Semiannual Report to Congress

October 1, 2006-March 31, 2007
Office of the Inspector General


Multicomponent Audits, Reviews, and Investigations

While many of the OIG’s audits, reviews, and investigations are specific to a particular component of the Department, other work spans more than one component and, in some instances, extends to Department contractors and grant recipients. The following describes OIG audits, reviews, and investigations that involve more than one Department component.

Reports Issued

Progress Report on the Development of the Department’s Integrated Wireless Network

The OIG’s Audit Division audited the progress made toward developing the Integrated Wireless Network (IWN), an approximately $5 billion joint project between the Department, DHS, and Treasury Department. IWN is intended to address federal law enforcement requirements to communicate across agencies, allow interoperability with state and local law enforcement partners, and meet mandates to use federal radio frequency spectrum more efficiently. When fully implemented, IWN is intended to support approximately 81,000 federal agents and officers in all 50 states and U.S. territories. For the Department’s law enforcement officers, IWN is intended to replace antiquated and functionally limited communications systems.

The OIG determined that IWN is at high risk of failure and the partnership between the Department and the DHS is fractured. As a result, despite over 6 years of development and more than $195 million in funding, the IWN project does not appear to be on the path to providing the seamless interoperable communications system that was envisioned.

The causes for the high risk of project failure include uncertain and disparate funding mechanisms for IWN, the fractured IWN partnership, and the lack of an effective governing structure for the project. In addition, our assessment indicated that a major infusion of funding will be required over the next several years if the involved agencies are to complete IWN as planned. The Department has expressed concern, however, that the DHS has not always lived up to its commitments to IWN, in part because of funding differences. In particular, the Department is required to develop a department-wide wireless program, while the DHS has separate funding for IWN and its legacy communications systems, which allows the DHS to meet the immediate needs of its components by replacing and upgrading legacy communications systems separately from participating in IWN. The OIG also found that the current governing structure for the IWN project is ineffective and has led to significant delays in the program.

As a result, the Department has spent increasingly significant amounts of money to maintain its legacy communications systems, thereby depleting available funding for IWN.

In addition, the failure of IWN could have significant adverse consequences even beyond the financial losses. It could affect the safety of Department law enforcement officers because the Department’s legacy communications systems have limited functionality, diminished voice quality, and weak security, making them vulnerable to hacking. In addition, the Department systems are subject to interference from narrowband communications from other agencies.

Moreover, the differences in approach between the Department and the DHS may result in communications systems that are not well coordinated. The resulting systems may not reflect the seamless communications capability that IWN was originally intended to achieve, and they may not be adequate in the event of future terrorist attacks or natural disasters.

The OIG made four recommendations to help ensure that this important project does not fail. In particular, we recommended that the Department reach an agreement with the DHS and Treasury Department explicitly stating the shared goals, responsibilities, and resource contributions and funding requirements of the sponsoring departments. The Department agreed with all of our recommendations.

The Department’s Internal Controls Over Terrorism Reporting

Several components, including the FBI, Criminal Division, and EOUSA, collect terrorism-related statistics to help measure the Department’s counterterrorism efforts. These statistics are reported to senior Department managers, Congress, and the public in various reports, budget documents, and testimony. The OIG’s Audit Division audited the accuracy of 26 terrorism-related statistics published by these Department components. Among the statistics we reviewed were the number of terrorism threats tracked by the FBI in FYs 2003 and 2004; the number of terrorism convictions reported by EOUSA during FYs 2003 and 2004; and the number of individuals convicted or who pled guilty resulting from terrorism convictions from September 11, 2001, to February 3, 2005, as reported by the Criminal Division.

Our review determined that all but 2 of the 26 statistics were inaccurate. Specifically, we found that 11 were under-reported, 10 were over-reported, 2 were accurately reported, and 3 were reported multiple times. Most of the statistics the OIG tested were significantly overstated or understated, while a few were overstated or understated by minor amounts. Of the statistics the OIG tested, EOUSA inaccurately reported all 11 statistics, the Criminal Division inaccurately reported all 5 statistics, and the FBI inaccurately reported 8 of the 10 statistics.

We found that the statistics were inaccurately reported for a variety of reasons, including that the components could not provide support for the numbers reported, could not provide support for a terrorism link used to classify statistics as terrorism-related, and could not document that the activity reported occurred in the period reported. We also found that the Department’s collection and reporting of terrorism-related statistics was decentralized and haphazard. For many of the statistics, Department officials either had not established internal controls to ensure the statistics were accurately gathered, classified, and reported or did not document the internal controls used.

