Office of the Inspector General (OIG)

OIG semi-Annual Report to Congress:
October 1, 2005 - March 31, 2006


Table of Contents


Foreword

This semiannual report defines the extensive work that the Office of Inspector General has performed in support of the Archivist of the United States and our many constituents, none more important than the American public. Our audit and investigative products have continued to bring increased economy and efficiency to NARA programs and operations, led to increased security over our information and technology infrastructure, and protected our holdings from loss and destruction. One particular investigation successfully identified a NARA employee who attempted to dispose of thousands of records, including Indian tribal records. These records were recovered and are now once again a part of NARA's holdings.

As the Inspector General of NARA, I understand that we have a special responsibility to do all we can to protect our holdings from those who would seek to exploit our nation's history for their personal gain. It is clear to me that this office has a true partner in Allen Weinstein, the Archivist of the United States. His active support, paired with that of other NARA employees, has helped move a project we call Operation Historic Protector (OHP) from concept to the test track. In the coming months, we hope to further refine and enhance the effort to make OHP a unique and model program to combat the theft of holdings. This program will hopefully extend beyond NARA to incorporate other Federal, state, local, and private libraries, archives, museums, institutions, and online, as well as brick-and-mortar auction houses. It will also be designed to interface with appropriate law enforcement entities, including Assistant U.S. Attorneys and the Department of Justice on the Federal level. In November 2005, we were able to begin our external dialogue about OHP before a distinguished audience at a conference held at the New York Public Library and sponsored by NARA's Northeast Region Office. The conference received positive feedback, and in the coming months we plan to expand upon this initial effort in cooperation with a willing partner in the Canadian Library and Archives.

I look forward to reporting to you in future reporting periods upon the results of OHP and our efforts in support of other vital NARA programs and initiatives such as the Electronic Records Archives (ERA). I wish to thank my staff and all NARA employees who have supported the OIG, and by extension the Archives, in this reporting period.

 

Paul Brachfeld
Inspector General

Top of Page


Executive Summary

This is the 35th Semiannual Report to the Congress summarizing the activities and accomplishments of the National Archives and Records Administration (NARA) Office of Inspector General (OIG). A summary of NARA's top challenges is provided under the section titled

'Top Ten Management Challenges." The highlights of our major functions are summarized below.

Audits

In this reporting period, the Audit Division continued to examine the integrity of NARA's financial information and security of Information Technology (IT) systems and programs. This work had positive impact upon agency operations and related controls in these critical areas. We also extensively audited and evaluated NARA programs, functions, and contract issues. Recommendations directed to NARA officials will, upon adoption, translate into reduced risk for the agency and increased levels of security and control over NARA's financial assets, programs, and operations.

We issued the following audit reports during the reporting period:

  • Audit of NARA's Network Perimeter. Our audit, which assessed the controls surrounding the boundary of NARA's network, revealed that NARA's network perimeter security was not adequate and exposed the agency to significant information security risks. This condition existed because management had not adopted, incorporated, or enforced pertinent standards promulgated to reduce risk to an acceptable level. Numerous National Institute of Standards and Technology (NIST) Special Publications document the minimum requirements that should be considered, implemented, and tested concerning local and wide area network perimeter security. When the network perimeter is not adequately protected, not only does the risk of intrusion increase, but the network is more vulnerable to nefarious individuals or groups seeking to harm the network infrastructure. Management concurred with all but one recommendation and promptly initiated management action to address our recommendations. (Audit Report #06-01, dated December 12, 2005.)

  • Review of Modifications Made to the Performance-Based Task Order for Information Technology Support Services (ITSS). Our review, which assessed the appropriateness of modifications made to a NARA contract to acquire ITSS, revealed that three modifications totaling $4.4 million were made to the ITSS task order fixed-price requirements without any change in the work to be performed by the contractor. As a result, NARA was inappropriately obligated to incur over $4.4 million for IT support expenses that should have been borne by the contractor. Therefore, we questioned the modifications and all associated costs. (Audit Report #06-02, dated October 12, 2005.)

  • Audit of NARA's Fiscal Year (FY) 2005 Financial Statements. Clifton Gunderson LLP (CG), a public accounting firm, audited NARA's consolidated balance sheet as of September 30, 2005, and the related consolidated statements of net cost, changes in net position, financing, and combined statement of budgetary resources for the year then ended. NARA received a qualified opinion on its FY 2005 financial statements and a qualified opinion on its restated FY 2004 financial statements. Fiscal year 2005 opinion was qualified for the effects of such adjustments, if any, for obligations and outlays related to non-Federal investments. The auditors identified one material internal control weakness and four reportable conditions. NARA also reported one substantial noncompliance instance with the Federal Financial Management Improvement Act concerning financial system compliance. (Audit Report #06-06, dated December 9, 2005.)

