Search Options | ||||
Index | Site Map | FAQ | Facility Info | Reading Rm | New | Help | Glossary | Contact Us |
Office of the Inspector General Semiannual Report to Congress (NUREG-1415, Vol. 14, No. 2)On this page:Table of Contents
Memorandum to the ChairmanOn behalf of the Office of the Inspector General (OIG) for the U.S. Nuclear Regulatory Commission (NRC), I am pleased to submit this Semiannual Report to the U.S. Congress. This report summarizes significant OIG activities during the period from October 1, 2001, to March 31, 2002, in compliance with Sections 4 and 5 of the Inspector General Act of 1978, as amended. During this reporting period, our office completed nine audits of NRC's programs and operations. This work led OIG to make a number of recommendations and suggestions to NRC for program improvement. In addition, OIG completed 26 investigations and 1 event inquiry and made 9 referrals to NRC management. Finally, OIG analyzed six contract audit reports issued by the Defense Contract Audit Agency. Overall, these analyses caused OIG to question $276,384 in costs. OIG remains steadfast in its resolve to assist NRC with the many challenges associated with regulating the Nation's civilian use of nuclear power. I look forward to continuing to work collabor-atively with the NRC Commission and with agency managers and staff toward our common goal of ensuring the effectiveness, efficiency, and integrity of the programs that ultimately protect the health and safety of the public. Sincerely, Hubert T. Bell EXECUTIVE SUMMARYThe following two sections highlight selected audits and investigations completed during this reporting period. More detailed summaries appear in subsequent sections of this report.AUDITS
INVESTIGATIONS
THE OFFICE OF THE INSPECTOR GENERALIn October 1978, the Congress passed and the President signed the Inspector General (IG) Act, which created independent audit and investigative offices within 12 Federal agencies headed by IGs appointed by the President and confirmed by the Senate. Before that time, most Federal audit and investigative resources were under the management of specific Federal program offices, which meant that Federal auditors and investigators were frequently under the direction of the programs they were reviewing. This splintered system also made it hard for these small audit and investigative offices to see patterns of abuse in their agencies' programs.The IG concept has proved to be of significant benefit to the Government. Each year, billions of dollars are returned to the Federal Government or better spent based on the recommendations from IG reports. Because of this success, the IG concept has been gradually expanded throughout most of the Federal Government. There are now 57 Offices of Inspector General providing oversight to 59 Federal agencies. The Inspector General at the NRC and those at 27 other Federal agencies are appointed by the President and confirmed by the Senate. The modern civilian IG was derived from the military custom of having an "Inspector General" to provide an independent review of the combat readiness of the Continental Army's troops. Today's civilian IGs are charged with a similar mission: to independently review the programs and operations of their agencies; to detect and prevent fraud, waste, and abuse; and to promote economy, efficiency, and effectiveness so that their agencies can best serve the public. The major difference between IGs and other Federal officials is that the IGs are independent. This statutory independence is intended to ensure the impartiality of IG audits and investigations. The IG Act authorizes IGs to:
In the case of the NRC, Congress established an independent OIG through the 1988 amendment to the IG Act. Today, OIG's primary mission is to assist NRC by ensuring integrity, efficiency, and accountability in the agency's programs to regulate the civilian use of byproduct, source, and special nuclear material in a manner that adequately protects the public health and safety as well as the environment, while promoting the Nation's common defense and security. Specifically, NRC's OIG supports the agency by carrying out its mandate to (1) independently and objectively conduct and supervise audits and investigations related to NRC's programs and operations; (2) prevent and detect fraud, waste, and abuse; and (3) promote economy, efficiency, and effectiveness in NRC's programs and operations. OIG also keeps the NRC Chairman and members of Congress fully and currently informed about problems, recommends corrective actions, and monitors NRC's progress in implementing such actions. For Fiscal Year (FY) 2002, NRC's total budget authority is $559 million, which includes an appropriation of $6.2 million for OIG. ORGANIZATION AND FUNCTIONS OF NRC'S OIGThe NRC's OIG includes an audit staff, an investigative staff, an independent counsel, and a resource management and operations support (RMOS) staff. The IG's audit program is designed to keep the NRC Chairman and members of Congress fully and currently informed about problems, recommend corrective actions, and monitor NRC's progress in implementing such actions. OIG conducts performance, financial, and contract audits. Performance audits are conducted on NRC administrative and program operations to evaluate the effectiveness and efficiency with which managerial responsibilities are carried out and whether the programs achieve intended results. Financial audits attest to the reasonableness of NRC's financial statements. Contract audits evaluate the costs of goods and services procured by NRC from commercial enterprises. In addition, the audit staff prepares special evaluation reports that present OIG perspectives or information on a specific topic.The mission of OIG's investigative program is to perform investigative activities related to the integrity of NRC's programs and operations. The majority of OIG's investigations focus on violations of law or misconduct by NRC employees and contractors, as well as allegations of irregularities or abuses in NRC programs and operations. As a complement to the investigative function, the staff also conducts event inquiries, which yield investigative reports documenting the examination of events or agency actions that do not specifically involve individual misconduct. Instead, these reports identify institutional weaknesses that led to or allowed the occurrence of a problem. In addition, the OIG investigative staff periodically performs root cause analyses and implements other preventive initiatives such as integrity awareness training. OIG's General Counsel (GC) provides independent legal advice on criminal law and procedures, evidence, and constitutional law in the context of OIG's investigative program. The GC also develops legal interpretations of appropriations law, financial management statutes and regulations, and procurement and funding rules in support of OIG's audit program. In addition, the GC conducts and coordinates as necessary, with other cognizant OIG staff to provide in-depth reviews of and comments on existing and proposed legislation, regulations, directives, and policy issues that affect NRC programs and operations. The intent of these reviews is to assist the agency in prospectively identifying and preventing potential problems. The RMOS staff formulates and executes the OIG budget, prepares the OIG's Semiannual Report to Congress, operates an independent personnel program, administers the control of OIG funds, administers the information technology programs, coordinates strategic planning activities, and performs a variety of other support functions. ABOUT THE NRCNRC's mission is to regulate the Nation's civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. NRC's scope of responsibility includes regulation of commercial nuclear power plants; research, test, and training reactors; fuel cycle facilities; medical, academic, and industrial uses of nuclear materials; and the transport, storage, and disposal of nuclear materials and waste. NRC's regulatory mission covers three main areas:
The NRC places a high priority on keeping the public informed of its work. Toward that end, the agency maintains a current Web site and a public document room. In addition, the agency holds public hearings, public meetings in local areas and at NRC offices, and a variety of discussions with individuals and organizations. NRC's Commission is composed of five members, with one member designated by the President to serve as Chairman. Each member is appointed by the President, with the advice and consent of the Senate, and serves a term of 5 years. The Chairman serves as the principal executive officer and official spokesman of the Commission. The Executive Director for Operations (EDO) carries out the program policies and decisions made by the Commission. The NRC staff numbers approximately 2,800, with roughly two-thirds of the employees working at the agency's headquarters in Rockville, Maryland. The remainder are primarily located in four regional offices or at resident inspector offices at each commercial nuclear power plant and some fuel cycle facilities. NRC's Most Serious Management Challenges as of December 17, 2001
THE AUDIT PROGRAMTo help the agency improve its effectiveness during this period, the OIG completed nine performance and financial audits, which resulted in a number of recommendations and suggestions to NRC management. In addition, the OIG analyzed six contract audit reports issued by the U.S. Defense Contract Audit Agency (DCAA) and one contract audit issued by General Services Administration OIG. Overall, these analyses caused the OIG to question $276,384 in costs. AUDIT SUMMARIESUse of the Internet at NRC The Internet provides computer access to an ever-expanding storehouse of electronic information through the mass connection of networked computers. Use of the Internet offers tremendous capabilities to employees in terms of access to a wide variety of information sources relevant to their official duties. How-ever, along with tremendous advantages, the Internet provides access to an extensive range of information that may not be consistent with business needs and may be harmful or inappropriate for the workplace. OIG conducted this audit to determine whether NRC employees' use of the Internet is appropriate and in compliance with NRC policy. Based on Internet activity over an 8-day period in June 2001, at least 52 percent and as much as 79 percent of employee Internet activity was for personal use. Some personal use, such as looking at sexually explicit Web sites, was in direct violation of NRC policy. Visits to sexually explicit Web sites are significant because these sites' contents may be offensive to others and could foster a hostile work environment, leading to potential legal liabilities for the agency. Personal use can also slow information transfer from the Internet, affecting the ability of others to use the Internet for business purposes. Because of the amount of personal use and the occurrence of prohibited activity, NRC needs to enforce and clarify its May 2001 policy covering personal Internet usage. (Addresses Management Challenges #3 and 6) Review of NRC's Accountability and Control of Software On September 30, 1998, the President signed Executive Order 13103, Computer Software Piracy, requiring all executive agencies to adopt policies and procedures to promote legal software use and proper software management. Executive Order 13103 also directed the Federal Chief Information Officers (CIO) Council to improve agency practices concerning (1) acquisition and use of software and (2) combating the use of unauthorized software. In August 1999, the CIO Council published agency guidelines to promote legal software usage. Audit objectives were to determine whether NRC (1) policies governing the accountability and control of software and software licensing agreements comply with applicable laws and regulations and (2) management controls are adequate to account for software and ensure that software is properly licensed. The audit found that NRC is not in compliance with Executive Order 13103. NRC's policies (Management Directives) and procedures (management controls) do not address the full scope of Executive Order 13103's requirements because (1) NRC focused its actions on personal use, rather than all uses, of software and (2) the agency planned to change the business approach for its information technology resources. As a result, NRC has not conducted an initial assessment of its software, established a baseline for software inventory, or determined if all software on agency computers is authorized. The lack of adequate policies and procedures leaves the NRC, its employees, and its contractors vulnerable to the consequences of unauthorized software use-which may include fines and imprisonment. (Addresses Management Challenge #3) Review of NRC's Use of Credit Hours Flexible work schedules (FWS) allow employees to determine work schedules within the limits set by the agency and to earn credit hours. Credit hours represent hours within an FWS that an employee elects to work in excess of his or her basic work requirement to vary the length of the workday. The use of credit hours under an FWS began at NRC on March 3, 1996. Approximately 11 percent of NRC employees earned and/or used credit hours during FY 2000, composing less than 1 percent of approximately 6 million regular hours worked by agency employees. Audit objectives were to determine whether NRC's (1) policies governing the accountability and control over the use of credit hours comply with applicable laws and regulations and (2) established practices provide adequate controls over the use of credit hours. The audit found that while the NRC credit hour guidance adheres to applicable laws and regulations, this guidance is informal, fragmented, and ineffectively communicated. Additionally, the process for requesting and approving credit hours is not fully controlled. As a result, some employees earned credit hours without proper authorization. (Addresses Management Challenge #8) Audit of AID-Funded Activities The Foreign Assistance Act of 1961, as amended, and the Freedom Support Act contain the funding authority to provide nuclear regulatory assistance to countries of the former Soviet Union. For FYs 1992 through 2001, the U.S. Agency for International Development (AID) provided NRC approximately $38,950,000 in funding for assistance programs for Russia, Ukraine, Armenia, and Kazakhstan. The purpose of these assistance programs is to increase the