| |
Search Options | |||
| Index | Site Map | FAQ | Facility Info | Reading Rm | New | Help | Glossary | Contact Us | |
|||
Office of the Inspector General Semiannual Report to Congress (NUREG-1415, Vol. 16, No. 2)ContentsTable of Contents
Publication InformationManuscript Completed: April 2004Date Published: April 2004 Reporting Period: October 1, 2003-March 31, 2004 Office of the Inspector General Memorandum to the ChairmanOn behalf of the Office of the Inspector General (OIG) for the U.S. Nuclear Regulatory Commission (NRC), I am pleased to submit this Semiannual Report to the U.S. Congress. This report summarizes significant OIG activities during the period from October 1, 2003, to March 31, 2004, in compliance with Sections 4 and 5 of the Inspector General (IG) Act of 1978, as amended. During this reporting period, our office completed 13 performance and financial audits of NRC’s programs and operations. This work led OIG to make a number of recommendations to the NRC for program improvement and identified $156,264 of funds that could be put to better use. In addition, OIG completed 31 investigations and 1 Event Inquiry, and made 31 referrals to NRC management. These investigations resulted in $5,723 in recoveries for the Federal Government. Finally, OIG analyzed three contract audit reports which identified $109,191 in questioned costs. The OIG remains committed in its resolve to assist the agency with the many challenges, current and future, associated with regulating the Nation’s use of nuclear power. I look forward to working collaboratively with the NRC Commission, management, and agency staff at all levels in our common goals of ensuring the effectiveness, efficiency, and integrity of the programs that ultimately protect public health and safety. I also want to commend the OIG staff’s continued professionalism, dedication, and willingness to accept new challenges which is instrumental in OIG’s success. Sincerely, Hubert T. Bell
Executive SummaryThe following two sections highlight selected audits and investigations completed during this reporting period. More detailed summaries appear in subsequent sections of this report. Audits
Investigations
The Nuclear Regulatory CommissionHistory and Mission of NRCThe U.S. Nuclear Regulatory Commission (NRC) was formed in 1975 to regulate the various commercial and institutional uses of nuclear energy, including nuclear power plants. The agency succeeded the Atomic Energy Commission, which previously had responsibility for both developing and regulating nuclear activities. NRC’s mission is to regulate the Nation’s civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. NRC’s scope of responsibility includes regulation of commercial nuclear power plants; research, test, and training reactors; fuel cycle facilities; medical, academic, and industrial uses of nuclear materials; and the transport, storage, and disposal of nuclear materials and waste. NRC's Regulatory FunctionsUnder its responsibility to protect public health and safety, NRC has three principal regulatory functions: (1) establish standards and regulations; (2) issue licenses for nuclear facilities and users of nuclear materials; (3) inspect facilities and users of nuclear materials to ensure compliance with the requirements. These regulatory functions relate both to nuclear power plants and to other uses of nuclear material — like nuclear medicine programs and academic activities at educational institutions, research work, and such industrial applications as gauges and testing equipment. NRC OrganizationNRC is headed by a five-member Commission. The Commissioners are appointed to 5-year terms by the President with confirmation by the Senate. The Chairman is designated by the President. The NRC staff numbers approximately 3,000 with a Fiscal Year (FY) 2004 budget authority of $626.1 million. Roughly two-thirds of the NRC employees work in the agency headquarters in Rockville, Maryland. The remainder are located primarily in four regional offices or at resident inspector offices at each commercial nuclear power plant and some fuel cycle facilities. NRC places a high priority on keeping the public informed of its work. The agency
The Office of the Inspector GeneralRoles and Functions of the Inspectors GeneralThe Inspector General Act of 1978, as amended, established the duties, responsibilities, and authorities of a Federal Inspector General (IG). Over the years, the act has been amended to increase the number of agencies with statutory IGs and establish IGs in smaller, independent agencies. Currently, 57 IGs provide oversight to 59 Federal agencies. IGs are appointed on the basis of their personal integrity and expertise in accounting, auditing, financial analysis, law, management analysis, public administration, or investigations. IGs serving at the cabinet-level departments and major sub-cabinet agencies, such as the NRC, are nominated by the President and confirmed by the Senate. IGs at smaller independent agencies, corporations, and other designated Federal entities are appointed by the heads of those entities. Inspectors General have two basic roles — to independently find and report on current problems and to foster good program management to prevent future problems. IGs meet their specific statutory mission by: (1) conducting independent and objective audits, investigations, and evaluations; (2) promoting economy, efficiency and effectiveness; (3) preventing and detecting fraud, waste, and abuse; (4) reviewing pending legislation and regulations; and (5) keeping the agency head and Congress fully and currently informed. OIG’s contribute to good government in the following ways:
The OIG community is charged with being a significant, positive force for improving the economy, efficiency, and effectiveness of Federal programs and operations and for preventing and detecting fraud, waste, abuse, and mismanagement. OIGs account for billions in saved and recovered Federal funds, as well as thousands of prosecutions, civil and personnel actions, and suspensions and debarments of businesses and individuals for wrongdoing. Over the last several years, IGs have been operating in a changing environment. IGs are now playing a pivotal role within their agencies by conducting financial audits, reporting on the GPRA compliance and accountability, assessing information security efforts, identifying their agencies’ most significant challenges, and reporting on the effective implementation of the President’s Management Agenda. Helping to fight terrorism, evaluating the Nation’s critical infrastructure, striving to improve the Government’s financial management, and validating agency performance and accountability measures are among the key tasks facing the Nation’s IGs today. These tasks have emerged as a result of the priorities established by the Administration or the Congress or, more recently, threats against this country. Organizations and Functions of NRC's OIGCongress established the U.S. Nuclear Regulatory Commission (NRC) Office of the Inspector General (OIG) through a 1988 amendment to the IG Act. Today, OIG’s primary mission is to assist NRC by ensuring integrity, efficiency, and accountability in the agency’s programs to regulate the civilian use of byproduct, source, and special nuclear materials in a manner that adequately protects the health and safety of the public, as well as the environment, while promoting the Nation’s common defense and security. In FY 2004, NRC’s total budget authority is $626.1 million, which includes an appropriation of $7.3 million for OIG. OIG is committed to ensuring the integrity of NRC programs and operations. Developing an effective planning strategy is a critical aspect of accomplishing this commitment. Such planning ensures that audit and investigative resources are used effectively. To that end, OIG revised its Strategic Plan for Fiscal Years 2003 through 2008; the plan includes three strategic goals, six general goals, and a number of supporting strategies to accomplish its objectives. The Strategic Plan recognizes the mission and functional areas of the agency and the major challenges the agency faces in successfully implementing