  • Review of NARA's Internal Control Procedures for Loan Items. Our audit identified instances in which certain loaned records and artifacts may have been lost while others may be at risk of loss. This condition exists because management has not consistently complied with the guidance for loaning records and artifacts. The agency's established guidance for loaning and transporting holdings is found in NARA Directives 1701 and 1702. Specifically, we found that no loan documentation existed for 157 items loaned to a Presidential library Foundation; loan extension documentation for 12 loans was missing; the loan period for 6 loans exceeded the one-year requirement of NARA 1701 that went into effect on September 1, 1999; 22 outstanding loans were not reported in the Office of Regional Records Services (NR) Quarterly Overdue Loan Report; NARA's Director of Space and Security Management Division (NAS) was not notified when loaned material was reported as missing pursuant to NARA 1701 and 1702; NARA 1701 and 1702 do not require that the IG be notified when loaned material was reported as missing; and NARA does not maintain a database of open, overdue, uncollectible, and missing loans.(Audit Report #06-04, dated December 20, 2005.)

  • Evaluation of NARA's FY 2005 Management Control Program. We found that NARA's management control program complied with the intentions of the Financial Managers' Financial Integrity Act (FMFIA) and Office of Management and Budget (OMB) Circular A-123, Management Accountability and Control. Pursuant to Section 4 of the FMFIA, NARA's financial subsystems generally conform to the objectives detailed in OMB Circular A-127, Financial Management Systems. The Archivist reported the Preservation Program as a new material weakness and continued to report collections security as a material weakness. Computer Security, which was initially reported as a material weakness in FY 2000, was not reported as a material weakness in FY 2005 because the OIG determined that sufficient action had been taken by NARA to minimize this weakness. (Audit Memorandum #06-07, dated December 21, 2005.)

We issued the following management letters during the reporting period:

  • Security over Holdings in Stack Areas. The OIG, through this management letter, brought to the Archivist's attention the immediate need to strengthen internal controls to safeguard records. During this period, NARA experienced a series of apparently willful acts resulting in the destruction and attempted destruction of records that included permanent records accessioned into our holdings. The OIG was able to identify a suspect and substantiate a case in a timely manner in this investigation. However, during the investigation it became clear that but for the initial lead in this investigation the ability of the investigators to act decisively in this matter would have been impeded and restricted by the systemic lack of sound internal controls. This would have translated into an expansive universe of potential subjects leaving a limited investigative trail as well as the inability to define whether individual events were related. Specifically, we identified that stack doors are routinely left ajar, there is no card-key mechanism to restrict access or capture and log ingress or egress into stack areas, and key control is inadequate at Archives I to limit access to the stacks. (Management Letter #06-03, dated October 21, 2005.)

  • Flawed Contract Performance Work Statement Could Have Adverse Impacts on NARA's Budgetary Resources. The OIG informed the Archivist that NARA's continued use of an identified flawed performance work statement could result in significant, unplanned, and unbudgeted contract increases. In NARA's written response to OIG Audit Report #06-02 titled Review of Modifications Made to the Performance-Based Task Order for Information Technology Support Services (ITSS), dated October 12, 2005, and in a subsequent exit briefing, NARA officials stated that a "flawed" Performance Work Statement (PWS) for the ITSS task order contributed significantly to some of the major problems identified in the report. NARA officials attributed the "flawed" work statement to failures on the part of the government in drafting this document. Because the work statement represents the basic understanding between the contractor and the government as to the scope of work to be accomplished, any failure by the government to adequately define the work to be performed could result in an adverse impact to the agency. (Management Letter #06-05, dated October 26, 2005.)

Investigations

During this reporting period, the Office of Investigations opened 26 investigations, closed 12 investigations, issued 1 management advisory letter/referral to the Assistant Inspector General for Audits, and recovered more than 3,000 documents. The Office of Investigations received 216 complaints, closed 209 complaints, opened 25 investigations resulting from complaints, referred 94 complaints to other offices or agencies, and closed 87 complaints to file. There are 21 complaints and 26 investigations that remain open.

The Office of Investigation completed investigations in the following areas:

  • Recovery of a Stolen Document
  • Destruction of Federal Records
  • Threats against NARA Employees
  • Possible Contract Fraud
  • Conflict of Interest

On November 3, 2005, the Inspector General, Assistant Inspector General for Investigations, Counsel to the Inspector General, and a Senior Special Agent participated in a "Securing Our National Heritage" program hosted by NARA's Northeast Region at the New York Public Library. Also participating were the Archivist, NARA General Counsel, and the Assistant Archivist for Regional Records Services. The program was attended by the public and others in the archival community. The conference was to discuss what NARA is doing to protect and recover the nation's records. The Archivist noted the program was a first step in what will be "a long campaign by NARA, in partnership with other organizations, to bring these issues to the attention of the public and our communities."

Top of Page


Management Assistance

During the reporting period, the OIG

  • Worked with NARA management on a wide variety of issues. For example, OIG staff consulted with the Office of General Counsel on new regulations regarding NARA's ability to inspect employees' personal property and NARA's compliance with Section 522 of the Consolidated Appropriations Act of 2005; worked with NARA's Designated Agency Ethics Official (DAEO) on various ethics matters; assisted NARA's human resources department regarding the use of a lie detector on an employee as a basis for an administrative action; and worked with NARA's Congressional and Public Affairs staff on the OIG portion of NARA's public web site, as well as a number of OIG press-related matters. Additionally, at the request of the Archivist, the OIG continues to examine the factors that determine an employee's or contractor's suitability for employment in positions involving access to NARA holdings.