capacity and stature of each country's regulatory body to ensure the operational safety of their Soviet-designed reactors. The audit objective was to determine whether NRC has adequate management controls in place to manage the AID-funded assistance programs for Russia, Ukraine, Armenia, and Kazakhstan. The audit found that NRC has recently made program improvements in a number of areas. Specific progress includes, but is not limited to, (1) substantially reducing the amount of unobligated funds that had to be returned to the U.S. Treasury, (2) requesting and receiving AID preapproval to use carryover funds in increasing amounts to avoid funding lapses, (3) consolidating program responsibilities into the Office of International Programs (OIP), and (4) establishing an International Council composed of NRC executives to ensure a focused, integrated international program. While these improvements reflect positively on the program's management, further improvements in the program's management controls are needed. Specifically, the program needs (1) better oversight for the full scope of its activities, (2) a formal approval process for new implementing agreements with other countries, and (3) improved internal coordination and communication. These improvements are needed because OIP does not have detailed policies or procedures to address the underlying control issues and considers the need for them to be a low priority. Effective implementation of these improvements will make the program less susceptible to fraud, waste, and mismanagement. Additionally, NRC has not developed a strategic plan for the program, as recommended by the U.S. General Accounting Office. (Addresses Management Challenges #4, 5, and 7) Audit of Unbilled Costs by Computer Sciences Corporation In 1994, NRC's Office of the Chief Information Officer began an effort to integrate agency computer systems efforts into one contract under a single program. In July 1995, NRC contracted with the General Services Administration (GSA) Federal Systems Integration and Management Center (FEDSIM) to procure and manage services required to implement the program. In August 1996, FEDSIM selected Computer Sciences Corporation (CSC) as the prime contractor for meeting NRC's needs. The initial projected cost of the anticipated 5-year contract was $46.5 million. As of March 30, 2001, total NRC obligations were $63.2 million and expenditures were approximately $48.4 million. In August 2000, CSC submitted a $542,709 invoice for work that had been completed between November 1998 and November 1999, but never billed. NRC's OIG requested GSA's OIG to conduct this audit to determine whether the unbilled costs were (1) previously paid, (2) actually incurred in the performance of the contract and supported by appropriate records, and (3) allowable and allocable to the NRC contract in accordance with the Federal Acquisition Regulations and contract provisions. NRC's OIG provided GSA with technical support on this effort. The audit resulted in a total disallowance of $51,221, which OIG recommended that NRC withhold from payment. (Addresses Management Challenge #4) Inspector General's Assessment of the Most Serious Management Challenges Facing NRC On January 24, 2000, Congress enacted the Reports Consolidation Act of 2000 to provide financial and performance management information in a more meaningful and useful format for Congress, the President, and the public. The act includes a requirement that each Federal agency Inspector General summarize what he or she considers to be the most serious management and performance challenges facing his or her respective agency and assess the agency's progress in addressing those challenges. In accordance with the Reports Consolidation Act of 2000, the NRC IG submitted his annual statement assessing the most serious management challenges facing the NRC. These challenges can be found on page 3 of this report. (Addresses All Management Challenges) Review of the Materials Licensee Fee A 1959 amendment to the Atomic Energy Act of 1954 allowed States to regulate most radioactive materials by entering into an agreement with the U.S. Atomic Energy Commission (AEC). Today, the NRC, a successor to AEC, oversees 32 Agreement States. As a result of the increase in the number of Agreement States, the number of materials licensees regulated by NRC has decreased from more than 9,000 to about 5,000. The Independent Offices Appropriation Act of 1952 states that independent Federal agencies should be self-sustained by establishing "fair" fees for the services they provide. In 1990, Congress passed the Omnibus Budget Reconciliation Act (OBRA) that required NRC to recover approximately 100 percent of its budget, which the agency recoups by charging direct and annual fees to its licensees. A recent amendment to OBRA reduced NRC's fee recovery requirement to 96 percent for FY 2002, and authorizes a 2-percent recovery decrease each year until FY 2005 when NRC's fee recovery requirement will be approximately 90 percent. The objective of this audit was to determine whether NRC is adjusting its resources and operations to reflect the projected loss of additional materials licensees. The audit found that NRC has made some adjustments in direct program full-time equivalents to reflect the continuing loss of materials licensees. However, NRC has not adequately addressed its non-direct cost components: program overhead, management and support costs, and surcharge costs, which compose approximately 60 percent of the materials fees. Without significant reductions in both direct and non-direct costs, the agency will not be able to stabilize or reduce materials fees. As a result, NRC needs to (1) ensure that its cost accounting capabilities can directly trace overhead costs to all agency programs and (2) conduct a disciplined evaluation to determine that their activities are necessary, efficient, and effective in support of the agency's mission. (Addresses Management Challenges #4, 5, and 6) Independent Auditors' Report and Principal Statements for the Years Ended September 30, 2001 and 2000 The Chief Financial Officers Act requires the OIG annually to audit NRC's Principal Financial Statements. To meet this mandate, the OIG obtains the services of an independent, external audit firm to perform the audit, with OIG oversight. The audit report for the years ended September 30, 2001 and 2000, contains (1) the principal statements and the auditors' opinion on those statements; (2) the opinion on management's assertion about the effectiveness of internal controls; and (3) a report on NRC's compliance with laws and regulations. In addition, an appendix to the report contains written comments obtained from the Chief Financial Officer (CFO). Principal Statements The independent auditors issued an unqualified opinion on the balance sheet and the statements of changes in net position, net cost, budgetary resources, and financing. Internal Controls In the report on management's assertion about the effectiveness of internal controls, the auditors concluded that management's assertion is not fairly stated. The auditors reached this conclusion because management did not identify the lack of managerial cost accounting and inadequate accounting for internal use software as