[Audit Report on the Automated Law Enforcement System, U.S. Fish and Wildlife Service]
[From the U.S. Government Printing Office, www.gpo.gov]
Report No. 97-I-1305
Title: Audit Report on the Automated Law Enforcement System, U.S.
Fish and Wildlife Service
Date: September 30, 1997
**********DISCLAIMER**********
This file contains an ASCII representation of an OIG report. No attempt has been made to display
graphic images or illustrations. Some tables may be included, but may not resemble those in the
printed version.
A printed copy of this report may be obtained by referring to the PDF file or by calling the Office
of Inspector General, Division of Acquisition and Management Operations at (202) 208-4599.
******************************
United States Department of the Interior
OFFICE OF INSPECTOR GENERAL
Washington, D.C. 20240
MEMORANDUM
TO:
FROM:
SUBJECT SUMMARY:
Attached for your information is a copy of the subject final audit report. The objectives of
the audit were to: (1) determine whether the U.S. Fish and Wildlife Service's automated law
enforcement system, the Law Enforcement Management Information System (LEMIS II),
met the law enforcement reporting requirements of the Federal Bureau of Investigation and
(2) provide information to the Service that would assist it in implementing LEMIS II
effectively.
We found that LEMIS II is capable of meeting the law enforcement reporting requirements
of the Federal Bureau of Investigation. However, improvements are needed to ensure that
all crime statistics are reported and that law enforcement information is available to Service
managers. Specifically, the Service needs to ensure that all elements of crime statistics
required by the National Incident Based Reporting System (NIBRS) and the Department are
included in the LEMIS II database, data input and edit controls are upgraded, and security
over data is strengthened.
Based on the response from the Acting Director, U.S. Fish and Wildlife Service,
we considered 2 of the report's 10 recommendations resolved and implemented,
3 recommendations resolved but not implemented, and 5 recommendations unresolved. We
have asked the Service to reconsider its position on the five unresolved recommendations.
If you have any questions concerning this matter, please contact me at (202) 208-5745 or
Mr. Robert J. Williams, Assistant Inspector General for Audits, at (202) 208-4252.
Attachment
A-IN-FWS-001-96
United States Department of the Interior
OFFICE OF INSPECTOR GENERAL
Washington, D.C. 20240
AUDIT REPORT
Memorandum
To: Assistant Secretary for Fish and Wildlife and Parks
From: Robert J. Williams
Assistant Inspector General for Audits
Subject: Audit Report on the Automated Law Enforcement System,
U.S. Fish and Wildlife Service (No. 97-I-1305)
INTRODUCTION
This report presents the results of our audit of the U.S. Fish and Wildlife Service's
automated law enforcement system, the Law Enforcement Management Information
System (LEMIS II). Our audit was conducted as part of our review of the Department of
the Interior's automated law enforcement systems. The audit objectives were to:
(1) determine whether LEMIS II met the law enforcement reporting requirements of the
Federal Bureau of Investigation and (2) provide information to the Service that would
assist it in implementing LEMIS II effectively.
* BACKGROUND
The Service's law enforcement program provides protection for a broad spectrum of fish,
wildlife, and plants through the application of a full range of law enforcement techniques,
including: (1) surveillance of areas of fish and wildlife resources to prevent taking;
(2) inspection of shipments arriving at and departing from designated borders and ports;
and (3) enforcement of Federal regulations concerning protected species. The law
enforcement program is a component of the Service's Refuges and Wildlife Activity,
which is organized into seven regions. The law enforcement program is operated primarily
through the Service's Division of Law Enforcement. The Division of Law Enforcement
includes a Special Operations Branch, which conducts undercover operations of illegal
takings and commercialization of wildlife, and Wildlife Inspectors, who monitor ports and
borders for illegal imports and exports of protected species. In addition, the Division of
Refuge Operations, through Refuge Officers, enforces Federal regulations on National
Wildlife Refuges.
Under the Uniform Federal Crime Reporting Act of 1988 (Public Law lOO-690) which
became effective on January 1, 1989, the Congress mandated that all Federal agencies with
law enforcement responsibility report crime statistics. In response to the Act, the Federal
Bureau of Investigation requires that crime statistics be reported in a uniform computerized
format to its automated system the National Incident Based Reporting System (NIBRS).