its regulatory program. The plan presents strategies for reviewing and evaluating NRC programs pursuant to these strategic goals: (1) advance NRC’s efforts to enhance safety and protect the environment, (2) enhance NRC’s efforts to increase security in response to the current threat environment, and (3) improve the economy, efficiency, and effectiveness of NRC corporate management. NRC’s OIG includes auditors, criminal investigators, legal counsel, and a resource management and operations support (RMOS) staff. OIG’s audit program is designed to provide assurance to the Chairman and to Congress that NRC programs and operations are working efficiently and effectively. Consequently, the audit staff conducts performance and financial audits, as well as special evaluations. Performance audits focus on NRC’s administrative and programmatic operations. Financial audits focus on NRC’s internal control systems, transaction processing, and financial systems. In special evaluations, OIG auditors present OIG perspectives or information on specific topics. The mission of OIG’s investigative program is to perform investigative activities related to the integrity of NRC’s programs and operations. The majority of OIG’s investigations focus on violations of law or misconduct by NRC employees and contractors. Additionally, OIG investigates allegations of irregularities or abuses in NRC programs and operations with special emphasis on those NRC activities that could adversely impact public health and safety. As a complement to the investigative function, the investigative staff also conducts Event Inquiries, which yield reports documenting the examination of events or agency regulatory actions that do not specifically involve individual misconduct. Instead, these reports identify staff actions that may have contributed to the occurrence of an event. In addition, OIG issues special inquiry reports that document instances where OIG has identified inadequacies in NRC regulatory oversight that may result in a potential adverse impact on public health and safety. OIG’s General Counsel (GC) provides independent legal advice on issues concerning criminal law and procedures, evidence, and constitutional law as they relate to OIG’s investigative program. In addition, the GC conducts and coordinates, with other cognizant OIG staff, in-depth reviews of existing and proposed legislation, regulations, and agency directives that affect NRC programs and operations and, as appropriate, provides written comments. The intent of these reviews is to assist the agency in identifying and preventing potential problems. The RMOS staff formulates and executes the OIG budget, prepares OIG’s Semiannual Report to Congress, operates an independent human resources management program, administers the control of OIG funds, administers OIG’s information technology program, coordinates strategic planning activities, and performs a variety of other support functions.
The Audit ProgramTo help the agency improve its effectiveness during this period, the OIG completed 13 financial and performance audits that resulted in a number of recommendations to NRC management and identified $156,264 of funds that could be put to better use. OIG analyzed three contract audit reports of which one report identified $109,191 in questioned costs. Audit SummariesInspector General’s Assessment of the Most Serious Management Challenges OIG Strategic Goal: Corporate Management On January 24, 2000, Congress enacted the Reports Consolidation Act of 2000 to provide financial and performance management information in a more meaningful and useful format for Congress, the President, and the public. Included in the Act is the requirement that the Inspector General of each Federal agency summarize what he or she considers to be the most serious management and performance challenges facing the agency and assess the agency’s progress in addressing those challenges. In accordance with the Act, the NRC Inspector General submitted his annual assessment of the major management challenges confronting the NRC. These challenges can be found on page v of this report. (Addresses all Management Challenges) Review of NRC’s Personnel Security Program: Contractor Policies and Practices OIG Strategic Goal: Security Most NRC contractor employees are required to undergo the agency’s personnel security process prior to beginning work for the agency. Contractors receive one of three types of access: (1) classified access, which permits them to work with classified information; (2) information technology (IT) access, which permits them to work with NRC sensitive IT systems and information; and (3) building access, which allows them continuous unescorted access within headquarters or regional office facilities. Approval for these three levels of access is based on a background investigation conducted by the Office of Personnel Management (OPM) or the General Services Administration. Contractors are often granted temporary access before the background investigation is completed. OIG found that personnel security program weaknesses pertaining to contractor access to NRC facilities could be placing the agency’s information, facilities, and staff at risk. Specifically, program requirements are not consistently followed and the agency lacks a process for expeditiously resolving final access decisions for IT contractors with temporary access when issues arise in OPM background investigations. Program lapses occurred because managers have not effectively documented or communicated contractor security policies to NRC staff expected to carry out these policies. As a result, some contractors are inappropriately given access to NRC facilities and data, potentially jeopardizing agency employees and information. (Addresses Management Challenge #2) Results of the Audit of the U.S. Nuclear Regulatory Commission’s Fiscal Year 2003 Financial Statements OIG Strategic Goal: Corporate Management The Chief Financial Officers Act requires OIG to annually audit NRC’s Principal Financial Statements. An independent public accounting firm, under contract to OIG, conducted the audit with OIG oversight. The report contains: (1) the principal statements and the auditors’ opinion on those statements, (2) the opinion on management’s assertion about the effectiveness of internal controls, and (3) a report on NRC’s compliance with laws and regulations. The auditors determined that NRC’s principal financial statements fairly present the financial position of NRC at September 30, 2003 and 2002, and its net cost, changes in net position, budgetary resources, and reconciliation of net cost to budgetary resources (unqualified opinion). The auditors also concluded that management’s assertion about the effectiveness of internal controls is fairly stated. That assertion states that NRC maintained effective internal control over financial reporting as of September 30, 2003, based on the objectives stated in OMB Bulletin No. 01-02. The auditors identified three new reportable conditions. A reportable condition is a significant deficiency in the design or operation of internal control that could keep the agency from meeting the OMB objectives. The new conditions concern information systems security access, monitoring of accounting for internal use software, and managerial cost accounting. The agency also had one continuing noncompliance issue with laws and regulations: NRC’s 10 CFR Part 170 hourly rates are not based on full cost. (Addresses Management Challenge #6) Audit of NRC’s Protection of Safeguards Information OIG Strategic Goal: Security The definition of Safeguards Information (SGI) is derived from Section 147 of the Atomic Energy Act of 1954, as amended. It deals with information related to the physical protection of operating power reactors, spent fuel shipments, or the physical protection of special nuclear material. NRC’s SGI program contains similarities to the Governmentwide program to protect confidential information. As such, the benefits of maintaining a separate program are not clearly justified in relation to the cost. Moreover, the agency recently established an SGI-Modified Handling (SGI-M) designation that requires some SGI information to be handled similar to Official Use Only information. As a result, the agency now has two classes of SGI for marking protected information, both of which appear similar to other programs. Yet, NRC has determined neither the cost of maintaining nor the benefit derived from these separate programs. Recent inappropriate releases of SGI occurred because of handling errors and differing interpretations of what constitutes SGI. The agency is currently reviewing the requirements related to SGI to ensure that the appropriate protections are in place and that the requirements and guidance are clear. However, until adequate tools and training are provided to help with the correct designation and handling of SGI, the likelihood of releasing SGI to unauthorized individuals remains. OIG found that NRC controls do not ensure the protection of SGI because the agency lacks a strong, coordinated SGI program. SGI responsibilities are split among various agency offices and no single entity controls the overall SGI program. This decentralization of authority has resulted in (1) inadequate training to identify, handle, and distribute SGI; (2) insufficient coordination of the acquisition of secure telecommunications equipment; (3) inadequate installation, maintenance and testing of that equipment; (4) uncoordinated planning for automated processing of SGI; and (5) flawed guidance on the use of local area network based computers to process SGI. (Addresses Management Challenge #2) Review of NRC’s Implementation of the Federal Managers’ Financial Integrity Act for Fiscal Year 2003 OIG Strategic Goal: Corporate Management The Federal Managers Financial Integrity Act (FMFIA) was enacted on September 8, 1982, in response to continuing disclosures of waste, loss, unauthorized use, and misappropriation of funds or assets associated with weak internal controls and accounting systems. Congress felt such abuses hampered the effectiveness and accountability of the Federal Government and eroded the public’s confidence. The FMFIA requires Federal managers to establish a continuous process for evaluating, improving, and reporting on the internal controls and accounting systems for which they are responsible. FMFIA requires that, each year, the head of each executive agency (subject to the FMFIA) shall submit a report to the President and Congress on the status of management controls and financial systems that protect the integrity of agency programs and administrative activities. NRC makes its FMFIA assessment and report in its annual Performance and Accountability Report. OIG reviewed (1) NRC’s compliance with FMFIA and (2) the FMFIA process to determine if the agency reported all material weaknesses. NRC complied with FMFIA requirements for FY 2003. Neither NRC nor OIG reported any material weaknesses. In addition, during FY 2003, NRC successfully achieved a redesign of the managerial cost accounting system and enhanced the documentation of controls and operating procedures. As a result, managerial cost accounting is no longer considered a material weakness. (Addresses Management Challenge #6) Independent Accountants’ Report on the Application of Agreed-Upon Procedures With Respect to Intragovernmental Activity and Balances as of September 30, 2003 OIG Strategic Goal: Corporate Management The report, developed by an independent public accounting firm under contract to OIG, did not identify any significant differences or exceptions. These procedures were agreed to by the U.S. General Accounting Office (GAO), the U.S. Department of the Treasury’s Financial Management Service, and the Office of Management and Budget (OMB.) The procedures are intended to assist the Financial Management Service in the preparation of, and GAO in the audit of the consolidated financial statements of the United States Government as of and for the year ended September 30, 2003. (Addresses Management Challenge #6) Independent Accountants’ Report on Applying Agreed-Upon Procedures with Respect to Federal Agencies’ Centralized Trial-Balance System Data as of September 30, 2003, and for the Year Then Ended OIG Strategic Goal: Corporate Management The Federal Agencies’ Centralized Trial-Balance System data includes an agency level Adjusted Trial Balance report, Balance Sheet, Statements of Net Cost and Changes in Net Position, and selected footnote data as of September 30, 2003, and for the year then ended. Agreed-upon procedures were performed to assist the U.S. Department of the Treasury’s Financial Management Service in the preparation of, and the GAO in the audit of, the consolidated financial statements of the United States Government as of and for the year ended September 30, 2003. The report on applying the agreed-upon procedures was prepared by an independent public accounting firm under contract to OIG and adequately explained any differences or exceptions. (Addresses Management Challenge #6) Independent Accountants’ Report on the Application of Agreed-Upon Procedures for U.S. Office of Personnel Management OIG Strategic Goal: Corporate Management The agreed-upon procedures were performed to assist OPM with respect to the employee withholdings and employer contributions reported on the Report of Withholdings and Contributions for Health Benefits, Life Insurance, and Retirement for the payroll periods ended December 14, 2002, February 22, 2003, April 19, 2003, and the Semiannual Headcount Report as of March 2003. The report on the application of these procedures, prepared by an independent public accounting firm under contract to OIG, includes associated findings and conclusions and found no unexplained or unsupported differences. (Addresses Management Challenge #6) Memorandum Report: NRC Contract for Review of Office of Investigations’ Investigative Methods and Techniques OIG Strategic Goal: Corporate Management NRC engaged a contractor to evaluate the Office of Investigations’ methods and techniques in addressing allegations of licensee discrimination. NRC authorized expenditures of about $173,000 to conduct the review. OIG found the agency’s action to be in violation of the Federal Acquisition Regulation (FAR) and NRC’s Management Directive and Handbook 11.1, “NRC Acquisition of Supplies and Services” because the (1) work was not within the scope of the basic contract under which it was ordered and (2) the procurement action was not conducted under FAR. OIG briefed NRC senior managers prior to issuance of this report. NRC senior managers took immediate action to terminate the contract effort. Consequently, $156,264 in funds were saved and are available to be put to better use. (Addresses Management Challenges #1 and #6) Review of NRC’s Administration of Selected Contracts and Acquisition Workforce Training OIG Strategic Goal: Corporate Management During FY 2002, the NRC executed procurement actions totaling $96.2 million. This included 1,026 contract actions totaling $70.2 million and 1,119 purchase orders valued at $26 million. Agency procurement of products and services is governed by the Federal Acquisition Regulation (FAR) and the NRC Acquisition Regulation. The review of NRC’s acquisition management practices for 10 selected contracts and acquisition workforce training found that NRC’s acquisition management was generally adequate. However, improvement is needed in monitoring security guard services and in training for project managers. Contrary to the best practices of other Federal agencies, NRC permits its staff to serve as project managers prior to completing required training. NRC’s Acquisition Certification and Training Program mandates specific acquisition training for project managers and prescribes timeframes within which the training must be completed. The mandatory training is frequently not completed within required timeframes because there is no central database to track training, training requirements are not monitored adequately, and courses are offered infrequently. The course content of NRC’s project manager acquisition training was also found to need improvement. Specifically, the training materials for some courses are not comprehensive and/or contain