 09/30/92 |
Current Target for Completion 01/30/03 |
Actual Date of Completion CLOSED |
Issue Type Material Weakness |
||||||
|
Source Title |
Date of Source Report |
Issue Type (DOJ Rating) Material Weakness |
||||||||
|
Issue Description Note: The Department of Justice (DOJ) has removed Detention Space and Infrastructure from its list of material weaknesses. DOJ has resolved all current material issues and has met all milestones. In addition, the Immigration and Naturalization Service (INS), a major factor in this issue, has been transferred from DOJ to the Department of Homeland Security. The Office of the Detention Trustee will continue to monitor use of detention space and will determine if any other material weaknesses arise in the future. Detention space for the United States Marshals Service (USMS) and the INS has been a management challenge since 1989. Both agencies are experiencing rapid growth in their use of detention space, from an average of 31,966 beds in 1996 to a projected 64,800 beds in 2003. (The actual number of detainees in the custody of the USMS and the INS on September 30, 2002, was 63,779.) The USMS is experiencing a shortage of detention space near federal court cities, resulting in the need to transport prisoners to other distant facilities, often in other states. The INS apprehends 1.6 million illegal aliens annually. The INS has some discretion on who it detains; however, because of statutory changes enacted by Congress in 1996, INS is required to detain certain aliens until their removal. This results in the detention of more aliens who previously could have been released on bond pending the outcome of their removal proceedings. Furthermore, it is the INS’ experience that the vast majority of non-detained aliens do not appear for their removal hearings and/or do not surrender for removal after a final order of removal has been issued. Therefore, detention is an effective tool to ensure participation in removal proceedings and compliance with removal orders. This expanding need for detention space places increasingly heavy demands on the INS and USMS infrastructure, including transportation, buildings, communications equipment, and staff. This also increases concerns related to health and safety of detainees and USMS and INS employees. |
||||||||||
|
What We Will Do About It To deal with this multi-agency issue, the Department of Justice (Department) created a Detention Planning Committee which, in turn, developed a multi-year Federal Detention Plan. The Department worked with the USMS, INS, and the Bureau of Prisons to update this plan in February 2000. In addition, the Department appointed a Detention Trustee in FY 2001 and established the Office of the Detention Trustee (ODT). The Detention Trustee is now responsible for oversight and management of many multi-agency issues related to detention. The USMS will maintain and expand the use of state and local jail space through the use of Interagency Agreements (IGAs), the Cooperative Agreement Program, and the recently expanded contract authority for service contracts for contract beds. Previously, the USMS planned to establish detention management and oversight positions at contract jails housing 200 or more USMS prisoners (this plan was identified as milestone #4 in previous reports). ODT supported this plan, in keeping with the stated office mission. At this time, ODT does not have the authority to request employees on behalf of USMS to further this goal. ODT is in the process of changing the current policy so that ODT employees can perform this function in detention facilities identified by USMS. Until the current policy has been changed, this plan has been tabled until manpower and resources become available. ODT has completed conditions of confinement reviews of 40 facilities. Additional funding for conditions of confinement reviews was requested for FY 2003. The INS will pursue alternatives to detention and less restrictive detention options in the coming years. INS is committed to ensuring that, to the greatest extent possible, detained aliens are placed in facilities appropriate to their background and circumstance. INS will continue to review the management of the Detention and Removal Program via the INS Program for Excellence and Comprehensive Tracking (INSpect) and through the newly created Operations Analysis, Training, and Compliance Division. The scope of the review includes facility issues, security and control, detainee conduct and detainee services, transportation and escort, and docket control. Regarding milestone #3, INS has created a robust detention bed space projection model, in conjunction with an experienced Department contractor. This model