The NIBRS program, which also became effective on January 1, 1989, and is defined in
Volumes I-III of the "Uniform Crime Reporting National Incident-Based Reporting System"
and in the "Supplemental Guidelines for Federal Participation," requires Federal agencies to
submit, on a monthly basis, information on 22 offense categories for each crime investigated
(the offense categories are in Appendix 1). The information to be reported includes the
following: location of the crime; race, sex, and age of the offenders; information about the
victims and property involved in the crime; and information on arrests, such as arrest date and
type of apprehension. At the time of our review, the Department was reporting criminal
investigation data under the Uniform Crime Reporting Program instead of NIBRS. The
Program, which was the predecessor to NIBRS, requires summary information to be
submitted monthly to the Federal Bureau of Investigation on the number of crimes
investigated for only eight offense categories (see Appendix 1).
The Division of Law Enforcement manages the Service's automated law enforcement case
management systems. The first automated system, the Law Enforcement Management
Information System (LEMIS), was established in 1983. LEMIS was developed in-house;
operated on a minicomputer; and designed so that users had direct access to the computer to
add, change, delete, and query data. In 1991, the Service determined that since the hardware
and software for LEMIS were obsolete and did not meet NIBRS requirements, a new system
should be developed. Design and development of the new law enforcement system,
LEMIS II, which was to replace LEMIS, began in 1991. LEMIS II was designed to
accommodate NIBRS requirements, comply with the Department's reporting requirements
for drug-related criminal activity, and satisfy the Service's specific information management
needs. In that regard, LEMIS II will have five modules: investigations, permits and licenses,
import/export declarations, skills inventory, and administrative. At the time of our review,
only the investigations module was being implemented, and the other four modules were
server. Data are entered into personal computers at regional and field sites and are
electronically transferred to the server, where the Servicewide law enforcement database is
maintained by the Division of Law Enforcement. The telecommunications network, which
is used for the electronic transfer of data, is managed by the Division of Information
Resources Management. Only after the data are uploaded into the database can managers and
law enforcement agents from other offices perform queries on the data. The Service is
operating LEMIS and LEMIS II simultaneously at those locations where LEMIS II has been
implemented. LEMIS will continue to operate until LEMIS II is fully implemented
Servicewide.
`Client/~er is a computerized architecture in which one or more "shared computers called servers
manage shared
resources and provide access to those shared resources as a service to their clients," which are
personal computers
that are used by individuals. David Vaskevitch, Client/Server Strateaies, a Survival Guide for
Corporate
Reengineers, IDG Books Worldwide, Inc., San Mateo, California, 1993, page 96.
2
SCOPE OF AUDIT
To accomplish our objectives, we reviewed system documentation and interviewed
management and staff at the Service's Division of Law Enforcement in Arlington, Virginia;
regional offices in Lakewood, Colorado, and Atlanta, Georgia; the Division of Law
Enforcement's Golden Field Office, in Golden, Colorado; and the Division of Information
Resources Management, in Golden. Since the Service was replacing LEMIS with LEMIS II,
we limited our audit scope to a review of the general and application controls and the system
operations that had been implemented with LEMIS II.
Our audit was conducted in accordance with the "Government Auditing Standards," issued
by the Comptroller General of the United States. Accordingly, we included such tests of
records and other auditing procedures that were considered necessary under the
circumstances. As part of our review, we evaluated the system of internal controls to the
extent that we considered necessary. The internal control weaknesses that we found are
discussed in the Results of Audit section of this report. If implemented, our recommendations
should improve the internal controls.
We also reviewed the Department of the Interior's Annual Statement and Report, required
by the Federal Managers' Financial Integrity Act, for fiscal years 1994 and 1995 and
determined that none of the reported weaknesses were directly related to the objectives and
scope of this audit.
PRIOR AUDIT COVERAGE
During the past 5 years, the General Accounting Office has not issued any audit reports
related to the Service's automated law enforcement system. However, in June 1989, the
Office of Inspector General issued the report "Law Enforcement Activities, U.S. Fish and
Wildlife Service" (No. 89.Sl), which stated that the Service's automated law enforcement
system did not accurately record investigative time and did not adequately document and
track all incidents. The report also stated that the Service had not adequately trained its
system users. The report recommended that the Service ensure, in coordination with the
Assistant Secretary for Policy, Budget and Administration (now the Assistant Secretary for
Policy, Management and Budget), that a management information system was established
which could track and provide uniform reports on cases and on productivity for Service law
enforcement activities. The Service concurred with the recommendation and agreed to
comply with guidance from the Office of the Secretary concerning this effort. In addition,
in March 1993, the Office of Inspector General issued the report "Automated Data Processing
Management, U.S. Fish and Wildlife Service" (No. 93-I-864), which stated that the Service
was not in compliance with the Computer Security Act of 1987. The report recommended
that the Service prepare risk analyses and contingency plans for all sensitive systems and
software applications. Based on the Service's response, we considered the recommendation
resolved and implemented.
