Office of the Inspector General (OIG)

OIG Semi-Annual Report to Congress:
April 1, 2008 - September 30, 2008


Table of Contents


Foreword

On October 14, 2008, the President signed the Inspector General Reform Act of 2008 into law. This far-reaching legislation represents the culmination of a bipartisan effort to strengthen the independence, capability and reporting transparency of Offices of Inspectors General (OIGs) throughout the Federal Government. I believe the legislation will have a positive and profound effect on our operations here at the National Archives and Records Administration (NARA).

In this reporting period I would like to focus attention upon the Audit of Management Controls over Accounting for Lost Property and the Audit of NARA’s Central Receiving Function. These related audits were initiated upon investigative referral from the OIG’s Office of Investigation. The respective audit reports both identified inadequate internal control mechanisms which were readily and systematically compromised to the detriment of this agency and the American taxpayer.

The Audit of Management Controls over Accounting for Lost Property identified 2,405 missing items (to include servers, routers, laptops, and tape drives) with an acquisition value of approximately six million dollars spanning the period FY 2002-2006. This property was reported lost throughout that period, yet responsible NARA officials never once directed a formal investigation of any item, or held individuals accountable for any of the reported lost property. Additionally, NARA’s most current inventory (FY 2007) identified as missing 559 IT equipment items with memory storage capability. This total includes 231 laptops, 215 servers, 55 desktop computers and 55 printers. The potential exists this lost or stolen IT equipment could have stored a variety of sensitive information such as PII, contractor proprietary data, credit card information or classified data.

The Audit of NARA’s Central Receiving Function focused on new equipment housed in NARA’s warehouse space in College Park, Maryland, that was apparently lost or stolen before even being put into service. OIG auditors reported 36 percent of IT equipment housed in a special fenced-in area could not be located. The original acquisition cost of this equipment was $367,439. An additional 22 percent of accountable, non-IT related property co-located in the same warehouse space was also identified as missing. The original acquisition cost of this equipment was $176,008.

Finally, I would note this office continues in its efforts to provide a measure of audit coverage to the critical Electronic Records Archive (ERA) program. In June 2008 ERA program officials reported Initial Operating Capability had been achieved and target March of 2012 for reaching Full Operating Capability (FOC). Our work in this reporting period focused upon contractor oversight and review of direct labor and subcontractor costs. In the future, our goal is to evaluate and report upon the progress in NARA’s efforts to reach FOC.

Paul Brachfeld
Inspector General

Top of Page


Executive Summary

This is the 40th Semiannual Report to the Congress summarizing the activities and accomplishments of the National Archives and Records Administration (NARA) Office of Inspector General (OIG). A summary of NARA’s top challenges is provided under the section titled “Top Ten Management Challenges.” The highlights of our major functions are summarized below.

Audits

In this reporting period, the Audit Division continued to examine the security of NARA’s Information Technology (IT) systems, and assess the economy and efficiency of NARA’s programs. Our work this period had a positive impact on agency operations and related controls in these critical areas. Recommendations directed to NARA officials will, upon adoption, translate into reduced risk for the agency, and increased levels of security and control over NARA’s financial assets, programs, and operations.

We issued the following audit reports during the reporting period:

  • Audit of NARA’s Management Controls over Accounting for Lost Property. This audit was initiated by an OIG investigation surrounding criminal activity by a NARA employee and a contractor, and assessed whether management controls were adequate and provided reasonable assurance lost inventory was properly documented and accounted for in NARA records. Our review found significant weaknesses in NARA’s ability to account for lost property. Specifically, our audit found that: (a) lost property was not properly documented and accounted for in NARA records; (b) NARA officials did not initiate an investigation of any of the 2,405 missing equipment items identified on reports of survey or hold individuals accountable for any of the lost property; and (c) the FY 2007 annual inventory identified as missing approximately 559 information technology (IT) equipment items with memory storage capability and the potential for storing sensitive information, to include PII. Additionally, we identified 17 missing capitalized equipment items, with an acquisition cost of approximately $1.3 million, which were included in the FY 2007 Property, Plant and Equipment subsidiary schedule and depreciation schedule. While these errors did not have a material impact on the FY 2007 financial statements, if internal controls are not strengthened, such errors could result in overstatements of fixed assets. We made 15 recommendations which, when implemented, will strengthen controls over the personal property management function. Management agreed with all recommendations and initiated corrective action. (Audit Report #08-09, dated August 14, 2008).

  • Audit of NARA’s Central Receiving Function. This audit was initiated based on an OIG investigation surrounding criminal activity by a NARA employee and a contractor. Our audit found that since the alleged criminal activity was identified to NARA management, NARA has taken some action to address deficiencies within the property management program. However, NARA management and physical security controls remain ineffective in safeguarding and accounting for property. Specifically, we determined management controls specific to the central receiving function were still inadequate to mitigate risk in this area. NARA’s policies and procedures are outdated and not aligned with the various functions encompassing central receiving. Further, NARA uses a manual receiving process prone to error. Other compensating controls which could identify potential pilferage more timely, such as periodic independent validation and verification processes, simply do not occur. The lack of integrated systems and processes creates an environment where property is susceptible to loss or misappropriation with little risk of detection. Additionally, the audit identified that NARA’s receipt and acceptance processes do not support the accounts payable and invoice payment processes. These control weaknesses affect the accuracy of the property and financial information used by managers to make key agency decisions. Also, while items received at the loading dock meeting NARA’s definition of controlled property were properly bar-coded, the controls did not provide assurance the equipment would be properly recorded in NARA’s property system. We also found instances where delivery of property from the loading dock to the end user was not timely. In addition, various weaknesses in physical security controls over property at the loading dock and property in the warehouse increase the risk of loss. We made 25 recommendations for improvement. Management concurred with our recommendations and began taking corrective actions. (Audit Report #08-13, dated September 29, 2008.)

  • Review of Electronic Records Archives (ERA) Contract Direct Labor Costs. As a result of a request by the Contracting Officer (CO) for the ERA program, we performed a review of direct labor costs billed to NARA on the ERA development contract to determine (a) if the invoices submitted by the contractor for direct labor costs and subcontract costs for work performed on the ERA contract, and paid by NARA, were accurate, supported, and reasonable, and (b) if ERA Program Management Office (NHE) officials had a satisfactory process in place to review and approve contract invoices. We could not validate the ERA contract direct labor costs because (1) the contractor did not provide program office personnel adequate supporting documentation with the invoices; (2) the contract did not specify direct labor rates and allowed rates to vary from one invoice to the next; (3) the contractor does not maintain records for review, by invoice, to support the direct labor billed to NARA; (4) contractor officials were reluctant to provide necessary information and documentation supporting billed direct labor costs; (5) information provided by the contractor was often incomplete, resulting in additional questions and the need for us to obtain additional information and documentation; and (6) source documentation (e.g., supplemental timecards, salary records) could not readily be examined. Moreover, we found NHE officials did not have an adequate basis for verifying direct labor costs. For example, there was no adequate basis for verifying (a) direct labor hours billed by the contractor on the ERA contract were actually incurred; (b) the amounts billed were appropriate; and (c) contractor employees billed against the contract actually worked on the contract. We made three recommendations to improve the invoice review and approval process. Management concurred with only one of the three recommendations. The Director of Acquisitions believed existing processes were adequate and, therefore, did not concur with two recommendations. (Audit Report #08-08, dated June 10, 2008.)

  • Review of Subcontract Costs on the ERA Development Contract. As a result of a request by the CO for the ERA program, we performed a review of subcontract costs billed to NARA to determine if (a) the invoices submitted by the contractor for subcontract costs and paid by NARA, were accurate, supported, and reasonable, and (b) the ERA Program Management Office (NHE) officials had a satisfactory process in place to review and approve contract invoices. Our review disclosed that for the subcontractor invoices included in our review: (a) other direct costs, including incidental services for which there is not a labor category specified in the contract, travel, computer usage charges, etc., were properly supported; (b) all 20 payments made by the contractor to ERA subcontractors, for the invoices included in our review, equaled the costs billed by the ERA subcontractors for those invoices; and (c) for three of the four subcontractors included in our review, labor rates billed on the ERA contract were those rates negotiated between the subcontractors and the prime contractor. However, we were unable to place any reliance on the accuracy and reasonableness of the direct labor costs billed for the subcontracts included in our review, that is, we could not validate subcontract labor costs. In most instances, the hours shown on contractor’s Voucher Invoice Processing (VIP) reports agreed with the hours shown on the employee timesheets/timecards. However, subcontract labor costs could not be validated because: (a) contractor officials did not provide the original employee timesheets to support subcontractor labor costs; (b) NHE officials paid contractor invoices for subcontractor labor without assessing validity of the charges, because they relied on the contractor to properly bill for the costs related to its subcontractors and to validate the subcontractor invoices; and (c) the contractor did not require ERA subcontractors to provide supporting documentation, such as, timecards, with their invoices for substantiating direct labor charges, and had no process in-place for properly validating subcontractor labor charges, or for assessing the allowability of those charges. We made three recommendations for improvement, and management concurred with one of the recommendations, but considered current controls in place adequate to address the two other recommendations. (Audit Report #08-11, dated August 28, 2008.)

  • Audit of NARA’s Implementation of the Federal Desktop Core Configuration (FDCC). This audit assessed whether NARA adequately implemented the FDCC settings required by the Office of Management and Budget (OMB). Specifically, we examined whether NARA (a) met the OMB mandated deadline; (b) adequately reported their status to OMB; and (c) developed adequate plans for implementing FDCC across the enterprise. FDCC is an OMB-mandated security configuration checklist for Microsoft Windows XP and Vista Operating system software. Developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DOD), and the Department of Homeland Security (DHS), FDCC is a set of operating system configurations designed to ensure security. In March 2007, OMB directed agencies using Windows XP and Vista to adopt these security configurations. Agencies were required to submit draft implementation plans to OMB by May 1, 2007, and adopt the standard security configurations by February 1, 2008. Our review found that NARA missed the implementation deadline and then inaccurately reported their status to OMB. Additionally, NARA has not: (a) developed sufficient implementation and test plans; (b) developed plans to resolve identified deviations from FDCC; and (c) enforced FDCC password settings. We made five recommendations that, when put into place, will assist NARA in implementing the mandated FDCC configurations. Management concurred with four of the five recommendations. (Audit Report #08-10, dated August 27, 2008.)