will help INS manage resources and forecast bed space requirements. The model is district based and will assist the INS in the justification of needed staff, budget, and construction requests. These efforts will contribute to the Departmentwide model. Regarding milestone #4, the prior target completion date of January 30, 2003, was based on the projected passage of the FY 2003 budget, which did not occur until February 20, 2003. Since passage, ODT has formed a team of experts to develop a plan to evaluate the health and safety of federal prisoners in non-federal institutions. Additionally, ODT has established cross-organizational working groups for detention services acquisition, budget and resources, and detention programs. Regarding milestone #5, the baseline report and needs assessment was completed in May and was submitted to OMB on 06/30/02; however, submission to Congress was delayed due to publishing issues after departmental review. |
||||||||||
|
Milestones |
Original
Target |
Current
Target |
Actual Date of Completion |
|||||||
|
1. Establish a Detention Trustee. |
09/30/01 |
09/30/01 |
09/30/01 |
|||||||
|
2. Expand the current 5-year contract authority for Service Contracts. (Public Law 106-553) |
09/30/99 |
11/30/00 |
12/21/00 |
|||||||
|
3. Create a more encompassing model for projecting detainee population. (INS) |
05/30/01 |
05/30/01 |
07/30/01 |
|||||||
|
4. (Previously milestone 5). Establish an oversight team to handle privatization issues and private jail contracts. (ODT) |
11/30/99 |
01/30/03 |
03/19/03 |
|||||||
|
5. (Previously milestone 6). Complete a needs assessment and develop a baseline report. (ODT) |
05/05/02 |
05/05/02 |
07/30/02 |
|||||||
|
How We Will Know It Is Fixed (1) There will be sufficient bed space capacity to house criminal defendants and illegal aliens in each federal court city (including EOIR locations) without unwarranted transportation by the USMS and INS. (2) There will be consolidated detention planning that ensures that detention bed space is acquired in a cost-efficient manner that leverages the combined needs of the USMS and INS. (3) A data system will be established that identifies available bed space for use by federal law enforcement, particularly the USMS and INS. (4) Implementation of national standards that are applicable to all space providers and achievement of a high level of compliance with those standards. |
||||||||||
|
U.S. DEPARTMENT OF JUSTICE Corrective
Action Report |
Date of Submission |
|||||||||
|
First Quarter Update: |
||||||||||
|
Second Quarter Update: |
||||||||||
|
Third Quarter Update: |
||||||||||
|
End of Year Report: |
10/31/03 |
|||||||||
|
Issue Title Property and Equipment |
Issue ID |
Organization Federal Bureau of Investigation |
||||||||
|
Date First
|
Original Target for Completion
|
Current Target for Completion |
Actual Date of Completion 09/03 |
Issue Type
|
||||||
|
Source Title OIG Audit Report # 02-27 |
Date of Source Report 08/02 |
Issue Type (DOJ Rating) Program Material Weakness |
||||||||
|
Issue Description This issue is CLOSED, pending concurrence of the San Francisco Regional Audit Office (SFRAO)/OIG. Office of the Inspector General (OIG) Report # 02-27, "The Federal Bureau of Investigation’s (FBI) Control Over Weapons and Laptop Computers," released in August 2002, revealed significant problems with the FBI's management of weapons and laptop computers. Although the number of functional weapons reported missing during the review period amounted to less than one-half of one percent of the FBI's inventory, the significance of these losses is measured in the sensitive nature of the missing property, not in numbers. Similarly, the number of laptops reported missing during this same period equated to only approximately two percent of the FBI's inventory. However, because the security level of 70 percent of the lost or stolen laptops was "unknown," the loss is potentially significant as the information contained on these laptops could compromise national security or jeopardize ongoing investigations. |
||||||||||
|
What We Will Do About It The FBI has been aware of this problem for some time and has, prior to the issuance of this report, taken the following actions to address the concern:
In addition and in response to recommendations received from the OIG, the FBI will take further actions to address this problem, as indicated below. FY 2003 End of Year Update Milestone 1: The FBI will NOT implement Boards of Survey. The Office of Professional Responsibility (OPR) has established procedures and disciplinary schedules for these matters. The FBI’s Property Management Unit (PMU) will review all lost/stolen reports for capitalized assets and refer gross negligence to OPR. These procedures have been approved by the Assistant Director of Property Management at DOJ. Milestone 3: Due to earlier delays in the arrival of, and training on, barcode tracking system software, this date has slipped slightly. However, the FBI completed the inventory in September 2003. Milestone 4: The revision to clarify processes for separating employees was submitted to Records Management on 10/25/02. The Director’s memo regarding the financial liability for lost property was distributed on 11/01/02. Milestone 5: The FBI has in place policies and procedures for the acquisition, inventory, audit, turn-in, maintenance, decommission, sanitization, and destruction of information technology resources (Manual of Investigative Operations and Guidelines (MIOG) Part II, Section 35-13). The FBI’s Security Division purchased an enterprise license for sanitizing hard drives. However, due to the events of 9/11/01, the national Security Agency has suspended agencies from destroying and wiping hard drives clean. |
||||||||||
|
Milestones |
Original
Target |
Current
Target |
Actual Date of Completion |
|||||||
|
1. Implementation of Boards of Survey to review cases of employee negligence leading to loss or theft of property. |
11/02 |
n/a |
n/a |
|||||||
|
2. Issuance of policy regarding employees' personal financial responsibility for lost or stolen property. |
11/02 |
11/02 |
11/01/02 |
|||||||
|
3. Completion of biennial inventory of accountable property. |
Spring 03 |
09/03 |
09/03/03 |
|||||||
|
4. Revision of the Manual of Administrative Operations and Procedures (MAOP) to clarify processes for separating employees, including establishment of procedures for reimbursement for lost property. |
10/02 |
12/02 |
10/25/02 |
|||||||
|
5. Institution of policies and procedures on the acquisition, inventory, audit, turn-in, maintenance, decommission, sanitization, and destruction of information technology resources. |
02/03 |
02/03 |
09/03 |
|||||||
|
How We Will Know It Is Fixed This problem will be corrected when all of the above milestones have been completed and the FBI is able to account fully for its recorded property, particularly sensitive property such as weapons and laptop computers. DOJ will consider this problem officially corrected when the SFRAO/OIG removes it as a material weakness from audit report 02-27, “The FBI’s Control Over Weapons and Laptop Computers.” SFRAO anticipates completing the follow-up to the audit report by May 2004. |
||||||||||
|
U.S. DEPARTMENT OF JUSTICE Corrective
Action Report |
Date of Submission |
|||||||||
|
First Quarter Update: |
||||||||||
|
Second Quarter Update: |
||||||||||
|
Third Quarter Update: |
||||||||||
|
End of Year Report: |
11/19/03 |
|||||||||
|
Issue Title DOJ Financial Systems Compliance |
Issue ID |
Organization Department of Justice |
||||||||
|
Date First 02/28/01 |
Original Target for Completion On-going |
Current Target for Completion On-going |
Actual Date of Completion |
Issue Type Financial System Material Weakness |
||||||
|
Source Title Management Review and Annual |
Date of Source Report
|
Issue Type (DOJ Rating)
|
||||||||
|
Issue Description The Department of Justice (Department) audit report on the FY 2000 consolidated financial statements identified the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), United States Marshals Service (USMS), and Federal Prisons Industries (FPI) as not meeting federal accounting standards or systems requirements, and having material weaknesses in system controls/security. For DOJ as a whole, the need to address weaknesses cited in the financial statement audits, nonconformances with Office of Management and Budget (OMB) Circular No. A-127, technological changes, and the need to better support critical financial operations and agency programs contribute to the necessity to modernize the Department’s financial systems and improve internal controls. The FBI operates a legacy system which significantly limits the capabilities necessary to support the effective and efficient processing of financial management information throughout the Bureau. The USMS implemented a new financial management system in 1998 at its headquarters office. However, due to implementation difficulties, the USMS did not migrate its district offices to the system. |
||||||||||
|