RESULTS OF AUDIT
We concluded that the U.S. Fish and Wildlife Service's automated law enforcement system
LEMIS II, is capable of meeting the law enforcement reporting requirements of the Federal
Bureau of Investigation. However, improvements are needed to ensure that all crime
statistics are reported and that law enforcement information is available to Service managers.
Specifically, the Service needs to ensure that all elements of crime statistics required by
NIBRS and the Department are included in the LEMIS II database, data input and edit
controls are upgraded, and security over data is strengthened.
Data Elements
The Service did not ensure that all NIBRS and Departmental data elements were included in
LEMIS II. Specifically:
LEMIS II included only 46 of the 52 reporting elements required by NIBRS. The
Services justification for developing LEMIS II was to incorporate all of the required NIBRS
elements into the Service's law enforcement system. Division of Law Enforcement officials
said that six reporting elements were not included because the Service would not have any
violations involving those elements. However, we found that for 1995 the Service had
reportable data on seized and forfeited property, which was one of the elements not included
in LEMIS II. In that regard, the Service's 1995 financial statements reported $1.8 million of
seized and forfeited property. The Service should include all the required reporting elements
to ensure that the data transmitted to NIBRS are complete.
- LEMIS II included only 6 of the 19 management information items for law
enforcement case files required by the Department. Service officials said that the 13 items did
not have to be in the LEMIS II database because the information was maintained in hard copy
in the case report files. However, in our opinion, if all 19 items are not included in LEMIS
II, the effectiveness of maintaining an automated database management system is diminished.
Data Processes
The Service did not ensure that processes to input data into LEMIS II were effective and
properly controlled. For example:
Division of Law Enforcement officials had planned for the Division of Refuge
Operations law enforcement data to be input into LEMIS II. However, at the time of our
review, notices of violations originating from the Division of Refuge Operations were not
always entered into the LEMIS II database, and the Service had not determined who was
responsible for ensuring that data would be entered into LEMIS II. Notices of violations that
are issued by Refuge Officers for incidents pertaining to any of the 22 offense categories are
required by the Act to be reported to NIBRS. For these incidents, the Refuge Officers
prepare a manual report for their case files, and they can submit the report to a regional law
enforcement office for input into LEMIS II. However, we found that the data were not
always being entered into LEMIS II because the Service did not require Refuge Officers to
submit the reports to the regional law enforcement offices or require regional law
enforcement officials to collect and enter data from the reports into LEMIS II. As an
alternative, Division of Refuge Operations personnel could enter their law enforcement data
directly into LEMIS II. However, the Division of Law Enforcement did not allow Division
of Refuge Operations personnel to enter data directly into LEMIS II because of concerns over
unauthorized access to sensitive data. We believe that LEMIS II could be programmed to
restrict access to sensitive data and that Division of Refuge Operations personnel could enter
their law enforcement data directly into LEMIS II.
In a related matter, Division of Refuge Operations officials said that the Division was planning
a new automated system for their activity which will incorporate law enforcement
information. However, before proceeding with this system, we believe that the feasibility of
using LEMIS II for all law enforcement data processing should be determined.
- Division of Law Enforcement officials said that they had planned to have law
enforcement agents input their own case and incident information into LEMIS II. However,
the Service did not perform, as part of its system development life cycle management,
analyses to determine the amount of time and effort required to input data when developing
LEMIS II. During our review, regional managers said that they did not want law
enforcement agents to perform the input function because of the amount of time needed to
input the data. As such, the responsibility for input of the data was assigned to the legal
assistants. According to the legal assistants, they also did not have enough time to input the
data and perform their other duties. Consequently, data were not entered timely and
completely into LEMIS II. Additionally, law enforcement agents and legal assistants used
either LEMIS, Federal Bureau of Investigation systems, or hard copies in the files for
querying and maintaining case and incident information rather than only LEMIS II, which we
believe was not the most efficient use of resources. Therefore, an analysis should be
performed by the Service to reduce the amount of time needed for Division of Law
Enforcement and Division of Refuge Operations personnel to enter data into LEMIS II.
- When Division of Law Enforcement personnel electronically transmitted data from
personal computers to the Servicewide law enforcement database, they did not receive
notification that the data had been received and that the database had been updated. Because
there was no notification, users had to perform queries to validate the information in the
database. We believe that errors could be more readily identified and corrected and stafYtime
used more efficiently if users were notified automatically that updates were accepted or that
the data were rejected.