  • Audit of NARA’s Researcher Registration Identification Card Program. This audit, which was performed to determine whether management controls over the researcher registration and application program ensured researcher information is accurately obtained, verified, and properly safeguarded; found that an investment in a fully automated, integrated technology system would greatly improve security and customer service aspects of the researcher registration program. Currently, such a system is used at the National Archive Building in Washington, DC (Archives I) and the National Archives at College Park, Maryland (Archives II), but none of the Presidential libraries or Regional Records Centers has an automated system for registering researchers. Additionally, (a) NARA did not have uniform detailed internal operating procedures for banning researchers who do not comply with established research room rules of conduct, and (b) periodic monitoring of the researcher database at Archives I and Archives II was not completed on a routine basis to detect and correct errors in the system. We made three recommendations designed to address the identified weaknesses. Management agreed with our recommendations and initiated corrective action. (Audit Report #08-07, dated April 24, 2008.)

  • Audit of NARA’s Compliance with Section 522 of the Consolidated Appropriations Act of 2005 (Policies, Procedures & Practices for Protection of Personally Identifiable Information). Clifton Gunderson LLP (CG), a public accounting firm under contract with the NARA OIG, performed this audit to determine whether: (1) the necessity of using personally identifiable information for data processing was properly evaluated; (2) NARA had established adequate procedures governing the collection, use, and security of personally identifiable information; and (3) NARA had properly complied with prescribed procedures to prevent unauthorized access to or unintended use of personally identifiable information. The audit disclosed the NARA Privacy Office (NGC) and the Office of Information Services (NH) have made significant efforts in carrying out the agency’s statutory responsibilities and related roles in ensuring compliance with the law. However, the audit noted policies and procedures required by OMB Memorandum 06-16 have not been developed, and NARA technical controls related to the protection of personally identifiable information need to be strengthened. The audit report contained two recommendations for addressing these areas. Management concurred with both recommendations. (Audit Report #08-15, dated September 29, 2008.)

Management Letters

  • Update on Conditions of the Museum Collection at the Ronald Reagan Presidential Library. During the period, we visited the Ronald Reagan Library as part of an ongoing audit. While there, we reviewed museum operations to observe what progress had been made in implementing recommendations made in OIG Audit Report No. 08-01, Audit of the Process for Safeguarding and Accounting for Presidential Library Artifacts (dated October 26, 2007). Through this management letter we informed the Archivist that while difficult work remains to be done, significant progress had been made by the Office of Presidential Libraries (NL) and Ronald Reagan Presidential Library in strengthening their stewardship of Presidential artifacts. Specifically: (a) an inventory plan has been developed, approved, and is being implemented; (b) staff have been added under term appointments to assist in organizing and inventorying the museum collection, and approximately 50 percent of the records in the i/O database have been reconciled; (c) presidential artifacts in the Reagan’s private space have been identified and are now accounted for as high-value objects; (d) the appearance and organization of the collection and controlling documentation has seen significant improvement since the time of our audit; (e) damaged items have been identified and documented by library staff, and consultation with library staff on preservation/conservation actions are ongoing; and (f) interim steps have been taken to secure the artifacts against damage (e.g., shelves have been braced, netting has been installed over open shelves). In fact, during our visit the library experienced the effects of a mild earthquake without sustaining any visible damage to the artifacts. (Management Letter #08-12, dated August 12, 2008.)

  • NARA’s Security Response to an Incident at the National Archives Building in Washington DC. As a result of a security incident at the National Archives Building in Washington, DC, we brought to the Archivist’s attention the need to ensure NARA has effective, tested security measures in place to protect the safety and integrity of the National Archives Building staff and visitors in the heart of our nation’s capital. Specifically, the morning of September 23, 2008, security vulnerabilities were exploited allowing protesters to gain access to, and remain in control of, the southwest corner of the Archives building on Constitution Avenue. NARA’s response to this illegal trespass and occupation demonstrated a lack of planning, preparation, coordination, and training on the part of security personnel entrusted with the paramount duty of protecting NARA structures, persons, and holdings. Based on the defined and published “success” of the demonstrators, the potential for copy-cat actions exists with absolutely no assurance they will be as docile as this event. Had the nature and conduct of the protest been malicious rather then benign, the results of this systemic failure could well have been significant. As it was, the damage was limited to our agency being used as a backdrop or prop for trespassers to push their own agenda. (Management Letter #08-16, dated September 30, 2008.)

  • Historical Records Discarded in Trash. The OIG brought to the Archivist attention that original historical records continue to find their way into NARA’s garbage and are salvaged only when plucked from the trash by our contract security and custodial staff. In September 2005, original Bureau of Indian Affairs records were deliberately disposed of at Archives I. After this incident, policy memorandums and guidance were issued, and contract security officers began checking the trash for original historical documents at Archives I. Since then, there have been five incidents reported to the OIG where original historical documents were discovered either in or on their way into the trash at Archives I. This office has not inquired at NARA’s regional facilities or the Presidential libraries to determine if they have systems in place to prevent the unintentional disposal of historical records. While Archives I has contract guards checking the trash there, no such function exists at Archives II, nor is it apparent that processing and holdings maintenance units at Archives II are double checking their work to ensure original records are not inadvertently disposed of. It is our understanding other custodial units within the agency do not have such protocols. As a result of these risks the OIG believes an agency-wide approach is required to mitigate the threat to NARA holdings. NARA management agreed to clarify and reinforce procedures initially developed to address this issue only in the greater Washington, D.C. area. (Management Letter #OI-08-01, dated June 19, 2008.)

  • NARA’s Work-at-Home System Project. This management letter, issued to the Assistant Archivist for Information Services, informed her the agency’s strategy in the development of the Work-at-Home System (WAHS) exposed NARA to security vulnerabilities which could compromise of the agency’s computer network. The purpose of NARA’s WAHS, which consists of several commercial-off-the-shelf software packages, is to enable secure, remote access to selected systems residing on NARANet, the agency’s computer network. In addition, the system will (a) support the agency’s Comprehensive Emergency Management Plan (CEMP) and Continuity of Operations Plan (COOP), and (b) implement two-factor authentication as mandated by OMB Memorandum 06-16, Protection of Sensitive Agency Information. We noted system implementation plans call for utilizing a strategy introducing a security vulnerability into the agency’s computer network, thereby making network information susceptible to unauthorized access, use, disclosure, disruption, modification, or destruction. To eliminate the computer network security vulnerability, we suggested officials revise their system development strategy and slow the pace of the project effort. The Assistant Archivist for Information Services, in a memo to the IG dated September 17, 2008, indicated this condition had been addressed and no longer existed. (Management Letter #08-14, dated September 4, 2008.)

Inspector General's Concerns

Development of the NARA Electronic Records Archives

One of NARA's top ten challenges is the development of an Electronic Records Archives (ERA). The ERA is a technology system and workflow management program designed to store and manage electronic records while managing the lifecycle of paper records and other holdings. NARA's challenge is to build a system that will accommodate past, present, and future formats of electronic records, free from dependence on any specific hardware or software. On an ongoing basis, the Inspector General has communicated concerns and raised questions specific to the ERA program to the Archivist, ERA program officials and to Congress. To date, the ERA program has experienced delivery delays, cost overruns, and staffing shake-ups. Responsible program officials represent these issues to be historical in nature and convey optimism in current trends in program administration and direction. However, one main question still to be addressed is exactly what will ERA functionality be when, per the reported target date of March 2012, Full Operating Capability (FOC) is realized and "full use of the ERA system" is achieved.

There were two ERA-related audit reports issued this period, covered in the audit section of this report, Review of Subcontract Costs on the ERA Development Contract (Audit Report #08-11, dated August 28, 2008) and Review of ERA Contract Direct Labor Costs (Audit Report #08-08, dated June 10, 2008). The following is a brief summary of ERA related activities of the OIG this period which are not addressed in other areas of the Semi-Annual Report.

Testimony of Inspector General Before Congress - Senate Homeland Security and Government Affairs Committee’s Subcommittee on Federal Financial Management, Government Information, Federal Services, and Information Security

On May 14, 2008 the Inspector General testified at a hearing entitled "National Archives Oversight: Protecting our Nation's History for Future Generations." The testimony focused on the ERA program and George W. Bush Presidential Records.

The Inspector General testified that dedicated ERA audit resources sought by the OIG in multiple budget submissions were not forthcoming, even as it was defined to stakeholders that the value of independent, dedicated and skilled oversight over this critical program could not be overstated and thus the risks of not performing this function were unacceptable. Accordingly, the Inspector General stated it came as no surprise to the OIG when, on July 27, 2007, NARA issued a Cure Notice to the ERA prime contractor for "failure to make progress in the work so as to endanger performance under the subject contract."

Congress was informed that in the fall of 2007, with the support of Archivist Weinstein, the OIG was able to staff a dedicated ERA audit position. The Inspector General stated his hope that at this late date the limited OIG dedicated ERA audit support available will prove to be of value.

Finally, the Inspector General also testified on concerns specific to the Bush White House records. Under the Presidential Records Act, all George W. Bush Presidential Records will accrue to NARA, and the ingestion of these records will be a key and early benchmark in the successful deployment of ERA. The focal point of the Inspector General's concern was that NARA had been experiencing access and functionality issues with the White House record keeping systems, but never alerted the OIG to any of these problems. Thus the OIG was not afforded the opportunity to address a significant condition with potential impact upon a major NARA program falling under our statutory jurisdiction.

