| |
Search Options | |||
| Index | Site Map | FAQ | Facility Info | Reading Rm | New | Help | Glossary | Contact Us | |
|||
Office of the Inspector General Semiannual Report to Congress (NUREG-1415, Vol. 19, No. 1)ContentsDownload complete document The following links on this page are to documents in Adobe Portable Document Format (PDF). See our Plugins, Viewers, and Other Tools page for more information. For successful viewing of PDF documents on our site please be sure to use the latest version of Adobe.Table of Contents
Publication InformationManuscript Completed: October 2006 Office of the Inspector General A Message from the Inspector General
Our work reflects the legislative mandate of the Inspector General Act to identify fraud, waste, and abuse and to recommend appropriate corrective actions. The audits and investigations highlighted in this report demonstrate our commitment to improving the NRC’s programs and operations and protecting their integrity. During this reporting period, we continued to assist NRC management in addressing many challenges associated with refining the efficiency and effectiveness of programs designed to implement the agency’s regulatory mission. Before summarizing our recent activities, I would like to acknowledge the professionalism, competence, and diligent work of the auditors, investigators, and support staff who daily champion our mission to ensure integrity and efficiency within the NRC and its programs. Just recently, my staff was recognized by the President’s Council on Integrity and Efficiency for outstanding performance in audit and investigation. The Award for Excellence in Audit was received for exceptional performance in auditing the NRC’s ability to control and account for radioactive materials. The Award for Excellence in Investigation was received for exceptional performance in investigating and reporting NRC’s handling of preemption matters. I commend these talented men and women for their hard work and dedication to the mission of this office. During this reporting period, our office completed 15 performance reports on NRC’s programs and operations making recommendations to NRC for program improvement, and analyzed 20 contract audit reports. Additionally, OIG initiated 26 investigations and closed 69 cases, which resulted in $87,658 in recoveries. A total of 7 cases were referred to the Department of Justice and 39 were forwarded to NRC management for action during this reporting period. Finally, I would like to express my appreciation for the collaborative work between my staff and agency managers to address OIG findings and implement the recommendations made by my office. I look forward to continuing this work as we strive to accomplish our common goal of ensuring the effectiveness, efficiency, and integrity of NRC programs and operations. Hubert T. Bell
HighlightsThe following two sections highlight selected audits and investigations completed during this reporting period. More detailed summaries appear in subsequent sections of this report. Audits
Investigations
OIG Organization and ActivitiesNRC's MissionThe U.S. Nuclear Regulatory Commission (NRC) was formed in 1975 to regulate the various commercial and institutional uses of nuclear materials by the Energy Reorganization Act of 1974. The agency succeeded the Atomic Energy Commission, which previously had responsibility for both developing and regulating nuclear activities. NRC’s mission is to regulate the Nation’s civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. NRC’s regulatory mission covers three main areas:
Under its responsibility to protect public health and safety, NRC has three principal regulatory functions: (1) establish standards and regulations, (2) issue licenses for nuclear facilities and users of nuclear materials, and (3) inspect facilities and users of nuclear materials to ensure compliance with the requirements. These regulatory functions relate to both nuclear power plants and other uses of nuclear materials – like nuclear medicine programs at hospitals, academic activities at educational institutions, research work, and such industrial applications as gauges and testing equipment. NRC places a high priority on keeping the public informed of its work. The agency maintains a current Web site and a public document room in Rockville, Maryland (NRC headquarters), and holds public hearings, public meetings in local areas and at NRC offices, and discussions with individuals and organizations. OIG Mission and Strategies
In the 1970s, Government scandals, oil shortages, and stories of corruption covered by newspapers, television, and radio stations took a toll on the American public’s faith in its Government. The U.S. Congress knew it had to take action to restore the public’s trust. It had to increase oversight of Federal programs and operations. It had to create a mechanism to evaluate the effectiveness of Government programs. And, it had to provide an independent voice for economy, efficiency and effectiveness within the Federal Government that would earn and maintain the trust of the American people. In response, President Jimmy Carter in 1978 signed into law the landmark legislation known as the Inspector General Act (IG Act). The IG Act created independent Inspectors General (IGs), who would protect the integrity of Government; improve program efficiency and effectiveness; prevent and detect fraud, waste and abuse in Federal agencies; and keep agency heads, Congress, and the American people fully and currently informed of the findings of the IGs’ work. Almost 30 years later, the IG concept is a proven success. The IGs continue to deliver significant benefits to our Nation. Thanks to IG audits and inspections, billions of dollars have been returned to the Federal Government or have been better spent based on recommendations identified through those audits and inspections. IG investigations have also contributed to the prosecution of thousands of wrongdoers. In addition, the IG concept of good governance, accountability, and monetary recoveries encourages foreign governments to seek our advice, with the goal of replicating the basic IG principles in their own governments. NRC’s OIG was established as a statutory entity on April 15, 1989, in accordance with the 1988 amendment to the IG Act. NRC OIG’s mission is to (1) independently and objectively conduct and supervise audits and investigations relating to NRC programs and operations; (2) prevent and detect fraud, waste, and abuse; and (3) promote economy, efficiency, and effectiveness in NRC programs and operations. OIG is committed to ensuring the integrity of NRC programs and operations. Developing an effective planning strategy is a critical aspect of accomplishing this commitment. Such planning ensures that audit and investigative resources are used effectively. To that end, OIG developed a Strategic Plan that includes the major challenges and critical risk areas facing NRC. The plan identifies the priorities of OIG and establishes a shared set of expectations regarding the goals OIG expects to achieve and the strategies that will be employed to do so. OIG’s Strategic Plan features three goals which generally align with NRC’s mission and goals:
The OIG Audit Program covers the management and financial operations, economy and efficiency with which an organization, program, or function is managed, and program results achieved. For this program, auditors assess the degree to which an organization complies with laws, regulations, and the internal policies in carrying out programs, and they test program effectiveness as well as the accuracy and reliability of financial statements. The overall objective of an audit is to identify ways to enhance agency operations and promote greater economy and efficiency. Audits comprise four phases:
Each September, OIG issues an Annual Plan that summarizes the audits planned for the coming year. Unanticipated high priority issues may arise that generate audits not listed in the Annual Plan. OIG audit staff continually monitor specific issue areas to strengthen OIG’s internal coordination and overall planning process. Under the OIG Issue Area Monitor (IAM) program, staff designated as IAMs are assigned responsibility for keeping abreast of major agency programs and activities. The broad IAM areas address nuclear reactors, nuclear materials, nuclear waste, international programs, security, information management, and financial management and administrative programs. OIG’s responsibility for detecting and preventing fraud, waste, and abuse within NRC includes investigating possible violations of criminal statutes relating to NRC programs and activities, investigating misconduct by NRC employees, interfacing with the Department of Justice on OIG-related criminal matters, and coordinating investigations and other OIG initiatives with Federal, State, and local investigative agencies and other OIGs. Investigations may be initiated as a result of allegations or referrals from private citizens; licensee employees; NRC employees; Congress; other Federal, State, and local law enforcement agencies; OIG audits; the OIG Hotline; and IG initiatives directed at areas bearing a high potential for fraud, waste, and abuse. Because NRC’s mission is to protect the health and safety of the public, one of the Investigation unit’s main focus and use of resources is investigations of alleged NRC staff misconduct that could adversely impact the agency’s handling of matters related to health and safety. These investigations typically include allegations of:
OIG has also implemented a series of proactive initiatives designed to identify specific high-risk areas that are most vulnerable to fraud, waste, and abuse. A primary focus is electronic-related fraud in the business environment. OIG is committed to improving the security of this constantly changing electronic business environment by investigating unauthorized intrusions and computer-related fraud, and by conducting computer forensic examinations. Other proactive initiatives focus on determining instances of procurement fraud, theft of property, Government credit card abuse, and fraud in Federal programs.
OIG General Counsel ActivitiesPursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), OIG reviews existing and proposed legislation, regulations, and implementing Management Directives (MD) and policy issues and makes recommendations concerning their impact on the economy and efficiency of programs and operations administered OIG conducts its regulatory review program by examining agency documents reflecting proposed regulatory, statutory, and policy actions and measures them against standards evaluating the potential for fraud, efficiency, and effectiveness. The review also encompasses issues raised in OIG investigations, audits, and prior regulatory review commentaries. In addition, OIG commentaries are used to address issues related to preserving the independence and integrity of OIG under its statutory precept. These objectives are met through formal memoranda as well as meetings and discussions. In order to more effectively track the agency’s response to regulatory review comments, OIG requests written replies within 90 days, with either a substantive reply or status of issues raised by OIG. From April 1, 2006, through September 30, 2006, OIG reviewed more than 300 agency documents, including approximately 140 Commission Papers (SECYs), Staff Requirements Memoranda, and 160 Federal Register Notices, Management Directive (MD) 6.8, Lessons-Learned Program, addresses a vital and necessary program and as a result, guidance provided must be useable and comprehensive. OIG remarks focused on the organizational structure and the individual roles within the program and the adequacy of the directive in describing the details of the organization. OIG suggested moving segments of the directive so as to present a more logical and understandable guide. Further, the agency was reminded that root cause analysis should not be limited to lessons learned, but considered in all agency program issues. Closely coordinating with the agency action officer, OIG worked to obtain substantial background information to provide the most effective comments for draft MD 11.7, NRC Procedures for Placement and Monitoring of Work with the U.S. Department of Energy. Formal comments on the draft directive identified potentially ambiguous descriptions needing clarification and items requiring definition. Also, the requirement to notify the OIG in cases of suspected In addition, for the first time, draft Office of the Executive Director for Operations (OEDO) Procedures were reviewed. The prior OEDO Procedures were changed in 2005, consolidating and replacing previous procedure and guidance documents issued by the OEDO. The stated purpose of the new process is to define and improve predictability, quality, timeliness, and transparency of OEDO activities and functions. Two OEDO Procedures were reviewed: Comments on Draft Procedure - 0220, Coordination with the Institute of Nuclear Power Operations (INPO). OIG comments suggested expansion of the title for the Section, which addresses NRC use of INPO documents, to alert the reader as to the broader implications of the direction beyond mere use of the documents; and Draft OEDO Procedure - 0280, Audit Followup Process, which is directly related to the mission and function of the OIG. OIG comments on this document provided specific guidance targeted to relieve systemic issues related to the timeliness of agency oversight of corrective action. To assist the agency in avoiding delays, in many instances, of up to 10 years for assessing responsive action, the OIG suggested that the agency select recommendations and corrective actions on a sampling basis. Then if corrective action were not evident, interim actions could be evaluated for effectiveness. In addition, the draft procedure proposed excluding financial statements and Other OIG commentaries focused on security-related matters. For the draft agency Continuity of Operations Plan and Annexes, OIG provided organizational advice and suggestions as to additional sources of intelligence databases. Observations regarding prerequisite qualifications for personnel and physical plants were documented. Other technical security and staffing issues were discussed along with drafting clarifications. The other significant security-related document, draft MD 12.7, NRC Safeguards Information Security Program, was generally well constructed and comprehensive. OIG comments were limited to identifying inconsistencies with other directives and a correction related to the jurisdiction of the NRC Inspector General. In addition, suggestions were provided as to expanding guidance via definitions or links. Other ActivitiesNRC OIG Receives PCIE Awards for Excellence
The President’s Council on Integrity and Efficiency (PCIE) and the Executive Council on Integrity and Efficiency (ECIE) recognized an OIG audit team and an OIG special agent in 2006 by awarding them the prestigious Award for Excellence. The audit team was recognized for exceptional performance in recommending actions to improve NRC activities to control and account for radioactive materials. The team consisted of Cheryl Miotla, Audit Manager; Michael Cash, Technical Advisor; and Robert Wild, Senior Management Analyst. NRC programs are intended to provide effective oversight of nuclear materials used for academic, industrial, or medical uses. However, these same materials could lead to malicious use in a radiological dispersal device (RDD), also known as a dirty bomb, which is a conventional explosive that incorporates radioactive material and releases it on detonation for the major purpose of creating terror and disruption, not to cause death by radiation. In July 2002, the Department of Energy (DOE) and NRC established an Interagency Working Group on RDDs to cooperate on areas where the control of radioactive material could be achieved. One area that the group examined was options for establishing a national source tracking system because NRC’s regulations do not require licensees to report radioactive material inventories to the NRC. The DOE/NRC Working Group recommended that NRC develop a tracking system to better understand and monitor the location and movement of certain radioactive sources. The OIG audit team’s work on NRC’s proposed National Source Tracking System and radioactive material licensing process disclosed that the proposed tracking system may not be adequate because options to track certain materials were not considered. Specifically, the agency has no reasonable estimate of the amount or type of materials that would not be captured in the new system. Further, that NRC’s materials licensing process has previously undisclosed vulnerabilities in that the agency had only assessed licensee vulnerabilities and did not examine vulnerabilities posed by terrorists. For example, rather than stealing radioactive materials from a licensee, someone could use counterfeit NRC documents authorizing them to receive, acquire, possess, and transfer radioactive materials. Addressing these vulnerabilities is one of the keys to keeping potential dirty bomb (radioactive) materials from the hands of terrorists. The audit team’s work contributed significantly to improving the public health, safety, and security of the American people.