In our review of the statistics, we looked for and accepted any terrorism linkage whether in writing or expressed orally by Department officials. However, we found many cases involving offenses such as immigration violations, marriage fraud, or drug trafficking where Department officials provided no evidence to link the subject of the case to terrorist activity.

In response to the report, EOUSA noted that the OIG interpreted its antiterrorism program category code definition to require that defendants in antiterrorism cases have an identifiable link to terrorist activity. EOUSA claimed that this interpretation would not capture a much broader group of proactive cases that it claimed have been affirmatively and intentionally brought to deter and prevent terrorism, particularly in the areas of critical infrastructure vulnerability, regardless of whether the defendant has any links to terrorist activity. In support of its argument, EOUSA pointed to cases such as those from Operation Tarmac, an enforcement operation launched in November 2001 at some of the nation’s airports that resulted in convictions of many airport workers on a variety of charges, including immigration violations. EOUSA also argued that all convictions in investigations worked by Joint Terrorism Task Forces (JTTFs), regardless of the ultimate findings in the case, should be included as examples of antiterrorism cases.

However, the OIG determined that even giving credit for all JTTF cases and Operation Tarmac and similar cases, EOUSA’s statistics remained largely inaccurate. The OIG also disagreed that all convictions in cases like Operation Tarmac should be counted as antiterrorism convictions, given EOUSA’s current definition of its antiterrorism program category. The OIG recognized that while efforts like Operation Tarmac may be intended to deter potential terrorists, as well as a wide range of other criminal activity, including all convictions resulting from the operation under EOUSA’s anti-terrorism category – without explanation – does not clearly provide full information to Congress and the public about EOUSA’s statistics. The OIG also found that an investigative lead pursued by JTTF may clear the defendant of any connection to terrorism, while finding and convicting the subject of other criminal activity. The OIG concluded that including all such convictions as “antiterrorism convictions” simply because a JTTF pursued the investigation results in inaccurate and misleading statistics.

In response to the OIG’s report, EOUSA agreed to rename its antiterrorism program category and modify and clarify its definition in order to eliminate any misunderstanding regarding its meaning. In total, the OIG made six recommendations to assist the FBI, Criminal Division, and EOUSA in improving the accuracy of its reported terrorism-related statistics, including for components to maintain documentation to identify the source of all terrorism-related statistics reported and document the procedures and systems used to gather or track the statistics reported. The FBI agreed with all of our recommendations, the Criminal Division agreed with all but one of our recommendations, and EOUSA disagreed with our recommendations.

The Department’s Grant Closeout Process

The OIG’s Audit Division audited the process used by the Department to close out the billions of dollars in grants that it distributes annually to state, local, and tribal governments and other organizations. Timely grant closeout is an essential management practice because it can identify grantees that have failed to comply with grant requirements, identify excess and unallowable costs charged to the grant, and identify unused funds that can be deobligated and used for other grants. Prior OIG audit reports have raised significant concerns related to grant closeout and grant oversight procedures within the Department. As a result, grant management has been listed by the OIG as one of the Department’s top 10 management challenges for the past 6 years.

In this audit, we examined 44,197 grants totaling $17.61 billion that were closed from October 1997 to December 2005 and 16,736 expired grants totaling $7.41 billion that had not been closed as of December 2005. We found that timely grant closeout continues to be a significant problem within the Department. Only 13 percent of the 60,933 grants in our sample were closed within 6 months after the grant end date, as required by OJP and OVW policy. We also identified a backlog of over 12,000 expired grants more than 6 months past the grant end date that had not been closed, of which 67 percent had been expired for more than 2 years. In addition, we identified 41 percent of the expired grants that did not comply with grant requirements, including financial and programmatic reporting requirements and local matching fund requirements. We also found that non-compliant grantees had been awarded 129 additional grants totaling $106 million during the period of non-compliance.

We made 44 recommendations that focus on specific steps that the Office of Community Oriented Policing Services (COPS), OJP, and OVW should take to improve the grant closeout process. The components agreed with the majority of our recommendations.

The Department’s Efforts to Prevent, Identify, and Recover Improper and Erroneous Payments

Improper payments are payments that should not have been made or payments that were made for an incorrect amount because of errors, poor business practices, or intentional fraud or abuse. According to a February 2006 Office of Management and Budget (OMB) report, Improving the Accuracy and Integrity of Federal Payments, the government-wide improper payment total reported for FY 2005 was $37.3 billion.

