Home > Electronic Reading Room > Document Collections > NRC Formal (NUREG-Series) Publications > Staff Reports > NUREG-1415 > Vol. 20, No. 1

Office of the Inspector General Semiannual Report to Congress (NUREG-1415, Vol. 20, No. 1)

Contents

• Table of Contents
• Publication Information
• A Message from the Inspector General

Download complete document

• NUREG-1415, Vol. 20, No. 1 (PDF - 8.4 MB)

Table of Contents

• Highlights
• OIG Organization and Activities
  • NRC’s Mission
  • OIG Mission and Strategies
    • Inspector General History
    • OIG Mission
    • Audit Program
    • Investigative Program
  • OIG General Counsel Activities
    • Regulatory Review
• Audits
  • Audit Summaries
  • Audits in Progress
• Investigations
  • Investigative Case Summaries
• Statistical Summary of OIG Accomplishments
  • Investigative Statistics
  • Audit Listings
  • Audit Resolution Activities
• Abbreviations and Acronyms
• Reporting Requirements

Publication Information

Manuscript Completed: October 2007
Date Published: October 2007
Reporting Period: April 1, 2007 - September 30, 2007

Office of the Inspector General
U.S. Nuclear Regulatory Commission
Washington, DC 20555

Availability Notice

A Message from the Inspector General

I am pleased to present this Semiannual Report to Congress on the activities and accomplishments of the Nuclear Regulatory Commission (NRC) Office of the Inspector General (OIG) from April 1, 2007 to September 30, 2007. Our work reflects the legislative mandate of the Inspector General Act to identify fraud, waste, and abuse and to recommend appropriate corrective actions. The audits and investigations highlighted in this report demonstrate our commitment to ensuring integrity and efficiency in NRC’s programs and operations, and enhancing public confidence in its regulatory process.

During this semiannual reporting period, we issued 8 program audit reports and 4 contract audit reports. As a result of this work, OIG made numerous recommendations to improve the effective and efficient operation of NRC’s safety, security, and corporate management programs, and questioned $68,018 in contract costs. OIG also opened 23 investigations, and completed 21 cases. Twelve cases were referred to the Department of Justice, and 27 allegations were referred to NRC management for action.

Looking towards the future, OIG has engaged in an update of its strategic plan based in part on an assessment of the strategic challenges facing the NRC. We seek to add value to NRC technical and administrative programs by aligning our strategic direction with NRC’s mission and strategic goals.

My office is dedicated to maintaining the highest possible standards of professionalism and quality in its audits and investigations. I want to recognize the exemplary work of the auditors, investigators, and support staff who form the core of the NRC OIG and are committed to promoting integrity and efficiency within the NRC and its programs.

Finally, the success of the NRC OIG would not be possible without the collaborative work between my staff and agency managers to address OIG findings and implement the recommendations made by my office. I wish to thank them for their dedication and support and look forward to their continued cooperation as we work together to ensure the integrity of agency operations.

Hubert T. Bell
Inspector General

Highlights

The following two sections highlight selected audits and investigations completed during this reporting period. More detailed summaries appear in subsequent sections of this report.

Audits

• NRC regulations limit the term of an initial nuclear reactor operating license to 40 years. However, the regulations also allow a license to be renewed for an additional 20 years given that the initial term was based on economic and anti-trust considerations, not technical limitations. Through technical research, NRC concluded that many aging phenomena are readily managed and therefore should not preclude renewal of a reactor license. The objective of this audit was to determine the effectiveness of NRC’s license renewal safety reviews.
  
  
• NRC buildings contain many security features and the agency has increasingly hardened its protection against access to its headquarters (HQ). The U.S. Department of Justice recommended minimum physical security standards for Federal buildings, which include the NRC. The objective of this audit was to assess the adequacy of physical security measures at NRC HQ and other buildings for three main areas: physical security, emergency preparedness, and written procedures.
  
  
• The Federal Information Security Management Act outlines the information security management requirements for agencies, including the requirement for an annual review and annual independent assessment by agency Inspectors General. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.
  
  
• The NRC has an established property management program to account for and control property. Property management encompasses both capitalized and non-capitalized property. This report focused on NRC’s program to account for and control non-capitalized property.

Investigations

• OIG conducted an investigation into a concern by the Union of Concerned Scientists that the NRC had failed to adequately review security-related concerns and other issues raised by The Wackenhut Corporation guards at the South Texas Project nuclear power plant.
  
  
• OIG investigated an allegation that Entergy Nuclear Operations, Inc., and NRC conspired to avoid complying with a Congressional mandate regarding backup power to the emergency notification system at Indian Point Nuclear Power Plant.
  
  
• OIG completed an investigation into concerns involving degraded paint coatings inside reactor containment walls at the Onconee Nuclear Station Units 1, 2, and 3.
  
  
• OIG completed an investigation into an improper release by the NRC staff of Personally Identifiable Information contained in criminal history reports pertaining to NRC licensee employees.
  
  
• OIG completed an investigation into an allegation that NRC issued five reactor operator licenses to San Onofre Nuclear Generating Station employees who were tested on a simulator that did not meet NRC standards.

OIG Organization and Activities

NRC's Mission

TThe U.S. Nuclear Regulatory Commission (NRC) was formed in 1975 to regulate the various commercial and institutional uses of nuclear materials as authorized by the Energy Reorganization Act of 1974. The agency succeeded the Atomic Energy Commission, which previously had responsibility for both developing and regulating nuclear activities.

NRC’s mission is to regulate the Nation’s civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. NRC’s regulatory mission covers three main areas:

• Reactors - Commercial reactors for generating electric power and research and test reactors used for research, testing, and training.
  
  
• Materials - Uses of nuclear materials in medical, industrial, and academic settings and facilities that produce nuclear fuel.
  
  
• Waste - Transportation, storage, and disposal of nuclear materials and waste, and decommissioning of nuclear facilities from service.

