Bureau of Prisons: Enhanced Data Capabilities, Analysis, Sharing, and Risk Assessments Needed for Disaster Preparedness
Fast Facts
The Bureau of Prisons tracks data on its facility maintenance and repair projects—including those stemming from disasters. But, the Bureau hasn't defined "disasters" for the purpose of tracking its maintenance and repair projects—making it harder to plan for disaster risks.
Also, the data systems that the Bureau uses can't do the analysis to identify trends in the types, timeliness, or costs of its projects. In addition, if the Bureau had a method for sharing all lessons learned and assessing its facilities' vulnerabilities, it could help the agency better plan for and recover from disasters.
Our recommendations address these issues.
Hurricane damage to an employee workspace at Federal Correctional Institution Pollock in Louisiana, August 2020
Highlights
What GAO Found
The Bureau of Prisons (BOP), within the Department of Justice, prepares for disasters by requiring its institutions to develop contingency plans outlining steps to prepare and respond to disasters and requiring staff to complete related training, which includes what constitutes a disaster.
Tornado Damage at a BOP Institution, April 2020
BOP has two data systems to collect information on maintenance and repair projects, including those related to disasters. However, BOP has not defined “disaster” for the purposes of tracking it in its data systems. Further, these systems do not include analytic features that could position BOP to identify trends in the type, timeliness, and cost of its projects. By establishing in policy a clear definition of disaster, and incorporating analytic features into its data systems—such as project milestones and cost indicators, as well as queries and alerts on these features—BOP could identify trends across projects and position itself to better address unnecessary delays or costs.
BOP has various processes for managing disaster response, including using a standardized Incident Command Structure approach and documenting and responding to the impacts of disasters on inmates and staff. For example, when a hurricane hit one BOP institution, the institution converted the visiting room and training center into staff living quarters and supplied cots, sheets, blankets, showers, and food until staff could return to their homes.
BOP lacks approaches for sharing lessons learned from all disasters and assessing institutions' disaster vulnerability. According to BOP, it identifies and shares disaster-related lessons learned through after-action reports; however, these reports are not required, and their content varies. Further, officials at all six institutions said they identified and shared lessons in other ways, such as conference calls. By implementing a systematic approach for identifying and sharing all the lessons learned and taking steps to routinely collect feedback from institutions on their application, BOP could have greater assurance that institutions are leveraging lessons to prepare for future disasters. Further, BOP's approach for assessing institutions' vulnerability focuses on security-related risks, not disaster-related risks, such as building damage. By expanding assessments to include disaster-related risks, BOP could leverage opportunities to build resilience and reduce institutions' risk to damage from future disasters.
Why GAO Did This Study
BOP is responsible for the care and custody of over 150,000 federal inmates and the maintenance and repair of 122 institutions. Natural disasters, such as hurricanes, can present a specific danger to inmates and staff who may not be able to evacuate, due to security measures.
Senate Report 116-127 includes a provision for GAO to examine how BOP protects inmates during disasters. This report addresses BOP's (1) preparation for disasters; (2) tracking and analysis of disaster-related repair projects; (3) approach to managing disaster response and related impacts; and (4) identification and sharing of lessons learned from, and assessment of vulnerability to, disasters.
GAO reviewed BOP guidance, policy, and data on maintenance and repair projects. GAO also interviewed officials from a nongeneralizable sample of six BOP institutions, selected, in part, on the basis of experience with a disaster from calendar years 2017 through 2020.
Recommendations
GAO is making eight recommendations to BOP, including establishing in policy a clear definition of disaster for tracking projects, incorporating analytic features into its data systems, systematically sharing lessons learned from disasters, and including disaster-related risks in its vulnerability assessments. BOP concurred with five of the eight recommendations. BOP did not concur with the three recommendations to incorporate analytic features into its data systems, citing among other things, questions about cost and feasibility. GAO made related modifications, as discussed in the report.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Bureau of Prisons | The Director of BOP should establish in policy a clear definition of "disaster" for the purposes of tracking maintenance and repair project information. (Recommendation 1) |
BOP concurred with this recommendation and stated in January 2022 that it would take steps to establish a definition of disaster for tracking maintenance and repair projects. In August 2022, BOP provided an update noting that it was currently working with multiple stakeholders to develop its definition. In February 2023, BOP officials reported to us that they had developed a definition and documented it in the draft Facilities Operations Manual Program Statement, which is in the process of being reviewed. As of July 2024, BOP reported that the review process for the revised program statement is still underway. We will continue to monitor BOP's efforts to establish in policy the definition it has developed once BOP has finalized the policy.