material weaknesses. The auditors identified two new reportable conditions and closed four prior-year reportable conditions. The new conditions concern accounting for internal use software and contract close-out procedures. Laws and Regulations The report on NRC's compliance with laws and regulations disclosed three noncompliances: (1) NRC did not comply with Executive Order 13103, Computer Software Piracy, (2) NRC's 10 CFR Part 170 license fee rates are not based on full cost, and (3) NRC is in substantial non-compliance with the Federal Financial Management Improvement Act of 1996 (FFMIA). Specific issues related to FFMIA are that managerial cost accounting was not implemented, as required, and that the agency did not adequately account for internal use software. (Addresses Management Challenge #4) Memorandum Report: Review of NRC's Implementation of the Federal Managers' Financial Integrity Act (FMFIA) for Fiscal Year 2001 The FMFIA was enacted on September 8, 1982, in response to continuing disclosures of waste, loss, unauthorized use, and misappropriation of funds or assets associated with weak internal controls and accounting systems. Congress felt such abuses hampered the effectiveness and accountability of the Federal Government and eroded the public's confidence. The FMFIA requires Federal managers to establish a continuous process for evaluating, improving, and reporting on the internal controls and accounting systems for which they are responsible. The FMFIA requires the head of each executive agency subject to the FMFIA, to submit a report to the President and Congress each year on the status of management controls and financial systems that protect the integrity of agency programs and administrative activities. NRC makes its FMFIA assessment in its annual Performance and Accountability Report. NRC complied with FMFIA requirements for FY 2001. Although NRC is not reporting any material weaknesses, OIG is reporting two material weaknesses: the absence of a managerial cost accounting process and inadequate accounting for internal use software. The agency has recognized these issues as significant, but not material, weaknesses. OIG first reported the lack of managerial cost accounting as a material weakness in the FY 1998 reports on FMFIA and the agency's financial statements. NRC expects to implement managerial cost accounting during FY 2002. Inadequate accounting for internal use software is a new material weakness identified during the audit of NRC's FY 2001 financial statements. In 1998, the Federal Accounting Standards Advisory Board issued guidance for agencies to account for the development of internal use software. The guidance became effective October 1, 2000. The guidance prompted the Chief Financial Officer community to develop policy, redesign systems, designate documentation standards, and develop an adoption strategy for the new accounting standard. NRC, in a very timely and thorough fashion, developed policy guidance for adoption of the standard. However, NRC did not adequately implement the management controls needed to ensure compliance with the accounting standard. The CFO and the EDO disagreed that the lack of managerial cost accounting and inadequate accounting for internal use software are material weaknesses. OIG will report these issues as material weaknesses until the agency implements corrective actions. (Addresses Management Challenge #4) AUDITS IN PROGRESSSurvey of NRC's Safety Culture and Climate - 2002 In March of this year, the Inspector General announced the initiation of OIG's second assessment of NRC's safety culture and climate. In 1998, the OIG sponsored the first NRC Safety Culture and Climate Survey. The survey instrument was developed and administered by an independent contractor. All employees were invited to participate via a paper questionnaire. Of the 3,013 employees asked to participate, 1,696 completed valid surveys for an overall return rate of 56 percent. The 1998 NRC Safety Culture and Climate Survey established an overall baseline against which OIG can compare the results of the forthcoming survey. The OIG has again contracted for the necessary expertise to measure the agency's organizational safety culture and climate. Our overall goal is to make recommendations based on the salient points made by the survey results. (Addresses All Management Challenges) Audit of the Agencywide Documents Access and Management System In implementing the agency's mission, effective document management is critical. Agency documents contain important information that provides the basis for policies, decisions, and regulatory actions. NRC planned a core Agencywide Document Access and Management System (ADAMS) to meet current and future needs. ADAMS was planned to address agency record management requirements and be acceptable to the National Archives and Records Administration as NRC's official electronic recordkeeping system. The agency envisioned that ADAMS would make more documents available to the public and reduce the time it takes for NRC staff to respond to public, licensee, and congressional requests. With a business case justifying a 2-year project costing $12.8 million, the system was declared operational on April 1, 2000. However, the system had some shortfalls with regard to functionality, ease of use, reliability, and document tracking and reporting capabilities desired by the agency. Overall, the system did not operate as desired due to these shortfalls. In May 2000, the Chairman requested that the Office of the Chief Information Officer conduct an assessment of issues affecting the implementation of ADAMS and provide an action plan for addressing these issues. Objectives of this review are to determine how effectively the Chairman's request has been carried out and to assess whether additional actions are required by NRC to make ADAMS successful. (Addresses Management Challenges #3, 5, and 6) Audit of NRC's Significance Determination Process The regulatory framework for reactor oversight is a risk-informed, tiered approach to ensuring nuclear plant safety. There are three key strategic performance areas: reactor safety, radiation safety, and safeguards. Within each strategic performance area are cornerstones that reflect the essential safety aspects of facility operation. Satisfactory licensee performance in response to the cornerstones provides reasonable assurance of safe facility operation. The NRC has established a significance determination process (SDP) to be used in initial screening to identify those inspection findings that would not result in a significant increase in risk and, thus, need not be analyzed further. Remaining inspection findings, which may have an effect on plant risk, are then subjected to a more thorough risk assessment. This more detailed assessment may involve NRC risk experts from the appropriate regional office and further review by the utility staff. The outcome of the more detailed review is used to determine what further NRC action may be warranted. Licensees have expressed concerns about NRC's implementation of the reactor oversight process and, in particular, the evaluation of inspection findings using the SDP. Given the SDP's importance to NRC's mission, the OIG initiated a review of the process. The objectives of this