Under its responsibility to protect public health and safety, NRC has three principal regulatory functions: (1) establish standards and regulations, (2) issue licenses for nuclear facilities and users of nuclear materials, and (3) inspect facilities and users of nuclear materials to ensure compliance with the requirements. These regulatory functions relate to both nuclear power plants and other uses of nuclear materials – like nuclear medicine programs at hospitals, academic activities at educational institutions, research work, and such industrial applications as gauges and testing equipment.
The agency maintains a current Web site and a public document room in Rockville, Maryland (NRC Headquarters) and holds public hearings, public meetings in local areas and at NRC offices, and discussions with individuals and organizations.

OIG Mission and Strategies

Inspector General History

In the 1970s, Government scandals, oil shortages and stories of corruption covered by newspapers, television, and radio stations took a toll on the American public’s faith in its Government. The U.S. Congress knew it had to take action to restore the public’s trust. It had to increase oversight of Federal programs and operations. It had to create a mechanism to evaluate the effectiveness of Government programs, and to provide an independent voice for economy, efficiency, and effectiveness within the Federal Government that would earn and maintain the trust of the American people.

In response, President Jimmy Carter in 1978 signed into law the landmark legislation known as the Inspector General Act (IG Act). The IG Act created independent Inspectors General (IGs), who would: protect the integrity of Government; improve program efficiency and effectiveness; prevent and detect fraud, waste and abuse in Federal agencies; and keep agency heads, Congress, and the American people fully and currently informed of the findings of the IGs’ work.

Almost 30 years later, the IG concept is a proven success. The IGs continue to deliver significant benefits to our Nation. Billions of dollars have been returned to the Federal Government or have been better spent based on recommendations identified through IG audits and inspections. Investigations have also contributed to the prosecution of thousands of wrongdoers and resulted in monetary recoveries. In addition, the IG concept of good governance, accountability and monetary recoveries encourages foreign governments to seek our advice, with the goal of replicating the basic IG principles in their own governments.

OIG Mission

NRC’s OIG was established as a statutory entity on April 15, 1989, in accordance with the 1988 amendment to the IG Act. NRC OIG’s mission is to (1) independently and objectively conduct and supervise audits and investigations relating to NRC programs and operations; (2) prevent and detect fraud, waste, and abuse; and (3) promote economy, efficiency, and effectiveness in NRC programs and operations.

OIG is committed to ensuring the integrity of NRC programs and operations. The development of an effective planning strategy is a critical aspect of accomplishing this commitment. Such planning ensures that audit and investigative resources are used effectively. To that end, OIG developed a Strategic Plan that includes the major challenges and critical risk areas facing NRC.

The plan identifies the priorities of OIG and establishes a shared set of expectations regarding the goals OIG expects to achieve and the strategies that will be employed to do so. OIG’s Strategic Plan features three goals which generally align with NRC’s mission and goals:

1. Advance NRC’s efforts to enhance safety and protect the environment.
2. Enhance NRC’s efforts to increase security in response to the current threat environment.
3. Improve the economy, efficiency, and effectiveness of NRC corporate management.

Audit Program

The OIG Audit Program covers the management and financial operations, economy or efficiency with which an organization, program, or function is managed; and program results achieved. Auditors assess the degree to which an organization complies with laws, regulations, and the internal policies in carrying out programs. They test program effectiveness as well as the accuracy and reliability of financial statements. The overall objective of an audit is to identify ways to enhance agency operations and promote greater economy and efficiency. Audits comprise four phases:

• Survey phase - An initial phase of the audit process is usually to gather information, without detailed verification, on the agency’s organization, programs, activities, and functions. An assessment of vulnerable areas determines whether further review is needed.
  
  
• Verification phase - Detailed information is obtained to verify findings and support conclusions and recommendations.
  
  
• Reporting phase - The auditors present the information, findings, conclusions, and recommendations that are supported by the evidence gathered during the survey and verification phases. Exit conferences are held with management officials to obtain their views on the issues in the report. Comments from the exit conferences are presented in the published audit report, as appropriate. Formal written comments are included in their entirety as an appendix in the published audit report.
  
  
• Resolution phase - Positive change results from the resolution process in which management takes action to improve operations based on the recommendations in the published audit report. Management actions are monitored until final action is taken on all recommendations. When management and OIG cannot agree on the actions needed to correct a problem identified in an audit report, the issue can be taken to the Chairman for resolution.

Each September, OIG issues an Annual Plan that summarizes the audits planned for the coming Fiscal Year (FY). Unanticipated higher priority issues may arise that may generate audits not listed in the Annual Plan. The audit staff continually monitors specific issue areas to strengthen OIG’s coordination with the agency and overall planning process. Under the OIG Issue Area Monitor (IAM) program, staff designated as IAMs are assigned responsibility for keeping abreast of major agency programs and activities. The broad IAM areas address nuclear reactors, nuclear materials, nuclear waste, international programs, security, information management, and financial management and administrative programs.

Investigative Program

OIG’s responsibility for detecting and preventing fraud, waste, and abuse within NRC includes investigating possible violations of criminal statutes relating to NRC programs and activities, investigating misconduct by NRC employees,
interfacing with the Department of Justice on OIG-related criminal matters, and coordinating investigations and other OIG initiatives with Federal, State, and local investigative agencies and other OIGs. Investigations may be initiated as a result of allegations or referrals from private citizens; licensee employees; NRC employees; Congress; other Federal, State, and local law enforcement agencies; OIG audits; the OIG Hotline; and IG initiatives directed at areas bearing a high potential for fraud, waste, and abuse.

Because NRC’s mission is to protect the health and safety of the public, one of the Investigation unit’s main focus and use of resources is the investigation of alleged misconduct by NRC staff that could adversely impact the agency’s handling of matters related to health and safety. These investigations may include allegations of:

• Misconduct by high ranking NRC officials and other NRC officials, such as managers and inspectors, whose positions directly impact public health and safety.
  
  
• Failure by NRC management to ensure that health and safety matters are appropriately addressed.
  
  
• Failure by NRC to appropriately transact nuclear regulation publicly and candidly and to openly seek and consider the public’s input during the regulatory process.
  