- The Service has not ensured that the data it will transmit to NIBRS will be accepted.
At the time of our review, the Service had not coordinated with the Department or the
Federal Bureau of Investigation to test the Service's data for acceptability into NIBRS.
Therefore, there is no assurance that the Service's data will be included in the Federal Bureau
of Investigation's NIBRS database.
- In addition, users were not adequately trained to fully operate LEMIS II, with the last
training session for LEMIS held in 1994. The Division of Law Enforcement, in coordination
with the Service's Division of Tnformation Resources Management, developed a standardized
5
training program for the investigations module of LEMIS II. Each Regional Director was
responsible for allocating resources for LEMIS II training. However, we found that the last
training session was held in 1994 because Regional Directors had not been allocating the
resources necessary to fund the training sessions.
Data Security
The legal assistants who input data into LEMIS and LEMIS II did not have the required
security clearances. Because information contained in LEMIS and LEMIS II is sensitive and
subject to the Privacy Act, system users are required by the Departmental Manual
(446 DM 14.6 D) to have a background investigation and receive a security clearance.
However, Service officials said that they did not require security clearances for the legal
assistants because of the costs for these investigations. If legal assistants continue to input
data into LEMIS and LEMIS II, they should receive the required clearances to ensure that
sensitive data are adequately safeguarded.
Recommendations
We recommend that the Director, U.S. Fish and Wildlife Service, ensure that:
1. All NIBRS-required data elements are included in the LEMIS II database.
2. All the management information items of the law enforcement case files required by
the Departmental Manual are included in LEMIS II.
3. Law enforcement data for the Division of Refuge Operations are input into LEMIS II.
4. A feasibility study is performed to determine whether LEMIS II should be used for
all law enforcement data processing.
5. Time frames are established for inputting accurate and complete data in a timely
manner to LEMIS II to meet law enforcement program information needs and NIBRS
reporting requirements.
6. Users are notified of successful or unsuccessful transmissions and updates to the
Servicewide database.
7. The Division of Law Enforcement coordinates with the Department and the Federal
Bureau of Investigation to test the Service's data transmitted to NIBRS.
8 .
[email protected] Directors allocate sufficient resources for training system users in how to
use the modules and on the transmission and uploading processes.
9. Personnel who have access to LEMIS II have the appropriate security clearances
based upon their duties and position sensitivity.
6
10. A waiver from the Office of Management and Budget for consolidation of agency data
centers is requested or assurance is provided that the Service is complying with the
requirements of Office of Management and Budget Bulletin 96-02.
U.S. Fish and Wildlife Service Response and Office of Inspector General
Reply
In the March 27, 1997, response (Appendix 2) from the Acting Director, U.S. Fish and
Wildlife Service, to our draft report, the Service agreed with Recommendations 2, 6, 7, and
8 and disagreed with Recommendations 1, 3, 4, 5, 9, and 10. Based on the response, we
consider Recommendation 8 resolved and implemented; Recommendations 2, 6, and 7
resolved but not implemented; and Recommendations 1, 3, 4, 5, and 9 unresolved. Although
the Service disagreed with Recommendation 10, it stated that its Division of Information
Resources Management "completed a review of computer facilities nationwide in February
1996 and determined that no Service facilities met the definition of a `data center' as
prescribed by" Office of Management and Budget Bulletin 96-02. As such, we consider the
recommendation resolved and implemented because the Service provided assurance that it has
complied with Office of Management and Budget Bulletin 96-02. Accordingly, the
unimplemented recommendations will be referred to the Assistant Secretary for Policy,
Management and Budget for tracking of implementation., and the Service is requested to
respond to the unresolved recommendations, including revised Recommendation 5 (see
Appendix 3).
Recommendation 1. Nonconcurrence.
Service Response. The Service disagreed with the recommendation, stating that the
"NIBRS elements excluded from the LEMIS II system pertain exclusively to tracking stolen
property," that it "does not investigate crimes dealing with stolen property," and that "adding
these elements to LEMIS would serve no purpose."
