Whistleblower Protection: Analysis of DOD’s Actions to Improve Case Timeliness and Safeguard Confidentiality, Mar 07, 2019

This post first appeared on GAO Reports. Read the original article.

What GAO Found

The Department of Defense Office of Inspector General (DODIG) and military service offices of inspector general (IG) met some but not all fiscal year 2018 timeliness and quality goals for handling whistleblower complaints. For example, DODIG met its goals related to referring complaints to the appropriate agency within a certain number of days. All IGs also generally met goals related to the quality of investigations. However, about 85 percent of DODIG reprisal and senior official misconduct investigations exceeded statutory and internal timeliness goals. Further, military service IGs did not meet most goals for handling cases within prescribed timeframes. For example, the service IGs averaged between 17 and 84 days to notify DODIG of their receipt of whistleblower reprisal allegations, exceeding the 10-day goal. The IGs have various initiatives underway to improve timeliness, such as a Naval IG program to reduce timeframes for initial credibility determinations. However, additional actions could provide a more targeted approach to improving performance against unmet timeliness goals—such as for senior official misconduct investigations—and better assure whistleblowers that their cases will be handled expeditiously.

DODIG and the military service IGs have policies to protect whistleblower confidentiality, but some gaps exist. For example, DODIG guidance for protecting whistleblowers who report internal DODIG misconduct does not specify key steps investigators should take to protect confidentiality, such as not identifying complainants during interviews with case subjects. Also, Air Force, Naval, and Marine Corps IG guidance does not specify when whistleblower identities can be disclosed without consent. Without updated guidance, the IGs cannot ensure the consistent implementation of confidentiality protections.

The IGs have taken steps to safeguard whistleblower information in their information technology (IT) systems and applications, such as by restricting access to case information through unique user permissions and by taking actions to follow DOD’s IT risk management process. However, between 2016 and 2018, employees in all of the IGs have been able to access sensitive whistleblower information without a need to know. For example, DODIG determined that numerous restricted whistleblower records in its document repository were accessible to DODIG personnel without a need to know. Similarly, the Air Force IG’s application did not restrict users from other DOD components from viewing Air Force IG case descriptions and complainant identities, while the Army IG’s application and the Naval IG’s system did not restrict personnel within those IGs from viewing allegations or investigations involving other personnel within those IGs. Additionally, employees in Marine Corps IG offices were able to see whistleblower cases assigned to other IG offices without a need to know. While some actions have been taken to address these issues, additional steps are needed to restrict access to case information in order to mitigate ongoing risks to whistleblower confidentiality.

DODIG generally met key documentation requirements for the 125 cases it dismissed without investigation involving civilian DOD Presidential appointees with Senate confirmation.

Why GAO Did This Study

Safeguarding confidentiality to the maximum extent possible is essential for encouraging whistleblowers to report wrongdoing without fear of reprisal. In fiscal year 2018, DODIG received over 12,000 contacts from potential whistleblowers related to fraud, waste, abuse, employee misconduct, or other violations. The National Defense Authorization Act for Fiscal Year 2017 included a provision for GAO to review the integrity of DOD’s whistleblower program. This report assesses the extent to which DODIG and the military service IGs (1) met and took steps to achieve key fiscal year 2018 timeliness and quality goals, (2) established processes to protect whistleblower confidentiality, and (3) are able to safeguard sensitive information necessary to handle whistleblower complaints. It also evaluates (4) the extent to which select cases involving certain senior DOD civilian officials met key requirements.

GAO assessed fiscal year 2018 IG performance data, surveyed all 108 DODIG employees who directly handle whistleblower complaints, reviewed IT security controls, and analyzed all 125 cases involving civilian DOD Presidential appointees with Senate confirmation dismissed by DODIG in fiscal years 2013-2017.

What GAO Recommends

GAO is making 12 recommendations, including that the IGs take additional actions to improve timeliness, develop additional procedures to protect whistleblower confidentiality, and take steps to further limit IG employee access to sensitive whistleblower information. DOD concurred with all of the recommendations.

For more information, contact Brenda S. Farrell at (202) 512-3604 or farrellb@gao.gov.

Leave a Reply

Your email address will not be published. Required fields are marked *