  
• Conflict of interest by NRC employees with NRC contractors and licensees involving such matters as promises of future employment for favorable or inappropriate treatment and the acceptance of gratuities.
  
  
• Fraud in the NRC procurement program involving contractors violating Government contracting laws and rules.

OIG General Counsel Activities

Regulatory Review

Pursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), OIG reviews existing and proposed legislation, regulations, policy, and implementing Management Directives, and makes recommendations concerning their impact on the economy and efficiency of agency programs and operations.

From April 1, 2007, through September 30, 2007, OIG reviewed more than 150 agency documents, including approximately 50 Commission papers (SECYs), Staff Requirements Memoranda, and 60 Federal Register Notices, regulatory actions, and statutes. The most significant commentaries are summarized below:

Draft commission paper, The Best Structure for Information Technology Management, addressed the agency’s vital information technology (IT) program and attempted to resolve complex and difficult program issues not unique to the NRC. OIG noted that the type of authority identified for the agency’s Office of Information Services (OIS) does not appear to be contrary to the statutory requirements of the Chief Information Officer (CIO) Act, but that the OIS organization might not be able to assume the wide range of responsibilities. Further, that the proposed phased-in approach to centralizing the NRC’s information security program under the authority of the CIO would be enhanced if more details as to how this centralization would constitute improvement were provided. In addition, the OIG urged OIS to more closely coordinate with other agency offices having interests and responsibilities related to proposed changes in the NRC IT management structure. Lastly, the proposed starting date to effect the changes appears to present an unattainable goal, given current demands on Information Technology Management resources.

Draft policy, Personally Identifiable Information Breach Notification. OIG commented that while the draft policy addresses training, it does not propose monitoring the training for effectiveness, nor tracking it to ensure that employees and contractors who need the training actually receive it. Further, the policy does not provide any time frames for individuals to notify the OIG after a breach is discovered.

To effectively track the agency’s response to regulatory review comments, OIG requests written replies within 90 days, with either a substantive reply or status of issues raised by OIG.

During this reporting period, the agency responded with two substantive re-sponses to OIG’s regulatory comments on draft papers and policies.

Audits

To help the agency improve its effectiveness and efficiency during this period, OIG completed 8 performance audits or evaluations that resulted in numerous recommendations to NRC management. OIG also analyzed 4 contract audit reports.

Audit Summaries

Audit of NRC’s Emergency Preparedness Program

OIG Strategic Goals: Safety and Security

Emergency Preparedness (EP) is one of the seven cornerstones of the Reactor Oversight Process, which is the NRC’s primary mechanism for nuclear power plant oversight. The objective of the emergency preparedness cornerstone is to ensure that licensees operating nuclear power plants are capable of taking adequate measures to protect public health and safety during a radiological emergency.

NRC regulations require licensees to have comprehensive EP programs, which include dedicated emergency response facilities, systems, equipment, and staffing. Licensees must describe their programs in facility-specific plans that provide licensee staff with guidance for responding to a range of emergency situations. NRC inspectors assess the ability of licensees to execute specific elements of their emergency preparedness plans such as coordination with offsite emergency response organizations during emergency preparedness drills and exercises. Licensees conduct quarterly onsite emergency preparedness drills, as well as biennial emergency preparedness exercises that simulate emergencies and involve NRC as well as State and local authorities. During these exercises, the Federal Emergency Management Agency (FEMA) assesses State and local response organizations’ implementation of their emergency plans.

The objectives of this audit were to evaluate NRC’s efforts to ensure that nuclear power plant licensees have adequate emergency preparedness plans and programs for security-based emergencies, and NRC’s coordination with Federal, State, and local authorities to plan and prepare for security-based emergencies.

Audit Results: NRC is making a sufficient effort to ensure that nuclear power plant licensees have adequate emergency preparedness plans and programs. However, NRC has not followed a consistent process for communicating its coordination role with State and local government authorities.

In the event of radiological emergencies that occur at nuclear power plants, NRC is responsible for supporting State and local emergency management organizations and coordinating the Federal Government’s response under the National Response Plan. However, NRC has repeatedly demonstrated problems coordinating and communicating with State authorities during emergency preparedness exercises. This weakness recurs because (1) NRC has not clearly defined and communicated its coordination role to State and local authorities, and (2) has not followed a consistent approach for working with the States during these exercises. Inadequate coordination and communication adversely affects NRC’s emergency operations with State agencies and could diminish the public’s confidence in NRC. (Addresses Management Challenge #1)

Audit of NRC’s Non-Capitalized Property

OIG Strategic Goal: Corporate Management

The NRC has an established property management program to account for and control property. Property management encompasses both capitalized and non-capitalized property. This report focuses on NRC’s program to account for and control non-capitalized property, that is, NRC property with an initial acquisition cost of less than $50,000. As of June 2006, non-capitalized property was comprised of almost 16,000 pieces of equipment costing approximately $26 million.

This audit’s objective was to determine whether NRC has established and implemented an effective system of management controls for maintaining accountability and control of non-capitalized property.

Audit Results: While NRC’s property management policies for non-capitalized property provide a framework to control and safeguard property, the program, as implemented, needs improvement to provide effective control. Specifically, the Space and Property Management System data is not accurate; controls for Information Technology property that may contain personally identifiable information are lacking; physical security deficiencies exist; and the policy for notifying OIG of incidents of missing property needs improvement.

OIG also recommended that the agency raise the threshold for reporting accountable property from $500 to $1,000. This would reduce the number of items tracked by 37 percent while still accounting for 84 percent of the dollar value of non-capitalized property. Accounting for these inexpensive items takes time away from maintaining accurate and reliable property records for more expensive items. This is also in line with the threshold used by other Federal agencies for recording accountable property.