Offke of Inspector General Reply. We disagree that the six data elements omitted
pertain exclusively to tracking stolen property. Although five of the six data elements on&ted
relate to property data (date recovered, number of stolen motor vehicles, number of
recovered motor vehicles, suspected drug type, and estimated drug quantity and type)' we
believe that the elements cover more than just stolen property offenses. According to the
NIBRS edition of the Uniform Crime Reporting Handbook, Chapter 7, "Property Data,"
reporting of the data elements is required for offenses such as burglary, drug/narcotic
offenses, fraud offenses, larceny, and stolen property offenses. In that regard, we believe that
the Service had reportable data in at least one of the omitted data elements. Specifically, the
Service's Budget Justifications for fiscal year 1997 stated that the Service seized about
17,000 pounds of marijuana in 1995, for which, in our opinion., the quantity and type of drug
should have been reported as a drug/narcotic offense.
In addition, the Departmental Manual (446 DM 13.6) emphasizes that Departmental law
enforcement systems should include the 52 data elements which the Federal Bureau of
Investigation requires for crime statistics reported to NIBRS. In its response to
7
Recommendation 2, the Service stated that an analysis would be performed for the next
generation of LEMIS II and at that time the management information items required by the
Departmental Manual would be included in the redesign. To comply with the Departmental
Manual, the Service should also include all required NIBRS data elements in LEMIS II. The
Service is therefore requested to reconsider its response to this recommendation.
Recommendation 3. Nonconcurrence.
Service Response. The Service disagreed and stated that access to LEMIS II data is
limited to Division of Law Enforcement employees. The Service further stated, "[a]llowing
other Divisions to access LEMIS to input their own case information could risk the release
of sensitive information, thereby compromising privacy issues and [the] safety of officers
working in a covert capacity." According to the Service, the Division of Refuge Operations
has developed the Law Enforcement Incident Reporting System (LEIRS), which has data that
are compatible with LEMIS. The data from LEIRS will be downloaded into LEMIS to
permit "complete Service file transmission of NIBRS data."
Office of Inspector General Reply. We agree that the information in LEMIS II is
sensitive and should therefore be protected from misuse or unauthorized disclosure.
However, we firmly believe that LEMIS II can be programmed to prevent other law
enforcement personnel, such as Refuge Officers, from accessing the "sensitive" data of the
Division of Law Enforcement. In its response, the Service emphasized the availability of
resources as a reason for not concurring with the recommendation, yet it undertook actions
to develop, operate, and maintain two systems which capture and report similar information
and perform similar functions, including reporting NIBRS data. We firmly believe that this
is not an efficient use of limited law enforcement resources. The Service is therefore requested
to reconsider its response to this recommendation.
Recommendation 4. Nonconcurrence.
Service Response. The Service stated that because of data security requirements, the
different missions of the Division of Law Enforcement and the Division of Refuge Operations,
and available resources, the decision to have two separate systems was "sound." The Service
further stated that "[l]aw enforcement activities on refuges are fundamentally different Corn
those activities conducted by the Division of Law Enforcement" and that data security and
confidentiality are "paramount when considering officer safety."
Ofiice of Inspector General Reply. We agree that data security and confidentiality are
essential when officer safety is considered. However, we firmly believe that LEMIS II can be
programmed to prevent the improper accessing of "sensitive" data of the Division of Law
Enforcement. The Service did not provide any specifics relating to the fundamental
differences in the two divisions' law enforcement activities that would require separate
systems. Notwithstanding fkdamentally different activities, the systems perform similar
functions, such as capturing NIBRS data and maintaining law enforcement case data as
specified by the Departmental Manual. We strongly disagree that expending limited resources
to develop, operate, and maintain two systems which capture and report similar information
and perform similar functions, including reporting NIBRS data, was a sound decision. To the
8
limited resources. The Service is therefore requested to reconsider its response to this
recommendation.
Recommendation 5. Nonconcurrence.
Service Response. The Service stated, "TO provide investigative information to Service
managers and employees, as well as outside interest, it is essential that data are entered into
LEMIS II in a timely and accurate manner." The Service further stated that "each data
element is reviewed to ensure that the information collected is relevant and necessary"; that
"the information entered into LEMIS is essential"; that "[c]lerical employees are assigned
these data entry duties"; and that "on rare occasions," Special Agents may input information
into LEMIS II. The Service concluded in it response that it "does not believe an additional
analysis is needed at this time."
Office of Inspector General Reply. We agree that the data which are input into
LEMIS II are essential and should be entered into LEMIS II timely and accurately. The
response stated that clerical employees are assigned these data entry duties; however, it did
not address the issue of the amount of time required to input data into LEMIS II.