information that is either obsolete or incorrect based on current FAR requirements. Consequently, the agency has an increased risk that improprieties in the acquisition process will go undetected. (Addresses Management Challenge #6) Review of NRC’s Personnel Security Program OIG Strategic Goal: Security The Atomic Energy Act of 1954, as amended, requires all NRC employees to have a security clearance, but allows employees to begin working for NRC prior to their clearance, provided the Commission determines that such employment is in the national interest and the employee does not have access to classified information. Today, nearly all NRC employees are permitted to begin work before receiving a security clearance, but only after the Division of Facilities and Security conducts an in-house review, determines there are no factors that constitute a security risk, and grants the individual a preappointment investigation waiver to begin work. To receive and maintain a security clearance, NRC employees must undergo an initial background investigation and periodic reinvestigations in accordance with Federal standards. As of November 2003, 161 NRC employees were working under preappointment investigation waivers, 716 had Q clearances (equivalent to Top Secret), 2,137 had L clearances (equivalent to Secret), and 208 were designated as L-High Public Trust. Despite enhancements made in recent years to NRC’s personnel security program, further action is needed to (1) bring the program into compliance with agency requirements and (2) ensure that the agency is responding appropriately to heightened security concerns since the terrorist attacks of September 11, 2001. Specifically, NRC needs to improve the timeliness of its reinvestigations (more than 300 were overdue), improve controls to ensure that employees return their badges and complete the security-termination statement prior to termination, improve accuracy of data stored in personnel security automated files (58 of 96 files contained discrepancies), and begin processing summer interns for clearances earlier so that NRC can fully benefit from money spent on such clearances each year. (Addresses Management Challenge #2) NRC’s Transition to the Department of Interior as Payroll Services Provider OIG Strategic Goal: Corporate Management OIG conducted a limited scope review to assess the status and impact of NRC’s transition to the Department of Interior as a payroll services provider. NRC completed the transition in November 2003, well in advance of a September 2004 deadline established by OMB. This early transition precluded the need for an NRC payroll system upgrade and consequently saved the agency $1.2 million. The transition was achieved smoothly, and with few exceptions, all NRC employees received their correct pay on time. However, the Office of Human Resources and the Office of the Chief Financial Officer need to continue their effort to resolve the remaining payroll-related roles and responsibilities functions each office will perform. (Addresses Management Challenge #4) Review of NRC’s Reactor Operating Experience Task Force Report OIG Strategic Goal: Safety NRC formed the Reactor Operating Experience Task Force (ROETF) to address lessons learned from an event at Davis-Besse. The task force evaluated the use and effectiveness of the agency’s reactor operating experience program. Rather than duplicate NRC’s evaluation, OIG reviewed the task force’s final report. Overall, the report was comprehensive and the conclusions and recommendations addressed weaknesses found by both the task force and OIG. However, OIG makes six recommendations to strengthen the findings in the following four areas: program objectives, independence, sources of information, and retrievability of the information. (Addresses Management Challenges #1 and #8)
Audits in ProgressAudit of NRC’s Budget Formulation Process OIG Strategic Goal: Corporate Management The Government Performance and Results Act (GPRA) of 1993 was enacted to establish strategic planning and performance measurement in the Federal Government and for other purposes. Under GPRA, agencies are required to submit to the Congress annual performance plans that link resources to performance goals. In 1998, NRC established the Planning, Budgeting, and Performance Management (PBPM) process to link resources with strategic goals and performance. To this end, the budget formulation process must have in place and effectively implement policies and procedures. Each year the Chief Financial Officer issues Instructions for Information Required for the PBPM Budget Review to office directors and regional administrators. All offices are expected to develop budget requests which support the strategic direction for the mission-related program areas, to the extent possible. Resource requests must be consistent with program goals, guidance, and planning assumptions and must consider current financial status. OIG is assessing whether the budget formulation portion of the PBPM process is (1) efficiently and effectively coordinated with program offices and (2) effectively used to develop and collect data to align resources with strategic goals. (Addresses Management Challenge #6) Audit of NRC’s Management of Import/Export Authorizations OIG Strategic Goal: Security To ensure the safe, secure, and environmentally acceptable uses of nuclear energy, NRC maintains a program of international cooperation. In close coordination with the Departments of State, Energy, Homeland Security, and Commerce, NRC is responsible for the licensing of exports and imports of nuclear facilities, equipment, material, and related commodities. NRC issues between 90 and 130 import/export licenses per year. This function is split between the Office of International Programs (OIP) and another program office. This audit is determining if OIP is (1) properly reviewing and approving import/export authorizations in a timely manner, (2) effectively coordinating this activity with other Federal agencies, and (3) effectively and efficiently coordinating import/export authorizations internally. (Addresses Management Challenge #1) Audit of The Licensing Support Network OIG Strategic Goal: Safety NRC developed the Licensing Support Network (LSN) to respond to a congressional mandate that NRC reach a determination, in a 3-year timeframe, on the Department of Energy’s (DOE) application for construction authorization for a high-level radioactive waste repository at Yucca Mountain in Nevada. To shorten the time spent on the exchange of documents that may be used as evidence in the NRC licensing proceeding, the parties and potential parties to the hearing on the application will make their documents available via the Internet before the license application is submitted to NRC. The LSN provides a single place where the documents can be searched in a uniform way. During peak usage, access to the system may be restricted to participants in the licensing process. NRC is responsible for operating and maintaining the system. This audit is assessing if the system meets its required operational capabilities and provides for the security, availability, and integrity of the system data. (Addresses Management Challenges #1 and #2) Audit of NRC’s Drug Testing Program OIG Strategic Goal: Security As a result of NRC’s national security and public health and safety responsibilities and the sensitive nature of its work, NRC has a compelling obligation to detect and eliminate illegal drug use when found in the workplace. NRC has developed a Drug Free Workplace Plan that includes extensive awareness and education opportunities for all employees, drug testing, counseling, and provisions for rehabilitation for employees who use illegal drugs. This audit focuses on the effectiveness of NRC’s drug testing program, and whether it is following guidance established by the Department of Health and Human Services. (Addresses Management Challenge #2) Audit of NRC’s Implementation of Regulations Concerning Non-discrimination Based on Handicap OIG Strategic Goal: Corporate Management NRC’s regulation concerning non-discrimination based on handicap is codified in 10 CFR Part 4, Subpart