Special Agent (SA) Malion Bartley was recognized by the PCIE/ECIE for his exceptional dedication, professionalism, and accomplishment in investigating and reporting agency shortcomings in the NRC’s handling of preemption matters. During 2005, SA Bartley conducted an investigation which addressed the lack of action by the the NRC to prevent a number of individual States from regulating nuclear power in areas preempted by Congress to the Federal Government. The Atomic Energy Act mandates that the regulation of byproduct, source, or special nuclear material is the exclusive jurisdiction of the NRC. Congress authorized the Commission to establish programs for cooperation between the NRC and the States with respect to control of radiation hazards associated with the use of certain radioactive materials used in activities such as medicine and construction; however, Congress drew a line between the types of activities deemed appropriate for regulation by individual States and those activities where NRC regulation is required. States are not allowed to regulate the more hazardous activities involving nuclear power reactors. OIG learned that since 1992, NRC has allowed the State of Minnesota to enforce annual radiation dose release limits for dry cask storage at a nuclear power plant in the State. Further, the States of Connecticut, Maine, Massachusetts, and New Jersey had also established more stringent radiological dose standards at nuclear power plants than those set by NRC. SA Bartley examined the appropriateness of the NRC allowing States to regulate nuclear power in areas preempted by Congress to the Federal Government by not taking proactive steps to address known encroachments by various States. He studied the legislative history of the Atomic Energy Act which showed that the intent of the Act was to remove any room for the exercise of dual or concurrent jurisdiction by States to regulate nuclear power plant activities. He interviewed a number of stakeholders involved in the State of Minnesota matter, including officials from the State of Minnesota, the Deputy General Counsel of a major nuclear power plant utility, attorneys representing the nuclear industry, and officials with the Nuclear Energy Institute. He also interviewed senior NRC managers regarding actions by the State of Minnesota as well as other States who had improperly set radiological dose standards. SA Bartley learned that those affected by actions by the State of Minnesota disagreed with the NRC’s policy for handling preemption matters which essentially resulted in a “fend for yourself approach” by NRC nuclear power plant licensees. Congress intended that regulation of a licensee be exercised by either the NRC Commission or State, but not by both. This Congressional intent was echoed by all parties interviewed by SA Bartley, including stakeholders and most NRC staff. SA Bartley found that the NRC was aware that the States of Minnesota, Connecticut, Maine, Massachusetts, and New Jersey were potentially regulating in areas reserved for the NRC, and he determined that it has been a long standing practice of the NRC to not become involved in preemption matters. As a result of this investigation, the Inspector General recommended that the NRC Commission review past NRC practices regarding preemption issues and direct agency staff to develop a written policy for Commission approval concerning future actions by the NRC in the area of State regulation of nuclear power plants. In response, the Commission endorsed the OIG recommendations. New Assistant Inspector General for Investigations
On September 17, 2006, Joseph A. McMillan, became the new Assistant Inspector General for Investigations in the NRC/OIG. Mr. McMillan most recently served as the Special Agent in Charge of the Mid-Atlantic Field Office, at the Defense Criminal Investigative Service (DCIS), the law enforcement arm of the Department of Defense, Office of Inspector General. In this position, he was responsible for managing all DCIS operations throughout the Washington, D.C. Metropolitan area, Maryland, Virginia, Europe, the Middle East, and Southwest Asia. In addition, during his 18-year career with DCIS, Mr. McMillan held a variety of progressively responsible field and headquarters managerial assignments to include the Assistant Special Agent in Charge of the Philadelphia Field Office, the Program Manager for the DCIS Inspection Program, and the Deputy Director for Technical Services. A Pennsylvania native, Mr. McMillan retired from the U.S. Air Force after serving 23 years of active duty and reserve time. Mr. McMillan holds a Bachelor of Science degree in Criminal Justice from Wilmington College, a Master of Arts degree in Criminal Justice, with a concentration in Crime in Commerce, from The George Washington University and is currently enrolled in the Joint Military Intelligence College’s Master of Science of Strategic Intelligence program.
