(EST PUB DATE) SEMIANNUAL REPORT

Central Intelligence Agency Inspector General (b)(1) (b)(2) (b)(3) (b)(5) (b)(6) SEMIANNUAL REPORT TO THE DIRECTOR OF CENTRAL INTELLIGENCE JULY - DECEMBER 2002 APPROVED FOR RELEASE DATE: 25-Feb-2010 "S'EC-44E17 John L. Helgerson Inspector General ""SreRKI/, TABLE OF CONTENTS PAGE (U) A MESSAGE FROM THE INSPECTOR GENERAL 1 (U) STATUTORY REQUIREMENTS 5 (U) AUDITS 9 (U) AUDIT STAFF OVERVIEW 9 (U) SIGNIFICANT COMPLETED AUDITS OR OTHER REVIEWS 10 (U) STATUS OF SIGNIFICANT RECOMMENDED ACTIONS OUTSTANDING FROM PREVIOUS SEMIANNUAL REPORTS 29 (U) SUMMARIES OF SELECTED CURRENT AUDITS 35 (U) INSPECTIONS 37 (U) INSPECTION STAFF OVERVIEW 37 (U) SIGNIFICANT COMPLETED INSPECTIONS OR OTHER REVIEWS 38 (U) STATUS OF SIGNIFICANT RECOMMENDED ACTIONS OUTSTANDING FROM PREVIOUS SEMIANNUAL REPORTS 46 (U) SUMMARIES OF SELECTED CURRENT INSPECTIONS 53 (U) INVESTIGATIONS 57 (U) INVESTIGATIONS STAFF OVERVIEW 57 (U) SIGNIFICANT COMPLETED INVESTIGATIONS OR OTHER REVIEWS 58 (U) STATUS OF SIGNIFICANT RECOMMENDED ACTIONS OUTSTANDING FROM PREVIOUS SEMIANNUAL REPORTS 62 (U) SUMMARIES OF SELECTED CURRENT INVESTIGATIONS 63 -nEU """Stelics1,1 (U) ANNEX SECTION (U) STATISTICAL OVERVIEW (U) COMPLETED AUDITS OR REVIEWS (U) CURRENT AUDITS OR REVIEWS (U) COMPLETED INSPECTIONS OR REVIEWS (U) CURRENT INSPECTIONS OR REVIEWS (U) COMPLETED INVESTIGATIONS OR REVIEWS (U) CURRENT INVESTIGATIONS OR REVIEWS 11 "SE-C.13Z.,17, (U) A Message from the Inspector General (U) The Office of Inspector General (OIG) has completed a review of our substantive work priorities and issued a new Work Plan for calendar year 2003. Our audits, inspections, and special reviews will be focused on six priority areas: ? Effective Management of Core Missions ? Information and Communications ? Covert Action ? Financial and Procurement Systems ? Accountability Issues from the Joint Inquiry into 9/11 ? Proactive Investigative Initiatives Focusing on these issues enables us most effectively to address requirements mandated by law, the DCI's strategic priorities, requests from senior Agency managers, and our own assessment of priority and vulnerable programs. (U) I wish to record my appreciation to the Congressional oversight committees, which, in response to a proposal made in our last semiannual report, provided legislative relief from a standing obligation to produce formal, annual audits of the Agency's Central Services Working Capital Fund. This action will free up scarce audit resources, reducing somewhat the number of new auditors who must be hired to prepare for Congressionally-mandated financial statement audits in FY 04 and beyond. I am pleased to report that a vigorous hiring program is underway and that 1 the Audit Staff has reorganized itself to focus on financial statements, the committees' recommendation that we audit each covert action program every three years, and important information technology programs. (U) In this report, I again seek the assistance of the oversight committees in correcting an apparently unintended consequence of legislation passed at the end of the 107th Congress. Briefly, the Homeland Security Act included provisions referred to as the Federal Information Security Management Act (FISMA), which modified procedures for evaluating and auditing the government's information security systems previously contained in the Government Information Security Reform Act (GISRA). FISMA outlined the responsibilities of Inspectors General appointed under the 1978 IG Act, but dropped a reference that had been in the GISRA that also placed responsibilities on statutory IGs appointed "under any other law," as is CIA's IG. Elsewhere in this report, we propose a simple legislative solution that will ensure CIA's OIG continues to play the role that Congress apparently intends for statutory IGs regarding information security. (U) OIG's involvement with counterpart offices in other Intelligence Community (IC) agencies has continued during this period, both in the IG Forum and other settings. Consultations among the IGs have focused on information sharing in the wake of 9/11, best practices with audits