In light of NRC’s imminent growth in personnel, and anticipated office relocations, it is increasingly important that NRC maintain effective and efficient accounting and control over non-capitalized property. Therefore, now is an opportune time for NRC management to increase accountability for, and improve control of, the property management program. An effective and efficient property management program is essential to ensure that staff has the property needed to carry out their duties and ensure optimum utilization of staff time, property, and fiscal resources. (Addresses Management Challenge #6)

Audit of NRC’s License Renewal Program

OIG Strategic Goal: Safety

NRC regulations limit the term of an initial nuclear reactor operating license to 40 years. However, the regulations also allow a license to be renewed for an additional 20 years given that the initial term was based on economic and anti-trust considerations, not technical limitations. Through technical research, NRC concluded that many aging phenomena are readily managed and therefore should not preclude renewal of a reactor license.

The objective of this audit was to determine the effectiveness of NRC’s license renewal safety reviews that evaluate licensee applications for extended periods of operation.

Audit Results: Overall, NRC has developed a comprehensive license renewal process to evaluate applications for extended periods of operation. However, OIG identified areas where improvements would enhance program operations. Specifically, (1) license renewal reporting efforts need improvement because the agency has not fully established report-writing standards or a report quality assurance process; (2) the agency’s policy guidance for removing documents from licensee sites is inconsistent; (3) consistent evaluation of operating experience would improve NRC reviews because program managers have not established requirements and controls to standardize the conduct and depth of operating experience reviews; (4) more attention is needed to planning for post-renewal inspections because the agency has only recently focused its attention on fully developing these inspections; and (5) license renewal issues need evaluation for backfit application. New license renewal review standards have not followed NRC’s backfit policy because NRC does not have a mechanism or methodology to trigger such a backfit review. (Addresses Management Challenges #1 and #3)

Audit of NRC’s Process for Placing Documents in the ADAMS Public and Non-Public Libraries

OIG Strategic Goal: Corporate Management

NRC relies on an electronic recordkeeping system called the Agencywide Documents Access and Management System (ADAMS) to maintain its public and non-public official agency records. NRC staff decide whether official agency records should be publicly or non-publicly available based on agency criteria regarding document content.

ADAMS has four libraries. These libraries contain both public and non-public records. Two libraries, the ADAMS Main Library and the Legacy Library, are accessible to NRC staff but not to the public. The other two libraries, the Publicly Available Records System and the Public Legacy Library, contain public records only.

The audit objective was to determine the effectiveness and consistency by which documents are profiled and processed for entry into the public or non-public ADAMS libraries.

Audit Results: NRC profiles most documents appropriately for inclusion in public versus non-public ADAMS libraries; however, the rationale for public versus non-public placements is not always clearly articulated in the agency’s guidance, and documents are sometimes miscategorized. As a result, NRC risks releasing sensitive information to the public, which can impact public safety. The agency also risks unnecessarily withholding non-sensitive information, which can undermine public confidence in NRC as a fair and unbiased regulator.

Additionally, NRC needs to improve its quality control approach to ensure proper profiling of ADAMS records as public or non-public. Specifically, (1) the agency does not conduct regular reviews of all documents placed in ADAMS to ensure proper placement in either the public or non-public ADAMS libraries; (2) document originators do not always complete and submit NRC Form 665, ADAMS Document Submission, an agency requirement; and (3) some offices do not routinely review whether the OIS has made the appropriate availability determination or follow up on items designated non-public pending review.

These conditions exist because the agency does not require documentation explaining why ADAMS documents were designated as public versus non-public and has not clearly communicated quality control expectations to staff. As a result, NRC cannot assess if it is meeting its criteria for ADAMS document profiling and risks both inappropriate release of information to the public and unnecessary withholding of information that should be publicly available. (Addresses Management Challenge #5)

Memorandum Report: Audit of NRC Oversight of its Federally Funded Research and Development Center

OIG Strategic Goal: Corporate Management

In October 1987, NRC contracted with Southwest Research Institute (SwRI) to operate a Federally Funded Research and Development Center. SwRI established the Center for Nuclear Waste Regulatory Analyses (the Center) to provide long-term technical assistance and research related to NRC’s High-Level Waste (HLW) Program authorized under the Nuclear Waste Policy Act of 1982, as amended.The agency sponsored the Center to (1) avoid potential conflict-of-interest situations caused by hiring contractors who worked on or were competing for Department of Energy (DOE) contracts, and (2) establish long-term continuity in technical assistance and research. The Nuclear Waste Policy Act of 1982, as amended, assigns responsibility for licensing HLW storage and disposal facilities to NRC. DOE, the licensee, is responsible for the construction and operation of any HLW storage and disposal facility after receiving a license from the NRC. Due to the nature of this relationship, it was and remains critical that NRC’s technical evaluations of DOE license application be free of any potential conflict-of-interest. DOE announced that it plans to submit a license application for the HLW repository to NRC by June 30, 2008.

The objective of the audit was to determine if NRC’s renewal justification of the contract adequately addresses Federal Acquisition Regulation (FAR) requirements.

Audit Results: The NRC’s renewal justification adequately addresses the FAR criteria. The agency also provides effective technical oversight and administration of the agency’s contract with the Center. (Addresses Management Challenge #6)

Assessment of Security at Nuclear Regulatory Commission Buildings in Rockville and Bethesda, Maryland and Las Vegas, Nevada

OIG Strategic Goal: Security

NRC buildings contain many security features and the agency has increasingly hardened its protection against access to its headquarters (HQ). NRC HQ meets the U.S. Department of Justice’s recommended minimum physical security standards for Federal buildings. However, an August 15, 2002, OIG report found that NRC needed to further enhance HQ physical security and emergency response capability to improve its ability to prevent unauthorized individuals from accessing NRC space, protect the facility from physical attack, and mitigate the impact of an attack. Improvements were needed with regard to vehicle access control, building access control, and emergency preparedness.

Audit Results: The assessment by SRA International, Inc., an OIG contractor, showed a strong security program is in effect that is compliant with applicable national security standards. According to the contractor, the security program at these NRC facilities is better than the security programs they have seen at many other Federal agencies. The recommendations in this report are designed to further enhance security at NRC and keep the security program a model for other Federal agencies. This report contains sensitive security-related information and thus the report cannot be publicly released. (Addresses Management Challenge #1)

Independent Evaluation of NRC’s Implementation of the Federal Information Security Management Act for Fiscal Year 2007

OIG Strategic Goal: Security

On December 17, 2002, the President signed the E-Government Act of 2002, which included the Federal Information Security Management Act (FISMA) of 2002. FISMA outlines the information security management requirements for agencies, which include an annual independent evaluation of an agency’s information security program and practices to determine its effectiveness. This evaluation must include testing the effectiveness of information security
policies, procedures, and practices for a representative subset of the agency’s information systems. FISMA requires that the IG perform an annual evaluation or an independent external auditor.