  • Continued our role in the recovery of lost, stolen, and missing holdings at the National Archives. In response to a request for comment on revised NARA Directive 1452, Replevin of Archival Materials, the OIG developed a detailed process incorporating NARA management, archival experts, the Office of General Counsel, and the OIG charting the step-by-step process of item recovery from intake to recovery. The process allows for an archival determination of whether an item belongs to NARA, an investigative determination of whether the item was stolen, and a management determination of whether to pursue an item that, while not stolen, is missing or never arrived at the Archives. To assist the OIG in this recovery process, the position of an OIG staff archivist was created and approved.

  • Assisted in NARA's publication of a comprehensive brochure titled Does That Document Belong in the National Archives? Intended to aid in the OIG's mission of document recovery, the brochure serves as a tool to assist the general public in identifying whether a document is a Federal record and may belong in the National Archives. The OIG developed the concept for the brochure and worked with archival experts and management to bring it to fruition. The brochure can be found at NARA facilities across the country.

  • Commented on two draft policy directives titled NARA 1572, Security for NARA Holdings, and NARA 274, Handling of Abandoned and Unclaimed Property Found on NARA Property. We expressed our concern that neither draft policy included appropriate language regarding notifying the OIG when illegal activity, fraud, waste, abuse, or gross mismanagement was apparent. We provided appropriate language to be included in both directives regarding notification of the OIG when necessary.

  • Responded to a Government Accountability Office FraudNet complaint regarding next-of-kin access to veteran's service records. The complaint dealt with NARA's limited definition of "next-of-kin" and its inability to provide access to relatives beyond that definition. We explained that while NARA maintains physical custody of these records, legal custody remains with the Department of Defense, and as such, NARA relies on DOD's definition of "next-of-kin" when making release determinations. NARA requested that the Defense Privacy Board broaden the "next-of-kin" definition, and the request is currently pending.

  • Provided advice and assistance to NARA management in addressing the agency's Collections Security material weakness. Specifically, the OIG began meeting with the Collections Security Material Weakness Work Group, established at the request of the Office of Regional Records Services (NR) to determine what agency actions were necessary to eliminate the material weakness. NARA management is taking action in five areas to address the material weakness: (1) pre-employment screening, (2) staff training and monitoring, (3) security for records storage areas, (4) records control, and (5) theft prevention and response.

Top of Page


Introduction

About the National Archives and Records Administration

Mission

The National Archives and Records Administration ensures, for the Citizen and the Public Servant, for the President and the Congress and the Courts, ready access to essential evidence.

Background

NARA, by preserving the nation's documentary history, serves as a public trust on which our democracy depends. It enables citizens to inspect for themselves the record of what the Government has done. It enables officials and agencies to review their actions and helps citizens hold them accountable. It ensures continuing access to essential evidence that documents the rights of American citizens, the actions of Federal officials, and the national experience.

Federal records reflect and document America's development over more than 200 years and are great in number, diverse in character, and rich in information. NARA"s traditional holdings amount to 27.8 million cubic feet of records. These holdings include architectural/engineering drawings, maps, and charts; moving images and sound recordings; and photographic images. Additionally, NARA maintains 543,564 artifact items and 8.1 billion logical data records.

NARA involves millions of people in its public programs, which include exhibitions, tours, educational programs, film series, and genealogical workshops. In FY 2005, NARA hosted 2.7 million museum visitors and 245,294 public program attendees, while responding to 1.1 million written requests from the public. In addition, NARA responded to 9.9 million Federal agency reference requests, more than 24,600 Federal agency requests for appointments to review records, and provided records management training to 3,366 individuals. NARA publishes the Federal Register and other legal and reference documents that form a vital link between the Federal Government and those affected by its regulations and actions. Through the National Historical Publications and Records Commission, NARA helps to preserve and publish non-Federal historical documents that also constitute an important part of our national heritage. NARA also administers the Nixon Presidential Materials Project, and 11 Presidential libraries that preserve the papers and other historical materials of all past Presidents since Herbert Hoover.

Resources

In FY 2006, NARA was appropriated an annual budget of approximately $338 million and 2,890 Full-time Equivalents (FTEs), which included appropriations of $283 million for operations, $37 million for the Electronic Records Archive (ERA) program, $9.6 million for repairs and restorations of facilities, and $7.5 million for grants. NARA operations are spread throughout 36 facilities nationwide.

About the Office of Inspector General (OIG)

The OIG Mission

The OIG's mission is to ensure that NARA provides the American people with ready access to essential evidence by providing high-quality, objective audits and investigations, and serving as an independent, internal advocate for economy, efficiency, and effectiveness.