In recent years, legislation has been enacted requiring government agencies to conduct program inventories and assess each program’s risk of making improper payments. The OIG’s Audit Division assessed the Department’s compliance with legislation pertaining to improper and erroneous payments and evaluated its efforts to prevent, identify, and recover these payments.

Our review examined ATF; DEA; Federal Prison Industries; Justice Management Division (JMD); and the Department’s Offices, Boards and Divisions. We found several weaknesses in the components’ erroneous payment programs, including that risk assessments did not always include an analysis or review of relevant information such as results from the most recent financial statement audit or data concerning the federal award payments made by recipients and subrecipients. We concluded that identified and recovered improper payment amounts may be understated due to failures in internal controls used to identify and report improper payments. To address these issues, we provided 20 recommendations for improvement to the audited components. The components concurred with each of our recommendations and have begun implementing corrective actions.

Civil Rights and Civil Liberties Complaints

Section 1001 of the USA Patriot Act directs the OIG to receive and review complaints of civil rights and civil liberties abuses by Department employees, to publicize how people can contact the OIG to file a complaint, and to submit a semiannual report to Congress discussing our implementation of these responsibilities. In March 2007, the OIG issued its 10th report summarizing its Section 1001 activities during the period from July 1, 2006, to December 31, 2006.

The report described the number of complaints we received under this section, the cases that were opened for investigation, and the status of these cases. The report also described the status of the recommendations contained in our June 2003 report that reviewed the treatment of aliens held on immigration charges in connection with the investigation of the September 11, 2001, terrorism attacks. In that report, the OIG made 21 recommendations, 20 of which have been resolved. The one open recommendation called for the Department and the DHS to enter into a memorandum of understanding (MOU) to formalize policies, responsibilities, and procedures for managing a national emergency that involves alien detainees. The report noted that, more than 3 years after the OIG made the recommendation and the Department and the DHS agreed to implement it, the MOU has not been signed and the Department and the DHS are still discussing the language of the MOU.

Oversight of Intergovernmental Agreements

The OIG’s Audit Division audited the oversight of Intergovernmental Agreements (IGA) within the Department. The IGAs examined in this audit were formal agreements between the USMS and state or local governments to house federal detainees in return for an agreed-upon rate. In FY 2005, the Department spent $750 million, or 75 percent of its $1 billion detention budget, on IGAs. A significant challenge for the Department is to obtain needed detention space for USMS detainees without overpaying for it.

Due to the increase in the number of arrests by federal authorities and the shortage of federally owned detention space, the Department increasingly depends on state and local governments to provide detention space for detainees. Consequently, the USMS, the component responsible for housing and transporting federal detainees from the time they are taken into federal custody until they are acquitted or incarcerated, has about 1,600 IGAs for detention services.

Since 1995, the OIG has audited 31 individual IGAs between the USMS and state and local governments for detention space and questioned almost $60 million in costs from these audits. The OIG found significant deficiencies with how per-inmate costs paid by the Department (known as the “jail-day rates”) were established and monitored, including a lack of adequate training for the analysts responsible for negotiating the IGAs and a failure to attempt to recover overpayments from the state and local governments.

However, the Office of the Federal Detention Trustee (OFDT), which manages the Department’s detention resource allocations, believes that the audited IGAs were negotiated fixed price agreements and therefore has directed the USMS not to seek reimbursements of the overpayments identified by the OIG. The OIG concluded that OFDT’s directive is overbroad and incorrect and recommended that the USMS review each of the audits to determine if repayment or offsets of future payments to the jails are warranted.

In addition, the OIG noted that OFDT is revising its process for entering into IGAs by developing an automated system called eIGA. This system would allow Department analysts to use statistical models to derive an optimal jail-day rate based on a core rate established using historical IGA rates that are adjusted based on various cost factors. The OIG concluded that while the eIGA system could be a positive step in improving the process, OFDT could significantly improve the new system by expanding the cost information it collects. Using additional cost information will give the USMS more leverage in its negotiations with state and local facilities and help control rising detention costs by reducing negotiated jail-day rates.

The OIG made 10 recommendations to improve the IGA process and ensure that negotiated jail-day rates are fair and reasonable. The USMS agreed with six of our recommendations. The OIG and the Department are discussing how to resolve the remaining recommendations.

The Department’s Financial Statement Audits

The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require annual financial statement audits of the Department. The OIG’s Audit Division oversees and issues the reports based on the work performed by independent public accountants.