The objective of this audit was to perform an independent evaluation of NRC’s implementation of FISMA for FY 2007.

Audit Results: To correct weaknesses identified by the FY 2005 and FY 2006 FISMA independent evaluations by the NRC OIG, and to address findings from the agency’s own evaluations, the agency has refocused its information system security program. Under the refocused program, the agency proposed performing certification and accreditation of systems that are a high priority from a mission perspective and others that potentially pose a higher security risk (e.g., agency systems that communicate with systems outside the NRC network). The first certification and accreditation schedule under the refocused program was issued in February 2006. However:

• Only 2 of the 30 operational NRC information systems have a current certification and accreditation, and only 4 of the 11 systems used or operated by a contractor or other organization on behalf of the agency have a current certification and accreditation. Subsequent to the completion of fieldwork, the agency completed certification and accreditation of one of the contractor systems for which they have direct oversight, and the system was granted an authorization to operate. Two additional agency systems have also been certified and are currently under review by the agency’s designated approving authority for consideration of an authorization to operate.
  
  
• Annual contingency plan testing is still not being performed for all systems.

Seven new information system security program weaknesses were identified in FY 2007, including:

• Security categorizations for some systems do not consistently reflect the information types that reside on the systems.
  
  
• The agency did not follow the Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) guidance when conducting its annual self-assessments.
  
  
• Self-assessments were not always based on approved security categorizations.
  
  
• Self-assessments contained errors and inconsistencies.
  
  
• The agency’s methodology is flawed by identifying which listed systems reside on the NRC network and which do not.
  
  
• The quality of the agency’s plans of action and milestones (POA&Ms) needs improvement.
  
  
• The agency’s certification and accreditation process is inconsistent with NIST guidance.
  

The evaluation also identified five repeat findings from the FY 2005 and FY 2006 FISMA evaluations. These issues present NRC with significant challenges to improve its information security program. (Addresses Management Challenge #2)

Inspector General’s Assessment of the Most Serious Management and Performance Challenges Facing the Nuclear Regulatory Commission

OIG Strategic Goal: Corporate Management

The Reports Consolidation Act of 2000 (the Act) requires the Inspector General (IG) of each Federal agency to annually summarize what he or she considers to be the most serious management and performance challenges facing the agency and to assess the agency’s progress in addressing those challenges.

In accordance with the Act, the IG updated the most serious management and performance challenges facing NRC. As part of the evaluation, the OIG staff sought input from NRC’s Chairman, Commissioners, and NRC management to obtain their views on what challenges the agency is facing and what efforts the agency has taken to address previously identified management challenges.

Assessment Results: The IG identified eight challenges that he considers are the most serious management and performance challenges facing NRC. The challenges identified represent critical areas or difficult tasks that warrant high-level management attention.

In addressing this year’s challenges, we combined the prior challenge number 4, Ability to modify regulatory processes to meet a changing environment and the prior challenge number 9, Ability to meet the demand for licensing new reactors. The consolidation of these challenges resulted in the following description for new challenge 4: Ability to modify regulatory processes to meet a changing environment, specifically the potential for a nuclear renaissance. We combined the two challenges because the anticipated workload associated with preparing to receive and then reviewing new reactor license applications will strain the agency’s current resources and intensify other challenges in NRC’s regulatory environment.

The chart that follows provides an overview of the eight most serious management and performance challenges as of September 28, 2007.

NRC’s Most Serious Management Challenges as of September 30, 2005
Challenge 1 Protection of nuclear material used for civilian purposes.	Challenge 5 Implementation of information technology.
Challenge 2 Appropriate handling of information.	Challenge 6 Administration of all aspects of financial management.
Challenge 3 Development and implementation of a risk-informed and performance-based regulatory approach.	Challenge 7 Communication with external stakeholders throughout NRC regulatory activities.
Challenge 4 Ability to modify regulatory processes to meet a changing environment, specifically the potential for a nuclear renaissance.	Challenge 8 Managing human capital.
The challenges are not ranked in any order of importance.

The eight challenges contained in this report are distinct, yet are interdependent to accomplishing NRC’s mission. For example, the challenge of managing human capital affects all other management and performance challenges.
The agency’s continued progress in addressing these challenges presented should facilitate successful achievement of the agency’s mission and goals.

Audits in Progress

Audit of the Nuclear Power Plant Power Uprate Program

OIG Strategic Goal: Safety

NRC regulates the maximum power level at which a commercial nuclear power plant may operate. The process of increasing the maximum power level at which a plant may operate is called a power uprate. There are three categories of power uprates, including (1) measurement uncertainty recapture power uprates, which are less than 2 percent and are achieved by implementing enhanced techniques for calculating reactor power; (2) stretch power uprates, which are typically up to 7 percent and are within the design capacity of the plant, and (3) extended power uprates which have been approved for increases as high as 20 percent. Extended power uprates often require significant modifications to plant equipment, such as the high-pressure turbines, condensate pumps and motors, main generators, and transformers.

Licensees seek permission to perform a power uprate by submitting a license application amendment to NRC. Since 1977, NRC has approved over 113 power uprates, resulting in a combined increase of over 4,900 megawatts electric to the Nation’s electric generating capacity. NRC anticipates as many as 27 power uprate applications during the next 5 years. Some of these future power uprate requests may be for plants that have been approved or may seek approval for a license renewal to operate for 20 additional years beyond their original 40-year license term.