|
| Bureau of Prisons | The Director of BOP should establish codes or other tracking mechanisms for the purposes of tracking disaster-related projects. (Recommendation 2) |
BOP concurred with this recommendation and stated in January 2022 that it would take steps to establish codes or other tracking mechanisms to track its disaster-related projects. In March 2023, BOP provided evidence that it had incorporated a check box feature into its data systems to designate a project as disaster-related. Adding a check box feature provides BOP with greater ability to reliably identify and track disaster-related projects and is consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should establish cost-effective and feasible analytic features—such as project milestones and cost indicators, as well as queries and alerts—that would position BOP to have better visibility into the monitoring of projects for possible delays and cost escalation. (Recommendation 3) |
BOP did not concur with this recommendation. In its January 2022 comment letter, BOP stated that establishing the recommended features into a system not designed for this type of analysis could require additional funding and that it already had a process in place to monitor projects through its contract monitoring process. We agree that any features that BOP establishes should be cost-effective and feasible. However, at the time of our review, BOP was working to make its data systems interoperable, which included developing new features and requirements. We believed this presented an opportunity for BOP to consider the costs and feasibility of establishing and incorporating the analytic features to determine which features would be most feasible and cost-effective and take steps to incorporate them. In July 2024, BOP officials reported that it had examined options and found it too cost prohibitive to incorporate these features into the interoperable system it had been working to implement. Instead, BOP decided to make enhancements to its existing property management system that would better collect specific data points. These enhancements included elements related to cost, such as the amount of funding obligated to a project, the allotted funding amount, and the amount of unobligated funding. In addition, the enhancement also included elements related to timeframes to track delays, such as the percentage of project completion, the estimated date of completion, as well as the project approval and expiration dates. BOP also created a dashboard for real-time monitoring of projects that staff can query and get alerted to potential delays and cost escalation with its projects. Adding these enhancements to its property management system allows BOP to identify and address unnecessary delays and costs for its projects and is consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should ensure that the plans to make financial and property management data systems interoperable incorporate the newly established analytic features, as appropriate, to ensure that project information is collected systematically. (Recommendation 4) |
BOP did not concur with this recommendation. In its January 2022 comment letter, BOP stated that incorporating the recommended features into a system not designed for this type of analysis could require additional funding and that it already had a process in place to monitor projects through its contract monitoring process. We agree that any features that BOP incorporates should be cost-effective and feasible. However, at the time of our review, BOP was working to make its data systems interoperable, which included developing new features and requirements. We believed this presented an opportunity for BOP to consider the costs and feasibility of establishing and incorporating the analytic features to determine which features would be most feasible and cost-effective and take steps to incorporate them. In July 2024, BOP officials reported it had examined options and found it too cost prohibitive to incorporate these features into the interoperable system it had been working to implement. Instead, BOP decided to make enhancements to its existing property management system to include analytic features related to project timeliness and cost. Further, BOP reported that, to ensure that the information is collected systematically, it updated its facility operations training to go over the new features and provide guidance on how staff are to input data into the system. Incorporating these enhancements to its property management system and training staff on its use ensures that BOP is collecting the information systematically and that it is better informed to conduct project monitoring and oversight, which is consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should, once the financial and property management data systems are interoperable, regularly conduct an analysis of trends using the established analytic features, as appropriate, and make changes, when warranted, to avoid unnecessary delays or costs. (Recommendation 5) |
