| |
Search Options | |||
| Index | Site Map | FAQ | Facility Info | Reading Rm | New | Help | Glossary | Contact Us | |
|||
June 1, 2001
| MEMORANDUM TO: | William D. Travers Executive Director for Operations |
| FROM: | Stephen D. Dingbaum/RA/ Assistant Inspector General for Audits |
| SUBJECT: | MEMORANDUM REPORT OIG-01-A-10: REVIEW OF ACCOUNTABILITY AND CONTROL OVER NRC'S NONCAPITALIZED IT EQUIPMENT |
Attached is the Office of the Inspector General's audit report titled, Review of Accountability and Control Over NRC's Noncapitalized IT Equipment.
This report reflects the results of our review of specific aspects of NRC's property management program. The review determined that NRC's property management policies adhere to applicable laws and regulations; however, management controls to implement these policies are inadequate or lacking. In addition, the computer system that functions as the official database for the agency's property transactions contains inaccurate information. As a result, improved management controls are needed to better safeguard agency equipment.
At an exit conference on May 22, 2001, NRC officials stated general agreement with the report's findings and recommendations. They also suggested several report revisions, which were incorporated where appropriate.
If you have any questions, please contact Tony Lipuma at 415-5910 or me at 415-5915.
Attachments: As stated
| cc: | John Craig, OEDO R. McOsker, OCM/RAM B. Torres, ACMUI B. Garrick, ACNW D. Powers, ACRS J. Larkins, ACRS/ACNW P. Bollwerk III, ASLBP K. Cyr, OGC J. Cordes, OCAA S. Reiter, Acting CIO J. Funches, CFO P. Rabideau, Deputy CFO J. Dunn Lee, OIP D. Rathbun, OCA W. Beecher, OPA A. Vietti-Cook, SECY W. Kane, DEDR/OEDO C. Paperiello, DEDMRS/OEDO P. Norry, DEDM/OEDO M. Springer, ADM R. Borchardt, NRR G. Caputo, OI P. Bird, HR I. Little, SBCR M. Virgilio, NMSS S. Collins, NRR A. Thadani, RES P. Lohaus, OSP F. Congel, OE M. Federline, NMSS R. Zimmerman, RES J. Johnson, NRR H. Miller, RI L. Reyes, RII J. Dyer, RIII E. Merschoff, RIV OPA-RI OPA-RII OPA-RIII OPA-RIV |
Background
Official U.S. Nuclear Regulatory Commission (NRC) property records are maintained in an online interactive computer system that functions as the official database for the agency's property transactions. The Division of Contracts and Property Management, Office of Administration, manages the property and supply system (PASS). PASS accounts for more than 27,000 pieces of noncapitalized equipment(1) with an acquisition cost of approximately $75 million. Of these totals, noncapitalized information technology (IT) equipment is approximately 16,000 pieces with an acquisition cost of approximately $51 million.
Purpose
The objectives of the audit were to determine whether the NRC's (1) policies governing the accountability and control over agency noncapitalized IT equipment adhere to applicable laws and regulations; (2) official database for property transactions reflects accurate information for noncapitalized IT equipment; and (3) property management program has adequate safeguards to deter and prevent loss through fraud, waste or misuse.
Results in Brief
NRC's property management policies for noncapitalized IT equipment adhere to applicable laws and regulations, such as the Federal Property Management Regulations. However, management controls to implement these policies are inadequate or lacking. Also, PASS contains inaccurate information and improved management controls are needed to better safeguard agency equipment.
PASS Data Is Not Accurate
Statistical projections show that PASS does not accurately reflect the location of as many as 3,571 items of noncapitalized IT equipment (at headquarters and Region I) costing approximately $8.38 million. Furthermore, 526 items of IT equipment are missing from the Office of the Chief Information Officer's (OCIO) mini-warehouse. PASS does not accurately reflect the location of noncapitalized IT equipment because accountability of property custodians is limited. Inaccurate location information in PASS (1) can result in the unnecessary purchase of equipment, and (2) is a contributing cause for costly unofficial supplemental property management systems. PASS location inaccuracies result in a heightened potential for fraud and misuse of agency equipment.
Additionally, a comparison of the two PASS sensitive item designation fields revealed a 15 percent error rate. A secondary sensitive item indicator is inaccurate and inconsistent, placing accountability for sensitive items(2) (including 81 laptop computers) in jeopardy and heightening the vulnerability of sensitive equipment to fraud or misuse. As a result, NRC may not physically recover all sensitive property assigned to employees that leave the agency.