ERA Periodic Status Update - Initial Operating Capability

On August 7, 2008 the Inspector transmitted a memorandum to the Archivist entitled ERA Periodic Status Update - Initial Operating Capability. This correspondence represented the first in what we plan to be series of periodic written ERA related updates. This system is predicated on our belief the success of ERA is of utmost criticality, and thus timely information flow is essential. Therefore, we believe the Archivist should at least be made aware of some issues before they are subject to the very lengthy process of a complete audit. We realize some concerns may be mooted when exposed to the full rigors of the audit process, thus these updates are designed to merely alert the Archivist to potential issues.

NARA Notice 2008-208, Successful Completion of Major Milestone of the Electronic Records Archives System, dated June 27, 2008, appeared to define that ERA Initial Operating Capability (IOC) had been met. OIG auditors attempted to learn what this meant, and how such a determination was made and communicated to our stakeholders. We began audit work focusing upon Product Acceptance Testing of ERA vendor deliverables, and identified NARA program officials added a new reporting category/test result (i.e., Passed with Deviations), in addition to Passed, Failed, and Incomplete used in earlier tests. This was a concern since Pass, Fail and Incomplete were the only testing results recognized in the contract documentation provided to our office. A number of the system and software requirements that failed prior tests were now "passed with deviation" in the acceptance tests. The contract stated 95% of requirements needed to be judged as "passed" for the IOC to be accepted, and the IOC test report indicates a passing score of 98% by including the requirements which passed with deviation. However, if these "passed with deviation" requirements are excluded, then only 78% of the requirements passed. The auditor also found discrepancies with the targeted completion timeframes for some Problem Trouble Reports (PTRs) that state they should be completed for the IOC, yet other documents state these same PTRs will be addressed after IOC.

We are unsure as to the long-term effects of the new nomenclature "passed with deviation" and its future implication upon ERA. It may prove to be benign in impact upon the program, but it could also be a warning light on the dashboard warranting much more timely attention. Audit work in this area remains ongoing and will be reported in future periods.

Senior Staff Status Briefing on the ERA Program

At the request of the Inspector General the Archivist hosted a briefing for senior officials on September 29, 2008. The Chief Information Officer (CIO) provided a detailed briefing accompanied by an information package defining ERA system functions, business workflow, operational concept and implementation timeline. While the briefing was informative, key questions remain unresolved, most notably as to NARA's interpretation of what constitutes Full Operating Capability vice that of what may reside with our stakeholders. We will continue to monitor and address this matter in future reporting periods.

Investigations

During this reporting period, the Office of Investigations (OI) opened 14 investigations, closed 24 investigations, and recovered six records. The OI also received 50 complaints and closed 44 complaints. Additionally, the OI conducted joint investigations with the FBI, the U.S. Postal Inspection Service, the U.S. Postal Service OIG, Army CID, the Department of Transportation OIG, the Veterans Affairs OIG, the Defense Intelligence Agency, and the Mexican Government. At the close of the period, there remained 26 open complaints and 29 open investigations.

The Office of Investigations completed investigations in a variety of areas including the following:

  • Improper Handling of Classified Records
  • Improper Access to Classified Material
  • Classified Security Violations
  • Espionage
  • Improper Access to NARA Systems
  • Wire Fraud
  • Time and Attendance Fraud
  • VA Benefit Fraud
  • Theft/Fraud Conspiracy
  • Immigration Violations
  • Lost/Stolen Presidential Records
  • Lost/Stolen Documents
  • Privacy Act Violations

Our investigative staffing level will increase by one law-enforcement 1811 series Special Agent in the next reporting period. This will give the OI four Special Agents to share the investigative burden of a 3,000-person, 37-facility, nationwide agency that includes the Presidential Library system. While the additional FTE is a much needed and overdue addition, our limited staffing, combined with our broad-based area of operations, hampers our efforts toward the performance of proactive investigative activity. Complex and high-profile investigations regularly demand the attention of the entire OI staff to insure timely and appropriate resolution. As a result, the OI is compelled to make increasingly difficult prioritizing decisions, which cause some investigations to be pushed back and potentially go stale. As the Archivist of the United States has defined, NARA is a national security agency, thus we find this situation with respect to investigative capacity untenable.

Top of Page


Management Assistance

  • During the previous reporting period, the OIG identified, and brought to management’s attention, concerns focusing upon the security and handling of classified holdings received, maintained, and shipped by a NARA facility. In this reporting period we continued to monitor the steps management is taking to begin addressing these deficiencies.

  • Assisted NARA’s Policy and Planning Staffs’ efforts to revise the agency's internal control program. The OIG attended working meetings, reviewed draft policy and guidance documents, and provided input and feedback on management's efforts to revamp and revise the agency's approach for implementing, monitoring, and reporting on internal controls.

  • Referred 15 cases from the Archival Recovery Team to the Office of General Counsel pursuant to NARA Directive 1462.

  • Provided comment to Draft Directive NARA 1310, Review of Agency Records Storage Facilities. Our comments, accepted in the final Directive, ensured NARA officials would notify an agency’s Inspector General if NARA determined an agency’s record keeping practices were not acceptable. Through this notification, this key change to the originally planned Directive now ensures Federal agency Inspectors General will be able to provide another avenue of oversight protection for our government’s precious records.

  • Supported agency efforts to publicize the problem of record theft by presenting at the National Association of Government Archives and Records Administrators 2008 Annual Meeting in Atlanta, Georgia on “Recovering America's National Treasures: How the National Archives and Record Administration’s Office of Inspector General Investigates Document Theft.”

  • Ensured a more open and accountable government by responding to Freedom of Information Act requests pertaining to OIG records.

  • Worked with NARA’s IT team to develop and implement an anonymous online tool for employees and the public to report crimes, fraud, waste, and abuse by or against NARA.

  • Alerted the General Counsel to a claim NARA was infringing on a patent with one of the agency’s IT systems.

  • Defended the rights of a NARA customer who had been over-billed by a contractor providing FOIA related services to NARA. After OIG investigation and presentation to the agency of what was prepared and charged to the customer, vice what they actually asked for, a refund was issued to the customer.

  • Assisted the NARA FOIA office by coordinating the release of GSA OIG Audit reports of the National Archives which were prepared before NARA became an independent agency.

  • Provided comment to Draft Directive NARA 235, Safety and Occupational Health Directive and Handbook. Our comments, accepted in the final Directive, clarified OIG jurisdiction and informed employees of their duty to alert the Inspector General if they suspected any reprisal actions for reporting unsafe conditions, or if they observed any suspicious actions.

  • Assisted numerous citizens and clients of the Archives who mistakenly contacted the NARA OIG by attempting to direct them to the correct agency or organization to address their concerns.

  • Worked with management to develop Holdings Security Training to help ensure all employees are vigilant in preventing records theft.

Top of Page


Introduction

About the National Archives and Records Administration

Mission

The National Archives and Records Administration serves American democracy by safeguarding and preserving the records of our Government, ensuring the people can discover, use, and learn from this documentary heritage. Further, the agency ensures continuing access to the essential documentation of the rights of American citizens and the actions of their government; and supports democracy, promotes civic education, and facilitates historical understanding of our national experience.

Background

NARA, by preserving the nation’s documentary history, serves as a public trust on which our democracy depends. It enables citizens to inspect for themselves the record of what the Government has done. It enables officials and agencies to review their actions and helps citizens hold them accountable. It ensures continuing access to essential evidence that documents the rights of American citizens, the actions of Federal officials, and the national experience.

Federal records reflect and document America’s development over more than 200 years. They are great in number, diverse in character, and rich in information. NARA’s traditional holdings amount to 29 million cubic feet of records. These holdings also include, among other things, architectural/engineering drawings, maps, and charts; moving images and sound recordings; and photographic images. Additionally, NARA maintains 543,544 artifact items and over 4.7 billion logical data records. The number of records born and stored only in the electronic world will only continue to grow, thus NARA is developing the Electronic Record Archive to address this burgeoning issue.

NARA involves millions of people in its public programs, which include exhibitions, tours, educational programs, film series, and genealogical workshops. In FY 2007, NARA had 34.9 million online visits in addition to hosting 2.9 million traditional museum visitors, all while responding to 1.2 million written requests from the public. NARA also publishes the Federal Register and other legal and reference documents, forming a vital link between the Federal Government and those affected by its regulations and actions. Through the National Historical Publications and Records Commission, NARA helps preserve and publish non-Federal historical documents that also constitute an important part of our national heritage. Additionally, NARA administers 12 Presidential libraries preserving the papers and other historical materials of all past Presidents since Herbert Hoover.

Resources

In FY 2008, NARA was appropriated an annual budget of approximately $411.1 million and 2,855 Full-time Equivalents (FTEs), which included appropriations of $315 million for operations, $58 million for the Electronic Records Archives (ERA) program, $28.6 million for repairs and restorations of facilities, and $7.5 million for grants. NARA operates 37 facilities nationwide.

About the Office of Inspector General (OIG)

The OIG Mission

The OIG’s mission is to ensure NARA protects and preserves the items in our holdings, while safely providing the American people with ready access to essential evidence of their rights and the actions of their government.  We accomplish this by providing high-quality, objective audits and investigations; and serving as an independent, internal advocate for economy, efficiency, and effectiveness.

Background

The Inspector General Act of 1978, as amended, establishes the OIG's independent role and general responsibilities. The Inspector General reports to both the Archivist of the United States and the Congress. The OIG evaluates NARA's performance, makes recommendations for improvements, and follows up to ensure economical, efficient, and effective operations and compliance with laws, policies, and regulations. In particular, the OIG

  • assesses the effectiveness, efficiency, and economy of NARA programs and operations
  • recommends improvements in policies and procedures to enhance operations and correct deficiencies
  • recommends cost savings through greater efficiency and economy of operations, alternative use of resources, and collection actions
  • investigates and recommends legal and management actions to correct fraud, waste, abuse, or mismanagement

Further, the OIG investigates criminal and administrative matters concerning the agency; helping ensure the safety and viability of NARA's holdings, customers, staff, and resources.