What We Will Do About It The Department identified a unified core financial system as one of the ten goals for revamping the Department’s management. The unified core system will be a commercial off-the-shelf (COTS) Financial Management System product(s) certified by the Joint Financial Management Improvement Program as meeting core federal financial management system requirements. FY 2003 End of Year Update Milestone 2: Develop consolidated functional and technical requirements for the unified core system, along with a procurement module, for issuance of a solicitation to procure a COTS solution. The COTS solicitation was issued on February 14, 2003. Milestone 3: Develop consolidated requirements for Integration and Implementation (I&I) for issuance of the draft solicitation. This milestone has been modified to reflect a change in acquisition strategy. A draft solicitation was issued to obtain comments from industry regarding our I&I requirements and approach. The release date for the I&I solicitation will coincide with the issuance of the COTS software contract. Milestone 4: Receive the COTS proposals. A Departmentwide Technical Evaluation Panel is in the process of evaluating the vendors’ COTS proposals for the software. The target date of award has changed due to an extended period of COTS software evaluation which directly impacts timing of product acceptance test, the issuance of the I&I RFQ and the award of the I&I contract. Milestone 5: Issue final I&I solicitation package identifying the selected COTS product. Milestone reflects modification to approach as reflected in Milestone 3. Final I&I solicitation package will be issued immediately following award of COTS contract. The target date has changed due to extended period of COTS software evaluation which directly impacts timing of product acceptance test, I&I RFQ issuance, and the I&I contract award. Milestone 6: Receive, evaluate, and award the I&I contract. The target date has changed due to the extended period of COTS software evaluation which directly impacts the timing of the issuance of the I&I RFQ and the award of the I&I contract. Milestone 7: Develop and conduct COTS acceptance testing with full DOJ pilot simulation. The Product Acceptance Testing (PAT) scenarios have been developed with Departmentwide input. However, the target date has changed due to the extended period of COTS software evaluation which directly affects this activity. Milestone 8: Initial implementation of COTS software for UFMS for designated program/component will begin during the 4th quarter of FY 2004. Milestone 9: Components reported as not meeting federal accounting standards or systems requirements and having material weaknesses in system controls/security will implement compensating internal controls and financial system improvements to effect substantial compliance with the Federal Financial Management Improvement Act (FFMIA) by June 30, 2004. |
||||||||||
|
Milestones |
Original
Target |
Current
Target |
Actual Date of Completion |
|||||||
|
1. Planning phase, including milestones. |
05/30/02 |
08/15/02 |
08/15/02 |
|||||||
|
2. Develop requirements for issuance of COTS solicitation. |
02/21/03 |
02/21/03 |
02/14/03 |
|||||||
|
3. Develop requirements for issuance of draft I&I solicitation. |
03/27/03 |
04/15/03 |
04/15/03 |
|||||||
|
4. Receive/evaluate/award contract for COTS software. |
05/30/03 |
2nd Q/FY04 |
||||||||
|
5. Issue final I&I solicitation. |
06/03/03 |
2nd Q/FY04 |
||||||||
|
6. Receive/evaluate/award contract for I&I contractor. |
08/29/03 |
3rd Q/FY04 |
||||||||
|
7. Develop/conduct COTS acceptance testing. |
10/17/03 |
2nd - 3rd Q/ FY04 |
||||||||
|
8. Begin initial implementation of COTS UFMS software. |
10/01/04 |
4th Q/FY04 |
||||||||
|
9. Bring systems into substantial compliance with FFMIA. |
04/01/03 |
3rd Q/FY04 |
||||||||
|
How We Will Know It Is Fixed Modern financial systems that comply with federal financial system requirements will be implemented, and system dependent audit recommendations will be closed. |
||||||||||
|
U.S. DEPARTMENT OF JUSTICE Corrective
Action Report |
Date of Submission |
|||||||||
|
First Quarter Update: |
||||||||||
|
Second Quarter Update: |
||||||||||
|
Third Quarter Update: |
||||||||||
|
End of Year Report: |
1/15/04 |
|||||||||
|
Issue Title DOJ Accounting Standards Compliance |
Issue ID |
Organization Department of Justice |
||||||||
|
Date First 12/19/02 |
Original Target for Completion 09/30/03 |
Current Target for Completion 06/30/04 |
Actual Date of Completion |
Issue Type Financial System Material Weakness |
||||||
|
Source Title FY 2002/FY 2003 Integrity Act Review and |
Date of Source Report
|
Issue Type (DOJ Rating)
|
||||||||
|
Issue Description The financial statement audit reports advised of material weaknesses in compliance with certain federal accounting standards by the Federal Bureau of Investigation (FBI); Offices, Boards, and Divisions (OBDs); Working Capital Fund (WCF); U.S. Marshals Service (USMS); and Asset Forfeiture Fund (AFF). Findings involve weaknesses in business processes and financial transaction recording and report, including seized asset accounting. |