Accordingly, we still believe that the timeliness of input needs to be addressed because, as
stated in the report, the clerical stti said that they did not have enough time to input data and
perform their other duties. As such, data were not entered timely and completely into
LEMIS II. Consequently, we have revised the recommendation to focus on establishing time
frames for inputting data into LEMIS II to meet law enforcement program information needs
and NIBRS reporting requirements. Therefore, we request that the Service respond to the
revised recommendation.
Recommendation 9. Nonconcurrence.
Service Response.
The Service disagreed with the recommendation, stating that
requiring "criminal background investigations on non-Special Agent personnel" is
"overburdensome and unnecessary" because "[clurrent clearance procedures require that all
personnel, who have access to LEMIS data, pass a local police criminal history inquiry";
"[t]he Division has never experienced a breach of security since the inception of LEMIS 15
years ago"; and "[t]he $3,700 cost of a single background investigation on data entry
personnel cannot be absorbed within the Law Enforcement budget."
Offke of Inspector General Reply. The Service did not indicate whether the criminal
history reviews required for personnel who have access to LEMIS data were performed at
the time of initial hire or periodically thereafter. Further, the Service indicated that
non-Special Agent personnel do not need the required security clearances because no
incidents have occurred since the inception of LEMIS and because of the cost involved.
However, in its response, the Service repeatedly emphasized the sensitive nature of the
information in LEMIS and the paramount importance of maintaining security and
confidentiality. Moreover, based on the requirements of the Departmental Manual (375 DM,
441 DM, and 446 DM), non-Special Agent personnel, because of their access capabilities to
enter, change, and delete law enforcement data and because of the sensitivity of data in
9
LEMIS and LEMIS II, may require at least a "Minimum Background Investigation" and may
even require a more extensive "Limited Background Investigation" at initial hire and
periodically thereafter. Therefore, we believe that required background investigations based
on the sensitivity and risk associated with the program are necessary to ensure that
management controls are in place to adequately safeguard LEMIS and LEMIS II data and to
ensure that the Service is in compliance with the Departmental Manual. The Service is
therefore requested to reconsider its response to the recommendation.
In accordance with the Departmental Manual (360 DM 5.3)' we are requesting your written
response to this report by November 17, 1997. The response should include the information
requested in Appendix 3.
The legislation, as amended, creating the Office of Inspector General requires semiannual
reporting to the Congress on all audit reports issued, actions taken to implement audit
recommendations' and identification of each significant recommendation on which corrective
action has not been taken.
We appreciate the assistance of U. S. Fish and Wfidlife Service personnel in the conduct of our
audit.
10
APPENDIX I
REPORTABLE OFFENSE CATEGORIES
National Incident Based Reporting System Uniform Crime Reporting Program
1. Homicide Offenses
Murder and nonnegligent manslaughter
Negligent manslaughter
Justiable homicide
2. Sex Offenses, Forcible
Forcible rape
Forcible sodomy
Sexual assault with an object
Forcible fondling
3. Robbery
4. Assault Offenses
Aggravated assault
Simple assault
Intimidation
5. Burglary/Breaking and Entering
6. Larceny/Thefi Offenses
Pocket-picking
Purse-snatching
Shoplifting
Theft from building
`Theft Tom coin-operated machine or device
Theft from motor vehicle
Theft of motor vehicle parts or accessories
7.
8.
9.
10.
11.
12.
13.
14.
15.
All other larceny
Motor Vehicle Theft
Arson
Bribery
Counterfeiting/Forgery
Destruction/DamageNandahsm of Property
Drug/Narcotic Offenses
Drug/narcotic violations
Drug equipment violations
Embezzlement
Extortion/Blackmail
Fraud Offenses
False pretenses/swindle/confidence game
Credit card/automatic teller
Machine fraud
Impersonation
Welfare
Wire fraud
16. Gambling Offenses
Betting/wagering
Operating/promoting/assisting gambling
Gambling equipment violations
Sports tampering
17. Kidnaping/Abduction
18. Pornography/Obscene Material
19. Prostitution Offenses
Prostitution
Assisting or promoting prostitution
20. Sex Offenses, Nonforcible
4.
5.
6.
7.
8.
Homicide
Murder and nonnegligent manslaughter
Manslaughter by negligence
Forcible Rape
Rape by force
Attempts to commit forcible rape
Robbery
Firearm
Knife or cutting instrument
Strong-arm, hands, fists, feet, etc.
Other dangerous weapons
Aggravated Assault
Firearm
Knife or cutting instrument
Other dangerous weapons
Hands, fist, feet, etc.