E. The regulation implements section 119 of the Rehabilitation, Comprehensive Services, and Developmental Disabilities Amendments of 1978, which amended section 504 of the Rehabilitation Act of 1973. This amendment prohibits discrimination on the basis of handicap in programs or activities conducted by Executive agencies or the United States Postal Service. This audit is assessing whether the agency complies with Federal regulations to make reasonable accommodations for employees and stakeholders with special needs based on a handicap. (Addresses Management Challenge #9) Audit of NRC’s Incident Response Program OIG Strategic Goal: Safety In response to an event at an NRC-licensed facility that could threaten public health and safety or the environment, NRC activates its Incident Response Program at its Headquarters Operations Center and one of its four Regional Incident Response Centers. NRC’s highest priority is to provide expert consultation, support, and assistance to licensees and State and local public safety officials responding to the event. Once the Incident Response Program is activated, teams of specialists are assembled at the Headquarters Operations Center and the appropriate Regional Incident Response Center to obtain and evaluate event information and to assess the potential impact of the event on public health and safety and the environment. Communications with affected entities are coordinated through the Headquarters Operations Center or the Regional Incident Response Center(s). The audit is determining whether NRC’s Incident Response Program is operating effectively and efficiently. (Addresses Management Challenge #1) Audit of the Baseline Inspection Program OIG Strategic Goal: Safety Beginning in FY 2001, the Reactor Inspection Program and the Reactor Performance Assessment program were combined into a single program for commercial power reactors. The combined program implements the revised reactor oversight process, which includes risk-informed baseline inspections, use of performance indicator data, and a revised reactor assessment process. The program is designed to ensure, through selective examinations, that the licensee identifies and resolves safety issues before they affect safe plant operations. Baseline inspections provide for increased focus on aspects of performance that have the greatest impact on safe plant operation and its objective is to ensure that the level of plant-specific inspection performed at each site is commensurate with that site’s performance. The baseline inspection program is integral to supporting the goals and objectives of NRC’s reactor oversight process and provides a mechanism for NRC to remain alert to plant status and conditions at all licensed reactors. This audit is assessing whether the baseline inspection program is (1) based on a sound methodology, (2) being completed at all commercial power plants, and (3) being carried out by sufficient qualified staff. (Addresses Management Challenges #1, 3, 7, 8, and 9) Evaluation of the Impact of the Office of Investigations’ Methods and Techniques in Addressing Allegations of Licensee Discrimination OIG Strategic Goal: Safety The NRC Investigations Program supports the NRC’s overall safety mission in protecting the public health and the environment by ensuring that allegations or NRC findings that involve potential wrongdoing by licensees or applicants for licenses, or their contractors or vendors, are thoroughly, objectively, and independently investigated. The results of these investigations are provided to the NRC technical, legal, and enforcement staffs for appropriate regulatory action. The objective of this review is to assess the impact of the Office of Investigations’ investigative methods and techniques to ensure the prompt, fair, and accurate resolution of allegations of licensee discrimination. (Addresses Management Challenge #1) Audit of NRC’s Information Security Practices OIG Strategic Goal: Security The Federal Information Security Management Act (FISMA) was enacted on December 17, 2002. FISMA permanently reauthorized the framework laid out in the Government Information Security Reform Act, which expired in November 2002. FISMA outlines the information security management requirements for agencies, including the requirement for an annual review and annual independent assessment by agency inspectors general. In addition, FISMA includes new provisions such as the development of minimum standards for agency systems, aimed at further strengthening the security of the Federal Government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security. The objectives of the audit are to evaluate the (1) adequacy of NRC’s information security programs and practices for NRC major applications and general support systems of record for FY 2004, (2) effectiveness of agency information security control techniques, and (3) implementation of the NRC’s corrective action plan created as a result of the 2003 FISMA program review. (Addresses Management Challenge #2)
The Investigative ProgramDuring this reporting period, OIG received 161 allegations, initiated 47 investigations, and closed 31 cases. In addition, OIG made 31 referrals to NRC management. These investigations resulted in $5,723 in recoveries to the Federal Government. Investigative Case SummariesNRC’s Oversight of Davis-Besse Boric Acid Leakage and Corrosion During the April 2000 Refueling Outage OIG Strategic Goal: Safety In response to a Congressional request, OIG conducted an Event Inquiry to determine the circumstances surrounding NRC’s receipt of a condition report (CR 2000-0782) concerning the Davis-Besse Nuclear Power Station (Davis-Besse). The condition report with attached photographs was prepared in April 2000 by a Davis-Besse engineer at the beginning of Davis-Besse refueling outage 12 (12 RFO). The report and photographs documented red-brown boric acid deposits caused by corrosion of the reactor vessel head. The corrosion resulted from cracking and leakage of reactor coolant water from penetration nozzles onto the reactor vessel head. OIG was asked to determine if NRC Region III staff, including resident inspectors at Davis-Besse, were aware of the condition report and, if so, how the information in the condition report was handled. OIG was also asked to determine whether the information in the condition report was considered by the NRC in its November 2001 decision to allow Davis-Besse to continue operating until February 16, 2002, rather than cease operations to assess the plant’s susceptibility to cracking and leakage from its reactor vessel head penetration nozzles. NRC, in Bulletin 2001-01, had requested all nuclear power plant licensees to conduct such an assessment by December 31, 2001. In March 2002, Davis-Besse identified a large cavity, caused by corrosion, in the reactor pressure head adjacent to a control rod drive mechanism nozzle. As a result of this inquiry, OIG determined that:
Adequacy of Criminal History Checks for Unescorted Site Access to Nuclear Facilities of Dominion Power OIG Strategic Goal: Security This OIG investigation was conducted in response to concerns related to unescorted site access to nuclear facilities operated by Dominion Power, the NRC licensee for North Anna and Surry Power Stations. In May 2003, OIG learned that the United States Attorney for the Eastern District of Virginia had initiated a proactive effort to ensure that vital facilities within that district maintained adequate physical protection. As part of the Department of Justice effort, Dominion Power provided the Federal Bureau of Investigation (FBI) with a listing of approximately 2,500 personnel who were authorized unescorted site access to its nuclear facilities. Of that number, the FBI identified 52 individuals who had arrest or conviction records listed on its National Crime Information Center database, three of whom were NRC employees. The FBI identified no immediate security concerns with these individuals. OIG determined that the three NRC employees who possessed unescorted site access to Dominion Power plants despite having criminal histories each reported their offenses to NRC as required by Government personnel security regulations. Further, each of the three NRC employees received unescorted site access following a screening by NRC security personnel who considered their criminal histories. Approximately 10 Dominion Power employees or contractors who received unescorted site access despite criminal histories currently face prosecution in Federal district court for false statements or other Federal violations associated with their having wrongfully obtained unescorted access to a nuclear power facility. (Addresses Management Challenge #2) Accuracy of Information Provided by NRC Managers to Commission OIG Strategic Goal: Safety On February 16, 2002, Davis-Besse began a refueling outage that included inspections of the reactor vessel head penetration nozzles. In conducting these inspections, Davis-Besse identified several cracked nozzles, and during the repair process, the licensee identified a large hole in the reactor pressure vessel head. The hole resulted from corrosion caused by the leakage of reactor coolant water from cracked penetration nozzles on the reactor vessel head. The remaining thickness of the reactor pressure vessel head in the corroded area was approximately 3/8 inch thick, which was the stainless steel cladding on the inside surface of the reactor pressure vessel head. This was the only material preventing a breach of the reactor coolant pressure boundary and leak of radioactive coolant into the containment building. The NRC Executive Director for Operations subsequently chartered the Davis-Besse Lessons Learned Task Force to conduct an independent evaluation of NRC’s regulatory processes related to assuring vessel head integrity to identify and recommend areas for improvement applicable to NRC and/or the industry. During this reporting period, OIG completed an investigation in response to concerns that significant information was omitted from the Davis-Besse Lessons Learned Task Force final report dated September 30, 2002. Specifically, a public interest group alleged that the Task Force developed insights into the failures of both the nuclear industry and NRC’s reactor oversight process that led to the vessel head degradation at Davis-Besse but that the Lessons Learned Task Force allegedly deleted much of this information from its final report. In so doing, it was alleged that the Task Force failed to provide the NRC Commission with complete and accurate information concerning failures of the nuclear industry and the NRC reactor oversight process that contributed to the vessel head degradation at Davis-Besse. OIG determined that the Task Force report accurately reflected the findings and recommendations of each task force member. OIG learned that recommendations for the nuclear industry contained in an early draft of the report were not included in the final report because such recommendations were unenforceable. Instead, the Lessons Learned Task Force revised those recommendations to reflect actions NRC could take to implement desired changes within the industry. OIG found no evidence that the Task Force omitted information it considered to be relevant to the Davis-Besse event from its final report and no evidence that Task Force members were pressured or influenced to omit conclusions or findings from their report. (Addresses Management Challenges #7 and #8) Improper Distribution of Safeguards Information OIG Strategic Goal: Security OIG conducted an investigation into two incidents involving the NRC staff’s dissemination of documents containing Safeguards Information (SGI) to individuals who were not authorized to receive or store it. The first incident involved the improper distribution of an NRC Regulatory Issue Summary (RIS) that contained SGI. This RIS, which documented the vulnerabilities of physical barriers at nuclear power plants, was intended to be distributed to all nuclear power reactor licensees, independent spent fuel storage installation licensees, conversion facility licensees, and gaseous diffusion plant licensees. OIG found that the NRC staff utilized mailing lists that contained licensees that were not authorized to receive the RIS. OIG also found that the staff did not maintain accurate lists of current licensee security managers or their mailing addresses. This resulted in the RIS being mailed to unauthorized recipients. In the second incident involving the improper dissemination of an NRC document containing SGI, OIG again found that the NRC staff utilized an outdated mailing list which resulted in the dissemination of the SGI document to an unauthorized individual. As a result of this investigation, OIG determined the root causes for both incidents were a lack of communication among NRC staff, a lack of an accurate mailing list for SGI and a program office responsible for maintaining mailing lists, insufficient training of staff responsible for handling SGI, and insufficient management oversight of inexperienced staff who are responsible for handling and disseminating SGI. (Addresses Management Challenges #2 and #7) Improper Release of Official Use Only Information by NRC Contractor OIG Strategic Goal: Security OIG completed an investigation concerning several scientists from Los Alamos National Laboratories (LANL) who made an improper release of information to the public. Specifically, the LANL scientists, working as subcontractors on a contract between NRC and Sandia National Laboratories (SNL), released information classified as Official Use Only (OUO) to members of the general public during a conference held July 13-17, 2003. OIG determined that SNL had no foreknowledge of the intent by LANL personnel to publish a paper related to their work on the NRC-sponsored project or to participate in a public conference. OIG also determined that LANL management was not aware of the intent by several of its scientists to publish and present a paper involving information classified as OUO at a conference attended by the general public. During this investigation, LANL management informed OIG that they took full responsibility for the unauthorized release of the OUO information and that, in no case, would they have allowed their scientists to release any information to the public without first consulting with NRC. OIG was also informed by LANL management that the scientists responsible for the release of the OUO information were removed from the project. (Addresses Management Challenges #2 and #7) Concerns Regarding Inadequate NRC Oversight of Steam Generator Inspections at Seabrook Nuclear Power Plant OIG Strategic Goal: Safety OIG initiated this investigation after receiving information from an organization expressing concerns that the planned oversight of licensee inspections of steam generators at Seabrook Nuclear Power Station (Seabrook) during an upcoming October 2003 refueling outage by NRC Region I would be inadequate. Of particular concern to the organization was that the technique currently used by the industry to detect steam generator tube cracking was deficient. OIG conducted this investigation to review the appropriateness of the NRC oversight of the steam generator tube inspections during the October 2003 outage. OIG reviewed the NRC Region I inspection plan and observed NRC’s inspection activities at Seabrook during the October 2003 outage. OIG observed the Region I inspector review plant steam generator information, tube inspection and plugging criteria, and control and monitoring of foreign objects. OIG also viewed the operation of the steam generator tube inspection equipment and the analysis of data generated from the inspection. OIG also reviewed Region I’s inspection report, which concluded that the criteria and scope of the steam generator examination completed by the licensee met technical specification requirements. Based on OIG’s review of the Region I inspection plan and report, and observation of Region I inspection activities at Seabrook during the October 2003 outage, OIG found that Region I conducted its inspection activities in accordance with its inspection plan. OIG also found that NRC’s oversight of Seabrook’s October 2003 inspection of steam generator tubes appeared to be appropriate.
