Bureau of Prisons: Enhanced Data Capabilities, Analysis, Sharing, and Risk Assessments Needed for Disaster Preparedness
Fast Facts
The Bureau of Prisons tracks data on its facility maintenance and repair projects—including those stemming from disasters. But, the Bureau hasn't defined "disasters" for the purpose of tracking its maintenance and repair projects—making it harder to plan for disaster risks.
Also, the data systems that the Bureau uses can't do the analysis to identify trends in the types, timeliness, or costs of its projects. In addition, if the Bureau had a method for sharing all lessons learned and assessing its facilities' vulnerabilities, it could help the agency better plan for and recover from disasters.
Our recommendations address these issues.
Hurricane damage to an employee workspace at Federal Correctional Institution Pollock in Louisiana, August 2020
Highlights
What GAO Found
The Bureau of Prisons (BOP), within the Department of Justice, prepares for disasters by requiring its institutions to develop contingency plans outlining steps to prepare and respond to disasters and requiring staff to complete related training, which includes what constitutes a disaster.
Tornado Damage at a BOP Institution, April 2020
BOP has two data systems to collect information on maintenance and repair projects, including those related to disasters. However, BOP has not defined “disaster” for the purposes of tracking it in its data systems. Further, these systems do not include analytic features that could position BOP to identify trends in the type, timeliness, and cost of its projects. By establishing in policy a clear definition of disaster, and incorporating analytic features into its data systems—such as project milestones and cost indicators, as well as queries and alerts on these features—BOP could identify trends across projects and position itself to better address unnecessary delays or costs.
BOP has various processes for managing disaster response, including using a standardized Incident Command Structure approach and documenting and responding to the impacts of disasters on inmates and staff. For example, when a hurricane hit one BOP institution, the institution converted the visiting room and training center into staff living quarters and supplied cots, sheets, blankets, showers, and food until staff could return to their homes.
BOP lacks approaches for sharing lessons learned from all disasters and assessing institutions' disaster vulnerability. According to BOP, it identifies and shares disaster-related lessons learned through after-action reports; however, these reports are not required, and their content varies. Further, officials at all six institutions said they identified and shared lessons in other ways, such as conference calls. By implementing a systematic approach for identifying and sharing all the lessons learned and taking steps to routinely collect feedback from institutions on their application, BOP could have greater assurance that institutions are leveraging lessons to prepare for future disasters. Further, BOP's approach for assessing institutions' vulnerability focuses on security-related risks, not disaster-related risks, such as building damage. By expanding assessments to include disaster-related risks, BOP could leverage opportunities to build resilience and reduce institutions' risk to damage from future disasters.
Why GAO Did This Study
BOP is responsible for the care and custody of over 150,000 federal inmates and the maintenance and repair of 122 institutions. Natural disasters, such as hurricanes, can present a specific danger to inmates and staff who may not be able to evacuate, due to security measures.
Senate Report 116-127 includes a provision for GAO to examine how BOP protects inmates during disasters. This report addresses BOP's (1) preparation for disasters; (2) tracking and analysis of disaster-related repair projects; (3) approach to managing disaster response and related impacts; and (4) identification and sharing of lessons learned from, and assessment of vulnerability to, disasters.
GAO reviewed BOP guidance, policy, and data on maintenance and repair projects. GAO also interviewed officials from a nongeneralizable sample of six BOP institutions, selected, in part, on the basis of experience with a disaster from calendar years 2017 through 2020.
Recommendations
GAO is making eight recommendations to BOP, including establishing in policy a clear definition of disaster for tracking projects, incorporating analytic features into its data systems, systematically sharing lessons learned from disasters, and including disaster-related risks in its vulnerability assessments. BOP concurred with five of the eight recommendations. BOP did not concur with the three recommendations to incorporate analytic features into its data systems, citing among other things, questions about cost and feasibility. GAO made related modifications, as discussed in the report.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Bureau of Prisons | The Director of BOP should establish in policy a clear definition of "disaster" for the purposes of tracking maintenance and repair project information. (Recommendation 1) |
Open – Partially Addressed
BOP concurred with this recommendation and stated in January 2022 that it would take steps to establish a definition of disaster for tracking maintenance and repair projects. In August 2022, BOP provided an update noting that it was currently working with multiple stakeholders to develop its definition. In February 2023, BOP officials reported to us that they had developed a definition and documented it in the draft Facilities Operations Manual Program Statement, which is in the process of being reviewed. As of November 2023, BOP reported that these efforts are still underway. We will continue to monitor BOP's efforts to establish in policy the definition it has developed.