The objective of this audit is to examine the support and justification for approving power uprate amendment applications. OIG will also review scheduling and resource management. (Addresses Management Challenges #3 and #4)

Audit of NRC’s Enforcement Program

OIG Strategic Goal: Safety

The NRC’s enforcement jurisdiction is drawn from the Atomic Energy Act of 1954, as amended, and the Energy Reorganization Act of 1974, as amended. In recognition that violations occur in a variety of activities and have varying levels of significance, the Commission set out to create an enforcement framework with graduated sanctions to reflect this diversity. The Commission’s first public statement of policy on enforcement (the first Enforcement Policy) was published in 1980. Although the policy statement has changed several times, two goals of the enforcement program remain unchanged: to emphasize the importance of compliance with regulatory requirements; and, to encourage prompt identification, and prompt, comprehensive correction of violations. The enforcement program is also intended to meet the agency’s performance goals.

Violations are identified through inspections and investigations. All violations are subject to civil enforcement action and may also be subject to criminal prosecution. After an apparent violation is identified, it is assessed in accordance with the Commission’s Enforcement Policy. Because the policy statement is not a regulation, the Commission may deviate from the Enforcement Policy as appropriate under the circumstances of a particular case.

The objectives of this audit are to determine how NRC assesses (1) the significance of violations and (2) the level of enforcement action to be taken. (Addresses Management Challenges #1 and #3)

Audit of NRC’s Oversight of Fitness for Duty for Security Guards at Nuclear Power Plants

OIG Strategic Goal: Security

NRC has a fitness-for-duty requirement to provide assurance that security guards at nuclear power plants are trustworthy and reliable. The fitness-for-duty programs include:

• Testing security guards for illegal drug use;
  
  
• Limiting the number of work hours for some guards to no more than 16 hours in a 24-hour period, 26 hours in a 48-hour period and 72 hours in a week, excluding shift turnover time; and
  
  
• Establishing minimum individual breaks for some guards of at least 10 hours between shifts, a 24-hour break each week and a 48-hour break every two weeks.

NRC is currently proposing to codify the fitness-for-duty programs through the rulemaking process. The new rule represents the resolution of NRC’s activities in response to petitions for rulemaking regarding work hour limits and certain inspections of fitness-for-duty programs. The rule would also, in part, replace and expand on an Order the NRC issued on April 29, 2003, setting work hour limits for security personnel, as well as codify a Commission policy statement on fatigue issued in 1982.

The objective of this audit is to assess the effectiveness of NRC’s oversight of the fitness for duty programs for security guards at nuclear power plants. (Addresses Management Challenges #1 and #3)

Audit of NRC’s Continuity of Operations Plan

OIG Strategic Goals: Safety and Security

To ensure that essential NRC services are available during an emergency (such as terrorist attacks, severe weather, or building emergencies), Federal agencies are required to develop continuity of operations (COOP) plans. Federal Emergency Management Agency (FEMA) guidance, Federal Preparedness Circular 65 entitled “Federal Executive Branch Continuity of Operations,” identifies elements of a viable COOP capability, including the requirement that agencies denote their essential functions.

The objectives of this audit are to evaluate the extent that NRC has identified and maintains essential functions during an emergency and to determine if NRC’s COOP plan follows FEMA guidelines. (Addresses Management Challenge #1)

Audit of NRC’s AID-Funded Activities

OIG Strategic Goal: Corporate Management

NRC receives Freedom Support Act (FSA) funds from the U.S. Agency for International Development (AID) to support provisions of nuclear regulatory safety and security assistance to the regulatory authorities of Armenia, Georgia, Kazakhstan, Russia, and Ukraine. These funds support activities that include strengthening regulatory oversight of:

• The startup, operation, shutdown, and decommissioning of Soviet-designed nuclear power plants,
  
  
• The safe and secure use of radioactive materials, and
  
  
• Accounting for and protection of nuclear materials.

NRC has received approximately $51 million in FSA funds from FY 1992 through FY 2006. The Office of International Programs has responsibility for NRC’s use of FSA funds. This responsibility includes internal NRC coordination, coordination with other U.S. Governmental agencies involved with assistance activities, and coordination with other international donors.

The objectives of this audit are to determine if the management controls over the use of AID funds are adequate; and NRC’s corrective actions resulting from OIG’s recommendations in Audit Report OIG-02-A-04, dated December 3, 2001, are being adequately implemented. (Addresses Management Challenge #6)

Audit of NRC’s Accounting and Control Over Time and Labor Reporting

OIG Strategic Goal: Corporate Management

Salaries and benefits for NRC’s approximately 3,000 employees accounted for about 60 percent (or $399 million) of NRC’s FY 2005 obligations. Approximately 90 percent ($360 million) of the salaries and benefits are recovered through billings to NRC licensees.

NRC’s time and labor system is intended to collect data to adequately support employees’ pay and show the number of hours employees are working and are in leave status. The system provides data in support of entitlements to overtime pay, premium pay, and compensatory time earned and used. An accurate and reliable system of collecting time and labor data is necessary to provide a basis for:

• allocating employees’ time to the agency’s program and performance objectives;
  
  
• assessing NRC fees, and
  
  
• financial reporting.

The objectives of this audit are to determine whether (1) NRC has established and implemented internal controls over time and labor reporting to provide reasonable assurance that hours worked in pay status and hours absent are properly reported, and (2) the time and labor system can be easier and more efficient to use. (Addresses Management Challenge #6)

Audit of NRC’s FY 2007 Financial Statements

OIG Strategic Goal: Corporate Management

Under the Chief Financial Officers Act and the Government Management and Reform Act, the OIG is required to audit the financial statements of the NRC in accordance with applicable auditing standards. The audit will express an opinion on the agency’s financial statements, evaluate internal controls, review compliance with applicable laws and regulations, review the performance measures for compliance with the OMB guidance, and review the NRC systems’ controls that are significant to the financial statements. In addition, OIG will measure the agency’s improvements by assessing corrective action taken on prior audit findings. (Addresses Management Challenge #6)

Audit of NRC’s Alternative Dispute Resolution Process

OIG Strategic Goal: Safety

Alternative Dispute Resolution (ADR) is a term that refers to a number of processes, such as mediation and facilitated dialogues, which can be used to assist parties in resolving disputes. In 1992, the NRC issued a general policy that supports and encourages the use of ADR in agency activities. In 2004, the Commission approved the staff’s plan to implement a pilot to evaluate the use of ADR in the allegation and enforcement programs. The pilot was developed to evaluate whether the use of ADR could provide greater flexibility in the processes (e.g., mediation, facilitation), more timely and economical resolution of issues, more effective outcomes, and improved relationships.