Resources

The FY 2008 OIG budget is approximately $2,736,000 for operations. Prior to this reporting period, the OIG was authorized 19 FTEs. During the period the OIG attempted to fill two positions, one for a new auditor position and another for a special agent position. At the close of the period the OIG had selected a new special agent and continued to search for a new auditor. When at full staffing, the OIG will have: one Inspector General, three support staff, eight FTEs devoted to audits, six FTEs devoted to investigations, and a counsel to the Inspector General.

Top of Page


Activities

Involvement in the Inspector General Community

PCIE and ECIE Investigations Committee

The IG served as one of two Executive Council on Integrity and Efficiency (ECIE) representatives to the Investigations Committee. The mission of the Investigations Committee is to advise the IG community on issues involving investigative functions, establishing investigative guidelines, and promoting best practices. The Investigations Committee relies on its Investigations Advisory Subcommittee to assist it in these efforts. The goal, therefore, is to continuously enhance professionalism within our investigator community.

Council of Counsels to Inspectors General (CCIG)

The OIG counsel participated in meetings of the CCIG and communicated regularly with fellow members. Multiple topics were raised, discussed, and addressed including delineations of authority between agencies and their OIGs, interpreting various statutes and regulations, transition preparations, OIG PII policies, governmental privileges, and coordinating information sharing across agencies.

OIG counsel participated in the CCIG Task Force on Standardized Credential Language, drafting recommended language to be used across the federal government in all OIG credentials. Working in conjunction with other Inspector General community groups and the Government Printing Office, a fully standardized credential in form and appearance has now been adopted and recommended for use in all Inspector General offices.

Further, OIG counsel assisted in drafting a White Paper to the Department of Justice on appointing some OIG attorneys as Special Assistant United States Attorneys (SAUSAs). The goal is for these OIG SAUSAs to prosecute lower monetary value frauds and other crimes which, while important to the agencies, may not rise to the level typically accepted for prosecution by the Department of Justice.

Federal Audit Executive Council (FAEC)

The Assistant Inspector General for Audits (AIGA) continued to serve as an ECIE representative to the FAEC. During the period, the AIGA attended FAEC’s meeting to discuss topics such as financial statement audit issues, audit training, opinion reports on internal controls, and information security.

PCIE/ECIE Award for Excellence

Special Agent Matt Elliott received an Award for Excellence from the President’s Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency for demonstrated excellence throughout his investigation into a conspiracy to defraud the National Archives of nearly $1 million paid to three front companies for work using labor already paid for through the Archives’ facility maintenance contract.

Office of Investigations Peer Review

The External Quality Assessment Review (peer review) of the NARA OIG Office of Investigations was completed during the period by the National Science Foundation OIG. The OI was found to be in full compliance with the PCIE/ECIE Quality Standards for Investigations, the PCIE/ECIE Quality Assessment Review Guidelines, and the Attorney General’s Guidelines for Offices of Inspector General. This was the first peer review of the NARA OIG Office of Investigations. The reviewers were particularly impressed with the OI’s computer forensic capability, the Archival Recovery Team, and the “team chemistry” on display in the OI.

Office of Audits Peer Review

During this period, a peer review of the NARA OIG Audit Division was conducted by the Library of Congress (LOC) OIG. The objectives of the review were to determine whether the NARA OIG Audit Division’s quality assurance program was operating effectively and whether applicable auditing standards and established policies and procedures are followed. The LOC OIG issued the final audit report on March 27, 2008 and concluded the NARA OIG’s system of quality control in effect for FY 2007 was designed to meet the requirements of the Generally Accepted Government Audit Standards. In addition, the LOC concluded selective tests of the system that the NARA OIG’s audit work conformed to its quality control system. Therefore, the LOC believed that reasonable assurance existed that the NARA OIG’s audit work for FY 2007 conformed to applicable auditing standards, policies, and procedures. As a result the LOC OIG issued the NARA OIG an unqualified opinion on the system of audit quality control. The OIG is scheduled to be reviewed again in FY 2011.

Response to Congressional Items

Federal Information Security Management Act (FISMA) of 2008

As required by the Federal Information Security Management Act (FISMA), the OIG conducted its annual independent evaluation to assess the adequacy of controls over information security and compliance with information security policies, procedures, standards, and guidelines. We found the Chief Information Office’s (CIO’s) office made several improvements in information security processes during the year. For example, the plan of action and milestone process improved the overall tracking and review of security vulnerabilities by management. Another positive step was the Business Impact Analysis project started by the CIO’s office this year which will result in new contingency plans for NARA systems. In other areas, such as the certification and accreditation process, some improvements were noted. However, additional action is required to strengthen controls over NARA’s information security program and to ensure systems are adequately protected. We also noted that while the review of the privacy impact assessment process was favorable (See Audit Report #08-15), more work remains to be accomplished in safeguarding against the breach of personally identifiable information.

Inventory of Commercial Activities

We submitted to OMB our FY 2008 inventory of commercial activities performed by OIG employees. The Federal Activities Inventory Reform Act of 1998, Pub. L. 105-270 (the FAIR Act), requires Federal agencies to prepare and submit to OMB, by June 30 of each year, inventories of their commercial activities performed by Federal employees. OMB is required to review each agency’s inventory and consult with the agency regarding its content. Upon completion of the review and consultation, OMB is required to list the available inventories in the Federal Register, and the agency head must transmit a copy of the inventory to the Congress and make it available to the public. NARA forwarded its FY 2008 inventory to OMB and published it to the NARA website during this reporting period.

Testimony Before Congress

On May 14, 2008, the Inspector General testified before the Senate Homeland Security and Government Affairs Committee’s Subcommittee on Federal Financial Management, Government Information, Federal Services, and Information Security at a hearing entitled “National Archives Oversight: Protecting our Nation’s History for Future Generations.” His testimony focused on the OIG’s concerns over the ERA program and George W. Bush Presidential Records. A more detailed summary can be found in this report in the “Inspector General’s Concerns” section.

Update on Presidential Artifacts at the Ronald Reagan Library

On April 15, 2008, Senator Chuck Grassley requested an update on any progress implementing recommendations contained in OIG Report No. 08-01, Audit of the Process for Safeguarding and Accounting for Presidential Library Artifacts. In our May 6, 2008, response we stated we were not able to formally evaluate management’s response as they were still in the initial stages of developing plans and schedules for addressing the recommendations. We also provided the Senator a statement from management on the progress made; however, we did not evaluate management's response. In July 2008, the OIG performed a follow-up at the Ronald Reagan Library, and in August we issued a management letter acknowledging that much progress has been made in addressing the concerns we previously cited over the collection.

Top of Page


Audits

Overview

This period, we issued:

  • seven final audit reports
  • four management letters 1

We completed fieldwork on the following assignment:

  • an audit of NARA’s Workers’ Compensation Program (WCP) to determine whether management controls are adequate for ensuring the efficiency, effectiveness, and integrity of  the program
  • an audit of controls over Presidential Library Textual Records to determine whether sufficient management controls exist to safeguard and account for library textual records.

We also continued work on the following assignments:

  • an audit of NARA’s Change Control Process to determine if the agency appropriately authorizes, documents, tests, and controls changes to its information systems
  • an audit of NARA’s Targeted Assistance Program to evaluate (a) the impact of any changes made to the program since our last review in FY 2003, (b) the management and staffing structure, and (c) performance measures as indicators of program impact
  • an audit of NARA’s Transition to IPv6 to determine if NARA is in compliance with the OMB mandate and, if not, what major obstacles or challenges exist; and whether a plan for complying has been developed
  • an audit of NARA’s Vehicle Fleet Management to determine if fleet vehicles are adequately utilized and fleet resources are properly controlled
  • progress reviews of the Electronic Records Archives development to report progress to ERA stakeholders including achievements, challenges, risks, and concerns.

Audit Summaries

Audit of Management Controls over Accounting for Lost Property

This audit was initiated based on a referral from OIG Investigations surrounding criminal activity by a NARA employee and a contractor who had responsibilities on the loading dock, central receiving function, and property management. The objective of the audit was to assess whether management controls were adequate and provided reasonable assurance lost inventory was properly documented and accounted for in NARA records. Specifically, OIG auditors sought to identify whether NARA adhered to its own policy and procedures in accounting for lost property, and whether management actions taken in response to the identification of lost property were appropriate in order to protect government assets.

Our audit found that a) lost property was not properly documented and accounted for in NARA records; b) NARA officials did not direct an investigation of any of the 2,405 missing equipment items identified between FY 2002 and FY 2006, nor did they hold any individuals accountable for any of the lost property; c) NARA officials had not taken action to determine the use or type of data stored on approximately 559 information technology (IT) equipment items with memory storage capability identified as missing during the FY 2007 annual inventory; and d) the FY 2007 Property, Plant and Equipment subsidiary schedule and depreciation schedule included 17 capitalized equipment items (having an acquisition cost of $1.3 million) identified as missing.

By not investigating any of the missing equipment, the Assistant Archivist for Administration and Facilities and Personal Property Management Officials created a weak internal control environment. This environment presented an opportunity for theft of equipment by unscrupulous employees or contractors without fear of being detected or being held responsible by management officials. Such weaknesses in management controls and oversight of the personal property management function increased the risk property could be stolen or misused. In addition, the risk presented by the loss of IT equipment items with memory storage capability has not been assessed and NARA is unaware whether sensitive data has been or is at risk of disclosure.

Our report contained 15 recommendations, and management concurred with all of them. (Audit Report #08-09, dated August 14, 2008.)