d that it believes that incorporating the recommended features into a system not designed for this type of analysis could require additional funding and that it already has process in place to monitor projects through its contract monitoring process. We agree that any features that BOP incorporates should be cost-effective and feasible. At the time of our review, BOP was working to make its data systems interoperable, which included developing new features and requirements, which presented an opportunity for BOP to consider the costs and feasibility of establishing and incorporating the analytic features to determine which features would be most feasible and cost-effective and take steps to incorporate them. In July 2024, BOP officials told us that it was too cost prohibitive to incorporate these features into the interoperable system it had been working to implement. Instead, BOP decided to make enhancements to its existing property management system to include analytic features related to project timeliness and cost. BOP also explained that it created a dashboard for real-time monitoring of projects that staff can use to analyze trends with its projects. These features better position BOP to be able to identify trends in the timeliness of projects and the factors driving those trends to inform its project oversight efforts. For example, the dashboard helped BOP identify a project at one of its institutions that was 8 months old, but 0% completed so that officials could follow up to determine the steps needed to correct it. Further, BOP officials told us that the dashboard helped them identify two related projects at another institution that they were able to combine which resulted in a cost savings of nearly $350,000. As a result of putting these features in place and using it for such analysis, BOP is better positioned for effective monitoring and oversight of its projects where it can anticipate and avoid unnecessary delays or costs. These efforts are consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should implement a systematic approach for identifying and sharing the lessons that BOP institutions have learned following their disaster-related experiences. (Recommendation 6) |
We found that, while BOP has approaches for institutions to identify and share lessons learned from their disaster-related experiences, BOP lacked a systematic approach for sharing lessons learned from all disasters. As a result, we recommended that the Director of BOP implement a systematic approach for identifying and sharing lessons learned from BOP institutions following their disaster-related experiences. In August 2022, BOP provided evidence that it had developed and implemented a mechanism where institutions can submit via email any best practices that it has implemented. These best practices are then to be reviewed by subject matter experts within BOP for consideration for broader dissemination through a quarterly best practices update that is posted on the BOP intranet. The best practices update will include any submitted practices approved by the subject matter experts that are not in conflict with BOP policy. This approach to identify and share lessons learned that BOP has implemented is consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should take steps to routinely collect feedback from its institutions to understand how or whether the lessons shared have been implemented at other institutions, as applicable. (Recommendation 7) |
We found that, while BOP has approaches for institutions to identify and share lessons learned from their disaster-related experiences, BOP was not collecting feedback from institutions on whether any of the lessons learned from disasters that had been shared were applied, as appropriate, by other institutions.. As a result, we recommended that the Director of BOP should take steps to routinely collect feedback from its institutions to understand how or whether the lessons shared have been implemented at other institutions, as applicable. In August 2022, BOP provided evidence that it had developed a BOP intranet site where BOP can broadly disseminate best practices that institutions have submitted. Further, the intranet site directs institutions that plan to implement any of the best practices to report this information to BOP via email. The intranet site also encourages these institutions to share feedback so that BOP can assess the effectiveness of these practices for potential inclusion in national policy. This approach to share lessons learned and ask that institutions report plans to implement them and provide feedback to BOP is consistent with our recommendation.
|
| Bureau of Prisons | The Director of BOP should expand the scope of its annual vulnerability assessments to include disaster-related risks and plans to mitigate the risks identified. (Recommendation 8) |
We found that, while BOP conducts annual assessments of its institutions to assess any security-related vulnerabilities that need to be addressed; these assessments did not assess an institution's vulnerability to disasters. As a result, we recommended that the Director of BOP should expand the scope of its annual vulnerability assessments to include disaster-related risks and plans to mitigate the risks identified. In August 2022, BOP provided evidence that it had expanded the scope of its annual vulnerability assessments by including a checklist to conduct the annual Building and Grounds inspection at each institution that scans for disaster-related risks and plans to mitigate the risks. Specifically, the checklist asks BOP staff to note whether any disaster-related risks were identified during the year and, if so, to add a comment about the risk identified and plans to mitigate the risk. Adding these items that assess disaster-related risk to BOP's annual Building and Grounds assessment checklist is consistent with our recommendation.
|