Background

The Inspector General Act of 1978, as amended, established the OIG's independent role and general responsibilities. The Inspector General reports to both the Archivist of the United States and the Congress. The OIG evaluates NARA's performance, makes recommendations for improvements, and follows up to ensure economical, efficient, and effective operations and compliance with laws, policies, and regulations. In particular, the OIG

  • assesses the effectiveness, efficiency, and economy of NARA programs and operations
  • recommends improvements in policies and procedures to enhance operations and correct deficiencies
  • recommends cost savings through greater efficiency and economy of operations, alternative use of resources, and collection actions
  • investigates and recommends legal and management actions to correct fraud, waste, abuse, or mismanagement

Resources

The FY 2006 OIG budget is approximately $2.2 million for operations. The OIG now has 16 FTEs. At full staffing, in addition to the Inspector General and 2 support staff, 8 FTEs are devoted to audits, 4 to investigations, and 1 as counsel to the Inspector General. During the period, 2 audit positions were vacated and two special agent positions were filled. Currently, the OIG is in the process of hiring two auditors to fill the vacant positions. The OIG is seeking additional audit and investigative resources to support the work of this office as defined in the FY 2007 and FY 2008 budget submissions to the Archivist.

Top of Page


Office of Inspector General Activities

Involvement in the Inspector General Community

President's Counsel on Integrity and Efficiency (PCIE) and Executive Counsel on Integrity and Efficiency (ECIE) Legislation Committee.The IG served as one of two ECIE representatives to the Legislation Committee. The Legislation Committee assists the IG community in effectively carry out its duties as specified in Executive Order 12085. In particular, these responsibilities are to identify, review, and discuss areas of weakness and vulnerability in Federal programs; conduct operations to uncover fraud, waste, and abuse; and develop plans for coordinated, Government-wide activities that address these problems and promote economy and efficiency in Federal programs and operations.

Council of Counsels to Inspectors General (CCIG).The OIG counsel participated in meetings of the CCIG and communicated regularly with fellow members. Multiple topics were raised, discussed, and addressed including service of subpoenas issued under the IG Act; agency general counsel access to OIG files; proactive investigations of contract fraud; good-Samaritan laws and investigation policy; OIG credentials; compliance with Section 522 of the Consolidated Appropriations Act of 2005; and FOIA appeals.

Federal Audit Executive Council (FAEC).The Assistant Inspector General for Audits (AIGA) continued to serve as an ECIE representative to the FAEC. During the period, the AIGA attended FAEC's meeting to discuss topics such as financial statement audit issues, revisions to the PCIE External Peer Review Guide, opinion reports on internal controls, and information security.

Association of Directors of Investigation (ADI).The Assistant Inspector General for Investigations (AIGI) attended the Association of Directors of Investigations (ADI) Conference hosted by the Department of Defense OIG. The conference was held on March 21-24, 2005. Focal topics included computer crimes, contract fraud investigations, public corruption, and terrorism.

President's Counsel on Integrity and Efficiency and Executive Counsel on Integrity and Efficiency Investigations Advisory Subcommittee.The Assistant Inspector General for Investigations (AIGI) participated in meetings of the Investigations Advisory Subcommittee and communicated regularly with fellow members. During the period numerous topics were raised, discussed, and addressed including law enforcement officers flying armed, Department of Justice guidance concerning Garrity and Kalkines warnings, undercover operations policy, peer reviews, and scope of law enforcement authorities.

Other Activities

FSecuring Our National Heritage On November 3, 2005, the Inspector General spoke at the "Securing Our National Heritage" conference hosted by the Northeast Region-New York at the New York Public Library. This conference, hosted by the Archivist of the United States, brought together archivists, curators, librarians, and others who are responsible for protecting archival or cultural collections. The Inspector General defined to the audience actions they can take to secure their holdings while maintaining the capacity to respond quickly and effectively when a loss or theft is detected. Also participating were the NARA General Counsel and the Assistant Archivist for Regional Records Services. The Archivist noted the program was a first step in what will be "a long campaign by NARA, in partnership with other organizations, to bring these issues to the attention of the public and our communities."

Top of Page


Audits

Overview

This period, we issued:

  • 4 final audit reports
  • 1 audit memorandum
  • 2 management letters

We completed fieldwork on the following assignment:

  • an audit of NARA's Information Security Program to evaluate the agency's progress in establishing an information security program that includes appropriate controls required by Federal legislation
  • an audit of NARA's System Administrator rights and controls to determine if NARA has instituted appropriate levels of controls for ensuring that NARA's systems and information are properly secured
  • an audit of NARA's Affiliated Archives Program to determine whether (1) the program is meeting its intended goals and function; and (2) participants were complying with management controls, and ensuring that NARA records were properly accounted for and appropriately secured
  • an audit of high-valued items to determine if management controls are adequate for properly safeguarding specially protected records and artifacts stored in secured stacks, vaults, and safes.

We also continued work on the following assignments:

  • an audit of NARA Enterprise Architecture to determine if NARA has established and is managing its enterprise architecture in accordance with Federal best practices
  • a review of the Novell Netware/Goupwise Upgrade Project to assess if (1) the project is meeting cost and schedule requirements, and (2) management is taking timely action to correct any actual or potential problems with project performance

Audit Summaries

Audit of NARA's Network Perimeter

The NARA OIG performed an audit of NARA's network perimeter to determine whether the controls surrounding the boundary of NARA's network (NARAnet) provide reasonable protection from external intruders.