Audit of NARA’s Central Receiving Function

After receiving a referral from our Investigations branch, we performed this audit to evaluate the effectiveness of controls over the central receiving function at Archives II. The purpose of an agency’s central receiving function is to manage and control the personal property as it arrives at the loading dock and to ensure it is promptly and accurately logged in, inspected, bar-coded if needed, and stored or delivered to the proper program office. NARA contracts for services to perform all management, labor, and to provide equipment, tools, and materials necessary to perform all aspects of material handling, loading dock operations, and warehouse operations for the Archives II facility.

Our audit report found weak management controls over the receiving process and warehouse operations; in addition to various weaknesses in physical security controls over property at the loading dock and property in the warehouse. All of these conditions increase the risk of loss. For example, physical controls are not adequate in securing accountable property in the warehouse, and management controls over other property stored in the warehouse and operated by contractors do not exist to ensure proper accountability of government property. Based on the preliminary results of the FY 2007 physical inventory (received in March 2008) 36 percent of all accountable IT property stored in the Office of Information Services (NH) fenced warehouse was identified as missing. This missing property had an acquisition cost of $367,439. Furthermore, 22 percent of accountable property stored in the general NARA warehouse was identified as missing. This missing property had an acquisition cost of $176,008.

In general, NARA’s policies and procedures are outdated and not aligned with the various functions encompassing central receiving. Additionally, NARA uses a manual receiving process prone to error, and NARA’s receipt and acceptance processes do not support the accounts payable and invoice payment processes. Also, while property received at the loading dock meeting NARA’s definition of controlled property was properly bar-coded, controls in place did not provide assurance the equipment would have been properly recorded in NARA’s property system. This lack of integrated systems and processes creates an environment where property is susceptible to loss or misappropriation with little risk of detection.

We made 25 recommendations to assist the agency in enhancing controls in the central receiving function. Management concurred with all 25 of our recommendations and began implementation efforts. (Audit Report # 08-13, dated September 29, 2008.)

Review of Electronic Records Archives (ERA) Contract Direct Labor Costs

In September 2005, NARA awarded a $317.4 million cost-plus-award-fee contract to build a permanent archives system for preserving and managing electronic records created by the Federal Government. The purpose of the Electronic Records Archives (ERA) system is to capture and permanently preserve electronic records of the Federal Government, regardless of format, ensure hardware and software independence; and provide access to the American public and federal officials.

As a result of a request by the contracting officer for the ERA program, we performed a review of direct labor costs billed to NARA on the ERA development contract. The objectives of the review were to determine (a) if the invoices submitted by the contractor for direct labor costs and subcontract costs for work performed on the ERA contract, and paid by NARA, were accurate, supported, and reasonable, and (b) if ERA Program Management Office (NHE) officials had a satisfactory process in place to review and approve contract invoices.

After six months of field work, we were unable to determine if the contract direct labor charges were accurate, supported, and reasonable. However, we did find NHE officials did not have an adequate basis for verifying direct labor costs, i.e., (a) that direct labor hours billed by the contractor on the ERA contract were actually incurred, (b) that the amounts billed were appropriate, and (c) that contractor employees billed against the contract actually worked on the contract.

ERA contract direct labor costs could not be validated because (1) the contractor did not provide program personnel adequate supporting documentation with the invoices; (2) the contract did not specify direct labor rates, and allowed rates to vary from one invoice to the next; (3) the contractor does not maintain records for review, by invoice, to support the direct labor billed to NARA; (4) contractor officials were reluctant to provide necessary information and documentation that supported billed direct labor costs; (5) information provided by the contractor was often incomplete, resulting in additional questions and the need for us to obtain additional information and documentation; and (6) source documentation (e.g., supplemental timecards, salary records) could not be readily examined.

On April 9, 2008, we briefed NARA senior staff concerning the OIG’s inability to reasonably gain access to adequate supporting documentation for validating direct labor costs. We made management aware of the potential outcome that could ensue as a result of our office not being able to validate direct labor costs. Following our meeting, management officials contacted the contractor and arranged a meeting between the Director, Acquisitions Services Division (NAA), and senior-level contractor officials. Prior to the meeting, we met with the Director, NAA, to discuss the documentation and support that had not been provided by the contractor, but were necessary to complete our review and validate labor charges billed to the government.

After meeting with us, the Director of NAA met with senior-level contractor officials, including the Chief Financial Officer, to determine if they could provide the missing documentation necessary to validate direct labor charges on the ERA contract. As a result, the Director of Acquisitions was able to obtain contractor records that had been requested but not provided to the OIG, such as supplemental employee timecards approving overtime charges which were rejected at the time the employee submitted the original timecard for approval. With the documentation provided by the contractor, the Director was able to reconcile the direct labor hours and dollars for a judgmental sample of contractor employees.

We made three recommendations to assist the agency in correcting the reported deficiencies and in improving the ERA development contract invoice approval and contractor monitoring processes. Management concurred with only one of the three recommendations. The Director of Acquisitions believed NARA’s processes were adequate and therefore did not agree with two recommendations. (Audit Report # 08-08, dated June 10, 2008.)

Review of Subcontract Costs on the ERA Development Contract

As a result of a request by the contracting officer for the ERA program, we performed a review of subcontract costs billed to NARA on the ERA development contract to determine (a) if the invoices submitted by the contractor for direct labor and other subcontract costs for work performed on the ERA contract, and paid by NARA, were accurate, supported, and reasonable, and (b) if ERA Program Management Office (NHE) officials had a satisfactory process in place to review and approve contract invoices. Our report, OIG Report No. 08-08, Review of Electronic Records Archives Contract Direct Labor Costs, was issued on June 10, 2008.

Our review disclosed that for the subcontractor invoices included in our review, (a) other direct costs, including incidental services for which there is not a labor category specified in the contract, travel, computer usage charges, etc., were properly supported; (b) the 20 payments made by the prime contractor to the ERA subcontractors for the invoices reviewed, equaled the costs billed by the ERA subcontractors for those invoices; and (c) for three of the four subcontractors included in our review, labor rates used to bill for labor expended on the ERA contract were those rates negotiated between the subcontractors and the prime contractor.

However, we were unable to place any reliance on the accuracy and reasonableness of the direct labor costs billed for the subcontracts included in our review, that is, we could not validate subcontract costs. This was because (a) contractor officials did not provide the original employee timesheets to support subcontractor labor costs; (b) ERA Program Management Office officials paid contractor invoices for subcontractor labor without assessing validity of the charges, instead they simply relied on the contractor to properly bill for the costs related to its subcontractors and to validate the subcontractor invoices; and (c) contractor officials did not require ERA subcontractors to provide supporting documentation, e.g., timecards, with their invoices for substantiating direct labor charges and had no process in-place for properly validating subcontractor labor charges or for assessing the allowability of those charges.

We made three recommendations to assist the agency in correcting the reported deficiencies and in improving the ERA subcontract invoice approval process. Management concurred with one of the recommendations and considered current controls in place adequate to address the two other recommendations. (Audit Report #08-11, dated August 28, 2007.)

Audit of NARA’s Implementation of the Federal Desktop Core Configuration (FDCC)

FDCC is an OMB-mandated security configuration checklist for Microsoft Windows XP and Vista Operating systems software. Developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DOD), and the Department of Homeland Security (DHS), FDCC is a set of operating system configurations, such as password requirements and turning off unused services, designed to ensure security. In March 2007, OMB directed agencies using Windows XP and Vista to adopt these security configurations. Agencies were required to submit their draft implementation plans to OMB by May 1, 2007, and adopt the standard security configurations by February 1, 2008.

The OIG evaluated whether NARA had adequately implemented FDCC as required by OMB. Specifically, we sought to determine whether NARA (a) met the OMB-mandated deadline; (b) adequately reported their status to OMB; and (c) developed adequate plans for implementing FDCC across the enterprise.

Our review found NARA missed the deadline for implementation of the OMB-mandated FDCC settings and then inaccurately reported their status to OMB. Additionally, NARA had not (a) developed sufficient implementation and test plans, (b) developed plans to resolve identified deviations from FDCC, and (c) enforced FDCC password settings.

We made five recommendations to assist NARA in implementing the mandated FDCC configurations. Management concurred with four of the five recommendations and initiated corrective actions. (Audit Report #08-10, dated August 27, 2007.)

Audit of NARA’s Researcher Registration Identification Card Program

NARA uses the researcher registration process at NARA facilities with research rooms for a number of purposes. This audit focused exclusively on the use of the researcher identification card as a management control feature aimed at providing protection of archival holdings through collection of individual researcher identification data. Data typically collected during the registration process includes the researcher’s driver’s license number and current home address. The objective of the audit was to determine whether the management controls over the researcher registration and application program ensure researcher information is accurately obtained, verified, and properly safeguarded.

We found NARA personnel responsible for registering researchers, and those responsible for managing the researcher registration program, are aware of their responsibilities for obtaining and recording researcher information. Additionally, we found sensitive, personal information obtained from researchers appears to be properly handled and appropriately safeguarded.

However, investment in a fully automated, integrated technology system would greatly improve security and customer service aspects of the researcher registration program. Currently, such a system is used at Archives I and Archives II, but none of the Presidential libraries or Regional records centers has an automated system for registering researchers. Additionally, NARA does not have uniform, detailed, internal operating procedures for banning researchers who do not comply with established research room rules of conduct. Finally, periodic monitoring of the researcher database at Archives I and Archives II was not conducted on a routine basis to detect and correct errors in the system.

We made three recommendations for improvement to the Researcher Registration Card Program. Management concurred with the recommendations and initiated corrective action. (Audit Report #08-07, dated April 24, 2008.)