Property Management Program Needs Improved Safeguards
NRC's management controls are not adequate or are lacking regarding (1) Security Incident Reports(3), (2) separated employees' PASS accounts, (3) separation of duties, (4) physical inventory procedures, and (5) the Handbook for Property Custodians. For example, only four Security Incident Reports were filed since January 1999 despite the fact that 117 items are missing from the fiscal year 2000 inventory. Additionally, 526 items, not subject to inventory, are missing from the OCIO mini-warehouse. Without Security Incident Reports, recovery of missing items is unlikely.
Recommendations
This report makes 14 recommendations to the Executive Director for Operations to improve the property management program. Eight recommendations are made to improve the accuracy of PASS information and six recommendations address inadequate or lacking management controls.
Agency Comments
At an exit conference on May 22, 2001, NRC officials stated general agreement with the report's findings and recommendations. They also suggested several report revisions which were incorporated where appropriate.
| ADM | Office of Administration |
| DCPM | Division of Contracts and Property Management |
| FY | Fiscal Year |
| GAO | U. S. General Accounting Office |
| IT | Information Technology |
| JFMIP | Joint Financial Management Improvement Program |
| MD | Management Directive |
| NRC | U. S. Nuclear Regulatory Commission |
| OCIO | Office of the Chief Information Officer |
| OIG | Office of the Inspector General |
| PASS | Property and Supply System |
| SIH | Sensitive Item Holders |
| SIR | Security Incident Report |
| UCL | Upper Confidence Limit |
The Federal Property Management Regulations and other applicable laws and regulations require the U.S. Nuclear Regulatory Commission (NRC) to establish and apply standards and procedures for using and controlling property. The proper stewardship of Federal resources is an essential responsibility of agency managers and staff. Office of Management and Budget Circular A-123, revised, Management Accountability and Control, establishes guidance to improve the accountability and effectiveness of Federal programs by establishing, assessing, correcting, and reporting on management controls. An agency's internal controls (a subset of management controls) are used to prevent or detect unauthorized acquisition, use, or disposition of an agency's assets.
NRC Management Directive (MD) 13.1, Property Management, revised October 15, 1999, was issued to establish and apply standards and procedures for using and controlling property in accordance with applicable laws, regulations, and authoritative guidance. The MD describes organizational responsibilities and delegates authority to numerous agency executives. The MD includes an associated Handbook 13.1, Property Management, which contains guidelines and procedures to ensure that Government property is protected against waste, theft, or misuse. Additionally, in November 2000, NRC distributed its Handbook for Property Custodians,(4) which contains additional responsibilities and guidance. The Division of Contracts and Property Management (DCPM), Office of Administration (ADM), manages NRC's property management program, including the property and supply system (PASS).
As of August 2000, PASS contained records for more than 27,000 pieces of noncapitalized equipment with an acquisition cost of approximately $75 million. Of that total, noncapitalized information technology (IT) equipment is approximately 16,000 pieces with an acquisition cost of approximately $51 million. PASS contains records for sensitive equipment,(5) regardless of cost, and nonsensitive equipment having an acquisition cost of at least $300. NRC assigns a unique blue property tag number to all equipment recorded in PASS. Although not entered in PASS, nonsensitive equipment with an acquisition cost below $300 is assigned a red non-controlled NRC property tag. PASS calculates depreciation(6) for noncapitalized IT equipment by dividing acquisition cost by a standard 5-year useful life. Once nonsensitive equipment has depreciated below a $300 threshold, it is no longer counted in physical inventories at headquarters. However, these records remain in PASS as long as the equipment is in use.
NRC conducts physical inventories of property every two years (see chart above for location of 16,000 pieces of noncapitalized IT equipment) and periodically reviews each region's property management program. Once an inventory is completed, DCPM reconciles all discrepancies or missing items with PASS. After reconciliation, the results are reported to NRC senior management.
Property custodians (ranging in grade from GG-7 to GG-15), located in individual NRC offices, assist DCPM. Among other responsibilities, property custodians manage and control the property assigned to their accounts by: (1) updating records, (2) recovering property assigned to separating employees, (3) assisting in locating missing property, and (4) participating in official inventories.