audit are to determine whether the process is achieving desired results, NRC staff clearly understand the significance determination process, and NRC staff is using the process in accordance with agency guidance. (Addresses Management Challenges #2, 3, 5, 6, and 7) Management Review of NRC's Regional Offices NRC regional offices execute established agency policies and assigned programs relating to inspection, licensing, incident response, governmental liaison, resource management, and human relations. Each regional office implements an array of technical and administrative programs and activities through three technical divisions and one administrative division. The Divisions of Reactor Projects, Reactor Safety, and Nuclear Materials Safety carry out a substantial part of NRC's safety mission. In addition, the Division of Resource Management and Administration provides various administrative support functions for the entire regional office. Although OIG has audited various aspects of regional operations, it has not performed a comprehensive management review of all regional offices. This management review is covering the full range of regional operations and is offering opportunities for OIG to identify issues unique to NRC's regional offices. The overall audit objective is to evaluate three broad areas: (1) Policy Implementation - Does the region have policies with established goals for each element targeted in the audit? (2) Management Controls - Are these goals being met? More specifically, how does the region measure (track) its accomplishment of these goals and do we agree with the region's assessment of these areas? and (3) Resource Management - Are there problems with the allocation of resources to/within the region? This will include reviewing whether resources are being used and managed with maximum efficiency, effectiveness, and economy and whether financial transactions and accounts are properly conducted, maintained, and reported. (Addresses All Management Challenges) Audit of NRC's Implementation of the Simplified Acquisition Process During FY 2000, the NRC obligated $83 million in contract actions with commercial firms, nonprofit organizations, and universities. During the same period, simplified acquisitions accounted for 57 percent of the contract actions and approximately 29 percent of the contract dollars. The agency acquires a broad range of products and services, including technical assistance and research in nuclear fields, information technology, facility management, and administrative support. Agency procurement of products and services are governed by the Federal Acquisition Regulations and the NRC Acquisition Regulation. As a Procurement Reinvention Laboratory since 1993, NRC continues to expand its use of new and innovative procurement streamlining techniques consistent with procurement reforms. The Federal Acquisition Streamlining Act of 1994 is the combination of many initiatives in procurement reforms. Several reforms in the act represent significant changes in how companies will be doing business with the Federal Government. For example, the act allows for easier processing of simplified purchase methods. The act defines the term "simplified acquisition" as purchases not exceeding the maximum threshold of $100,000, using procedures prescribed in the Federal Acquisition Regulation Part 13, "Simplified Acquisition Procedures." The audit objectives are to determine whether (1) NRC's policies governing simplified acquisitions comply with applicable laws and regulations and (2) management controls for simplified acquisitions provide reasonable assurance to deter and prevent loss through fraud, waste, or misuse. (Addresses Management Challenges #3 and 4) Audit of NRC's Oversight of Its Federally Funded Research and Development Center The NRC contracted with Southwest Research Institute (SwRI) to operate a Federally Funded Research and Development Center (FFRDC) in October 1987. SwRI established the Center for Nuclear Waste Regulatory Analyses (the Center) to provide long-term technical assistance and research on NRC's High-Level Waste Program. NRC's Office of Nuclear Material Safety and Safeguards is responsible for the technical oversight of the FFRDC, while the Division of Contracts and Property Management, Office of Administration, administers the contract. In October 1992 and again in September 1997, the agency extended its contract with SwRI for an additional 5 years. The current contract is scheduled to expire on September 30, 2002. The Commission must decide whether to renew the contract with SwRI, which is one of NRC's largest active contracts at a ceiling of $87.6 million. During the two previous contract renewals, the OIG reviewed the nature and adequacy of the NRC's renewal justification. These reviews resulted in several recommendations that were accepted and implemented by the EDO. The purpose of this audit is to determine if NRC is properly considering all requirements for an FFRDC review in preparing its renewal justification. Additionally, OIG is examining how NRC fulfills its responsibilities for technical oversight and contract administration of the FFRDC. (Addresses Management Challenges #2, 4, 7, and 8) Audit of NRC's Program To Account for Special Nuclear Material DOE produces special nuclear material that is used by some NRC licensees. Accurately accounting for this material is technically challenging and has a history of difficulties. The Nuclear Materials Management and Safeguards System (NMMSS) is designed to assist DOE and NRC staff maintain control over and account for these materials. However, significant discrepancies are periodically identified between the amounts of materials recorded in NMMSS and licensee records. This raises questions regarding how accurately NRC inspection staff are able to identify and account for special nuclear material entrusted to licensees. This audit is responding to longstanding public concerns regarding the accurate control and use of special nuclear materials. The audit will primarily focus on materials licensees. (Addresses Management Challenges #1, 3, and 5) Audit of Security at NRC Headquarters When NRC selected its current Rockville, Maryland, site for it headquarters operations, security considerations were not a major factor in the decision because security threats were not viewed as an overriding concern at that time. However, the September 11, 2001, terrorist attacks on the World Trade Center and the Pentagon caused NRC to tighten security at its headquarters and regional offices. In addition, NRC's Division of Facilities and Security, Office of Administration, undertook a security review of the NRC headquarters buildings, based on guidelines in the Department of Justice's (DOJ) Vulnerability Assessment of Federal Facilities, published in June 1995. The DOJ assessment established criteria for ranking Federal facilities and prescribed minimum security standards applicable to each of the rankings. The DOJ study classified NRC headquarters based on its size, number of staff, dealings with the public, and housing of adjudicatory bodies. DOJ's rankings of Federal facilities and prescription of security measures remain the standard, although some agencies have opted for more stringent security measures. The audit