The Department received an unqualified opinion on its FY 2005 and 2006 financial statements. In FY 2006, the Department had one material weakness and one reportable condition, compared to two material weaknesses in FY 2005. The material weakness, which is a repeat from last year, was related to financial management systems general and application controls. The material weakness contained new and continued deficiencies for 8 of the 10 components, including weaknesses in the Department’s consolidated information systems general controls environment that provides general control support for several components’ financial applications. However, the Department reduced the prior year material weakness on financial reporting to a reportable condition in FY 2006. The reportable condition included several serious but isolated issues, including OJP’s grant advance and payable estimation process, ATF’s accounts payable process, and the USMS’s financial statement quality control and assurance.

We also found improvement at the component level, as evidenced by the reduction in the component material weaknesses from 10 in FY 2005 to 7 in FY 2006. In addition, component reportable conditions dropped from 8 in FY 2005 to 7 in FY 2006. Two components, the DEA and Federal Prison Industries, Inc., continued to have no material weaknesses, reportable conditions, or compliance issues. The table at the end of this discussion compares the FY 2005 and 2006 audit results for the Department’s consolidated audit as well as for the 10 individual component audits.

While the Department took a significant step toward reducing its financial material weakness to a reportable condition, it still lacks sufficient automated systems to readily support ongoing accounting operations and financial statement preparation. Many tasks still must be performed manually at interim periods and at the end of the year, requiring extensive efforts on the part of financial and audit personnel. These significant, costly, and time-intensive manual efforts will continue to be necessary until automated, integrated processes and systems are implemented and can readily produce the necessary information throughout the year. While the Department is proceeding toward a Unified Financial Management System that it believes will correct many of these issues, implementation of the system has been slow and will not be completed Department-wide for at least another 6 years.


Comparison of FY 2006 and FY 2005 Audit Results
Reporting Entity Auditors’ Opinion on Financial Statements Number of Material Weaknesses Number of Reportable Conditions
Financial Information
Systems
2006 2005 2006 2005 2006 2005 2006 2005

Consolidated Department of Justice

Unqualified

Unqualified

0

1

1

1

1

0

Offices, Boards and Divisions

Unqualified

Unqualified

0

0

0

0

1

1

Assets Forfeiture Fund and Seized Asset Deposit Fund

Unqualified

Unqualified

0

0

0

0

2

1

Federal Bureau of Investigation

Unqualified

Unqualified

0

1

1

1

0

1

Drug Enforcement Administration

Unqualified

Unqualified

0

0

0

0

0

0

Office of Justice Programs

Unqualified

Unqualified

1

2

1

1

1

1

U.S. Marshals Service

Unqualified

Unqualified

1

2

1

1

0

1

Federal Bureau of Prisons

Unqualified

Unqualified

0

0

0

0

1

1

Federal Prison Industries, Inc.

Unqualified

Unqualified

0

0

0

0

0

0

Working Capital Fund

Unqualified

Unqualified

0

0

0

0

2

2

Bureau of Alcohol, Tobacco, Firearms and Explosives

Unqualified

Unqualified

1

1

1

1

0

0

Component Totals

3

6

4

4

7

8


The Department’s Information Security Program Pursuant to FISMA

The Federal Information Security Management Act (FISMA) requires the OIG for each federal agency to perform an annual independent evaluation of the agency’s information security programs and practices by testing a representative subset of agency systems. OMB has issued guidance to agencies on how to implement policies and practices relating to information security that are compliant with FISMA requirements.

In FY 2006, the OIG’s Audit Division audited the security programs of four Department components: the FBI, ATF, DEA, and JMD. Within these components, we reviewed two classified systems – JMD’s Cyber Security Assessment and Management (CSAM) Trusted Agent-Secret and the FBI’s System Security Information database – and two sensitive but unclassified systems – JMD’s CSAM Trusted Agent and ATF’s Headquarters Network Infrastructure.

Our review determined that the Department had ensured that all systems within the FBI, ATF, DEA, and JMD were certified and accredited, system security controls were tested and evaluated within the past year, and system contingency plans were tested in accordance with FISMA policy and guidance. However, we found that electronic authentication risk assessments were not performed by the FBI, ATF, or DEA, and the Department’s plan of action and milestones process for tracking system vulnerabilities and corrective actions was not fully implemented in accordance with Department policy within the FBI and ATF. Moreover, the Department-wide system configuration policy was not always implemented as required within the DEA and JMD. With respect to IT security awareness training, we found that ATF did not fully ensure that all of its employees were trained as required by Department policy.

As part of the FISMA assessment, we also submitted a response to the Office of the Director of National Intelligence with respect to the FBI’s compliance with FISMA requirements for national security systems.