and inspections related to information technology, and, most recently, preparations for follow-up work on accountability issues raised in the Congressional Joint Inquiry into 9/11. In September 2002, CIA OIG hosted the eighth annual IC Audit Conference, attended by 170 auditors from across the Community. r-- Notable substantive work undertaken jointly with other Offices of Inspector eneral during this period included a review, with the National Reconnaissance Office IG, of the This review was requested by the DCI. With the Department of State, we conducted an inventoru of vronerty owned by the Our auditors also assis tea tne Department with an overseas inspection of the Department's 2 visa program. Finally, we worked with several other agencies in a Congressionally-directed review of the enforcement of export licensing for dual-use commodities and munitions. Another important audit completed during this period addressed the Agency's covert action program on counterproliferation. Key inspections have included work on the Agency's response to the events of September 11, operational counterintelligence and counterespionage, the Foreign Broadcast Information Service, and the exploitation of technical tools. Our Investigations Staff completed several important projects. These included an investigation into the methodology used by CIA to investigate the as requested by the House Permanent Select uommatee on intelligence. A Special Assessment was issued on Agency compliance with Executive Order 12333 with respect to electronic surveillance and physical searches directed at US persons. The Staff continues to devote substantial resources to a Department of Justice inquiry into the procedures employed in the Peruvian narcotics air interdiction program. (U) It is notable that several investigations resulted in criminal convictions of Agency employees during this period. In December 2002, an employee was convicted of conspiracy to accept gratuities in exchange for giving preferential treatment to an Agency contractor. The contractor and another employee had previously pled guilty in this case, which had been pursued effectively over an extended period with the US Attorney for the Eastern District of Virginia. In an unrelated case, a former employee pled guilty to making false statements and mail fraud. Another investigation led to a guilty plea by a former employee to the theft of government property by using a government credit card and submitting false vouchers. (U) Finally, we have underway within our Office efforts to improve the effectiveness of several of our processes. These include the timeliness of our production, our mentoring of new employees, and our monitoring of actions by Agency components and managers to comply with OIG recommendations. Fortunately, I can report that the compliance process works very well at CIA. The majority of OIG recommendations are accepted 3 "Sirt-R-rga.,4 "S'EGREZ.....17 and implemented, in large part because the Executive Director and his staff take timely actions?and follow up vigorously?to oversee component responses. I very much appreciate this productive working relationship. jonn L. tieigerson 17 January 2003 4 'Sref+g,,T.1 (U) STATUTORY REQUIREMENTS (U/ This This report is submitted pursuant to section 17 of the CIA Act ot 194, as amended, which requires the Inspector General to provide to the DCI, not later than 31 January and 31 July of each year, a semiannual report summarizing the activities of the OIG for the immediately preceding six-month periods, ending 31 December and 30 June, respectively. (U) All audit activities of the OIG are carried out in accordance with generally accepted government auditing standards. All OIG inspection and investigation activities conform to standards promulgated by the President's Council on Integrity and Efficiency. (U) The OIG has had full and direct access to all Agency information relevant to the performance of its duties. (U) Subpoena Authority (U any subpoenas. During this reporting period, the IG did not issue (U) Legislative Proposals (1.1) Entity Required to Perform Independent Evaluation