Audit of NARA's Compliance with Section 522 of the Consolidated Appropriations Act of 2005 (Policies, Procedures & Practices for Protection of Personally Identifiable Information)

Clifton Gunderson LLP (CG), an independent public accounting firm, audited NARA's Compliance with Section 522 of the Consolidated Appropriations Act, 2005 (the Act) under a contract overseen by the OIG. This review included assessing compliance with applicable federal security and privacy laws and regulations, as well as assessing the privacy and data protection procedures used by NARA. The objective was to determine whether: (1) the necessity of using Personally Identifiable Information (PII) for data processing was properly evaluated; (2) NARA had established adequate procedures governing the collection, use, and security of PII; and (3) NARA had properly complied with the prescribed procedures to prevent unauthorized access to and unintended use of PII.

CG’s audit found the NARA Privacy Office has been proactive in carrying out its statutory responsibilities and its related role in ensuring compliance with the Act. Specifically, the Privacy Office has established a framework for identifying information systems containing or processing PII, securing data contained in these systems, conducting Privacy Impact Assessments (PIAs), and reporting Systems of Records Notices (SORNs) as required by the Act. Additionally, NARA has evaluated the necessity of using PII for data processing and established procedures for the collection and use of PII.

However, no formalized policies and procedures are in place for PII which: (1) explicitly identify the rules for determining whether physical removal of media containing PII is allowed; (2) require PII be encrypted and appropriate procedures, training and accountability measures are in place to ensure any remote use of this encrypted information does not result in bypassing the protections provided by the encryption; (3) explicitly identify the rules for determining whether remote access to PII is allowed; (4) require remote access be accomplished via a virtual private network (VPN) connection established using agency issued authentication certificate(s) or hardware token, when remote access is allowed; and (5) identify the rules for determining whether download or remote storage of the information is allowed, when remote access is allowed.

In addition, CG also found that NARA technical controls related to the protection of PII need to be strengthened. Specifically, (1) encryption mechanisms are not in place on portable devices containing privacy data such as laptops, portable digital assistants (PDAs), or thumb drives leaving the NARA premises; (2) two-factor authentication is not in place for remote access login and (3) risk assessments for the Badging and Access System (B&A) and the Automated Collection Management Database (IO/ACMD) is outdated and has not been updated at least every three years as required by Federal mandates. (Audit Report #08-15, dated September 28, 2008.)

Investigations

Investigations Overview

During this reporting period, the Office of Investigations (OI) opened 14 investigations, closed 24 investigations, and recovered six records. The OI also received 50 complaints and closed 44 complaints. Additionally, the OI conducted joint investigations with the FBI, the U.S. Postal Inspection Service, the U.S. Postal Service OIG, Army CID, the Department of Transportation OIG, the Veterans Affairs OIG, the Defense Intelligence Agency, and the Mexican Government. At the close of the period, there remained 26 open complaints and 29 open investigations.

Updates on Previously Reported Investigations

Alleged Wire Fraud, Theft of Public Money, Money Laundering

A former NARA employee and a former NARA contractor, who are alleged to have stolen nearly $1 million from NARA, were indicted by a Federal grand jury in the District of Maryland. Arrest warrants were subsequently issued and executed. Both subjects made their first appearances in court, and NARA OIG seized two vehicles belonging to the former contractor.

Alleged Theft of Military Service Records

An active duty sergeant in the U.S. Army was found to have removed multiple Official Military Personnel Folders from the National Personnel Records Center in St. Louis, MO. Upon recovery of the records, the OIG referred the case to the servicemember’s command. The servicemember has transferred out of St. Louis. The case is under review by the U.S. Army Office of the Judge Advocate General. The servicemember will not be criminally prosecuted, but faces non-judicial (administrative) sanctions.

Violation of NARA Security Policy

Several researchers were provided with special access to classified information to be reviewed in a NARA Classified Research Room, which is also a Sensitive Compartmented Information Facility or SCIF. While reviewing this information, multiple external contacts were allowed to be made from within the SCIF via the use of cell phones by the researchers in violation of NARA security policies. This case was declined for prosecution and is currently under review by NARA for potential administrative action.

Violation of NARA Security Policy

Several researchers were provided with special access to classified information to be reviewed in a NARA Classified Research Room, which is also a Sensitive Compartmented Information Facility or SCIF. While reviewing this information, multiple external contacts were allowed to be made from within the SCIF via the use of cell phones by the researchers in violation of NARA security policies. This case was declined for prosecution and NARA staff members were counseled regarding maintenance of SCIF security.

Improper Access to Classified Material

A former NARA employee, now a volunteer and contractor, was provided inappropriate access to classified information by NARA staff, during which he improperly removed copies of classified information in violation of NARA’s classified information security policy. This investigation revealed that the individual was reviewing classified material in an attempt to secure business for his employer. While the individual possessed a security clearance, he did not have a need to know the information he accessed. This access violated NARA’s policies and procedures governing classified information. This case was declined for prosecution. The contractor and NARA employee were admonished and/or reprimanded for their actions.

False Claims

A subject contractor submitted claims for hours worked by unqualified personnel. This violated the terms of the contract with NARA. An Assistant United States Attorney declined the case for criminal prosecution. A United States civil attorney has accepted the case for civil action.

 

Top of Page


New Investigation Highlights

Misuse of NARA Seal

A website was using the official NARA Seal without permission from the Archives. After failing to be responsive to several letters and phone calls ordering the removal of the seal, the case is being considered for prosecution by an Assistant United States Attorney. The investigation remains ongoing.

Archival Documents Found in Research Room Trash

A NARA staff member discovered several torn pages of archived material in a trash can in a research room at the National Archives. An OI investigation revealed a long-time researcher, who had been given special access to digitize certain NARA records for a website, was recorded on surveillance video walking from a desk and placing these materials in a trash can. Prosecution was declined and the researcher stated she made an error and did not believe these materials were archived records. The researcher was counseled.

Theft of NARA Computers

A NARA employee stole multiple desktop computers and provided them to NARA contractors. This case has been accepted for prosecution by an Assistant United States Attorney and remains ongoing.

Recovery of President Jackson Pardon

In 2000, the OI sent a letter to an antiquities dealer seeking information on a pardon issued by President Andrew Jackson and stolen from the Archives in the 1998-1999 timeframe. At the time of the theft, the OI tracked the provenance of the pardon to this particular dealer and ultimately sent the letter in 2000. The dealer was not suspected of any wrongdoing and was believed to be unknowingly in possession of this stolen pardon. Nothing was ever heard from the dealer until this reporting period when, in response to the OI’s 2000 request, the pardon was found and returned to this office with a copy of our 2000 letter. The suspected thief had been previously prosecuted for document theft, and further prosecution for this incident was declined.

Child Pornography

A laptop computer improperly excessed from NARA was recovered by the OI during this reporting period. A computer forensic analysis was conducted on the computer to determine if its hard drive had been properly cleansed of any NARA information. During the course of this analysis, evidence of child pornography was discovered. The investigation remains ongoing.

Conflict of Interest

A NARA employee started a private-sector business providing the identical services for which he was employed by the Government. These services were provided commercially on Government time using Government equipment, and service priority was given to commercial clients over Government clients. This case has been accepted for prosecution by an Assistant United States Attorney and remains ongoing.

Other Office of Investigation Activity

Archival Recovery Team (ART)

During this period, the Archival Recovery Team fielded 21 complaints and opened four investigations. Thirty-four complaints and nine investigations were closed. In addition, 15 ART non-criminal cases were referred to NARA for a recovery determination. At the close of the period, 15 ART complaints and six ART investigations remained open. The ART successfully recovered six documents during the period.

In July 2008, ART and the Inspector General were guest speakers at the National Association of Government Archives and Records Administrators 2008 Annual Meeting in Atlanta, Georgia. The session was titled “Recovering America’s National Treasures: How the National Archives and Record Administration’s Office of Inspector General Investigates Document Theft.”

As part of the ART’s outreach program, Office of Investigations staff attended the following shows to educate the public about the NARA OIG and ART:

  • In April 2008, ART and OIG staffs attended and displayed a table at the 36th Annual American Civil War Show in Chantilly, Virginia, sponsored by the Northern Virginia Relic Hunters Association.

  • In May 2008, ART members attended and displayed a table at the 31st Annual Ohio Civil War Collectors Show in Mansfield, Ohio.

  • In June 2008, ART members attended and displayed a table at the 34th Annual Gettysburg Civil War Collectors Show in Gettysburg, Pennsylvania.

  • In August 2008, ART staff attended and displayed a table at the National Civil War & Antique Arms Show, which also included World War I and World War II memorabilia. This show was held in Richmond, Virginia.

Missing Documents

A variety of significant historical documents were added to the ART’s missing documents web page located at http://www.archives.gov/research/recover/missing-documents.html.

  • Missing World War Two Maps – Target charts for the Hiroshima and Nagasaki bombing missions had been checked out of NARA by the Department of Defense in 1962. The maps were never returned to the Archives and are considered missing. The maps of Target Area 90-30-748, Hiroshima Area, A-2 Section, XXI Bomber Command, June 1945 and Target Area 90-36-542, Hiroshima Area, Target Unit, Intell Section, XX Bomber Command, April 1945, were created by the Army Air Corps to plan the atomic missions on Hiroshima and Nagasaki, respectively.

    Nagasaki Target Map

    Map of Target Area 90-36-542, Hiroshima Area.

    Hiroshima Target Map

    Map of Target Area 90-30-748, Hiroshima Area.



  • Missing Wright Brothers’ Flyer Patent – The original 1903 Wright Brothers’ Flyer Patent file is missing. Copies of the patent file are maintained in NARA’s Treasure Vault. The original patent file, Application #821,393, submitted by Orville and Wilbur Wright to the U.S. Patent Office in 1903, had been loaned to the Smithsonian for an exhibition in 1980. Upon its return to NARA, it subsequently disappeared and remains missing.

    Wright Brothers' Flying Machine Patent

    The Patent Oath.

    Wright Brothers' Flying Machine Patent

    The Patent drawing.

    Wright Brothers' Flying Machine Patent

    The Patent Register.