Our audit revealed that NARA's network perimeter security was not adequate and exposed the agency to significant information security risks. This condition existed because management has not adopted, incorporated, and enforced pertinent standards promulgated to reduce risk to an acceptable level. Numerous NIST Special Publications, highlighted in the detailed findings, document the minimum requirements that should be considered, implemented, and tested concerning local and wide area network perimeter security. When the network perimeter is not adequately protected, not only does the risk of intrusion increase, but the network is more vulnerable to nefarious individuals or groups seeking to harm the network infrastructure.

We made eight recommendations to improve and secure NARA's network perimeter security. Management concurred with all but one recommendation and promptly initiated management action to address our recommendations. (Audit Report #06-01, dated December 15, 2005).

Review Modifications Made to the Performance-Based Task Order for Information Technology Support Services

This review assessed the appropriateness of modifications made to the contract task order awarded by NARA officials to acquire Information Technology Support Services (ITSS). The ITSS task order, consisting of a base year and four options, is a performance-based arrangement that contains both fixed-price and time-and-materials requirements. The period of performance extends from October 1, 2003, through September 30, 2008, and the total amount of the original task order was approximately $52.08 million, if NARA exercises all four options.

Our review disclosed that three modifications made to the ITSS task order fixed-price line items did not adhere to the principles of performance-based services acquisition and the Federal Acquisition Regulation (FAR). The stated purpose of the three modifications, totaling $4,426,670, was to provide additional contractor staffing for the following efforts: (a) $165,074 for Oracle database support and security support; (b) $99,131 for Archival Research Catalog support; and (c) $4,162,539 for various support areas. However, the modifications did not contain a revised performance work statement that identified new requirements that call for additional contractor staffing. The efforts alluded to - requiring additional contractor staff -constituted requirements found in the original task order work statement. Thus, we concluded that these modifications were inappropriate. As a result, the agency inappropriately incurred more than $4.4 million for IT support expenses that should have been borne by the contractor.

Management concurred with our findings and recommendations and took corrective action to address the deficiencies discussed in the report. (Audit Report #06-02, dated October 12, 2005).

Audit of NARA's Fiscal Year (FY) 2005 Financial Statements

Clifton Gunderson LLP (CG), an independent public accounting firm, examined and reported on NARA's consolidated balance sheet as of September 30, 2005, and the related consolidated statements of net cost, changes in net position, financing, and combined statement of budgetary resources for the year then ended.

NARA received qualified opinions on its FY 2005 financial statements and its restated FY 2004 financial statements. Fiscal year 2005 opinion was qualified for the effects of such adjustments, if any, for obligations and outlays related to non-Federal investments. The auditors identified one material internal control weakness and four reportable conditions. NARA also reported one substantial noncompliance instance with the Federal Financial Management Improvement Act concerning financial system compliance.

The material weakness was reported in investments as a result of NARA not recording obligations and outlays for purchases and redemption in its non-Federal investments, as required by OMB Circular A-11, Preparation Submission, and Execution of Budget. Reportable conditions were reported in the Information Technology area as a result of concerns with software development, change controls, security programs, controls to protect information, and a contingency plan; financial reporting area as a result of concerns with the general ledger system setup and posting model definitions, obligations review and the lack of an integrated financial management system; property, plant, and equipment area as a result of concerns regarding proper accounting and capitalization of equipment; and payroll as a result of concerns over the maintenance of supporting documentation, validation, and authorization of payroll transactions.

Clifton Gunderson made 25 recommendations to correct the material weakness and reportable conditions. Management concurred with most of the recommendations and agreed to initiate corrective action. (Audit Report #06-06, dated December 9, 2005).

Review of NARA's Internal Control Procedures for Loan Items

The OIG audited the NARA loan program to determine if NARA complied with established procedures for loaning and transporting NARA holdings and if it ensured that holdings are adequately safeguarded and properly accounted for throughout the loan lifecycle.

Our audit identified instances in which certain loaned records and artifacts may have been lost while others may be at risk of loss. This condition exists because management has not complied consistently with the guidance for loaning records and artifacts. The agency's established guidance for loaning and transporting holdings is found in NARA Directives 1701 and 1702. Specifically, we found that no loan documentation existed for 157 items loaned to a Presidential library foundation; loan extension documentation for 12 loans was missing; the loan period for 6 loans exceeded the one-year requirement of NARA 1701 that went into effect on September 1, 1999; 22 outstanding loans were not reported in the Office of Regional Records Services (NR) Quarterly Overdue Loan Report; NARA's Director of Space and Security Management Division (NAS) was not notified when loaned material was reported as missing pursuant to NARA 1701 and 1702; NARA 1701 and 1702 do not require that the IG be notified when loaned material was reported as missing; and NARA did not maintain a database of open, overdue, uncollectible, and missing loans.

We made five recommendations for strengthening the NARA loan program. Management concurred with four of the five recommendations and began taking corrective action. (Audit Report #06-04, dated December 20, 2005).

Evaluation of NARA's FY 2005 Management Control Program

Our evaluation sought to determine if there was sufficient evidence that NARA complied with the requirements of the Federal Managers' Financial Integrity Act (FMFIA), OMB Circulars A-123 and A-127, and the NARA Management Control System (NARA 114) to support the Archivist's FY 2004 assurance statement to the President.