|
| Bureau of Prisons | The Director of BOP should establish codes or other tracking mechanisms for the purposes of tracking disaster-related projects. (Recommendation 2) |
Closed – Implemented
BOP concurred with this recommendation and stated in January 2022 that it would take steps to establish codes or other tracking mechanisms to track its disaster-related projects. In March 2023, BOP provided evidence that it had incorporated a check box feature into its data systems to designate a project as disaster-related. Adding a check box feature provides BOP with greater ability to reliably identify and track disaster-related projects and is consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should establish cost-effective and feasible analytic features—such as project milestones and cost indicators, as well as queries and alerts—that would position BOP to have better visibility into the monitoring of projects for possible delays and cost escalation. (Recommendation 3) |
Open
BOP did not concur with this recommendation. In its January 2022 comment letter, BOP stated that it believes that establishing the recommended features into a system not designed for this type of analysis could require additional funding and that it already has process in place to monitor projects through its contract monitoring process. We agree that any features that BOP establishes should be cost-effective and feasible. Given that BOP is currently working to make its data systems interoperable, which includes developing new features and requirements, the timing presents an opportunity for BOP to consider the costs and feasibility of establishing and incorporating the analytic features to determine which features would be most feasible and cost-effective, and take steps to incorporate them. Further, while BOP does have processes in place to monitor individual maintenance and repair projects, its mechanisms to oversee projects overall across the agency could be improved. In February 2023, BOP provided an update noting that that the implementation of the interoperable systems will begin at the end of fiscal year 2023 and that it does not plan to implement the enhancements we recommended at this point, due to inherent difficulties. In November 2023, BOP provided an update that the implementation of the interoperable systems is delayed and will begin in February 2024 and be completed by June 2024. Although BOP does not plan to implement the enhancements we recommended, BOP noted that it will conduct a cost-benefit analysis of adding the analytical features and will determine the timeframes of this analysis once BOP transitions to the new interoperable systems. We maintain that implementing this recommendation remains important and we will continue to monitor BOP's efforts.
|
| Bureau of Prisons | The Director of BOP should ensure that the plans to make financial and property management data systems interoperable incorporate the newly established analytic features, as appropriate, to ensure that project information is collected systematically. (Recommendation 4) |
Open
BOP did not concur with this recommendation. In its January 2022 comment letter, BOP stated that it believes that incorporating the recommended features into a system not designed for this type of analysis could require additional funding and that it already has process in place to monitor projects through its contract monitoring process. We agree that any features that BOP incorporates should be cost-effective and feasible. Given that BOP is currently working to make its data systems interoperable, which includes incorporating new features and requirements, the timing presents an opportunity for BOP to consider the costs and feasibility of incorporating the analytic features and take steps to incorporate those that it determines are cost-effective and feasible. Further, while BOP does have processes in place to monitor individual maintenance and repair projects, its mechanisms to oversee projects overall across the agency could be improved. In February 2023, BOP provided an update noting that that the implementation of the interoperable systems will begin at the end of fiscal year 2023 and that it does not plan to implement the enhancements we recommended at this point, due to inherent difficulties. In November 2023, BOP provided an update that the implementation is delayed and will begin in February 2024 and be completed by June 2024. Although BOP does not plan to implement the enhancements we recommended at this point, BOP noted that it will conduct a cost-benefit analysis of adding the analytical features and will determine the timeframes of this analysis once BOP transitions to the new interoperable systems. We maintain that implementing this recommendation remains important and we will continue to monitor BOP's efforts.