of CIA Information Security Program and Practices (U) Shortly before it adjourned, the recently completed 107th Congress passed the Homeland Security Act (HSA) and the E-Government Act, each of which was a lengthy piece of legislation addressing multiple issues. An apparently unnoticed and unintended consequence of these acts was a modification of the description of the entities required to perform an annual independent evaluation of the information security program and practices for various Federal agencies. We propose a technical amendment to that "ItC-44F.1/ 5 legislation to restore the previous, and we believe intended, definition of such entity as it affects the CIA Inspector General. (U) Section 1001 of the HSA and section 301 of the E-Government Act each contain identical provisions, referred to as the Federal Information Security Management Act (FISMA). These provisions amend 44 U.S.C. ?3535, the previous requirements contained in GISRA?the Government Information Security Reform Act?for performing an independent evaluation of an agency's information security program and practices. (U) The prior formulation under GISRA was that, for an agency with an IG appointed under the 1978 IG act "or any other law," the audit of the annual evaluation was to be "performed by the Inspector General or by an independent evaluator, as determined by the Inspector General of the agency." 44 U.S.C. ?3535(b)(1)(A). (U) The new formulation under the amendments contained in FISMA states that "for each agency with an Inspector General appointed under the Inspector General Act of 1978, the annual evaluation required by this section shall be performed by the Inspector General or by an independent external auditor, as determined by the Inspector General of the agency . . . ." HSA section 1001(b)(1), amending 44 U.S.C. ?3535(b)(1). This leaves out the "or any other law" language previously included in the GISRA statute. (U) Since CIA's statutory IG is appointed under "other law" but not the 1978 IG Act, CIA (and therefore its OIG) is not included within this new formulation. Rather, CIA now falls into the requirement contained in the next subparagraph, ?3535(b)(2) (as amended by the HSA), which now provides: "for each agency to which paragraph (1) does not apply, the head of the agency shall engage an independent external auditor to perform the evaluation." (U) For CIA to remain among the first category, of other agencies that have a statutory IG, rather than being moved into the second category, with those that have an administrative IG, Congress 'nE?4tE,14 6 must pass a technical amendment to the definition of that first category to restore the omitted reference to "any other law." (U) It is recommended that 44 U.S.C. ?3535, renumbered as ?3545 by section 301 of the E-Government Act of 2002, be amended as follows: Sec. ENTITY TO PERFORM INDEPENDENT EVALUATION OF AN AGENCY'S INFORMATION SECURITY PROGRAM AND PRACTICES?Insert the words "or any other law" in paragraph (b)(1) of the section after the words "for each agency with an Inspector General appointed under the Inspector General Act of 1978 . ." 7 "nreft-EZ,L. --5t?.14EZ7 8 "Etiig,1,4 (U) AUDITS (U) AUDIT STAFF OVERVIEW (U) The Audit Staff conducts performance, financial-related, and financial statement audits of Agency programs and activities. In addition, the Audit Staff provides oversight of Agency interests through its participation in joint reviews of Intelligence Community (IC) programs and activities and responds to requests for audits or reviews from Congressional and Executive Branch officials. In the last six months, the Audit Staff has focused its efforts on evaluations of Agency programs and activities, field stations in Europe Division, and financial management and information technology issues. (U/ The Audit Staff continues to plan for the Congressi a y mandated audit of the Agency's fiscal year (FY) 2004 financial statements. This will be a significant undertaking for the Staff, and the resource requirements will be substantial. A robust recruitment effort is underway to attract highly qualified auditors to assist