is focusing on three main areas: (1) Does headquarters have the necessary physical security measures in place to meet existing threat levels? (2) Is headquarters prepared to handle an emergency response situation? and (3) Does NRC have appropriate procedures in place to handle physical security and emergency response situations and are staff familiar with their responsibilities in accordance with NRC procedures? (Addresses Management Challenge #1) Audit of NRC's Controls Over the Use and Protection of Social Security Numbers The Social Security Administration (SSA) created the Social Security number (SSN) in 1936 as a means of tracking workers' earnings and eligibility for Social Security benefits. However, over the years, the SSN has become a de facto national identifier used by Federal agencies, State and local governments, and private organizations. Government agencies frequently ask individuals for their SSNs because in certain instances they are required to or because SSNs provide a convenient means to track and exchange information. While a number of laws and regulations require the use of SSNs for various Federal programs, they generally also impose limitations on how agencies may use SSNs. The expanded use of the SSN as a national identifier provides a tempting motive for many unscrupulous individuals to acquire a SSN and use it for illegal purposes. While no one can fully prevent SSN misuse, Federal agencies have some responsibility to limit the risk of unauthorized disclosure of SSN information. To that end, the Chairman of the House Ways and Means Subcommittee on Social Security asked the SSA/OIG and the President's Council on Integrity and Efficiency to look across Government at the way Federal agencies disseminate and control SSNs. The NRC OIG is assisting in this effort. The objective of this audit is to assess NRC's controls over the access, disclosure, and use of SSN information by third parties. Specifically, OIG will determine whether NRC:
OIG will also identify additional steps NRC can take to ensure that it has adequate controls over the use and protection of SSNs. (Addresses Management Challenges #1, 3, and 4) SIGNIFICANT RECOMMENDATIONS NOT YET COMPLETEDNRC Compliance With the Federal Financial Management Improvement Act of 1996 The Federal Financial Management Improvement Act of 1996 (FFMIA) requires that agencies establish a remediation plan when their financial systems do not comply with the provisions of the act. The remediation plan is to include resources, remedies, and intermediate target dates to bring the agency's systems into compliance. An agency then has 3 years to implement its plan. Section 804(b) of the FFMIA requires that Inspectors General who prepare semiannual reports to Congress must report instances and reasons when an agency has not met the intermediate target dates established in its remediation plan. On March 1, 1999, OIG reported a substantial noncompliance with the FFMIA because the NRC had not implemented a cost accounting process as required by Statement of Federal Financial Accounting Standards No. 4. NRC's Office of the Chief Financial Officer submitted a remediation plan dated July 19, 1999, which was last revised in May 2001. Full implementation of cost accounting is now scheduled for completion in FY 2002. OIG will continue to monitor the agency's progress and report, as needed, in future semiannual reports. THE INVESTIGATIVE PROGRAMDuring this reporting period, the OIG received 94 allegations, initiated 29 investigations and 3 event inquiries, and closed 26 cases and 1 event inquiry. In addition, the OIG made nine referrals to NRC management. INVESTIGATIVE CASE SUMMARIESUnauthorized Release of Draft Yucca Mountain Review Plan OIG conducted an investigation relating to the unauthorized release of predecisional information. Specifically, OIG received a concern that DOE personnel or contractors had improperly obtained a draft copy of the NRC Yucca Mountain Review Plan (YMRP). An alleger suggested that the release of the draft YMRP to DOE indicated an improper relationship between the NRC and DOE. OIG determined that the draft was originally planned for release at an NRC's Advisory Committee for Nuclear Waste (ACNW) meeting on September 19, 2000. However, the NRC Commission decided not to publicly release the draft YMRP until work on the final rule for Title 10, Code of Federal Regulations, Part 63, was completed. The OIG investigation determined that in September 2000, about 1 week before the scheduled release of the YMRP, an NRC official at Yucca Mountain allowed a DOE nuclear engineer to review the draft YMRP in the NRC office. Unbeknown to the NRC official, the DOE engineer photocopied the draft plan and gave his unauthorized draft copy to a DOE contractor employee involved with licensing. The DOE engineer recommended that the contractor employee duplicate, distribute, and review the draft so that the DOE would be prepared to discuss its contents at the September 19, 2000, ACNW meeting. However, because of the NRC Commission's direction, the YMRP was not presented at the ACNW meeting or otherwise officially released to the public. As a result of this investigation, the U.S. Department of Justice declined prosecution and the NRC employee has since retired. NRC OIG also provided details related to this investigation to DOE's OIG. NRC Employee Use of NRC Pager for Personal Business OIG completed an investigation into billing records for a pager assigned to an NRC employee that indicated a very high level of usage which did not appear to be associated with official business. OIG's investigation disclosed that the employee used his assigned NRC two-way pager for prohibited personal communications. The employee's extensive personal use of his pager resulted in excess charges to NRC of more than $43,000 and constituted approximately 94 percent of the employee's total pager usage. The majority of these personal pages were to and from a female Government employee located in Las Vegas, Nevada. Also, OIG found that 75 percent of telephone calls made to the same female employee by the NRC employee using his NRC-assigned telephone were personal. The NRC employee also used his Government travel credit card to make approximately $520 worth of personal purchases, including airline tickets to Las Vegas, adult reading material, and diet drugs. Additionally, the NRC employee misused his NRC computer to view and save images of from sexually explicit Web sites. Action by the agency is pending. (Addresses Management Challenge #4) Possible Bid Rigging in Connection with Contracts Let From the Moab Mill Reclamation Trust OIG conducted an investigation based on a report of possible bid rigging on a contract for the Moab Mill Reclamation Trust. As background, a mining corporation in Utah, which had an NRC material source license for uranium oxide extraction, closed the mine in 1987 and declared bankruptcy in 1998 before completing the reclamation of the mill tailings site that was a by-product of the extraction process. As part of the bankruptcy proceedings, a public accounting firm was hired to manage a trust fund, which included more than $5 million in the mining corporation's funds and assets. NRC and the State of Utah were included as claimants in this trust fund. A