We found that NARA's assurance statement was adequately supported and that NARA complied with the intentions of the FMFIA and OMB Circular A-123, Management Accountability and Control. Pursuant to Section 4 of the FMFIA, NARA's financial subsystems generally conform to the objectives detailed in OMB Circular A-127, Financial Management Systems. The Archivist reported the Preservation Program as a new material weakness and continued to report collections security as a material weakness. Computer security, which was initially reported as a material weakness in FY 2000, was not reported as a material weakness in FY 2005 because the OIG determined that sufficient action had been taken by NARA to minimize this weakness. (Audit Memorandum #06-07, dated December 21, 2005).

Management Letters

Security over Holdings in Stack Areas

The OIG brought to the Archivist's attention the immediate need to strengthen internal controls to safeguard records. During this period, NARA experienced a series of apparently willful acts resulting in the destruction and attempted destruction of records that included permanent records accessioned into our holdings. The OIG identified a suspect and substantiated a case in a timely manner in this investigation. However, during the investigation it became clear that but for the initial lead in this investigation the ability of the investigators to act decisively would have been impeded and restricted by the systemic lack of sound internal controls. This would have translated into an expansive universe of potential subjects leaving a limited investigative trail as well as an inability to define whether individual events were related. Specifically, we identified that stack doors are routinely left ajar, there is no card-key mechanism to restrict access or capture and log ingress or egress into stack areas, and key control is inadequate at Archives I to limit access to the stacks.

At Archives II, where card-key use is required to gain access to the stacks, there is no policy or mechanism that requires someone gaining access to the stacks to use their card-key. Thus employees are allowed to follow or piggyback one another into the stacks without using their individualized card-key. Further, we were informed that at Archives I and II, the key or card-key that facilitates access to one general stack area affords access to all other general stack areas holding nonclassified and unrestricted records in the building. While this may facilitate employee work processes, it has adverse security-related implications that must be considered.

As a result of these internal control weaknesses we suggested the Archivist take action to ensure: (1) additional security measures are developed and implemented to further restrict and document access to stack areas at Archives I and II, and (2) employees are educated in stack security measures and held responsible for execution of established internal control requirements. Specific restrictions should be defined and enforced to restrict access to stack areas to persons who fail to present proper card-key or other identification. Management concurred with our findings and recommendations and is taking corrective action to address deficiencies discussed in the management letter. (Management Letter #06-03, dated October 21, 2005).

Flawed Contract Performance Work Statement Could Have Adverse Impacts on NARA's Budgetary Resources

Subsequent to completion of the "Review of Modifications Made to the Performance-Based Task Order for Information Technology Support Services," OIG Report No. 06-02, the contractor for Information Technology Support Services (ITSS) requested additional funding to establish a network security program. We reviewed the appropriateness of this proposed task order modification and determined that the proposed effort duplicated network security program effort required by the original task order. Prior to the completion of our review, management officials cancelled this inappropriate modification, which would have required NARA to pay an additional $3.23-$5.22 million, depending on the outcome of negotiations with the contractor.

In the written response to the draft audit report, "Review of Modifications Made to the Performance-Based Task Order for Information Technology Support Services," and in a subsequent exit briefing, the director of the Acquisition Services Division stated that a "flawed" performance work statement for the task order contributed significantly to some of the major problems identified in the report.

We recommended that if a decision was made to continue with the current, flawed task order statement of work, the director of the Acquisition Services Division should strongly emphasize to contracting personnel that they must exercise increased caution when approving modifications that call for additional funds to be added to the ITSS task order. As an alternative, we suggested that management consider either terminating the ITSS task order or not exercising remaining options, and establish a new contract vehicle for acquiring IT support services.

Management concurred with our findings and recommendations and took corrective action to address the deficiencies discussed in the management letter. (Management Letter #06-05, dated October 26, 2005).

Top of Page


Investigations

Closed Investigation Highlights

Destruction of Federal Records

In September 2005, original permanent historical documents were discovered in the trash at NARA. These were records of the Veteran's Administration and Bureau of Indian Affairs. Through interviews, sworn statements, and a polygraph examination, it was substantiated that an employee disposed of these records. Also, it was substantiated that the employee made a false statement on his Declaration for Federal Employment with NARA.

This investigation was referred to the United States Attorney's Office for the District of Columbia which declined prosecution. The employee resigned prior to being terminated. In total more than 3,000 documents and other materials were recovered.

Recovery of Stolen G.E. Pickett Letter

In October 2005, an auction house contacted the Office of Investigations to request a list of known stolen NARA documents. In November 2005, the auction house again contacted the Office of Investigations to advise that a document consigned to them was on a list they were provided. The document, signed by George E. Pickett and dated June 1, 1861, was relinquished to NARA. This document, along with over 100 other Civil War-era documents, was stolen from NARA. In March 2005, the thief pled guilty to one count of 18 U.S.C § 668: Theft of Major Art Work and was later sentenced to two years' imprisonment to be followed by two years of supervised release with a fine of $10,000.