AuditsTo help the agency improve its effectiveness and efficiency during this period, OIG completed 15 performance audits or evaluations that resulted in numerous recommendations to NRC management. OIG also analyzed 20 contract audit reports. Audit SummariesAudit of NRC’s Oversight of Agreement States’ Licensing Actions OIG Strategic Goal: Safety In accordance with the Atomic Energy Act of 1954, as amended (AEA), the NRC relinquishes its authority to regulate certain byproduct material to 34 States. These Agreement States are responsible for administering approximately 17,300 materials licenses. The AEA also mandates that NRC periodically review agreements and actions taken by Agreement States to ensure compliance with provisions of the Act. NRC established the Integrated Materials Performance Evaluation Program as the mechanism for overseeing Agreement State programs. OIG performed this audit to evaluate NRC’s oversight of Agreement State licensing actions. Audit Results. NRC uses a judgmental sampling method to rate the overall technical quality of an Agreement State’s licensing actions. However, while NRC should only apply the conclusions drawn from the sample to those license actions selected, NRC projects the results to the overall licensing program. To project sample results to the entire program and to measure the confidence in those results requires statistical sampling. Because NRC uses judgmental sampling, NRC cannot measure the level of confidence in conclusions about the adequacy of an Agreement State licensing actions to protect public health and safety. Furthermore, without confidence in ratings about a State’s licensing program, NRC cannot attest to the confidence level in overall program ratings on the adequacy of an Agreement State program. (Addresses Management Challenge #1) Audit of NMSS’ Procedures for Processing Inspection Guidance OIG Strategic Goal: Safety Through the Office of Nuclear Materials Safety and Safeguards (NMSS), NRC regulates the uses of nuclear materials in medical, industrial, and academic settings; facilities that produce nuclear fuel; and the transportation, storage, and disposal of nuclear materials and waste. The agency ensures safety in these areas by using a combination of regulatory requirements including inspection, assessment of performance, and enforcement. NRC obtains objective information through its inspection program that permits the agency to assess whether its licensees are operating safely in accordance with NRC regulations. NRC’s inspection manual is a compilation of documents that defines the policies, procedures, and programs for conducting these inspections. OIG conducted this audit to determine whether NMSS has assurance that its inspection guidance is effectively and efficiently published and implemented. Audit Results. While NMSS has policy and procedures for processing inspection guidance, it lacks the management controls to ensure that new or revised inspection guidance under its purview is published and implemented. Because NMSS’ procedures are incomplete and dependent on informal understandings, NMSS is dependent on people and not a process. As a result, managers and inspectors risk using outdated or incorrect inspection guidance and not carrying out inspections as expected. In one instance, a revised inspection manual chapter had been misplaced for over a year and a half, with resulting confusion over who actually had responsibility for the document or what was being done to it. Furthermore, all inspectors were not using the same version of this inspection manual chapter. (Addresses Management Challenge #1) Evaluation of Personal Privacy Information Found on NRC Network Drives OIG Strategic Goal: Security The Federal Privacy Act of 1974, as amended, establishes safeguards for the protection of records the Federal Government collects, maintains, uses, and disseminates on individuals. It balances the government’s need to maintain information about individuals with the rights of individuals to be protected against invasions of their privacy. The Privacy Act applies when information is retrieved by personal identifier from agency records (e.g., paper records, electronic records, and microfiche) that contain information about individuals. A personal identifier can be a number assigned to an individual or the individual’s Social Security number. This report was issued as the result of information developed during the Fiscal Year (FY) 2006 Federal Information Security Management Act (FISMA) evaluation of the NRC’s information security program. Evaluation Results. OIG’s contractor found Privacy Act information, including Social Security numbers and dates of birth, on NRC network drives that can be accessed by all agency network users, including those who do not have a need for this information. Privacy Act information was found on the NRC network drives because (1) NRC employees are not following existing guidance for protecting personal privacy information, and (2) NRC lacks procedures for monitoring NRC network drives for sensitive data. As a result, NRC employees could be at risk for identity fraud, and employees who placed the Privacy Act information on the NRC network drives may be subject to criminal penalties and fines. (Addresses Management Challenge #2) Computer Security Audits of the Regions and the Technical Training Center OIG Strategic Goal: Security NRC depends heavily on information system security measures to avoid data tampering, fraud, inappropriate access to and disclosure of sensitive information, and disruptions in critical operations. NRC has four regional offices that constitute the agency’s front line in carrying out its mission and implementing established agency policies and programs nationwide. NRC also has in place the Technical Training Center (TTC) in Chattanooga, Tennessee to provide training for NRC headquarters and regional staff in various technical disciplines associated with the regulation of nuclear materials and facilities. OIG performed these audits to evaluate (1) the adequacy of NRC’s information security programs and practices in the NRC regions and the TTC, (2) the effectiveness of the regions’ and TTC’s security control techniques, and (3) the progress towards resolving information security program weaknesses identified during the FY 2003 computer security audits of the regions and TTC. Audit Results. While many of the regions’ and TTC’s automated and manual security controls are generally effective, some security controls need improvement. Specifically, the regions’ and TTC’s information security programs and practices are not always consistent with the NRC’s Automated Information Systems security program as defined in Management Directive 12.5, NRC Automated Information Security Program, FISMA, Office of Management and Budget (OMB), and National Institute of Standards and Technology (NIST) guidance. (Addresses Management Challenge #2) Audit of NRC’s Implementation of Homeland Security Presidential Directive – 12 OIG Strategic Goal: Security Homeland Security Presidential Directive-12 (HSPD-12), issued on August 27, 2004, ordered the establishment of a mandatory Government-wide standard for secure and reliable forms of identification for employees and contractors. In February 2005, NIST issued the requirements for a common identification standard for Federal employees and contractors and revised them in March 2006. The requirements consist of two parts. The first, referred to as PIV-I, sets out uniform requirements for identity proofing (i.e., verifying the identity of individuals applying for official agency badges) as well as issuing badges, maintaining related information, and protecting the privacy of applicants. The second part, known as PIV-II, provides detailed specifications that will support technical interoperability (the ability of two or more systems or components to exchange information and to use the information exchanged) among the different Government department and agency personal identity verification systems. OIG performed this audit to determine whether the NRC is positioned to meet HSPD-12 requirements. Audit Results. NRC implemented a PIV-I process within the timeframe required by OMB. However, staff do not always follow certain PIV-I requirements contained in NIST guidance or in NRC’s accredited PIV-I implementation plan. These problems occurred because (1) there is no quality assurance measure to assure that require steps are met prior to badge issuance, (2) some personnel with roles in the process do not understand their responsibilities, and (3) the badge photograph process is not carried out in accordance with the accredited plan. As a result, NRC (1) lacks assurance that the PIV-I process is consistently followed and (2) does not achieve the HSPD-12 separation-of-duty requirement. Audit of NRC’s Baseline Security and Safeguards Inspection Program OIG Strategic Goal: Security