In 2006, the Commission approved the implementation of the ADR program using the pilot program guidance until a future revision to the Enforcement Policy can be accomplished. As part of this revision, NRC’s Office of Enforcement plans to propose the expanded use of ADR to all traditional enforcement actions.

The objective of this audit is to assess whether the ADR program is complete and ready for full implementation in the enforcement program. (Addresses Management Challenges #1 and #3)

Investigations

During this reporting period, OIG received 98 allegations, initiated 23 investigations and closed 21 cases. In addition, the OIG made 22 referrals to NRC management and 11 to the Department of Justice.

Investigative Case Summaries

Adequacy of NRC Handling of South Texas Project Nuclear Power Plant Security Concerns

Strategic Goal: Security

OIG conducted an investigation into an allegation by the Union of Concerned Scientists (UCS) that the NRC had failed to adequately review security-related concerns and other issues raised by The Wackenhut Corporation guards at the South Texas Project nuclear power plant (STP). UCS also indicated that the guards received a non-response from the NRC regarding the NRC’s review of these issues.

The OIG review found that the NRC Region IV staff handled the guards’ concerns consistent with the procedures outlined in NRC Management Directive 8.8, Management of Allegations. OIG learned that the majority of these concerns were referred to the STP licensee to investigate. The guards were informed of these referrals and did not object to the licensee investigating these concerns. The staff evaluated the licensee’s responses and their corrective actions regarding these concerns. Concerns related to discrimination and potential licensee wrongdoing were referred to the NRC’s Office of Investigation, Region IV, which conducted three investigations into these matters.

OIG also determined that in the aftermath of September 11, 2001, the NRC placed restrictions on the public dissemination of sensitive security-related information in an effort to preclude the release of information useful to potential adversaries. These controls also applied to information provided to allegers raising security concerns to the NRC. The restrictions made it difficult for the NRC staff to assure allegers that their concerns were addressed which ultimately resulted in dissatisfaction with the NRC’s response. OIG learned that the Commission had also become aware of this communication challenge and in SECY-07-0032, Recommended Staff Actions Regarding Correspondence with Allegers Involving Security-Related Concerns, directed the NRC staff to revise these rules.
OIG also noted that an additional review was conducted by the Region IV staff of these same concerns following the receipt of letters from UCS and Congressman Edward Markey which resulted in the same findings. (Addresses Management Challenge #1)

NRC Not Requiring Licensee Compliance with Congressional Mandate

Strategic Goal: Safety

OIG received an allegation in April 2007, that Entergy Nuclear Operations, Inc. and NRC conspired to avoid complying with a Congressional mandate in the Energy Policy Act (Act) of 2005 to provide backup power to the emergency notification system (ENS) at Indian Point Nuclear Power Plant (IPNPP), the only nuclear plant affected by this mandate.

OIG’s investigation did not corroborate this allegation. In contrast, OIG’s interview of NRC staff and review of documents revealed that on January 31, 2006, NRC issued an order to IPNPP to comply with the Act that required IPNPP to install backup power to the ENS and have it operable by January 30, 2007. On January 11, 2007, NRC approved the licensee’s request to extend the date to be in compliance to April 15, 2007. However, on April 13, 2007, IPNPP requested a second extension. On April 13, 2007, the NRC denied the second extension request from the licensee because NRC believed that the factors which prevented the licensee from meeting the April 15th deadline were within the licensee’s control and reflected insufficient senior management attention at IPNPP. On April 17, 2007, an NRC enforcement panel met and agreed to issue the licensee a Severity Level (SL) III Notice of Violation (NOV) and fine the licensee $130,000, double the base amount for an SL III. NRC staff doubled the base fine because it wanted to emphasize the importance of complying with a Congressional mandate and an NRC Order. On April 23, 2007, NRC issued the NOV and civil fine to the licensee. NRC staff did not impose a daily fine against the licensee because NRC believed there was no significant safety issue due to the fact that the existing ENS was tested in March 2007 and found to be capable of alerting the public of an event at the plant while the licensee worked on the operability of a new ENS. (Addresses Management Challenge #4)

Failure to Follow NRC Enforcement Procedures

OIG Strategic Goal: Safety

OIG completed a review into concerns related to a 2004 inspection of the Oconee Nuclear Stations (Oconee) Units 1, 2, and 3. These concerns were raised by a former NRC Region II Oconee senior resident inspector who, during the inspection, identified degraded paint coatings inside reactor containment that he believed could clog the emergency sump pump strainers and cause the pumps to fail. According to the senior resident inspector, Region II did not follow proper procedures for potential enforcement action regarding the coatings issue, did not document key agency decisions, and did not resolve the issue in a timely manner. Moreover, the agency’s decision in addressing the coatings issue was inconsistent with precedent.

By way of background, the purpose of layered paint used as a containment coating is to protect the underlying structure or component from detrimental effects of the environment to which it is exposed during normal and emergency operation. The degradation of coatings at Oconee resulted in visible flaking and peeling of the paint on inner containment walls of the nuclear power reactor vessel. Degraded coatings and their effect on containment sump pumps had previously been addressed with the nuclear industry by the NRC.