The objectives of the audit were to determine whether the NRC's (1) policies governing the accountability and control over agency noncapitalized IT equipment(7) adhere to applicable laws and regulations; (2) official database for property transactions reflects accurate information for noncapitalized IT equipment; and (3) property management program has adequate safeguards to deter and prevent loss through fraud, waste or misuse. Appendix A contains the scope and methodology of this review.
NRC's property management policies for noncapitalized IT equipment adhere to applicable laws and regulations such as the Federal Property Management Regulations. The agency's broad policies recognize the need for control systems to safeguard property. However, PASS is not reliable because it contains a high percentage of inaccurate information for noncapitalized IT equipment location and sensitivity designation. Also, NRC's property management program needs improved safeguards because management controls either are inadequate or lacking. These conditions leave NRC equipment susceptible to loss from fraud or misuse.
A. PASS Data Is Not Accurate
Statistical projections show that PASS does not accurately reflect the location of as many as 3,571 items of noncapitalized IT equipment (at Headquarters and Region I) costing approximately $8.38 million. In addition, a secondary sensitivity indicator for noncapitalized IT equipment was inaccurate for 15 percent of sensitive items (at headquarters with an acquisition cost of less than $10,000). The data is not accurate because PASS is not updated in a timely manner, accountability for property custodians is limited, and one account assigned to the Office of the Chief Information Officer (OCIO) is not adequately controlled. In addition, PASS does not have the appropriate edit checks to ensure the proper designation of sensitive items. As a result, (1) the system is unreliable and several users have developed costly unofficial supplemental property management systems (hereafter referred to as supplemental property systems); and (2) sensitive equipment is at increased risk from loss or theft.
PASS Location Data
The Joint Financial Management Improvement Program (JFMIP)(8) and NRC internal guidance specifically address property accountability. In October 2000, the JFMIP issued Property Management Systems Requirements, which explains that capturing location is one function of a property management system.
NRC Handbook 13.1, Property Management, explains that PASS serves as the official database for NRC property transactions and states:
Furthermore, ADM's fiscal year (FY) 2000 and FY 2001 Operating Plans include an effectiveness metric which requires that "All property in the PASS database is accounted for."
PASS, however, does not accurately reflect the location for many noncapitalized IT equipment items. To assess location accuracy, the Office of the Inspector General (OIG) selected statistical samples from headquarters, Regions I and II, and two NRC contractors. Because NRC recently completed a physical inventory of PASS equipment, OIG generally based sample sizes on an anticipated error rate of no greater than 5 percent. OIG then inventoried the sample items at these locations. Unlike NRC's inventory, OIG's sample included nonsensitive equipment with a current value of less than $300. The sample inventory results showed that the error rates for headquarters and Region I exceeded the anticipated 5 percent rate.(9) The results of the sample inventory are summarized in the table below.
In the table, "error" means that the item is not physically located in the building and room number shown in PASS. At a 95 percent confidence level, the error rate for the population (Headquarters < $10,000) can be as high as 31 percent, which amounts to 3,158 errors with an associated acquisition cost of approximately $4.5 million.
The following bar chart shows the sample results for headquarters and Region I. The error rate for each of the four populations exceeded the 5 percent anticipated error rate.
The initial results of NRC's FY 2000 inventory at headquarters showed a 20 percent error rate, which is similar to our sample results for headquarters.
Equipment Is Missing From Mini-Warehouse
OIG's sample inventory at headquarters highlighted problems with an IT equipment storage area that serves as a mini-warehouse. Old and new IT equipment frequently moves through the mini-warehouse as a result of excessing and refresh activities. Because of the high activity in this room, OIG conducted additional inquiries and tests that revealed numerous missing items. Subsequently, the agency found some of the missing items. Photographs of the mini-warehouse during the testing are presented on the next page.
 |
 |
Results of additional testing showed that:
Eleven (11) laptop computers, reported in PASS as located in the mini-warehouse, were not found. Two of these laptops were subsequently found, leaving nine laptops (with an acquisition cost of $26,938) as still missing.
104 system units(10) (with an acquisition cost of $327,441), reported in PASS as located in the mini-warehouse, were not found.
Thirteen (13) system units (with an acquisition cost of $19,794) were found in the mini-warehouse, but were not shown in PASS as located in the mini-warehouse.