the Staff in meeting this important requirement. (U) The Audit Staff is also responding to a Congressional recommendation contained in the legislative history accompanying the Intelligence Authorization Act for Fiscal Year 2002 to audit each covert action program every three years. The Staff does not have sufficient personnel to audit all activities undertaken under all findings every three years and still meet its other requirements. The Staff has therefore implemented a strategy to select and review at least one major covert action activity under each Presidential Finding every three years. The order in which the Staff reviews these activities is based on the activities' resource allocations and sensitivity, Staff availability, and when a particular activity was last audited. The order may change as a result of Congressional or management input. 9 ""52?44UZ4. (U) SIGNIFICANT COMPLETED AUDITS OR OTHER REVIEWS ""Srei?tUTL 10 1 "S"E?44E.1.4 11 12 13 14 15 --sreilg,x, --sEE.R,E1.1 16 17 --nf,?.1zzz4 ''E%usi4E,Ii 18 --StEREI/ ""SEC-44EZ4 20 S'rtR.gz,z 21 ..-StE?14E1 22 "S'reRva/ 23 sIZ,kLT/ -*ftltGU 24 's-t?Gt4F.,14 1 25 ..s.r,c..44Ezi 26 27 "nt?44E1J 28 ...Sr??Z r< 'Sr?RE.1/ (U) STATUS OF SIGNIFICANT RECOMMENDED ACTIONS OUTSTANDING FROM PREVIOUS SEMIANNUAL REPORTS --SEC-42.EZZ 29 ""SreREZ,1 "-tE7 30 31 ..-Sr?44ET/ 32 ---5'r?14ET.4 T/ 33 34 (U) SUMMARIES OF SELECTED CURRENT AUDITS 35 36 (U) INSPECTIONS (U) INSPECTION STAFF OVERVIEW (U The Inspection Staff is responsible for conducting inspections of Agency programs and operations to evaluate their efficiency and effectiveness and their compliance with law, Executive orders, and regulations. The Inspection Staff continues to use its flexible approach to scheduling, which utilizes a seven-month cycle (February-August) to conduct either a single major inspection or several more focused, less wide-ranging inspections and the traditional five-month cycle (September-January). During the current cycle, the Staff is working on four inspections: the Directorate of Science and Technology's (DS&T) Office of Technical Service, the Directorate of Operations' and Africa Division, and, Global Support. In addition, the Staff is nearing completion of inspections of the Agency's Counterintelligence (CI) and Counterespionage programs?which will be published as a joint report?and of the DO's East Asia Division, all of which were begun during the previous cycle. (U The Inspection Staff continues to conduct a two- week course for new inspectors and a seminar for team leaders before the start of each inspection cycle. The Staff also conducts seminars for OIG inspectors and research assistants during the course of each cycle, instituted in response to the increasing sophistication of our methodology. These seminars build on the New Inspectors' Training Course and address topics such as interview strategy, the exploitation of databases, electronic focus group methodology, research and analysis, process mapping, and drafting. (U) SIGNIFICANT COMPLETED INSPECTIONS OR OTHER REVIEWS / 38 SE / 39 --re'it.E ''SECZ,7 40 -SE611. 41 "SmzeRkg.T.4 --STERET/ 42 43 n614FT/ 44 45 ''St?11.E1/ (U) STATUS OF SIGNIFICANT RECOMMENDED ACTIONS OUTSTANDING FROM PREVIOUS SEMIANNUAL REPORTS 46 ''S'EGIZZZ/ 47 "SECZZLY -sirtpeuz A.R *--SEGRE..1 "'S'El' 49 ' t ? I 4 , allaa?RainaRallaaa liana 51 "SK..13Z1.7 52 (1.) SUMMARIES OF SELECTED CURRENT INSPECTIONS 53 54 S 55 '-st6i4zz 56 (U) INVESTIGATIONS (U) INVESTIGATIONS STAFF OVERVIEW The Investigations (INV) Staff investigates possible violations of statutes, regulations, policies, and procedures, as well as potential waste of funds, mismanagement, abuse of authority, and substantial dangers to public health and safety related to Agency programs and operations. The INV Staff also provides general oversight of the Agency's grievance system and reviews appeals of various Agency board decisions. (U In addition to initiating and completing a number of routine criminal and administrative investigations, the INV Staff completed one major investigation and a significant special assessment during this semiannual period. The Staff