Investigative StatisticsSource of Allegations — October 1, 2003, through March 31, 2004
Disposition of Allegations — October 1, 2003, through March 31, 2004
Status of Investigations
Summary of Investigations
Special FeatureOIG Aligns Functions with Strategic GoalsIn FY 2003, the OIG updated its Strategic Plan. During the development of this document, OIG determined that its work would be more effective if the office generally aligned its strategic goals with the agency’s strategic goals. Accordingly, OIG stated its strategic goals as (1) advance NRC’s efforts to enhance safety and protect the environment, (2) enhance NRC’s efforts to increase security in response to the current threat environment, and (3) improve the economy, efficiency, and effectiveness of NRC corporate management. Through this alignment and associated planning activities, OIG sought to identify the major risks confronting the NRC and will focus its resources on improving NRC’s ability to address these issues. This will be done by identifying opportunities for improvement in the agency and conducting activities to prevent and detect fraud, waste, mismanagement, and inefficiency in NRC programs and operations. The work of auditors and investigators are mutually supportive and complementary in pursuit of these objectives. To better assess NRC’s programs and evaluate risks to those programs, the Assistant Inspector General for Audits redesignated, realigned, and refocused the work of the three OIG audit teams. This effort also addresses the reality of a post-September 11 environment: the need to put significant emphasis on safety and security along with traditional management issues. Accordingly, the work of the former Technical Audits Team was renamed the Nuclear Safety Audit Team and now focuses its work on nuclear safety issues. The Information Management and Administrative Audits Team was renamed the Security and Information Management Audits Team and now focuses on security and information management issues. Finally, the Financial Audits Team was renamed the Financial and Administrative Audits Team and focuses its attention on corporate management issues other than information management. The difference in the strategic approach for planned and completed work in FY 2004 has resulted in a marked shift in the percentage of audit work that is undertaken with a safety and security focus. To better support OIG’s strategic goals regarding NRC security and corporate management, the Assistant Inspector General for Investigations established a computer crime unit (CCU) that effectively combines investigative experience with expanded technical capabilities. With respect to Security, the CCU assists by investigating and resolving potentially hostile acts directed against the NRC computer network systems. The CCU also investigates issues involving potential violations of NRC computer security procedures, including incidents of improper automated processing of classified or sensitive unclassified materials. In the corporate management arena, the CCU conducts investigations that document the misuse of NRC telecommunications and automated information systems and have directly led to changes in and the improvement of numerous related NRC policies and procedures. The CCU is also examining a series of initiatives that could be undertaken to proactively detect indications of fraud, waste, and abuse in NRC programs. The OIG vision for FY 2003 through FY 2008 states, “We are agents of positive change striving for continuous improvement in our agency’s management and program operations.” As the years progress, we will continue to reassess our approach to ensure that we evaluate the most significant safety, security, and corporate management issues facing the Nation and NRC.