The NRC’s Operating Reactor Security Assessment Program addresses the Reactor Oversight Process’s physical protection cornerstone. The program evaluates the performance of operating commercial nuclear power reactor licensees in implementing their security programs and communicating the results to licensee managers, NRC managers, and other stakeholders. A primary feature of the security assessment program is the baseline security and safeguards inspection program, which evaluates security in such areas as training, equipment performance, fitness-for-duty, and security planning. OIG performed this audit to assess the effectiveness of the baseline security and safeguards inspection program by examining the program’s resources, training and qualification requirements, and the consistency of program implementation. Audit Results. A revised baseline security and safeguards inspection program is proceeding with its first year of full regional implementation. OIG found that resource levels established for this program appear to be sufficient, as regions have been able to complete the program requirements even while the program is more rigorous. However, improvements are needed in (1) the security training program, (2) the subjective approaches used by NRC inspectors in determining the depth and scope of review needed to assess plant security program elements, and (3) the completeness of the historical information on security-related findings provided to the Security Findings Review Panel. (Addresses Management Challenge #1) Audit of NRC’s Process for Releasing Commission Decision Documents OIG Strategic Goal: Corporate Management OIG became aware of a November 2004 staff issue paper to the Commission, commonly known as a SECY Paper, which proposed a new NRC policy for assessing the effectiveness of security measures of material licensees. In the subject SECY Paper, staff expressly requested a “Commission policy decision” before proceeding further on a framework for future agency actions. In a subsequent Staff Requirements Memorandum (SRM), the Commission approved the staff’s proposal and the mechanism for implementing the new policy. The Freedom of Information Act (FOIA) requires agencies, including the NRC, to make information available to the general public by request or through automatic disclosure. Although it seemed appropriate to inform the public of a proposed new policy, OIG determined that NRC did not inform the public or solicit its comments. Therefore, OIG initiated an audit to examine NRC’s process for making certain Commission decision documents, specifically SECY Papers and SRMs, available for public review and/or comment. The overall purpose was to assess the agency’s process for evaluating SECY Papers and SRMs for public release pursuant to relevant legal and regulatory requirements. Audit Results. NRC has a process for handling FOIA requests. However, the agency lacks the internal controls needed to ensure compliance with the FOIA automatic disclosure requirements. Specifically, NRC lacks a systematic process to identify if SECY Papers and SRMs should be released to the public pursuant to FOIA automatic disclosure requirements. This is because (1) NRC does not consider these documents to convey policy or other FOIA automatic disclosure-type material, and (2) no agency organization is specifically assigned process ownership of FOIA automatic disclosure responsibilities. Absent adequate controls for a systematic review process, the agency may inappropriately withhold decisionmaking documents that meet the threshold for public disclosure. The lack of a rigorous review process jeopardizes NRC’s compliance with FOIA automatic disclosure requirements and hampers the agency’s ability to fully achieve its strategic goal of regulatory openness, thereby undermining public confidence in the agency. (Addresses Management Challenge #7) Evaluation of NRC’s Information Security Practices OIG Strategic Goal: Security The Federal Information Security Management Act (FISMA) outlines the information security management requirements for agencies, including the requirement for an annual review and annual independent assessment by agency Inspectors General. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security. The objectives of this evaluation were to evaluate (1) the adequacy of NRC’s information security programs and practices for NRC major applications and general support systems of record for FY 2006, (2) the effectiveness of agency information security control techniques, and (3) the implementation of the NRC’s corrective action plan created as a result of the 2005 FISMA program review. Audit Results. While the agency has made some improvements since the FY 2005 FISMA independent evaluation, the agency has two significant deficiencies:
In addition, the evaluation also identified eight information system security program weaknesses. The details of these deficiencies and weakness are not presented here because they contain security related information. (Addresses Management Challenge #2) Evaluation of NRC’s Use of Probabilistic Risk Assessment (PRA) in Regulating the Commercial Nuclear Power Industry OIG Strategic Goal: Safety NRC’s PRA policy statement reflects a commitment to increasing the use of PRA technology in all regulatory matters to the extent supported by the state of the art in PRA methods and data, and in a manner that complements the NRC’s deterministic approach and supports NRC’s traditional defense-in-depth philosophy. Unlike deterministic analysis that is based on applying experience, testing programs and expert judgment, PRA develops a quantitative estimate of risk by evaluating the frequency of initiating events, the conditional probability of the unavailability and the unreliability of systems, structures and components (SSCs) available to mitigate an initiating event, and the reliability of human interaction with SSCs. In addition, PRA extends the deterministic approach by examining multiple failures and unavailability of SSCs. Typically, the results of a PRA are presented as core damage frequency and large early release frequency, the contributors to these estimated results, and the corresponding uncertainties in the estimated results. The objectives of this evaluation were to:
This evaluation addressed only the NRC’s regulation of operating commercial power plants. Audit Results. Although NRC is employing prevailing good practices in the areas evaluated in this report, the agency lacks formal, documented processes and associated configuration control for its PRA models and software. Specifically:
As a result, NRC staff may not come to the correct conclusions regarding the safety of commercial nuclear power plants. (Addresses Management Challenge #3)