contractor was also hired to continue work on the reclamation of the mill tailings site. The contractor sent out a solicitation for a subcontractor to dewater the onsite mill tailings pile (this process is also known as wick drain technology). According to the alleger, the solicitation called for a subcontractor to dewater a small test pilot project of 750,000 square feet. The intent was that following the award of this initial solicitation, another bid would be submitted for the full project. Instead, the subcontractor that won the solicitation went immediately into full production of dewatering the entire pile of about 13 million square feet, thereby negating the requirement for an additional bid. The alleger claimed that the cost per linear foot for completing the small test project was much higher than the industry standard for wicking on a large job. As a result of the investigation, OIG determined that the winning subcontractor, which was the lowest bidder for the test pilot project, was awarded the full production job for dewatering without the primary contractor resoliciting the contract. However, the subcontractor completed the full production at a rate well below the subcontractor's bid for the test pilot project and within the industry standards. Improper Release of Safeguards and Confidential Information OIG conducted an investigation into three separate allegations involving the improper release of safeguards and confidential information by NRC staff to the public. One release of safeguards information allegedly occurred during an industry meeting when a guest speaker disclosed NRC safeguards information relating to the NRC Operational Safeguards Response Evaluation (OSRE) program. The OIG investigation concluded that the safeguards information that the guest speaker disclosed at the meeting had been publicly available through a number of sources. In another instance, OIG discovered that a NRC senior project manager publicly distributed what he considered a "sanitized" NRC document containing OSRE findings. He created the "sanitized" document by using NRC worksheets that were not marked as containing safeguards information. He distributed the "sanitized" document to the industry with no specific guidelines, and the industry distributed the document to the press. Subsequently, NRC reevaluated the worksheets and the "sanitized" document and determined that these documents contained safeguards information. The staff later marked the documents properly. Additionally, OIG discovered that numerous documents relating to the OSRE program were available electronically to the public via the NRC Web site and/or ADAMS. OIG found that one of these documents contained specific safeguards information relating to the OSRE program while other documents were considered by the NRC staff to be "sensitive." These documents were subsequently pulled from the NRC Web site and ADAMS. The agency is reviewing its procedures to protect safeguards information from improper release. (Addresses Management Challenge #5) Misuse of NRC Computer to Access Pornographic Material OIG completed investigations of five NRC employees who misused their Government computers to access pornographic Internet sites. The investigations were based on a referral of information developed during an OIG audit of NRC Internet use. The audit identified NRC Internet Protocol (IP) addresses that had been used to visit pornographic sites. Each IP address was associated with the NRC computer bearing the NRC property tag and the individual assigned to the NRC computer. As a result of the investigations, OIG found that each of the five employees accessed Internet sites containing sexually explicit material on their assigned NRC computer. Moreover, OIG found that the number of visits to these pornographic sites involved up to 35 sessions and resulted in the downloading of several thousand files of sexually explicit graphic images. Two of the NRC employees retired from Government service and one employee was given a 45-calendar-day suspension without pay. Action by the agency on the remaining completed investigations is pending. (Addresses Management Challenge #3) Inappropriate Use of NRC Computer Equipment by Contractor Personnel OIG conducted three investigations into the improper use of NRC-owned computers by three NRC contractor employees to access Internet sites containing sexually explicit material. These investigations were likewise based on a referral of information developed during an OIG audit of NRC Internet use that identified NRC IP addresses used to visit pornographic sites. The OIG investigations found that access to these sexually explicit Internet sites by the NRC contractors involved up to 50 sessions and resulted in the downloading of several hundred files of sexually explicit graphic images. As a result of these investigations, the contractors were terminated from employment, and the contractor agreed to reimburse NRC for the time their employees were engaged in prohibited personal use of NRC computers. (Addresses Management Challenge #3). INVESTIGATIVE STATISTICSSource of Allegations - October 1, 2001, through March 31, 2002
INSERT GRAPHIC HERE (Pie Chart)Disposition of Allegations - October 1, 2001, through March 31, 2002
INSERT GRAPHIC HERE (Bar Chart)Status of Investigations
Summary of Investigations
OTHER ACTIVITIESREGULATORY REVIEWThe Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), requires OIG to review existing and proposed legislation and regulations and to make recommendations concerning the impact of such legislation or regulations on the economy and efficiency of programs and operations administered by the agency. NRC agency directives requiring submission of all draft legislation, regulations, and policies to OIG facilitates this statutory review. OIG conducts its regulatory review program by examining submitted documents reflecting regulatory, statutory, and policy actions. Proposed actions and revisions are measured against standards evaluating potential for fraud, efficiency and effectiveness. The review also encompasses issues raised in OIG investigations, audits, and prior regulatory commentaries. The objective of the regulatory review program is to examine agency actions to assist in the elimination of fraud, waste, and abuse within the agency. In addition, comments are used to address issues related to preserving the independence and integrity of the OIG under its statutory precept. These objectives are met through formal memoranda as well as meetings and discussions. To more effectively track agency responses to regulatory review comments, OIG now requests written replies within 90 days, with either a substantive reply or status of issues raised by OIG. From October 1, 2001, through March 31, 2002, OIG reviewed almost 200 agency documents, including approximately 90 Commission papers (SECYs) and 75 Federal Register Notices, regulatory actions, and statutes. As stated in the objectives section of Management Directive (MD) 1.1, the purpose of the NRC Management Directive System is to effectively communicate policies, objectives, responsibilities, authorities, requirements, guidance, and information to NRC employees. This type of objective and specific direction is a critical element in avoiding fraud and