Burglarv
Forcible entry
Unlawful entry
Attempted forcible entry
Larceny - Thefi (except motor vehicle)
Motor Vehicle Theft
Autos
Trucks and buses
Other vehicles
Arson
structural
Mobile
Other
incest
Statutory rape
2 1. Stolen Property Offenses (receiving, etc.)
22. Weapon Law Offenses
11
APPENDIX 2
United States Department of the Interior Page ' Of 4
In Reply Refer To:
FWSIADM 12-03-019599
Memorandum
To .
. Assistant Inspector General for Audits
From: Me
,V4+i qb G Director
r- u-
Subject:
Response to Office of Inspector General (OIG) Draft Audit Report - Automated
Law Enforcement System, U.S. Fish and Wildlife Service (A-IN-FWS-001-96)
We have reviewed the subject report dated February 19, 1997. The following are Service
responses to the Draft OIG Audit Report which recommends that the Director ensure that:
Recommendation 1. All NIBRS-required data elements are included in the LEMIS II database.
Response: Disagree. NIBRS elements excluded from the LEMIS II system pertain exclusively
to tracking stolen property. As the Service does not investigate crimes dealing with stolen
property, adding these elements to LEMIS would serve no purpose.
Recommendation 2. All the management information items of the law enforcement case files
required by the Departmental Manual are included in LEMIS II.
Response: Agree. However, these changes cannot be made to a database with existing data. In
the near future, the Service will begin to analyze the LEMIS system with the intent of identifying
the steps needed to design the next generation of this computer system. The items required by the
Departmental Manual will be included in the redesign. The system analysis is expected to be
completed by March 3 1, 1998. Responsible Official: Assistant Director, Refuges and Wildlife.
Due Date: March 3 1, 1998.
Recommendation 3. Law Enforcement data for the Division of Refuge Operations are input into
LEMIS II.
Response: Disagree. Access to LEMIS II data is limited to Division of Law Enforcement
employees. The sensitive nature of investigations conducted and administered by Law
Enforcement requires that information be provided strictly on a "need to know" basis. Allowing
other Divisions to access LEMIS to input their own case information could risk the release of
sensitive information, thereby compromising privacy issues and safety of officers working in a
covert capacity.
12
APPENDIX 2
Page 2 of 4
2
The Law Enforcement Incident Reporting System (LEIRS) has been developed by the Division of
RefUges to capture case information for RefUge personnel. LEIRS data are LEMIS compatible
and will be downloaded to LEMIS to permit a complete Service file transmission of NIBRS data.
Recommendation 4. A feasibility study is performed to determine whether LEMIS II should be
used for all law enforcement data processing.
Response: Disagree. For several reasons, including data security, the difference in missions, and
availability of resources, Service managers made a conscious decision to maintain separate
systems for the Division of Refuges and the Division of Law Enforcement. Law enforcement
activities on refuges are fundamentally different fkom those activities conducted by the Division of
Law Enforcement and there is no need to share in data processing. As stated above, the need to
maintain security and confidentiality of law enforcement records is paramount when considering
officer safety, particularly when covert investigations are conducted. The Service believes that
the decision to keep the respective systems separate was sound.
Recommendation 5. An analysis is performed to determine the amount of time required to input
the data into LEMIS II and responsibilities for inputting the data are assigned.
Response: Disagree. To provide investigative information to Service managers and employees,
as well as outside interests, it is essential that data are entered into LEMlS II in a timely and
accurate manner. Clerical employees are assigned these data entry duties. However, Special
Agents may, on rare occasions, be required to input information. Prior to the development or
enhancement of any subsystems contained in the law enforcement computer system, each data
element is reviewed to ensure that the information collected is relevant and necessary. The
LEMIS Steering Committee, comprised of top Law Enforcement managers, determined that the
information entered in LEMIS is essential. Therefore, the Service does not believe an additional
analysis is needed at this time.
Recommendation 6. Users are notified of successfil or unsuccessful transmissions and updates
to the Service wide database.
Response: Agree. The Service is currently working with Information Resources Management
(IRM) personnel to address this design flaw. The National Communications Center (NCC) of
IRM is developing a LEMIS for Windows system which will address this problem. A prototype
of the Windows system has already been demonstrated. Installation of the system is expected to
be completed by September 30, 1997. Responsible Official: Assistant Director, Refuges and
Wildlife. Due Date: September 30, 1997.
Recommendation 7. The Division of Law Enforcement coordinates with the Department and
the Federal Bureau of Investigation to test the Service's data transmitted to NIBRS.