Other ActivitiesRegulatory ReviewPursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), OIG reviews existing and proposed legislation, regulations, implementing Management Directives (MD), and policy issues and makes recommendations as appropriate concerning their impact on the economy and efficiency of agency programs and operations. NRC agency directives requiring submission of all draft legislation, regulations, and policies to OIG facilitates this statutory review. The review encompasses issues raised in OIG investigations, audits, and prior regulatory commentaries. In examining submitted documents reflecting regulatory, statutory, and policy actions, the regulatory review program’s main objective is to examine agency actions to assist in the elimination of fraud, waste, and abuse within the agency. In addition, if appropriate, comments are also used to address issues related to preserving OIG’s independence under the office’s statutory precept. Comments are made through formal memoranda as well as during meetings and discussions. From October 1, 2003, through March 31, 2004, OIG reviewed about 200 agency documents, including approximately 75 Commission papers (SECYs) and 125 Federal Register Notices, regulatory actions, and statutes. In order to more effectively track agency response to regulatory review comments, the OIG requests written replies within 90 days, with either a substantive reply or status of issues raised by the OIG. The most significant commentaries are summarized below. During this period, two comments focused on document security. The agency has undertaken several initiatives to enhance all aspects of security: personnel, facility, and information. The area of information security includes control of documents of various levels of sensitivity. Documents subject to national security classification are protected under Governmentwide standards. Sensitive Unclassified Information (SUI) is of particular concern at NRC because of statutory requirements pertaining to “Safeguards” information under the Atomic Energy Act. To increase awareness of restrictions and limits on access and dissemination of all SUI, the agency revised and updated its MD and drafted a guide concerning designation of safeguards information. MD 12.6, “NRC Sensitive Unclassified Information Security Program,” represented a strong initiative providing increased guidance to agency personnel. OIG comments on the draft directive focused on the need to report unauthorized disclosures and violations to the IG to assure timely investigation. In addition, OIG provided advice on several minor technical matters to improve direction on transmission and proper destruction of SUI. The draft “Guide for Designation of Safeguards Information, SGI,” also provided detailed direction to better guide employees in the identification and protection of SGI. OIG comments suggested inclusion of a list of sample reports which typically contain SGI. In addition, several minor inconsistencies in the directions were identified along with references to aid in resolving them. Control of information technology costs was addressed in the draft revised MD 2.5, “Life Cycle Management Methodology.” OIG comments related the need to include direction to report indications of fraud, waste, or abuse in information technology programs to the IG. In addition, clarifying language for response dates and the value of including identified terms in the glossary were noted. “NRC Incident Response Program,” the subject of MD 8.2, was also an area under review in an ongoing audit. Therefore, the substantive issues related to this program were addressed in that process. However, OIG did comment on the draft directive to advise that certain staffing directions would be improved with additional clarification. MD 5.6, “Integrated Materials Performance Evaluation Program (IMPEP),” provided well developed guidance. The OIG comments related that increased efficiency would be achieved if the guidance in SA-116, which addresses similar procedures under the Office of State and Tribal Programs, was consolidated with the IMPEP directive. Training at the Inspectors General Institute by General CounselOn March 3, 2004, Maryann L. Grodin, General Counsel to the NRC Inspector General, and Alexandra B. Keith, the Counsel for the Corporation for Public Broadcasting Inspector General, taught at the Inspectors General Institute Certification Class. Ms. Keith and Ms. Grodin supported creation of the course syllabus and have been part of the certification program since its inception. The class was part of a weeklong seminar available to Federal, State, and municipal Inspectors General staff held in Chicago, Illinois. In addition to preparing the text syllabus for the Legal Issues segment of the course, they developed and led the class in discussion and exercise problems. The course topics included major Federal fraud statutes, criminal and civil prosecution processes, attorney client privilege, and jurisdiction. The presentation focused on aspects of these legal areas most relevant to the functions of Inspectors General. Case examples were used to illustrate points including sensitive matters of wrongdoing by public officials and cooperation between different agencies. These exercises provided an opportunity for seminar attendees to apply the legal concepts to factual situations and present their analyses and conclusions. OIG Participates in New Employee OrientationOn a weekly basis, NRC OIG special agents are addressing new employees at the agency orientation session. During these sessions, new employees are provided with information such as (1) the purpose and structure of the OIG, (2) a Government employee’s responsibility to report misconduct, and (3) a summary of the types of misconduct investigated by OIG. Additionally, employees are instructed on the various procedures for reporting misconduct and the difference between administrative and criminal investigations. The instruction ends with a question-and-answer period in which new employees are encouraged to communicate any issues they feel are important. OIG has received positive feedback from both NRC management and new employees on the valuable information provided at these orientation sessions. NRC OIG Receives PCIE Awards of ExcellenceThe President’s Council on Integrity and Efficiency (PCIE) and the Executive Council on Integrity and Efficiency (ECIE) recognized two OIG multidisciplinary teams in 2003 by awarding them the prestigious Award for Excellence. The first team to be acknowledged was the Nuclear Material Audit Team, which consisted of members Russell Irish, Audit Team Leader; Catherine Colleli, Senior Management Analyst; and Debra Lipkey, Senior Management Analyst. This team was cited for its exceptional performance in identifying weaknesses in and recommending improvements for NRC’s activities to control and account for special nuclear material. By conducting this review, the audit team found a vulnerability in the Nation’s infrastructure protection scheme. The overall process of getting this audit report to the final stage was an exemplary display of perseverance, possible only due to the quality of the work performed and documents developed to support the report. This effort resulted in a final message that will have a significant impact on how the United States oversees the material control and accounting of special nuclear materials and thereby positively address critical infrastructure requirements. The second team to be acknowledged by the PCIE/ECIE was the Davis-Besse Nuclear Power Station Review Team, which consisted of members George Mulley, Senior Level Assistant for Investigative Operations; Rossana Raspa, Investigative Team Leader; Joseph Bodensteiner, Senior Special Agent; Judy Gordon, Senior Management Analyst; and Linda Mike, Administrative Secretary. This team was cited for its exceptional dedication, professionalism, and teamwork in investigating and reporting concerns about NRC’s regulation of the Davis-Besse Nuclear Power Station (Davis-Besse). This team demonstrated a collaborative effort in successfully exploring the NRC’s decision to not issue a shutdown order to Davis-Besse to permit this power plant to operate 6 weeks beyond a deadline proposed by NRC. This investigative work generated numerous results including media attention, information cited in local and State newspapers, and a Congressional hearing before the U.S. Senate.
AppendicesAudit Listings
Contract Audit Reports
AUDIT RESOLUTION ACTIVITIESTable I
1Questioned costs are costs that are questioned by the OIG because of an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the audit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable. 2The General Services Administration (GSA) is responsible for the management decision on these questioned and unsupported costs. GSA has advised that the decision will be made sometime in early 2006. Table II
3A “recommendation that funds be put to better use” is a recommendation by the OIG that funds could be used more efficiently if NRC management took actions to implement and complete the recommendation, including: reductions in outlays; deobligation of funds from programs or operations; withdrawal of interest subsidy costs on loans or loan guarantees, insurance, or bonds; costs not incurred by implementing recommended improvements related to the operations of the NRC, a contractor, or a grantee; avoidance of unnecessary expenditures noted in preaward reviews of contract or grant agreements; or any other savings which are specifically identified. Table III
Abbreviations
Reporting Requirements IndexThe Inspector General Act of 1978, as amended (1988), specifies reporting requirements for semiannual reports. This index cross-references those requirements to the applicable pages where they are fulfilled in this report.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Privacy Policy |
Site Disclaimer |
Total:
161