|
| Bureau of Prisons | The Director of BOP should, once the financial and property management data systems are interoperable, regularly conduct an analysis of trends using the established analytic features, as appropriate, and make changes, when warranted, to avoid unnecessary delays or costs. (Recommendation 5) |
Open
BOP did not concur with this recommendation. In its January 2022 comment letter, BOP stated that it believes that establishing the recommended features into a system not designed for this type of analysis could require additional funding and that it already has process in place to monitor projects through its contract monitoring process. We agree that any features that BOP establishes should be cost-effective and feasible. Given that BOP is currently working to make its data systems interoperable, which includes developing new features and requirements, the timing presents an opportunity for BOP to consider the costs and feasibility of establishing and incorporating the analytic features to determine which features would be most feasible and cost-effective, and take steps to incorporate them. Further, while BOP does have processes in place to monitor individual maintenance and repair projects, its mechanisms to oversee projects overall across the agency, such as analyzing trends across projects, could be improved. In February 2023, BOP provided an update noting that that the implementation of the interoperable systems will begin at the end of fiscal year 2023 and it does not plan to implement the enhancements we recommended at this point, due to inherent difficulties. In November 2023, BOP provided an update noting that the implementation of the interoperable system is delayed and will begin in February 2024 and will be completed by June 2024. Although it does not plan to implement the enhancements we recommended at this point, BOP noted that it will conduct a cost-benefit analysis of adding the analytical features and will determine the timeframes of this analysis once BOP transitions to the new interoperable systems. We maintain that implementing this recommendation remains important and we will continue to monitor BOP's efforts.
|
| Bureau of Prisons | The Director of BOP should implement a systematic approach for identifying and sharing the lessons that BOP institutions have learned following their disaster-related experiences. (Recommendation 6) |
Closed – Implemented
We found that, while BOP has approaches for institutions to identify and share lessons learned from their disaster-related experiences, BOP lacked a systematic approach for sharing lessons learned from all disasters. As a result, we recommended that the Director of BOP implement a systematic approach for identifying and sharing lessons learned from BOP institutions following their disaster-related experiences. In August 2022, BOP provided evidence that it had developed and implemented a mechanism where institutions can submit via email any best practices that it has implemented. These best practices are then to be reviewed by subject matter experts within BOP for consideration for broader dissemination through a quarterly best practices update that is posted on the BOP intranet. The best practices update will include any submitted practices approved by the subject matter experts that are not in conflict with BOP policy. This approach to identify and share lessons learned that BOP has implemented is consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should take steps to routinely collect feedback from its institutions to understand how or whether the lessons shared have been implemented at other institutions, as applicable. (Recommendation 7) |
Closed – Implemented
We found that, while BOP has approaches for institutions to identify and share lessons learned from their disaster-related experiences, BOP was not collecting feedback from institutions on whether any of the lessons learned from disasters that had been shared were applied, as appropriate, by other institutions.. As a result, we recommended that the Director of BOP should take steps to routinely collect feedback from its institutions to understand how or whether the lessons shared have been implemented at other institutions, as applicable. In August 2022, BOP provided evidence that it had developed a BOP intranet site where BOP can broadly disseminate best practices that institutions have submitted. Further, the intranet site directs institutions that plan to implement any of the best practices to report this information to BOP via email. The intranet site also encourages these institutions to share feedback so that BOP can assess the effectiveness of these practices for potential inclusion in national policy. This approach to share lessons learned and ask that institutions report plans to implement them and provide feedback to BOP is consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should expand the scope of its annual vulnerability assessments to include disaster-related risks and plans to mitigate the risks identified. (Recommendation 8) |
Closed – Implemented
We found that, while BOP conducts annual assessments of its institutions to assess any security-related vulnerabilities that need to be addressed; these assessments did not assess an institution's vulnerability to disasters. As a result, we recommended that the Director of BOP should expand the scope of its annual vulnerability assessments to include disaster-related risks and plans to mitigate the risks identified. In August 2022, BOP provided evidence that it had expanded the scope of its annual vulnerability assessments by including a checklist to conduct the annual Building and Grounds inspection at each institution that scans for disaster-related risks and plans to mitigate the risks. Specifically, the checklist asks BOP staff to note whether any disaster-related risks were identified during the year and, if so, to add a comment about the risk identified and plans to mitigate the risk. Adding these items that assess disaster-related risk to BOP's annual Building and Grounds assessment checklist is consistent with our recommendation.
|