13
APPENDIX 2
Page 3 of 4
Response: Agree. The Service will coordinate data transmission through the Department of the
Interior. Responsible Official: Assistant Director, Refuges and Wildlife. Due Date: December 3 1,
1997.
Recommendation 8. Regional Directors allocate sufficient resources for training system users in
how to use the modules and on the transmission and uploading processes.
Response: Agree. During FY 1996, a LEh4IS help desk was established within the Service to
provide timely telephone response to LEMIS users. In addition, a computer specialist has been
hired to deal specifically with transmission and the uploading/downloading processes. This
individual has conducted several training sessions in various locations and will continue to provide
training as needed. Completed.
Recommendation 9. All personnel who have access to LEMIS II have the required security
clearances.
Response: Disagree. The Service opposes the requirement of criminal background investigations
on non-Special Agent personnel for the following reasons:
(i) Current clearance procedure requires that all personnel, who have access to LEMIS
data, pass a local police criminal history inquiry involving NCIC and SCOPE criminal files.
(ii) The Division has never experienced a breach of security since the inception of LEMIS
15 years ago.
(iii) The $3,700 cost of a single background investigation on data entry personnel cannot
be absorbed within the Law Enforcement budget.
The Service believes that to require more extensive background investigations on clerical
personnel is overburdensome and unnecessary.
Recommendation 10. A waiver from the Office of Management and Budget for
consolidation of agency data centers is requested or assurance is provided that the Service is
complying with the requirements of Office of Management and Budget Bulletin 96-02.
Response: Disagree. In accordance with the requirements of OMB Bulletin 96-02, the Service's
Division of Information Resources Management completed a review of computer facilities
nationwide in February 1996 and determined that no Service facilities met the definition of a "data
center" as prescribed by that Bulletin. Section (6)(b) of OMB96-02 states that "an agency data
center is defined as any automated information processing operation with a standing staff of five
or more full-time-equivalent employees.. . Applications programmers are not included in
calculating "FTE employees. "
14
APPENDIX 2
Page 4 of 4
4
The Law Enforcement computer support staff in Arlington is comprised of three computer
specialists, only two of whom provide operational support for LEMS. The other specialist is
responsible for the management and operation of the Law Enforcement Local Area Network
(LAN). OMB 96-02 also states that "Facilities that merely support LANs, files servers or desktop
computers are not categorized as agency data centers." The Service does not consider the
LEMIS facility to be within the OMB definition of a data center and, therefore, no waiver is
required.
15
APPENDIX 3
STATUS OF AUDIT REPORT RECOMMEI\(`DATIONS
Finding/
Recommendation
Reference
1, 3, 4, and 9
2, 6, and 7
5
8 and 10
Status
Unresolved.
Resolved; not
implemented.
Unresolved.
Implemented.
Action Required
Reconsider the recommendations, and provide action
plans that include target dates and titles of officials
responsible for implementation.
No fkther response to the Office of Inspector General
is required. The recommendations will be referred to
the Assistant Secretary for Policy, Management and
Budget for tracking of implementation.
Respond to the revised recommendation. If
concurrence is indicated, provide an action plan that
includes a target date and title of the official responsible
for implementation. If nonconcurrence is indicated,
provide reasons for the nonconcurrence.
No fkther action is required.
16
ILLEGAL OR WASTEFUL ACTIVITIES
SHOULD BE REPORTED TO
THE OFFICE OF INSPECTOR GENERAL BY:
Sending written documents to: Calling:
Within the Continental United States
U.S. Department of the Interior
Office of Inspector General
1849 C Street, N.W.
Mail Stop 5341
Washington, D.C. 20240
Our 240hour
Telephone HOTLINE
l-800-424-5081 or
(202) 208-5300
TDD for hearing impaired
(202) 208-2420 or
l-800-354-0996
Outside the Continental United States
Caribbean Region
U.S. Department of the Interior
Office of Inspector General
Eastern Division - Investigations
1550 Wilson Boulevard
Suite 410
Arlington, Virginia 22209
(703) 235-9221
North Pacific Region
U.S. Department of the Interior
Office of Inspector General
North Pacific Region
238 Archbishop F.C. Flares Street
Suite 807, PDN Building
Agana, Guam 96910
(700) 550-7428 or
COMM 9-O1l-671-472-7279
Toll Free Numbers:
l-800-424-5081
TDD l-800-354-0996
FIVCommerciai Numbers:
(202) 208-5300
TDD (202) 208-2420
HOTLINE
1849 C Street, N.W.
Mail Stop 5341
Washington, D.C. 20240