In sum, we provided a total of 31 recommendations for improving the implementation of the Department’s information security program and practices for its sensitive but unclassified, classified, and national security systems.

The OIG also evaluated the Department’s compliance with OMB guidelines for securing sensitive data to assess whether information security and privacy controls are being developed and implemented. The Department established a task force to develop a comprehensive solution for safeguarding wireless access to personally identifiable information on the Department’s internal systems and assess technical solutions to manage remote access to personally identifiable information. Although the Department is in the process of implementing additional security controls to protect personally identifiable information, we found that it is not fully compliant with federal policy for all automated systems currently listed within the Department’s IT inventory database. We also found that the Department is not requiring users who access the system remotely to provide two independent ways to authenticate identity, as required by the National Institute of Standards and Technology Special Publications 800-53 and 800-53 A. We provided six recommendations to ensure the Department’s compliance with federal policy for securing personally identifiable information. The Department agreed with our recommendations.

Ongoing Work

The Department’s Removal of U.S. Attorneys

The OIG and the Department’s Office of Professional Responsibility (OPR) are conducting a joint review of the Department’s removal of several U.S. Attorneys. The joint review is examining issues such as whether the removal of any of the U.S. Attorneys was intended to interfere with, or was in retaliation for, either pursuing or failing to purse prosecutions or investigations. In addition, the joint review is examining the accuracy of statements made by various Department officials to Congress about removal of the U.S. Attorneys.

Violent Crime Task Force Coordination

The OIG is reviewing whether investigations conducted by four of the Department’s violent crime task forces – ATF’s Violent Crime Impact Teams, DEA’s Mobile Enforcement Teams, FBI’s Safe Streets Task Forces, and USMS’s Regional Fugitive Task Forces – are well coordinated. Among other issues, we are examining task force management, cooperation on investigations, deconfliction of events, and information-sharing efforts among the task forces.

Review of the Department’s Involvement with the Terrorist Surveillance Program

The OIG is reviewing the Department’s involvement with the NSA program known as the “terrorist surveillance program” or “warrantless surveillance program.” This review is examining the Department’s controls and use of information related to the program and the Department’s compliance with legal requirements governing the program.

The Department’s Victim Notification System

In October 2001, the federal government deployed the automated Victim Notification System, which allows victims or potential victims of federal crimes to be notified upon a change in the status of the case in which they are involved – from the investigative, prosecution, incarceration, or release phases. The OIG is reviewing the Victim Notification System to determine if contracted services such as maintenance of the system, system security, and Call Center operations, were provided as required by the terms of the contract; if the Victim Notification System is an effective tool for government users and victims of crime; if outreach has been performed to encourage participation and information sharing; and if information in the system is accurate.

The Department’s Reporting Procedures for the Loss of Sensitive Information

The OIG is reviewing the procedures that Department components follow to report, identify, and notify affected parties of the loss of sensitive information, including personally identifiable information and classified information. The review also is examining whether components have procedures in place to determine the type of information that was lost.

Inventory of the Department’s Major IT Systems

In response to a directive in the Department’s FY 2006 Appropriations Act, the OIG is compiling an inventory of all major Department IT systems and planned initiatives and is reporting on all research, plans, studies, and evaluations that the Department has produced, or is in the process of producing, concerning IT systems, needs, plans, and initiatives.

The OIG is issuing three separate reports to address this directive. The first report, issued in March 2006, identified an unverified universe of 46 major Department investments of over $15 million each based on OMB reporting from FY 2005 to projected FY 2007. The second report is collecting cost and other data on major IT systems. The third report is identifying the research, plans, studies, and evaluations related to the Department’s IT initiatives and analyzing IT planning problems identified in previous audit reports.

The Department’s Key Indicators

The Key Indicators reported each year within the Department’s Performance and Accountability Report link to the Department’s Strategic Plan and have long-term measurable outcome goals. For each of the Key Indicators, components report on the definition, collection and storage, validation, and limitations of the data. The OIG is auditing Key Indicators for 18 components to ensure that data collection and storage, data validation and verification, and component disclosures regarding data limitation are complete and accurate.

Audit of the Department’s Conference Expenditures

In response to a request from the Senate Committee on Appropriations, the OIG is auditing data on costs for selected Department conferences, such as whether the sponsoring component developed a justification for the conferences, conducted cost comparisons on alternative locations to hold the event, and complied with appropriate regulations pertaining to travel and conference expenditures.



« Previous Table of Contents Next »