OIG found that after the 2004 NRC inspection of the Oconee reactor units, the NRC issued an inspection report which identified the coatings issue as an unresolved inspection item pending further assessment. The NRC staff later initiated a two step process identified in the NRC Significance Determination Process for the evaluation of the degraded coatings. This evaluation concluded that the degraded coatings could detach from the containment reactor liner and transport to the emergency sump, thereby resulting in a potential loss of emergency core cooling. Based on this conclusion, NRC should have convened a Significance Determination and Enforcement Review Panel (SERP) to determine, among other things, the safety significance of the unresolved inspection item. However, OIG assertained that a senior NRC regional manager intervened and prevented a SERP review of the potential inspection finding for the degraded Oconee coatings which could have resulted in a violation and enforcement action against Oconee. Also, OIG noted that the region did not document the rationale for not proceeding with the SERP review. (Addresses Management Challenge #3)

Improper Release of Personally Identifiable Information

OIG Strategic Goal: Corporate Management

OIG completed an investigation into an improper release of Personally Identifiable Information (PII) by the NRC. PII is information that can be used to distinguish an individual’s identity, such as their name in combination with their social security number, date and place of birth, medical and employment history, and criminal record. NRC staff is required to protect PII from unauthorized access.

NRC regulations require NRC licensee and contractor employees to undergo a criminal history check before they are permitted unescorted access to a nuclear power facility or access to certain sensitive information. Information pertaining to the criminal history checks is typically communicated via a secure electronic transmission process. However, such information may also be exchanged via facsimile.

OIG learned that since 2003, Government agencies have been required to report any improper release of PII to the U.S. Computer Emergency Readiness Team (US-CERT). Also, in response to unauthorized release of PII, Government agencies should consider whether to send notification letters to the affected individuals whose identity was released as well as non-disclosure letters to individuals who inadvertently received the PII information.

OIG found that on August 28, 2006, an NRC staff member inadvertently sent 13 criminal history reports via facsimile to a private citizen in Richmond, Virginia. The citizen discovered the documents on October 16, 2006, after returning home from a vacation. The criminal history reports, which were intended for 2 separate NRC nuclear power plant licensees, contained PII pertaining to 13 individuals working at these facilities. OIG found that this error occurred after an NRC staff member, who had received 1 week of training, was given responsibility for processing requests for criminal history checks from licensees. The individual was overwhelmed and did not receive sufficient supervisory oversight.

OIG also confirmed that over the past 3 years, NRC has occasionally sent criminal history reports to unintended recipients, but during the months of August and September 2006 these mistakes increased significantly. Other than the release that occurred on August 28, 2006, NRC did not send non-disclosure or notification letters to individuals affected by the release of their PII even though certain NRC staff members were aware that criminal history reports had been released to people who had no need to know the information. Additionally, OIG found that with the exception of the August 2006 incident, NRC did not contact US-CERT to report improper releases of PII contained in criminal history reports. (Addresses Management Challenge #2)

Improper Issuance of Reactor Operator Licenses by NRC Staff

OIG Strategic Goal: Safety

OIG completed an investigation into an allegation that NRC issued five reactor operator licenses to San Onofre Nuclear Generating Station (SONGS) employees who were tested on a simulator that did not meet the standards set forth in Title 10 Code of Federal Regulations (CFR) 55.46, “Simulator Facilities.”

One of the requirements of 10 CFR 55.46 is that each reactor operator license applicant perform five control manipulations on either a control room simulator or at an actual plant reactor control room. If a simulator is used, the simulator must adequately replicate the most recent reactor fuel core reload. The 5 SONGS reactor operator applicants performed 22 of their required 25 control manipulations (2 of the 5 applicants performed all 5 control manipulations) on the SONGS simulator. It was alleged that the licensee had not demonstrated that the simulator adequately replicated the most recent core reload and had not met the degree of realism (fidelity) required under 10 CFR 55.46(c). Therefore, the alleger maintained that the 22 simulator control manipulations could not be credited towards the control room manipulations required by the NRC reactor operator licensing process.

OIG determined that an NRC manager who issued the reactor operator licenses to the SONGS applicants as well as two NRC staff inspectors who conducted a follow-up inspection of the SONGS simulator believed the NRC regulations do not require the simulator to exactly replicate all plant operation responses. OIG reviewed relevant NRC regulations and guidelines, including the 1998 version 3.5 of the American National Standard for Nuclear Power Plant Simulators for Use in Operator Training and Examination and NRC Regulatory Guide 1.149, “Nuclear Power Plant Simulation Facilities for Use in Operator Training and License Examinations.” OIG noted that these regulations and guidelines required licensee control room simulators to predict certain key parameters but that the simulator is not required to predict every conceivable parameter of plant operations. OIG did not identify any failure to comply with NRC licensing requirements during the NRC staffs review of the SONGS simulator. Also, OIG found no indication of NRC staff misconduct regarding the granting of reactor operator licenses to SONGS reactor operators. (Addresses Management Challenge #1)

Statistical Summary of OIG Accomplishments

Investigative Statistics

Source of Allegations — April 1, 2007, through September 30, 2007

Disposition of Allegations —April 1, 2007, through September 30, 2007

Status of Investigations

¹Recoveries resulting from investigations into the misuse of NRC computers, misuse of NRC IT equipment, and improper license fees resulting from false claims of small business.

² Cost savings to the Government resulting from an investigation into an improper worker’s compensation case.

Summary of Investigations

Audit Listings

Audit Tables

Table I

³Questioned costs are costs that are questioned by the OIG because of an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the audit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable.

⁴Questioned NRC management agreed with the questioned cost, however, the contractor disagreed and took the case to the Civilian Board of Contract Appeals. Therefore, the disallowed cost is pending the outcome of the case.

Table II

⁵A “recommendation that funds be put to better use” is a recommendation by the OIG that funds could be used more efficiently if NRC management took actions to implement and complete the recommendation, including: reductions in outlays; deobligation of funds from programs or operations; withdrawal of interest subsidy costs on loans or loan guarantees, insurance, or bonds; costs not incurred by implementing recommended improvements related to the operations of NRC, a contractor, or a grantee; avoidance of unnecessary expenditures noted in preaward reviews of contract or grant agreements; or any other savings which are specifically identified.

Table III

Table IV

Abbreviations and Acronyms

Reporting Requirements

The Inspector General Act of 1978, as amended (1988), specifies reporting requirements for semiannual reports. This index cross-references those requirements to the applicable pages where they are fulfilled in this report.

Privacy Policy | Site Disclaimer
Thursday, December 13, 2007