Audits in ProgressAudit of NRC’s Regulation of Nuclear Fuel Cycle Facilities OIG Strategic Goal: Safety NRC licenses, certifies, and inspects commercial facilities that convert uranium ore into fuel used in nuclear power plants. These facilities include gaseous diffusion plants, highly enriched uranium fuel fabrication facilities, low enriched uranium fuel fabrication facilities, and one uranium hexafluoride production facility. Each facility possesses large quantities of materials that could pose a significant threat to the public and the environment. The agency’s regulation of nuclear fuel cycle facilities seeks to ensure that licensees adequately protect public health and safety, worker safety, and the environment, and promote the common defense and security when source or special nuclear material is used during the nuclear fuel production cycle. OIG has not previously evaluated this program, which has been undergoing change in recent years to make it more risk-informed and performance-based. The objective of this audit is to determine whether NRC’s regulation of nuclear fuel cycle facilities is effective and efficient. (Addresses Management Challenge #3) Audit of the Nuclear Power Plant License Renewal Program OIG Strategic Goal: Safety
The Atomic Energy Act provides for a license period of 40 years for commercial nuclear power plants, but includes provisions for extending the license beyond this initial period. This original 40-year term for reactor licenses was based on economic and antitrust considerations—not on limitations of nuclear technology. Due to this selected time period, however, some structures and components may have been engineered on the basis of an expected 40-year service life. The maximum renewal period of licenses is for an additional 20 years. The first operating license will expire in 2006; approximately 10 percent will expire by the end of 2010 and more than 40 percent will expire by 2015. At this time, there are approximately 14 completed license renewal applications, 8 applications under review, and 23 letters of intent to seek license renewal. The agency has accumulated experience with the license renewal process, and the expectation is that a large number of applications will be reviewed over the next decade. The reactors currently in operation are the first generation of power reactors. Operation of these plants beyond 40 years and upwards to 60 years introduces the potential that new aging phenomena could be observed in the next two decades. The objective of this audit is to determine the effectiveness of license renewal reviews using standards existing in various agency documents and regulations. OIG will also review scheduling and resource management. (Addresses Management Challenges #1 and 3) Summary Report and Perspectives on Byproduct Material Security and Control OIG Strategic Goal: Safety In February 2005, OIG began an audit to determine if NRC’s oversight of byproduct material provides reasonable assurance that licensees are using the material safely and can account for and control the material. During 2006, OIG issued three reports related to material tracking and licensing. Also during this timeframe, the Government Accountability Office (GAO) conducted an investigation to ascertain whether radioactive sources could be smuggled across U.S. borders. The GAO work culminated in a March 2006 congressional hearing to discuss the results of the investigation. Through this report, OIG will combine the findings of the previous OIG audit reports and GAO’s investigation in order to provide a more complete perspective of NRC’s approach to byproduct material security and control. The specific objective for this report is to discuss whether NRC has adequately transformed its mission to provide for the security of byproduct material in the post-September 11 era in accordance with the expectations of lawmakers and the American people. (Addresses Management Challenge #1) Audit of Non-Capitalized Property OIG Strategic Goal: Corporate Management During FY 2001, OIG evaluated policies governing the accountability and control of NRC’s non-capitalized Information Technology (IT) property. The review found that property management policies for this equipment adhered to applicable laws and regulations; however, management controls to implement these policies were inadequate or lacking. In addition, the NRC’s Property and Supply System, an online interactive computer system that functions as the official database for the agency’s property transactions, contained inaccurate information. During FYs 2004 and 2005, NRC developed the Space and Property Management System (SPMS), a new property and supply system designed to replace the old system. SPMS became operational on December 13, 2004, and final acceptance of the system by the Office of Administration took place in June 2005. NRC policy requires the effective and efficient management of property including sufficient controls to deter or prevent loss through fraud, waste, or misuse. This policy not only applies to property in the agency’s possession, but also to property physically maintained by NRC’s contractors. As of July 30, 2005, SPMS accounted for approximately 17,680 pieces of non-capitalized property with an acquisition cost of approximately $30.4 million. This included 1,343 laptops and 643 personal digital assistants with an acquisition value of approximately $3.6 million. The objective of this audit is to determine whether NRC has established and implemented an effective system of management controls for maintaining accountability and control of non-capitalized property. (Addresses Management Challenge #6) Audit of NRC’s FY 2006 Financial Statements OIG Strategic Goal: Corporate Management Under the Chief Financial Officers Act and the Government Management and Reform Act, OIG is required to annually audit NRC’s financial statements. OIG is auditing NRC’s financial statements in accordance with applicable auditing standards. The audit will express an opinion on the agency’s financial statements, evaluate internal controls, review compliance with applicable laws and regulations, review the performance measures included in the financial statements for compliance with OMB guidance, and review the controls in the NRC’s computer systems that are significant to the financial statements. In addition, OIG will be measuring the agency’s improvements by assessing corrective action taken on prior years’ audit findings. (Addresses Management Challenge #6) Audit of NRC’s Technical Training Center OIG Strategic Goal: Corporate Management The NRC’s Office of Human Resources manages training programs conducted at the Technical Training Center (TTC) in Chattanooga, Tennessee. TTC, with a budget of $3.6 million and 27 FTE, conducts training programs related to the regulation of nuclear materials and facilities including: nuclear power plant technology, radiation protection, risk assessment, and regulatory skills. Agreement State students, in addition to agency employees, attend courses at TTC. Evaluation of NRC’s Most Serious Management and Performance Challenges OIG Strategic Goal: Corporate Management In January 2000, Congress enacted the Reports Consolidation Act of 2000 (the Act) which requires Federal agencies to provide an annual report that would consolidate financial and performance management information in a more meaningful and useful format for Congress, the President, and the public. Included in the Act is a requirement that, on an annual basis, Inspectors General summarize the most serious management and performance challenges facing their agencies. Additionally, the Act provides that IGs assess their respective agency’s effort to address the challenges, compare and contrast the new challenges listing with previous listings, and identify programs that have had questionable success in achieving results. This evaluation is assessing the agency’s efforts to address the management and performance challenges, and identifying any related agency programs that have had questionable success in achieving results. (Addresses All Management Challenges)