    Wright Brothers' Flying Machine Patent

    The Patent Petition.



  • Eli Whitney Cotton Gin Design Drawing – While the original cotton gin patent was destroyed by fire, a lawsuit filed in the State of Georgia in 1804 compelled Whitney’s representatives to file this reproduction with the court. Thus, this court filing is the closest version to the original patent, and it is presently missing.

    Eli Whitney Cotton Gin Patent

    Drawing made ca. 1804 in response to a court case in Georgia.



Computer Crimes Unit

The OI’s computer forensic examiner attended the Seized Computer Equipment Recovery Specialist (SCERS) course at the Federal Law Enforcement Training Center (FLETC) in May.  In addition to the on-site training, the unit received equipment and software which allowed for the continued growth and expansion of the OI’s computer crime lab and its computer forensic capability.  During the reporting period, the computer forensic examiner supported a wide variety of criminal investigations to include participation in searches and seizures during execution of warrants.

OIG HOTLINE

The OIG Hotline provides a confidential channel for reporting fraud, waste, abuse, and mismanagement to the OIG. In addition to receiving telephone calls at a toll-free Hotline number and letters to the Hotline post office box, we also accept e-mail communication from NARA's internal network or the Internet through the Hotline e-mail system. Walk-ins are always welcome. Visit http://www.archives.gov/oig/ for more information, or contact us:

The Office of Investigations promptly and carefully reviews calls, letters, and e-mail to the Hotline. We investigate allegations of suspected criminal activity or civil fraud and conduct preliminary inquiries on non-criminal matters to determine the proper disposition. Where appropriate, referrals are made to the OIG audit staff, NARA management, or external authorities. Hotline contacts are captured as complaints in the Office of Investigations. The following table summarizes complaints received and Hotline activity for this reporting period:

Complaints received 50
Complaints closed pending response from NARA 9
Complaints closed final 35
Complaints Open to Investigations 6

Top of Page


Top Ten Management Challenges

Overview

Under the authority of the Inspector General Act, the NARA OIG conducts and supervises independent audits, investigations, and other reviews to promote economy, efficiency, and effectiveness and to prevent and detect fraud, waste, and mismanagement. To fulfill that mission and help NARA achieve its strategic goals, we have aligned our programs to focus on areas we believe represent the agency’s most significant challenges. We have identified those areas as NARA’s top ten management challenges, and they are listed below.

1. Electronic Records Archives (ERA)

NARA’s challenge is to build a system that will accommodate past, present, and future formats of electronic records. The ERA Program did not meet its September 2007 goal of producing an initial operating capability for ERA with planned incremental improvements that will eventually result in full system capability. Instead, the ERA program has experienced delivery delays, budgeting problems, and contractor staffing problems. Now the program has shifted to a series of “drops,” implementing the software in smaller increments. Initial operating capability was pushed back from September 2007 to late June 2008. Further, the system component to handle White House e-mails has now been segregated out and is being pursued down a separate line of programming. The success of this mission-critical program is uncertain. The challenge will be to deliver and maintain a functional ERA system that will preserve electronic records for as long as needed.

2. Improving Records Management

Part of NARA’s mission is ensuring Federal officials and the American public have continuing access to the records of our government. NARA must work with Federal agencies to ensure scheduling, appraisal, and accessioning processes are effective and efficient; allowing NARA to meet its Strategic Goal of ensuring access to these records as soon as legally possible. The key challenge is how best to accomplish this component of our overall mission and identify and react to agencies with critical records management needs, especially in an environment in which an increasing amount of records are electronic as opposed to textual.

NARA also directs the Electronic Records Management (ERM) initiative, one of 24 Government-wide initiatives. The ERM initiative will provide guidance to agencies in managing and transferring to NARA, in an increasing variety of data types and formats, their permanent electronic records. NARA and its Government partners are challenged with determining how to manage electronic records and how to make ERM and e-Government work more effectively.

In June 2008, GAO recommended NARA develop and implement an approach to provide oversight of agency records management programs that provides adequate assurance agencies are following NARA guidance.

3. Information Technology Security

The Archivist identified IT Security as a material weakness under the FMFIA reporting process in FY 2007 and FY 2008. NARA’s Office of Information Services (NH) conducted an independent assessment of the IT security program using the Program Review for Information Security Management Assistance (PRISMA) methodology developed by the National Institute for Standards and Technology (NIST) in FY 2007. The assessment stated that NARA’s policy and supporting procedures for IT security were weak, incomplete, and too dispersed to be effective.

Information technology security continues to present major challenges for NARA. The confidentiality, integrity and availability of our electronic records and information technology systems are only as good as our IT security infrastructure. Each year, the risks and challenges to IT security continue to evolve. NARA must ensure the security of its data and systems or risk undermining the agency’s credibility and ability to carry out its mission.

4. Expanding Public Access to Records

In a democracy, the records of its archives belong to its citizens. NARA’s challenge is to more aggressively inform and educate our customers about the services we offer and the essential evidence to which we can provide access. Of critical importance is NARA’s role in ensuring the timeliness and integrity of the declassification process of classified material held at NARA.

Another challenge for NARA, given society’s growing expectation for easy and near-immediate access to information on-line, will be to provide such access to records created digitally (i.e., “born digital”) and to identify those textual records most in demand so they can be digitized and made available electronically.

5. Meeting Storage Needs of Growing Quantities of Records

NARA-promulgated regulation 36 CFR Part 1228, “Disposition of Federal Records,” Subpart K, “Facility Standards for Records Storage Facilities,” requires all facilities housing Federal records to meet defined physical and environmental requirements by FY 2009. NARA’s challenge is to ensure its own facilities, as well as those used by other Federal agencies, are in compliance with these regulations.

6. Preservation Needs of Records

As in the case of our national infrastructure (bridges, sewer systems, etc.), NARA holdings grow older daily and are degrading. The Archivist previously identified preservation as a material weakness under the Federal Managers’ Financial Integrity Act (FMFIA) reporting process. However, in FY 2006, preservation was downgraded to a reportable condition, and it is currently being monitored as a significant deficiency. The OIG strongly disagrees with this. Preserving and providing access to records is a fundamental element of NARA’s duties to the country. NARA cannot provide access to records needs unless it can preserve them for as long as needed. The current backlog of records needing preservation is growing. NARA is challenged to address this backlog and future preservation needs. The challenge of ensuring NARA facilities meet environmental standards for preserving records (see OIG Challenge #5) also plays a critical role in the preservation of federal records.

7. Improving Project Management

Effective project management is essential to obtaining the right equipment and systems to accomplish NARA’s mission. Complex and high-dollar contracts require multiple program managers, often with varying types of expertise. NARA is challenged with planning projects, developing adequately defined requirements, analyzing and testing to support acquisition and deployment of the systems, and oversight to ensure effective or efficient results within costs. These projects must be managed and tracked to ensure cost, schedule and performance goals
are met.

8. Physical and Holdings Security

The Archivist has identified security of collections as a material weakness under the FMFIA reporting process. NARA must maintain adequate levels of security to ensure the safety and integrity of persons and holdings within our facilities. This is especially critical in light of the security realities facing this nation and the risks that our holdings may be pilfered, defaced, or destroyed by fire or other man-made and natural disasters.

9. Contract Management and Administration

The GAO has identified Commercial Services Management (CMS) as a Government-wide initiative. The CMS initiative includes enhancing the acquisition workforce, increasing competition, improving contract administration skills, improving the quality of acquisition management reviews and strengthening contractor ethics requirements. Effective contract management is essential to obtaining the right goods and services at a competitive price to accomplish NARA’s mission. NARA is challenged to continue strengthening the acquisition workforce and improve the management and oversight of federal contractors. NARA is also challenged with reviewing contract methods to ensure a variety of procurement techniques are used and used properly in accordance with the Federal Acquisition Regulations.

10. Strengthening Human Capital

The GAO has identified human capital as a Government-wide high risk. NARA’s challenge is to adequately assess its human capital needs in order to effectively recruit, retain, and train people with the technological understanding and content knowledge that NARA needs for future success. In November 2007, OPM reported NARA had not established a formal human capital plan addressing the alignment of human resource policies and programs to organizational mission, strategic goals, and performance measures. Continuity of leadership within NARA is not ensured because it has not developed a comprehensive succession program providing training to employees to develop them as managers.

Top of Page


Reporting Requirements

STATISTICAL SUMMARY OF INVESTIGATIONS
Investigative Workload
Complaints received this reporting period 50
Investigations pending at the beginning of the reporting period 32

Investigations opened this reporting period

14

Investigations closed this reporting period

24

Investigations carried forward this reporting period

29
Categories of Closed Investigations

Fraud

4

Conflict of Interest

0

Contracting Irregularities

2

Misconduct

7

Larceny (theft)

9

Other

2
Investigative Results

Cases referred - accepted for prosecution

4

Cases referred - declined for prosecution

5

Cases referred - pending prosecutive decision

1

Arrests

0

Indictments and informations

0

Convictions

2

Fines, restitutions, judgments,, and other civil and administrative recoveries

0

NARA holdings recovered

6
Administrative Remedies

Employee(s) terminated

0

Employee(s) resigned in lieu of termination

0

Employee(s) suspended

0

Employee(s) given letter of reprimand/warned/counseled

1

Employees taking a reduction in grade in lieu of administrative action

0

Contractor (s) removed

1

Summary of Prosecutorial Referrals Requirement 5(a) (4)

Accepted for Prosecution

Forgery
An individual seeking military records of a particular servicemember used a forged signature verification form in order to fraudulently gain access to the records.  While declined for Federal prosecution, the subject was arrested and formally charged with misdemeanor forgery by the local Assistant District Attorney.

Conflict of Interest
A NARA employee started a private sector business providing the identical services for which he was employed by the Government.  These services were provided commercially on Government time using Government equipment and service priority was given to commercial clients over Government clients.  This case has  been accepted for prosecution by an Assistant U.S. Attorney. 