is also devoting considerable resources to an ongoing investigation led by the Department of Justice. Apart from investigations predicated on specific allegations of wrongdoing or abuse, the Staff is completing one effort and has initiated other efforts to ascertain fraud vulnerabilities in Agency programs and activities. (U The Staff is involved in several continuous internal improvement initiatives. An assessment of our existing approach to report preparation focuses on streamlining the process without sacrificing product quality. An evaluation of the investigative report structure measures the value of the current product to consumers and considers alternate forms of investigative reporting. The Staff continues to research and test an appropriate replacement for the investigation database to improve case management by managers and investigators. The success of a formal mentoring program for new investigators implemented during the last reporting period resulted in its expansion to a Staff-wide informal mentoring program for all investigators and support personnel. Also, Staff training continues to improve with mandatory 57 *Sltefigl. semiannual in-service training sessions and the development of training plans that include core and elective courses for journeyman investigators. (U/ The grievance unit is updating the process for collecting Agency-wide statistical information on grievances. A new database, scheduled to be available by the end of January 2003, will enable each directorate grievance officer to manage cases, create forms, and write reports online. The database also will provide a vehicle to standardize case management procedures and forms, and allow OIG to capture the full extent of grievance activities throughout the Agency. (U) SIGNIFICANT COMPLETED INVESTIGATIONS OR OTHER REVIEWS ""S'Ere,i4L'.0 58 59 S're.t.gz,z4 60 --Sgr.ZLTI 61 ""st,64zEli (U) STATUS OF SIGNIFICANT RECOMMENDED ACTIONS OUTSTANDING FROM PREVIOUS SEMIANNUAL REPORTS 62 (LI) SUMMARIES OF SELECTED CURRENT INVESTIGATIONS 63 -SEC-REZ 64 -7- "stteRrgzi 65 ""StG. 66 "St?44E1,4 (U) CURRENT INVESTIGATIONS OR REVIEWS As of 31 December 2002 Category Number of cases Grievances Compensation 1 Management and Supervision ? Grievance 1 Medical 1 Other 1 General Investigations Criminal and Prohibited Acts Conflicts of Interest 6 Embezzlement 3 False Claims ? Other 5 False Claims/Statements/Vouchers 3 False Claims - Time & Attendance 20 Management and Supervision ? Administrative 1 Megaprojects 1 Misconduct ? Employee 4 Misconduct ? Management 3 Procurement Fraud 12 Regulatory Violations 2 Theft and Misuse of Government Property 9 Waste 3 Other - Administrative/Criminal 14 Total Ongoing Cases 90 SE (U) Conversion of US Government Property (U) False Claims/Billings (U) Imprest Fund Credit Card Fraud (U) Misuse of Agency Cellular Telephone (U) Misuse of Agency-Leased Telephone (U) Possession of Child Pornography (U) Possible Shifting of Costs (U) Time and Attendance Fraud (U) Waste of Funds and Abuse of Authority (U) COMPLETED INSPECTIONS OR REVIEWS 1 July ?31 December 2002 (U) The Exploitation of Technical Tools (U) The Agency's Response to the Events of 11 September 2001: A Look Forward (U) Directorate of Science and Technology's Foreign Broadcast Information Service (FBIS)?A Follow-on Inspection (U) Global Support's Special Training Center (STC)?A Follow-on Inspection (U) CURRENT INSPECTIONS OR REVIEWS 31 December 2002 (U/ (U/ (U Office of Technical Service (OTS), DS&T Global Support, MSO Africa Division (AF), DO (U) The Directorate of Operations' East Asia (EA) Division (U) Operational Counterintelligence Program (U) Counterespionage Program "ftregzzz (U) COMPLETED INVESTIGATIONS OR REVIEWS 1 July -31 December 2002 Alleged Concealment of Terrorist-Related Information (U) Alleged Inappropriate Relationship with a Subordinate (U) Alleged Misconduct in the Workplace (U) Alleged Misuse of Agency Funds (U) Alleged Procurement Fraud (U) Alleged Time and Attendance Fraud (U) Alleged Waste in Renovations of an Agency Facility (U) Approving Officer Misconduct Assessment of Compliance with E0 12333 - * (U) These