Mishandling and Improper Investigation of a Theft of Classified Documents

During this reporting period an investigation concerning the mishandling and improper investigation relating to the viewing and theft of classified documents by former National Security Advisor Samuel R. Berger was completed and referred to the U.S. Department of Justice and the U.S. Archivist for action. The Department of Justice declined prosecution in lieu of administrative action. The investigation is pending administrative action. The investigation determined that Berger was provided highly classified materials in an unauthorized setting on at least five occasions, and that NARA failed to report the theft of the classified materials to the OIG or any other law enforcement entity before conducting an improper investigation of the incident. Previously, Berger was charged with one count §1924 of 18 U.S.C. : Unauthorized Removal and Retention of Classified Material, a Class A Misdemeanor, and sentenced to 2 years' probation, 100 hours community service, a $50,000 fine, and no access to classified information for a period of 3 years.

Investigation Updates

Threat against NARA Employees

In May 2005, a NARA employee threatened the lives of two co-workers with a box cutter. In June 2005, the individual was removed from employment. This case is being prosecuted by the State of Missouri. The Office of Investigations is working with the Department of Homeland Security, Federal Protective Service. In August 2005, the individual entered a plea of not guilty. Update: In December 2005, the employee again entered a plea of not guilty.

Compromise of CMRS and PERL Servers

The National Archives and Records Administration Intrusion Detection System reported an attempt by a remote computer to exploit a known Windows vulnerability to upload an exploit to the Case Management Reporting System (CMRS-02) server. Subsequently, the entire CMRS network was affected by the exploit. The investigation showed that both the CMRS-02 server and the Presidential Electronic Records Library (PERL) server named "WJC-CDSS" were compromised. The exploit gave the intruders full administrative rights and access to both of these servers and to the 11 computer workstations that were also compromised in this attack. Although direct evidence of data exfiltration from either server was not found, the level of access granted to the intruders and the trust relationships between the compromised servers and computers made circumvention of internal controls possible so that proprietary data exfiltration cannot be definitively ruled out. Update: This case is pending a prosecutive decision.



OIG HOTLINE

The OIG Hotline provides a prompt, effective, and confidential channel for reporting fraud, waste, abuse, and mismanagement to the OIG. In addition to receiving telephone calls at a toll-free Hotline number and letters to the Hotline post office box, we also accept email communication from NARA's internal network or the Internet through the Hotline email system. Walk-ins are always welcome.

The Investigative Division promptly and carefully reviews calls, letters, and e-mail to the Hotline. We investigate allegations of suspected criminal activity or civil fraud and conduct preliminary inquiries on noncriminal matters to determine the proper disposition. Where appropriate, referrals are made to the OIG Audit Staff or to NARA management.

The following table summarizes Hotline activity for this reporting period:

Cases Opened* 25
Referred Outside the OIG 94
Closed to File 87
Closed from Last Reporting Period 8
Pending 21
TOTAL HOTLINE CONTACTS 216

*Cases included in investigative workload statistics.

Top of Page


Top Ten Management Challenges

Under the authority of the Inspector General Act, the NARA OIG conducts and supervises independent audits, investigations, and other reviews to promote economy, efficiency, and effectiveness and prevent and detect fraud, waste, and mismanagement. To fulfill that mission and help NARA achieve its strategic goals, we have aligned our programs to focus on areas that we believe represent the agency’s most significant challenges. We have identified those areas as NARA’s top ten management challenges. These challenges are listed below.

1. Electronic Records Archives (ERA)

NARA's challenge is to build a system that will accommodate past, present, and future formats of electronic records. By September 2007, NARA plans to have initial operating capability for ERA with planned incremental improvements that will eventually result in full system capability. The challenge will be to deliver and maintain a functional ERA system that will preserve electronic records for as long as needed.

2. Electronic Records Management (ERM)

NARA directs the Electronic Records Management (ERM) initiative, one of 24 Government-wide initiatives. The ERM initiative will provide guidance to agencies in managing and transferring to NARA, in an increasing variety of data types and formats, their permanent electronic records. NARA and its Government partners are challenged with determining how to manage electronic records, and how to make ERM and e-Government work more effectively.

3. Improving Records Management

NARA's mission is to ensure that Federal officials and the American public have ready access to essential evidence. NARA must work with Federal agencies to make scheduling, appraisal, and accessioning processes more effective and timely. The challenge is how best to accomplish this component of our overall mission and identify and react to agencies with critical records management needs.

4. Information Technology Security

The authenticity and reliability of our electronic records and information technology systems are only as good as our IT security infrastructure. Each year, the risks and challenges to IT security continue to evolve. NARA must ensure the security of its data and systems or risk undermining the agency's credibility and ability to carry out its mission.

5. Expanding Public Access to Records

In a democracy, the records of its archives belong to its citizens. NARA's challenge is to more aggressively inform and educate our customers about the services we offer and the essential evidence to which we can provide access. Of critical importance is NARA"s role in ensuring the timeliness and integrity of the process of declassifying classified material held at NARA.

6. Meeting Storage Needs of Growing Quantities of Records

NARA-promulgated regulation 36 CFR Part 1228, "Disposition of Federal Records," Subpart K, "Facility Standards for Records Storage Facilities," requires all facilities that house Federal records to meet defined physical and environmental requirements by FY 2009. NARA's challenge is to ensure compliance with these regulations internally as well as by other agencies that house Federal records.

