The Bureau of Prisons tracks data on its facility maintenance and repair projects—including those stemming from disasters. But, the Bureau hasn't defined "disasters" for the purpose of tracking its maintenance and repair projects—making it harder to plan for disaster risks.
Also, the data systems that the Bureau uses can't do the analysis to identify trends in the types, timeliness, or costs of its projects. In addition, if the Bureau had a method for sharing all lessons learned and assessing its facilities' vulnerabilities, it could help the agency better plan for and recover from disasters.
Our recommendations address these issues.
Hurricane damage to an employee workspace at Federal Correctional Institution Pollock in Louisiana, August 2020
What GAO Found
The Bureau of Prisons (BOP), within the Department of Justice, prepares for disasters by requiring its institutions to develop contingency plans outlining steps to prepare and respond to disasters and requiring staff to complete related training, which includes what constitutes a disaster.
Tornado Damage at a BOP Institution, April 2020
BOP has two data systems to collect information on maintenance and repair projects, including those related to disasters. However, BOP has not defined “disaster” for the purposes of tracking it in its data systems. Further, these systems do not include analytic features that could position BOP to identify trends in the type, timeliness, and cost of its projects. By establishing in policy a clear definition of disaster, and incorporating analytic features into its data systems—such as project milestones and cost indicators, as well as queries and alerts on these features—BOP could identify trends across projects and position itself to better address unnecessary delays or costs.
BOP has various processes for managing disaster response, including using a standardized Incident Command Structure approach and documenting and responding to the impacts of disasters on inmates and staff. For example, when a hurricane hit one BOP institution, the institution converted the visiting room and training center into staff living quarters and supplied cots, sheets, blankets, showers, and food until staff could return to their homes.
BOP lacks approaches for sharing lessons learned from all disasters and assessing institutions' disaster vulnerability. According to BOP, it identifies and shares disaster-related lessons learned through after-action reports; however, these reports are not required, and their content varies. Further, officials at all six institutions said they identified and shared lessons in other ways, such as conference calls. By implementing a systematic approach for identifying and sharing all the lessons learned and taking steps to routinely collect feedback from institutions on their application, BOP could have greater assurance that institutions are leveraging lessons to prepare for future disasters. Further, BOP's approach for assessing institutions' vulnerability focuses on security-related risks, not disaster-related risks, such as building damage. By expanding assessments to include disaster-related risks, BOP could leverage opportunities to build resilience and reduce institutions' risk to damage from future disasters.
Why GAO Did This Study
BOP is responsible for the care and custody of over 150,000 federal inmates and the maintenance and repair of 122 institutions. Natural disasters, such as hurricanes, can present a specific danger to inmates and staff who may not be able to evacuate, due to security measures.
Senate Report 116-127 includes a provision for GAO to examine how BOP protects inmates during disasters. This report addresses BOP's (1) preparation for disasters; (2) tracking and analysis of disaster-related repair projects; (3) approach to managing disaster response and related impacts; and (4) identification and sharing of lessons learned from, and assessment of vulnerability to, disasters.
GAO reviewed BOP guidance, policy, and data on maintenance and repair projects. GAO also interviewed officials from a nongeneralizable sample of six BOP institutions, selected, in part, on the basis of experience with a disaster from calendar years 2017 through 2020.
GAO is making eight recommendations to BOP, including establishing in policy a clear definition of disaster for tracking projects, incorporating analytic features into its data systems, systematically sharing lessons learned from disasters, and including disaster-related risks in its vulnerability assessments. BOP concurred with five of the eight recommendations. BOP did not concur with the three recommendations to incorporate analytic features into its data systems, citing among other things, questions about cost and feasibility. GAO made related modifications, as discussed in the report.
Recommendations for Executive Action
|Bureau of Prisons||The Director of BOP should establish in policy a clear definition of "disaster" for the purposes of tracking maintenance and repair project information. (Recommendation 1)|
|Bureau of Prisons||The Director of BOP should establish codes or other tracking mechanisms for the purposes of tracking disaster-related projects. (Recommendation 2)|
|Bureau of Prisons||The Director of BOP should establish cost-effective and feasible analytic features—such as project milestones and cost indicators, as well as queries and alerts—that would position BOP to have better visibility into the monitoring of projects for possible delays and cost escalation. (Recommendation 3)|
|Bureau of Prisons||The Director of BOP should ensure that the plans to make financial and property management data systems interoperable incorporate the newly established analytic features, as appropriate, to ensure that project information is collected systematically. (Recommendation 4)|
|Bureau of Prisons||The Director of BOP should, once the financial and property management data systems are interoperable, regularly conduct an analysis of trends using the established analytic features, as appropriate, and make changes, when warranted, to avoid unnecessary delays or costs. (Recommendation 5)|
|Bureau of Prisons||The Director of BOP should implement a systematic approach for identifying and sharing the lessons that BOP institutions have learned following their disaster-related experiences. (Recommendation 6)|
|Bureau of Prisons||The Director of BOP should take steps to routinely collect feedback from its institutions to understand how or whether the lessons shared have been implemented at other institutions, as applicable. (Recommendation 7)|
|Bureau of Prisons||The Director of BOP should expand the scope of its annual vulnerability assessments to include disaster-related risks and plans to mitigate the risks identified. (Recommendation 8)|