Audit of NRC’s Badge Access Program OIG Strategic Goal: Security The photo-identification/key card badge is an integral part of NRC’s physical security program. In addition to containing personal identification information, the badge is a programmable key card for controlling building/area access at headquarters, each of the regional offices, and the TTC. All badge manufacturing is done at headquarters, and specific access rights are assigned to each badge via headquarters, regional, and TTC access control systems. Based on the level of rights assigned, employees and contractors place their key cards against card readers to gain entry to various parts of the buildings and, in some cases, during specific times of day. NRC currently uses barium ferrite cards and readers. The objectives of this audit is to determine if the card access system meets its required operational capabilities and provides for the security, availability, and integrity of the system data. (Addresses Management Challenge #5) Audit of the Emergency Preparedness Program OIG Strategic Goal: Security Emergency Preparedness (EP) measures are designed to address a wide range of event scenarios. Following the events of September 11, the NRC evaluated the EP planning basis, issued orders requiring compensatory measures for nuclear security and safety, and observed license performance during security-based EP drills and exercises and security force-on-force exercise evaluations. Based on the information obtained through the drills and exercises, the staff determined that the EP basis remains valid but recognized that security events differ from accident-initiated events. The objective of this audit is to assess the effectiveness of the EP program since it has been incorporated into the Office of Nuclear Security and Incident Response. (Addresses Management Challenge #1)
InvestigationsDuring this reporting period, OIG received 134 allegations, initiated 26 investigations and closed 69 cases. In addition, the OIG made 39 referrals to NRC management and 7 to the Department of Justice. Investigative Case SummariesNRC’s Oversight of the Force-on-Force Program OIG Strategic Goal: Security OIG conducted a Special Inquiry in response to concerns raised by the public and Members of Congress about the NRC’s approval of the selection by the nuclear industry of a major security corporation to provide the mock aggressor force during NRC evaluations of the security of nuclear power plants. Specifically, as a result of the September 2001 terrorist attacks, the NRC conducted an evaluation of the security and safeguards programs of nuclear power plants. As part of this effort, NRC identified the need to improve the offensive abilities and effectiveness of the mock adversary force that is used to test power plant security. Subsequently, the staff provided the NRC Commission with five alternatives that outlined various processes for the development and implementation of a credible, well-trained, and consistent mock adversary force for Force-on-Force (FOF) exercises. The Commission voted to approve the staff’s recommendation which called for the NRC staff to establish adversary force standards and guidelines and for the industry to select and train a pool of personnel for a Composite Adversary Force (CAF) that would meet the performance standards established by the NRC. Acting on this decision, the Nuclear Energy Institute, an organization that represents the nuclear industry, selected The Wackenhut Corporation (Wackenhut) as the CAF through a competitive contract process. The selection of Wackenhut, a firm that provided security guard services for approximately 50 percent of the Nation’s nuclear power plants, to also act as an adversary force to test nuclear plant security resulted in concerns of a possible conflict of interest. This OIG Special Inquiry found that the Commission directed the NRC staff to ensure that there would be appropriate management and administrative controls within Wackenhut to provide adequate independence between CAF and nuclear power plant security forces. OIG found that the NRC staff had measures in place to maintain control of the FOF inspection schedule, plan, and process. Also, during FOF exercises, the NRC staff (1) evaluated the licensee’s ability to defend against the adversary threat, (2) monitored and evaluated the performance of the CAF, and (3) made the final determination regarding the FOF test results. (Addresses Management Challenge #1) NRC Staff Handling of Security Concerns at a Nuclear Power Plant OIG Strategic Goal: Security
OIG conducted an investigation involving an allegation that there were pervasive compromises of security at the Shearon Harris Nuclear Power Plant (Shearon Harris), an NRC licensee. Public interest groups reported to OIG that managers of Shearon Harris and the company providing the security guard force for the plant were aware of uncorrected security deficiencies and retaliated against security guards for reporting security concerns. Also alleged was that NRC was negligent in performing its regulatory oversight responsibilities because over the past 6 years, security concerns at Shearon Harris that had been reported to the NRC had not been acted upon. OIG learned that in December 2005, 19 new security concerns were reported to the NRC. The NRC staff conducted an inspection and substantiated seven of the concerns, but the staff found that the seven concerns did not represent a degradation of plant security. Based on their interviews and inspections, the NRC staff was unable to validate nine concerns. Three of the concerns were investigated by the NRC Office of Investigations. In addition, OIG determined that between 1999 and 2005, three concerns regarding security door deficiencies were reported to NRC involving Shearon Harris. OIG found that the NRC staff appropriately addressed these 3 concerns as well as the 19 concerns reported in December 2005. (Addresses Management Challenge #1) NRC Oversight of the Parking Garage Operation OIG Strategic Goal: Corporate Management OIG conducted an investigation of the NRC staff’s management of the NRC parking garage contract based on a number of OIG Hotline complaints concerning individuals parking in the NRC White Flint parking garage complex without paying. An NRC contractor is responsible for managing the daily operations of the NRC White Flint garage. Since 2000, OIG has conducted three investigations involving the management of the NRC parking garage. These previous investigations found that a lack of NRC staff oversight of the parking garage contract allowed the contractor to withhold revenue from the NRC from parking receipts, not follow established parking procedures, and embezzle $11,400 of daily parking fees. In November 2005, to again assess if the NRC staff was effectively managing OIG learned that the NRC contract required the parking garage contractor to collect a parking fee of $60 for monthly permits and to collect a fee of $6 for daily parking permits. OIG canvassed the NRC White Flint garage for 29 days in an effort to check every parked vehicle for either a valid monthly or daily permit. OIG found 619 instances of vehicles parked in the garage without a valid permit. NRC staff and contractor personnel only reported 5 citations during the same 29 days that OIG canvassed the garage. While the contract required the NRC staff and contractor personnel to inspect the garage for vehicles parked without a valid permit, this was not taking place. The lack of NRC oversight and contractor failure to fulfill contract responsibilities allowed an average of 21 people per day to park without paying the daily parking fee. This lack of oversight cost the NRC an estimated $32,760 in parking revenue over a 1-year period. OIG noted that the ineffective monitoring of the parking garage contract also resulted in a failure to optimize the use of limited parking spaces. (Addresses Management Challenge #6) Proactive Review of the Sale of