||||||||||
|
What We Will Do About It For the OBDs and WCF, the Justice Management Division (JMD) will revise procedures and provide guidance and training to those processing obligation and revenue data. The FBI is hiring additional staff for its financial statement preparation process and has will revise its procedures for recording financial transactions and property data. The USMS will improve its business processes, procedures, and reporting practices. The AFF will enhance its monitoring and training processes and establish additional procedures to improve control over transaction processing and reporting. Milestone 1: Four of the eleven applicants selected through the preliminary process met the employee background requirements. The FBI solicited for additional accountant applicants during October 2003, to fill the remaining vacancies. Milestone 2: The FBI enhanced certain procedures. However, the audit revealed that additional enhancements are necessary. Milestone 3: Training and enhancing procedures were heavy areas of emphasis during FY 2003 and will continue during FY 2004. |
||||||||||
|
Milestones |
Original
Target |
Current
Target |
Actual Date of Completion |
|||||||
|
1. The FBI will hire additional staff for financial statement reporting process. |
06/30/03 |
03/01/04 |
||||||||
|
2. The FBI will revise its procedures for recording financial transactions and property data. |
09/30/03 |
09/30/03 |
09/30/03 |
|||||||
|
3. The JMD will revise its procedures and provide guidance and training to those processing data for the OBDs and WCF. |
09/30/03 |
06/30/04 |
||||||||
|
4. The USMS will improve its business process, procedures, and reporting practices. |
06/30/04 |
|||||||||
|
5. The AFF will enhance its monitoring and training processes and establish additional procedures to improve control over transaction processing and reporting. |
06/30/04 |
|||||||||
|
How We Will Know It Is Fixed Management evaluation of these issues will be supported by audit review. |
||||||||||
|
U.S. DEPARTMENT OF JUSTICE Corrective
Action Report |
Date of Submission |
|||||||||
|
First Quarter Update: |
||||||||||
|
Second Quarter Update: |
||||||||||
|
Third Quarter Update: |
||||||||||
|
End of Year Report: |
11/19/03 |
|||||||||
|
Issue Title FPI Adherence to Accounting Standards and |
Issue ID
|
Organization
|
||||||||
|
Date First
|
Original Target for Completion
|
Current Target for Completion
|
Actual Date of Completion 09/30/03 |
Issue Type
|
||||||
|
Source Title FY 2000 Integrity Act Review and |
Date of Source Report 12/05/00 and |
Issue Type (DOJ Rating)
|
||||||||
|
Issue Description This issue is CLOSED, pending concurrence of auditors. In May 2000, the Federal Prison Industries (FPI) implemented Millennium, which does not yet meet all the financial management requirements of Office of Management and Budget (OMB) Circular No. A-127. System generated reports require thorough review, analysis, and frequent corrections. FPI has weaknesses in system security, and weaknesses were reported in controls over inventories and accounts receivable, as well as in the financial statement preparation process. |
||||||||||
|
What We Will Do About It The FPI is working with its contractors to correct weaknesses in inventories, accounts receivables, and the financial statement reporting process. Substantial progress has been made in these areas. FPI will implement policies and procedures to improve risk assessment/system security management. |
||||||||||
|
Milestones |
Original
Target |
Current
Target |
Actual Date of Completion |
|||||||
|
1. Obtain system security certification. |
12/31/00 |
12/31/00 |
12/31/00 |
|||||||
|
2. Obtain system security accreditation. |
03/01/01 |
03/01/01 |
06/30/01 |
|||||||
|
3. Modify system procedures to comply with federal financial management requirements. Implement policies and procedures to improve risk assessment/system security management, including procedures for granting system access and providing employee security awareness training. |
03/01/01 |
09/30/03 |
09/30/03 |
|||||||
|
4. Correct weaknesses in control over inventories. |
03/15/02 |
01/31/03 |
12/13/02 |
|||||||
|
5. Correct weaknesses in control over accounts receivable. |
03/15/02 |
01/31/03 |
12/13/02 |
|||||||
|
6. Refine financial statement reporting process. |
03/15/02 |
01/31/03 |
12/13/02 |
|||||||
|
How We Will Know It Is Fixed Minimal errors will be found in accounting processing, recording, and reporting. FPI has received system security certification and accreditation. Management’s evaluation of this issue will be verified by the FY 2003 financial statement audit. |
||||||||||