Civil False Claim Act Violation
A subject contractor submitted claims for hours worked by unqualified personnel.  This violated the terms of the contract with NARA.  While an Assistant United States Attorney declined the case for criminal prosecution, a United States civil attorney has accepted the case for civil action.    

False Statements
Subsequent to a complaint from a military veteran that his records had been accessed without his consent, the OI discovered an individual was forging release forms and providing them to the National Personnel Records Center to unlawfully access veterans’ records.  When confronted with this information the individual made numerous false statements regarding his conduct.  This case has been accepted for prosecution by an Assistant United States Attorney.

Declined for Prosecution

Investigations involving sexual harassment, espionage, workers’ compensation fraud, theft and public corruption were declined for prosecution during the period.

Pending Prosecutorial Determination

Misuse of NARA Seal
A website was using the official NARA Seal without permission from the Archives.  After failing to be responsive to several letters and phone calls ordering the removal of the seal, the case is being considered for prosecution by an Assistant United States Attorney. 

Mishandling of Classified Documents

An official from President Kennedy’s and President Johnson’s administrations was believed to have provided classified documents to a third-party who allegedly maintains possession of the documents.  Attorneys from the Department of Justice are considering the case for further investigation and potential prosecution
LIST OF REPORTS ISSUED
Requirement 5(a)(6)
Report No. Title Date Questioned Costs Un-supported Costs Funds Put to Better Use
08-07

Audit of  NARA’s Researcher Registration Identification Card Program

04/24/2008

0 0 0
08-08

Review of Electronic Records Archives Contract Direct Labor Costs

06/10/2008

0 0 0
08-09

Audit of Controls over Accounting for Lost Property

08/14/2008

0 0 0
08-10

Audit of NARA’s Implementation of the Federal Desktop Core Configuration

08/26/2008

0 0 0
08-11

Review of Subcontractor Costs on the Electronic Records Archives Development Contract

08/28/2008

0 0 0
08-13

Audit of NARA’s Central Receiving Function

09/29/2008

0 0 0
08-15

Clifton Gunderson LLP  2008 Review of NARA’s Compliance with Section 522 of the Consolidated Appropriations Act, 2005 (Policies, Procedures & Practices for Protection of Personally Identifiable Information)

09/29/2008

0 0 0

 

AUDIT REPORT(S) WITH QUESTIONED COSTS
Category Number of
Reports
DOLLAR VALUE
Questioned
Costs
Unsupported
Costs

A. For which no management decision has been made by the commencement of the reporting period

0
$0
$0

B. Which were issued during the reporting period

0
$0
$0

Subtotals (A + B)

0
$0
$0

C. For which a management decision has been made during the reporting period

0
$0
$0

(i) dollar value of disallowed cost

0
$0
$0

(ii) dollar value of costs not disallowed

0
$0
$0

D. For which no management decision has been made by the end of the reporting period

0
$0
$0

E. For which no management decision was made within 6 months

0
$0
$0

AUDITS REPORTS WITH RECOMMENDATIONS THAT FUNDS
BE PUT TO BETTER USE
Requirement 5(a)(9)
CATEGORY NUMBER DOLLAR VALUE

A. For which no management decision has been made by the commencement of the reporting period

1 $675,000

B. Which were issued during the reporting period

0 0

Subtotals (A + B)

1 $675,000

C. For which a management decision has been made during the reporting period

1 $675,000

(i) dollar value of recommendations that were agreed to by management

1 $675,000

Based on proposed management action

1 $675,000

Based on proposed legislative action

0 0

(ii) dollar value of recommendations that were not agreed to by management

0 0

D. For which no management decision has been made by the end of the reporting period

0 0

E. For which no management decision was made within 6 months of issuance

0 0


REQUIREMENT CATEGORY SUMMARY
5(a)(3) Prior significant recommendations unimplemented

None

5(a)(4)

Summary of prior referrals

None

5(a)(5)

Information or assistance refused

None

5(a)(10)

Prior audit reports unresolved

None

5(a)(11)

Significant revised management decisions

None

5(a)(12)

Significant revised management decisions with which the OIG disagreed

None

Top of Page

ANNEX ON COMPLETED CONTRACT AUDIT REPORTS

Section 845 of the 2008 Defense Authorization Act, Public Law 110-181, requires certain information on completed contract audit reports containing significant audit findings be included as an annex to this report. Two such reports were issued during this period and discussed in the body of this Semiannual Report; this information is repeated below.

Review of Electronic Records Archives (ERA) Contract Direct Labor Costs

In September 2005, NARA awarded a $317.4 million cost-plus-award-fee contract to build a permanent archives system for preserving and managing electronic records created by the Federal Government. The purpose of the Electronic Records Archives (ERA) system is to capture and permanently preserve electronic records of the Federal Government, regardless of format; ensure hardware and software independence; and provide access to the American public and federal officials.

As a result of a request by the contracting officer for the ERA program, we performed a review of direct labor costs billed to NARA on the ERA development contract. The objectives of the review were to determine (a) if the invoices submitted by the contractor for direct labor costs and subcontract costs for work performed on the ERA contract, and paid by NARA, were accurate, supported, and reasonable; and (b) if ERA Program Management Office (NHE) officials had a satisfactory process in place to review and approve contract invoices.

After six months of field work, we were unable to determine if the contract direct labor charges were accurate, supported, and reasonable. However, we did find NHE officials did not have an adequate basis for verifying direct labor costs, that is, (a) that direct labor hours billed by the contractor on the ERA contract were actually incurred, (b) that the amounts billed were appropriate, and (c) that contractor employees billed against the contract actually worked on the contract.

ERA contract direct labor costs could not be validated because (1) the contractor did not provide program personnel adequate supporting documentation with the invoices; (2) the contract did not specify direct labor rates, and allowed rates to vary from one invoice to the next; (3) the contractor does not maintain records for review, by invoice, to support the direct labor billed to NARA; (4) contractor officials were reluctant to provide necessary information and documentation that supported billed direct labor costs; (5) information provided by the contractor was often incomplete, resulting in additional questions and the need for us to obtain additional information and documentation; and (6) source documentation (e.g., supplemental timecards, salary records) could not be readily examined.

On April 9, 2008, we briefed NARA senior staff concerning the OIG’s inability to reasonably gain access to adequate supporting documentation for validating direct labor costs. We made management aware of the potential outcome that could ensue as a result of our office not being able to validate direct labor costs. Following our meeting, management officials contacted the contractor and arranged a meeting between the Director, Acquisitions Services Division (NAA), and senior-level contractor officials. Prior to the meeting, we met with the Director, NAA, to discuss the documentation and support that had not been provided by the contractor, but were necessary to complete our review and validate labor charges billed to the Government.

After meeting with us, the Director of NAA, met with senior-level contractor officials, including the Chief Financial Officer, to determine if they could provide the missing documentation necessary to validate direct labor charges on the ERA contract. As a result, the Director of Acquisitions was able to obtain contractor records that had been requested but not provided to the OIG, such as supplemental employee timecards approving overtime charges which were rejected at the time the employee submitted the original timecard for approval. With the documentation provided by the contractor, the Director was able to reconcile the direct labor hours and dollars for a judgmental sample of contractor employees.

We made three recommendations to assist the agency in correcting the reported deficiencies and in improving the ERA development contract invoice approval and contractor monitoring processes. Management concurred with only one of the three recommendations. The Director of Acquisitions believed NARA’s processes were adequate and therefore did not agree with two recommendations. (Audit Report # 08-08, dated June 10, 2008.)

Review of Subcontract Costs on the ERA Development Contract

As a result of a request by the contracting officer for the ERA program, we performed a review of subcontract costs billed to NARA on the ERA development contract to determine (a) if the invoices submitted by the contractor for direct labor and other subcontract costs for work performed on the ERA contract, and paid by NARA, were accurate, supported, and reasonable, and (b) if ERA Program Management Office (NHE) officials had a satisfactory process in place to review and approve contract invoices. Our report, OIG Report No. 08-08, Review of Electronic Records Archives Contract Direct Labor Costs, was issued on June 10, 2008.

Our review disclosed that for the subcontractor invoices included in our review, (a) other direct costs, including incidental services for which there is not a labor category specified in the contract, travel, computer usage charges, etc., were properly supported; (b) the 20 payments made by the prime contractor to the ERA subcontractors for the invoices reviewed, equaled the costs billed by the ERA subcontractors for those invoices; and (c) for three of the four subcontractors included in our review, labor rates used to bill for labor expended on the ERA contract were those rates negotiated between the subcontractors and the prime contractor.

However, we were unable to place any reliance on the accuracy and reasonableness of the direct labor costs billed for the subcontracts included in our review, that is, we could not validate subcontract costs. This was because (a) contractor officials did not provide the original employee timesheets to support subcontractor labor costs; (b) ERA Program Management Office officials paid contractor invoices for subcontractor labor without assessing validity of the charges, instead they simply relied on the contractor to properly bill for the costs related to its subcontractors and to validate the subcontractor invoices; and (c) contractor officials did not require ERA subcontractors to provide supporting documentation, for example, timecards, with their invoices for substantiating direct labor charges and had no process in-place for properly validating subcontractor labor charges or for assessing the allowability of those charges.

We made three recommendations to assist the agency in correcting the reported deficiencies and in improving the ERA subcontract invoice approval process. Management concurred with one of the recommendations and considered current controls in place adequate to address the two other recommendations. (Audit Report # 08-11, dated August 28, 2008.)

1 Management letters are used to address issues, not resulting from an audit, that need to be quickly brought to the Archivist’s or management’s attention.

PDF files require the free Adobe Reader.
More information on Adobe Acrobat PDF files is available on our Accessibility page.

Office of the Inspector General (OIG) >

The U.S. National Archives and Records Administration
1-86-NARA-NARA or 1-866-272-6272

.