MetroCheks on eBay OIG Strategic Goal: Corporate Management OIG conducted a proactive effort after noting that individuals were offering MetroCheks for sale on the Internet auction website, eBay. MetroCheks are a prepaid fare card for use on transportation resources of the Washington Metropolitan Area Transit Authority, including trains, the subway, buses, and van pools. MetroChek transit subsidies are provided by the employers, including the Federal Government, to eligible employees. The sale, trade, or transfer of these tax-free benefits, paid for by the employing agencies, is prohibited. OIG monitored auctions conducted on eBay during the period of March to June 2006 and noted 70 individuals selling $20,250 worth of MetroCheks. In response to an OIG subpoena, eBay provided information regarding the 10 individuals selling the largest volume of MetroCheks during the review period. (For example, the top seller sold MetroCheks with a face value of $1,360 for approximately $900.) The information provided included details regarding the addresses of computer systems used to contact eBay networks. OIG was able to determine that seven of the individuals were Federal Government employees, and OIG provided the information regarding these individuals to the Offices of the Inspector General at those agencies. No involvement by NRC employees in these prohibited activities was noted during this review. (Addresses Management Challenge #6) Possible Release of Safeguards Information OIG Strategic Goal: Security OIG conducted an investigation into NRC staff’s concerns that a letter authored by a manufacturer of spent nuclear fuel storage containers included NRC safeguards information (SGI). The letter included one paragraph that described the structural integrity of spent nuclear fuel storage containers after impact with an object. The paragraph also included the words “safeguarded information” in parentheses. The author did not have authorized access to NRC safeguards information. OIG determined that all information included in the letter was obtained through open sources in combination with the author’s own calculations. The author is a structural engineer (Ph.D., P.E.), with detailed knowledge of spent nuclear fuel storage systems. OIG also determined that the author obtained knowledge on the NRC’s methodology in calculating damage to spent fuel storage systems by attending public hearings in June 2000, during which NRC staff discussed those specific methodologies. OIG substantiated through a senior NRC engineer in the Spent Fuel Projects Office that the conclusions drawn by the author could have been “very easily ” calculated by a structural engineer with specific knowledge concerning spent nuclear fuel storage systems and knowledge of the methodology used to calculate damage to these systems. Review of NRC Workers’ Compensation Claims OIG Strategic Goal: Corporate Management OIG conducted an investigation into the status of NRC employees who sustained workplace illnesses and injuries and were receiving compensation benefits through the Department of Labor (DOL), Office of Workers’ Compensation Program (OWCP). In a recent 1-year period, NRC reimbursements to DOL totaled over $715,000 for OWCP claims paid on behalf of NRC employees. OIG’s review of the files of nine former NRC employees did not reveal any indications of fraud or that any of these OWCP claimants failed to comply with DOL requirements. However, OIG learned that one individual was medically cleared to return to work in 1994, but this person never returned to work at NRC and was still receiving OWCP benefits. A review of the individual’s OWCP files reflected a 1991 injury from an attempt to open a jammed restroom door at NRC Headquarters. In July 1993, a vocational rehabilitation counselor informed NRC that the individual was capable of returning to work on an 8-hour a day basis, with minor restrictions. However, in August 1993 NRC terminated the individual from employment based on a “physical inability” to perform the functions of the position. Consequently, the individual began receiving monthly workers’ compensation payments of 75 percent of the employee’s NRC salary. Through the District Office Director, OWCP, the OIG learned that NRC could require the individual to undergo a physical examination and, if found fully recovered, offer employment. If the individual refused the offer of employment, NRC could stop OWCP benefits. OIG determined that if the individual in question is not offered employment by the NRC and OWCP benefits continue, the NRC could incur costs totaling approximately $421,710 over the next 30 years. Staff of the NRC Executive Director for Operations is reviewing this matter. (Addresses Management Challenge #6)
NRC Staff Oversight of NRC Cafeteria Contract OIG Strategic Goal: Corporate Management OIG conducted an investigation based on information that Aramark, the contractor for the NRC cafeteria, was overcharging customers for the State of Maryland sales tax. OIG learned that the NRC cafeteria cash registers were upgraded in December 2005, which resulted in an unexplained programming error that entered the Maryland State tax of 5.5 percent instead of 5.0 percent. This error went undetected for 3 months during which time, Aramark charged customers 5.5 percent instead of 5.0 percent for Maryland sales tax. OIG verified that Aramark paid the tax overcharge to the State of Maryland, as required by law. OIG learned that the Aramark cafeteria contract was a “no cost” to the Government agreement. Under this unique contract, Aramark was authorized to retain up to 10 percent of their net sales. Through a review of Aramark’s vendor invoices and daily sales reports, OIG found that Aramark’s record keeping contained various inaccuracies. This OIG investigation determined that NRC had not exercised significant oversight of the Aramark cafeteria contract, ostensibly due to the nature of the contract and the fact that the contract does not involve appropriated Government funds. (Addresses Management Challenge #6)
Statistical Summary of OIG AccomplishmentsInvestigative StatisticsSource of Allegations — April 1, 2006, through September 30, 2006
Disposition of Allegations —April 1, 2006, through September 30, 2006
Status of Investigations
Summary of Investigations
Audit Listings
Audit TablesTable I
1Questioned costs are costs that are questioned by the OIG because of an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the audit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable. 2The General Services Administration (GSA) is responsible for the management decision on these questioned and unsupported costs. GSA has advised that the decision will be made sometime in 2006. Table II
3A “recommendation
that funds be put to better use” is a recommendation by the OIG
that funds could be used more efficiently if NRC management took actions
to implement and complete the recommendation, including: reductions in
outlays; deobligation of funds from programs or operations; withdrawal
of interest subsidy costs on loans or loan guarantees, insurance, or bonds;
costs not incurred by implementing recommended improvements related to
the operations of NRC, a contractor, or a grantee; avoidance of unnecessary
expenditures noted in preaward reviews of contract or grant agreements;
or any other savings which are specifically identified. Table III
Table IV
Abbreviations and Acronyms
Reporting RequirementsThe Inspector General Act of 1978, as amended (1988), specifies reporting requirements for semiannual reports. This index cross-references those requirements to the applicable pages where they are fulfilled in this report.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Privacy Policy |
Site Disclaimer |
This Semiannual Report to Congress highlights the activities of the U.S. Nuclear Regulatory Commission (NRC) Office of the Inspector General (OIG) for the 6-month period ending September 30, 2006.