investigations resulted in a Disposition Memorandum rather than a Report of Investigation. "nt?44.1,4 (U) CURRENT AUDITS OR REVIEWS 31 December 2002 (U) Financial Management (U) Fiscal Year 2002 Financial Statements of the Central Services Working Capital Fund (U) Payroll Expense Processing and Reporting (U) Agency Controlled Bank Accounts (U) Financial Management Within the Europe Division (U) Operations (U) Support Provided to a Sensitive Project by the (U) Operations (Continued) (U) CIA Support to Agencies Responsible for the Enforcement of Export Licensing for Dual-Use Commodities and Munitions (U) Personnel and Security (U) Survey of the Agency's Security Clearance Process (U) Procurement and Technology Directorate of Operations Operational Records System- (U) Security of External Connections to the ADSN (U) Commo 21 Program (U) Continuity and Contingency Planning for Critical Agency Information Systems (U) Review of Contract Invoicing Allegations (U) Information System Certification and Accreditation Process l'reRzy ''-tif?4zzav (U) COMPLETED AUDITS OR REVIEWS 1 July ?31 December 2002 (U) Financial Management (U) Agency Cash and Other Monetary Assets (U) Operations (U) Counterproliferation Covert Action Activities of the Central Intelligence Agency (C) Surveillance Detection Training Administered by the Kisevalter Center "srtRri6L (U) Personnel and Security (U) Review of Allegations Regarding the Sentry System (U) Financial and Fiduciary Administration of the Thrift Saving Plan (U) Procurement and Technology (U) Future Imagery Architecture Optical Growth Alternative (U) Compliance With Foreign Ownership, Control, or Influence in Acquisitions Policies (U) The 2002 Intelligence Community Chief Information Officer's Independent Evaluations of the Central Intelligence Agency and the Intelligence Community Chief Information Officer Security Programs and Practices Required by the Government Information Security Reform Act (GISRA) (U) Electronic Time Reporting on Notes (U) Other (U) Internal Quality Control Review of the Audit Staff ThmteRzzz, Th"refkLE-T-4., (U) STATISTICAL OVERVIEW (U) Audit Staff (U/ During the period 1 July to 31 December 2002, the Audit Staff issued 21 reports and memoranda and made 78 recommendations to improve accounting and financial management; procurement, supply, and property management; and information systems and program management. The Audit Staff had 19 audits and reviews ongoing at the end or ui reporting period. Two of the audits involve the Europe Division field stations and two of the audits are focused on Agency covert action programs. The remaining audits address topics such as the enforcement of export licensing policies, a joint inventory of equipment managed by the Diplomatic Telecommunications Service Program Office, and the DO's operational records system, StarBase. (U) Inspection Staff During the last six months of 2002, the Inspection Staff completed four inspections, two of which were compliance inspections to determine the effectiveness of recommendations made in 2000 to improve the and the Foreign Broadcast Information Service. The Staff also had seven ongoing inspections at the end of the reporting period that include reviews of the East Asia Division/ DU, the /DO, Africa Division/DO, the Office of 1ethnical service/DS&T, and an inspection of Global Support?one of the new MS0s?to determine whether support has improved under the new MSO structure. (U) Investigations Staff (U The Investigations Staff completed work on 137 matters of various types during this reporting period. Of this number, 27 cases were of sufficient significance to be the subject of a final report---12 Reports of Investigation and 15 Disposition Memoranda. (U/ During this period, 14 matters were referred formally to ased upon a reasonable belief that violations of Federal criminal law may have been committed. (U/ Recoveries on behalf of the US Government during this reporting period, as a result of the Investigations Staffs efforts, totaled $211,173. (U/ As of 31 December 2002, 90 matters were in various stages of review by the Investigations Staff.