7. Preservation Needs of Records

The Archivist has identified preservation as a material weakness under the Federal Managers' Financial Integrity Act (FMFIA) reporting process. NARA cannot provide public access to records to support researchers' needs unless it can preserve them for as long as needed. As in the case of our national infrastructure (bridges, sewer systems, etc.), NARA holdings grow older daily and are degrading. NARA is challenged to address this condition and related challenges.

8. Improving Financial Management

By inclusion under the Accountability of Tax Dollars Act of 2002, NARA is required to prepare audited financial statements in compliance with prescribed standards, subject to independent audit. NARA's challenge is to present timely, accurate, and useful financial information for making day-to-day operating decisions; supporting results-oriented management approaches; and ensuring accountability on an ongoing basis.

9. Physical Security

The Archivist has identified security of collections as a material weakness under the FMFIA reporting process. NARA must maintain adequate levels of security to ensure the safety and integrity of persons and holdings within our facilities. This is especially critical in light of the new realities that face this nation, post-September 11, and the risks that our holdings may be pilfered, defaced, or destroyed by fire or other natural disasters.

10. Strengthening Human Capital

The GAO has identified human capital as a Government-wide high risk. NARA's challenge is to adequately assess its human capital needs in order to effectively recruit, retain, and train people with the technological understanding and content knowledge that NARA needs for future success.

Top of Page


Reporting Requirements

STATISTICAL SUMMARY OF INVESTIGATIONS
Investigative Workload
Complaints received this reporting period 216
Cases pending at the beginning of the reporting period 12

Cases opened this reporting period

26

Cases closed this reporting period

12

Cases carried forward this reporting period

26

Categories of Closed Investigations

Fraud

0

Conflict of Interest

1

Contracting Irregularities

1

Misconduct

1

Larceny (theft)

6

Torts

0

Other

3

Investigative Results

Cases referred - Accepted for prosecution

0

Cases referred - Declined for prosecution

2

Cases referred - Pending prosecutive decision

1

Arrests

0

Indictments and informations

0

Convictions

0

Fines, restitutions, and other civil and administrative recoveries

0

NARA holdings recovered

3,000 plus

Administrative Remedies

Employee(s) terminated

0

Employee(s) resigned in lieu of termination

1

Employee(s) suspended

0

Employee(s) given letter of reprimand/warned/counseled

0

Employees taking a reduction in grade in lieu of administrative action

0

 

Requirement 5(a)(6)
LIST OF REPORTS ISSUED
Report No. Title Date Questioned Costs Un-supported Costs Funds Put to Better Use
06-01 Audit of NARA's Network Perimeter 12/15/2006 0 0 0
06-02 Review of Modifications Made to the Performance Based Task Order for Information Technology Support Services 10/12/2005 $4,426,744 $4,426,744 0
06-04 Review of NARA's Internal Control Procedures for Loan Items 12/20/2005 0 0 0
06-06 Audit of NARA's FY 2005 Financial Statements 12/09/2005 0 0 0
06-07 Evaluation of NARA's Management Control Program for FY 2005 12/21/2005 0 0 0


AUDIT REPORT(S) WITH QUESTIONED COSTS

Category

Number of
Reports
DOLLAR VALUE

Questioned
Costs
Unsupported
Costs

A. For which no management decision has been made by the commencement of the reporting period

1

$236,335

$0

B. Which were issued during the reporting period

1

4,426,744

4,426,744

Subtotals (A + B)

2
4,663,079
4,426,744

C. For which a management decision has been made during the reporting period

1
0
0

(i) dollar value of disallowed cost

1
3,002,643

(ii) dollar value of costs not disallowed

1

1,424,101

1,424,101

D. For which no management decision has been made by the end of the reporting period

1
236,335
0

E. For which no management decision was made within 6 months

1

236,335

0

 

Requirement 5(a)(9)
AUDITS REPORTS WITH RECOMMENDATIONS THAT FUNDS
BE PUT TO BETTER USE
CATEGORY NUMBER
DOLLAR VALUE

A. For which no management decision has been made by the commencement of the reporting period

0 $0

B. Which were issued during the reporting period

0 0

Subtotals (A + B)

0
0

C. For which a management decision has been made during the reporting period

0
0

(i) dollar value of recommendations that were agreed to by management

0
0

Based on proposed management action

0
0

Based on proposed legislative action

0
0

(ii) dollar value of recommendations that were not agreed to by management

0
0

D. For which no management decision has been made by the end of the reporting period

0
0

E. For which no management decision was made within 6 months of issuance

0
0

secutor

REQUIREMENT

CATEGORY SUMMARY

5(a)(3)

Prior significant recommendations unimplemented

None

5(a)(4)

Summary of proial referrals

None

5(a)(5)

Information or assistance refused

None

5(a)(10)

Prior audit reports unresolved

None

5(a)(11)

Significant revised management decisions

None

5(a)(12)

Significant revised management decisions with which the OIG disagreed

None

Top of Page

PDF files require the free Adobe Reader.
More information on Adobe Acrobat PDF files is available on our Accessibility page.

Office of the Inspector General (OIG) >

The U.S. National Archives and Records Administration
1-86-NARA-NARA or 1-866-272-6272

.