abuse in agency programs and operations. Therefore, the NRC OIG expends significant effort in reviewing and commenting on these directives. The most significant commentaries are summarized below. Regarding MD 8.8, "Management of Allegations," OIG's remarks focused on the need to identify and clarify the jurisdiction of the OIG as the recipient of allegations when the complaint relates to NRC employee or contractor misconduct (and in cases where agency program response was deemed inadequate). Additions needed in the draft of MD 4.5, "Contingency Plan for Periods of Lapsed Appropriations," encompass the basic statutory authorities contained in the IG Act. Of prime importance is the Inspector General's personal authority to determine the excepted functions for OIG and directions for processing furlough notices for OIG personnel. To properly reflect the statute and separate appropriation, language was provided to assure timely notification of funding shortfalls. Another MD comment addressed concerns related to revisions to the Correspondence Handbook section of MD 3.57, "Correspondence Management." This regulatory review was of particular significance as the revision was prompted by recommendations in an OIG audit report on quality assurance for official documents. Therefore, in addition to responding to the proposed management directive revisions, coordination with the cognizant auditors was needed to assess the adequacy of the response to the audit recommendations. The most critical issue related to assigning responsibility for accuracy in correspondence, a recurring problem within the agency. Agency corrections to the draft clarified roles and responsibilities so as to enhance accountability. In addition to commenting on MDs, the OIG commented on the agency memorandum on "Use of Potassium Iodide by NRC Employees." OIG remarks focused on potential administrative issues from affected employees and licensees as a result of implementing this new policy and the benefits from addressing them in this guidance. NRC OIG PARTICIPATION IN THE JOINT TERRORISM TASK FORCEFor a 1-month period beginning September 29, 2001, two NRC OIG Special Agents (SA), Cheryl Montgomery-White and Antoinette (Toni) Henry, operated as members of the Joint Terrorism Task Force (JTTF) in New York, NY. The JTTF is the multi-agency investigative group charged to investigate the September 11, 2001, terrorist attacks on the World Trade Center and the Pentagon. As JTTF agents, SAs Montgomery-White and Henry were routinely assigned investigative leads developed by the Federal Bureau of Investigation (FBI) from contacts throughout the United States as well as from overseas posts of duty. Investigations resulting from these types of leads resulted in investigations which included subject(s) interviews, searches (either consensual or by warrant), subpoenas, and the gathering of information from a multitude of sources. The two OIG Special Agents, paired in teams of two with FBI agents, conducted significant interviews with 12 targeted subjects arriving at John F. Kennedy International Airport from Saudi Arabia. These subjects were identified as pilots employed by a Middle East airline and were en route to the U.S. to attend a flight training course. SA Montgomery-White also conducted and directed an investigation including subsequent enforcement actions that resulted in the arrests of four illegal immigrants. Two of the subjects were found in possession of or had access to large amounts of unexplained U.S. currency. One subject had photographs that depicted the World Trade Center before and after the terrorist attacks. The last subject was the target of an open FBI investigation by the International Terrorism Squad in New York. SAs Montgomery-White and Henry agreed that the experience and opportunity to perform as members of the JTTF and contribute to the largest criminal investigation in U.S. history was the most significant and rewarding work of their professional careers. SUPPORT FOR THE NRC'S SAFEGUARDS TEAM IN RESPONSE TO THE TERRORIST ATTACKSAs part of the agency's response to the terrorist attacks on the World Trade Center and the Pentagon, several OIG Special Agents were detailed to the Threat Assessment Team (TAT) in the NRC Division of Fuel Cycle Safety and Safeguards, in the Office of Nuclear Material Safety and Safeguards, to act as intelligence liaisons. OIG SAs David Timm, Richard Scenna, Veronica Bucci, and Joseph Bodensteiner served as Intelligence Analysts for the TAT on a watch-shift basis and provided real-time intelligence assessments of the threat situation in the United States for licensed nuclear facilities. The TAT briefed the NRC Executive Team, Chairman, and Commissioners daily on the assessed threat to nuclear facilities. This regular briefing allowed NRC's decision makers to quickly respond to the threat situation and provide the necessary guidance to NRC's licensees to ensure that nuclear facilities in the United States remained protected from terrorist sabotage. OIG GENERAL COUNSEL CONDUCTS FRAUD TRAINING FOR AUDITORSOn March 5, 2002, the OIG's General Counsel taught "Fraud for Auditors" at the Inspector General Audit Training Institute (IGATI) as part of a team of OIG counsel who prepared the syllabus and rotate teaching responsibilities for this half-day course.The statutory structure of Inspectors General Offices includes two distinct professional career groups, auditors and investigators. Auditors' work may reveal information which is relevant to investigative matters; however, without training, evidence may not be recognized and investigative leads may be missed. In 1994, a need for training auditors in fraud and criminal issues was identified. IGATI had a 1-week course where a class on criminal issues could be taught, but there was no syllabus and no qualified instructors to meet the newly identified requirements. IGATI sought assistance from the Council of Counsels to Inspectors General and in response the NRC General Counsel to the Inspector General and another attorney agreed to address this need. They authored a syllabus for a 4 hour class, which included an agenda, instructors handbook and reference material for students. In addition, they taught a pilot class which was added to the curriculum and they recruited and trained additional attorneys to teach the class. Over the last 8 years, hundreds of auditors have been trained. In addition, this year, the Counsel to the Inspector General at the NRC worked with a team of counsel to update and revise the syllabus for this half-day course. AppendicesAUDIT LISTINGSInternal Program Audit and Special Evaluation Reports
Contract Audit Reports
AUDIT TABLESDuring this reporting period, the OIG analyzed 6 contract audit reports issued by the DCAA and one contract issued by General Services Administration OIG. Table I OIG Reports Containing Questioned Costs
Table II OIG Reports Issued with Recommendations That Funds
Be Put to Better Use
October 1, 2001 - March 31, 2002
ABBREVIATIONS
REPORTING REQUIREMENTS INDEXThe Inspector General Act of 1978, as amended (1988), specifies reporting requirements for semiannual reports. This index cross-references those requirements to the applicable pages where they are fulfilled in this report.
|
Privacy Policy |
Site Disclaimer |