As of February 27, 2001, PASS showed the mini-warehouse as the location for 526 items in an account assigned to the OCIO. NRC officials explained that a CIO HOLD account(11) was established in May 2000 as a holding account for missing nonsensitive IT items. These items generally have a current value below $300 and are not part of the agency inventory under MD 13.1. Upon completion of the FY 2000 inventory, agency staff were to determine the status of the missing items by locating the items or preparing Report of Property for Survey forms (NRC Form 395).(12) To date, this process has not been completed.
Accountability Of Property Custodians Is Limited
A property management official advised that property custodians do not update PASS in a timely manner. Untimely updates to PASS result in inaccurate data. Prompt execution of property transfers helps ensure the accuracy of location and end user information in PASS. For example, three of the 11 laptop computers, missing from the mini-warehouse, reportedly were identified in PASS awaiting acceptance by a property custodian for a range of 107 to 129 days. An OIG analysis of property custodians' job descriptions, and elements and standards revealed that most contain little or no language regarding property custodian duties. Thus, accountability as property custodians is limited.
Unreliable PASS Data Results In Supplemental Property Systems
Inaccurate location data diminishes the reliability of PASS, creates the perceived need for supplemental property systems, and places NRC property at risk. Several end users developed supplemental property systems because PASS is unreliable and does not fully meet their needs. As a result, the agency maintains at least five of these costly systems. Since these systems are not integrated with PASS, each property transaction is recorded twice, and additional effort would be required to reconcile PASS with the supplemental property systems. Agency offices use these systems to verify PASS data, gain flexibility in preparing reports, and maintain supplemental data.
NRC has established a Market Research Team to review upgrades and alternatives to PASS. Accordingly, OIG gave the agency a list of offices with supplemental property systems and encouraged NRC to include representatives from these offices on the team.
Sensitive Equipment Designation
PASS does not accurately reflect the sensitive item designations of noncapitalized IT equipment, as required by the Handbook for Property Custodians. PASS sensitive item designations are inaccurate due to the absence of appropriate controls. This condition jeopardizes accountability for sensitive items, particularly at separation clearance time.
PASS contains two sensitive item designation fields. One field is based on a sensitive indicator box, which is checked to indicate whether the item is sensitive. Additionally, the Handbook for Property Custodians requires a secondary designation, a SIH (Sensitive Item Holder) prefix, in the end user field. The sensitive item designations should be consistent for both fields (i.e., a box checked should be accompanied by the SIH prefix).
An OIG comparison of the two fields revealed a 15 percent error rate for headquarters noncapitalized IT equipment having an acquisition cost of less than $10,000. Of 579 items designated as sensitive (sensitive indicator box), 87 items did not contain the SIH prefix in the end user field. Eighty-one of the 87 items not designated properly were laptop computers. OIG provided a listing of the 87 errors to an ADM official. The secondary sensitive item designation is inconsistent and incorrect because NRC has not implemented appropriate controls, such as edit checks, to detect errors.
Property custodians use the SIH designation to determine if sensitive equipment is assigned to a separating employee. Without the correct designation, separating employees could leave the agency and not be held accountable for sensitive equipment in their possession.
Summary
Location and sensitive item designation inaccuracies in PASS affect the reliability of PASS data. Inaccuracies result because (1) accountability for property custodians is limited and (2) controls regarding sensitive item designations are inadequate or lacking.
Statistical projections show that as many as 3,571 items of noncapitalized IT equipment at headquarters and Region I, costing approximately $8.38 million, are not physically located in the building and room number shown in PASS. Furthermore, 526 IT equipment items are missing from the OCIO mini-warehouse. Inaccurate location information in PASS (1) can result in the unnecessary purchase of equipment, and (2) is a contributing cause for the creation of costly supplemental property systems.
Additionally, a comparison of the two PASS sensitive item designation fields revealed a 15 percent error rate. The sensitive item designation errors place accountability for sensitive items (including 81 laptop computers) in jeopardy, particularly at separation clearance time. PASS inaccuracies (location and sensitivity designations) result in a heightened potential for fraud or misuse of agency equipment.
Recommendations
OIG recommends that the Executive Director for Operations:
Institute the use of annual property confirmations by end users to help ensure the accuracy of PASS information.
Coordinate with NRC offices to establish and implement consistent performance standards (i.e., Elements and Standards) for property custodian/alternate property custodian duties.
Include representatives from offices with supplemental property systems on the Market Research Team.
Distribute this audit report to all property custodians and their alternates. The transmittal letter should emphasize the need to keep PASS information current and accurate.
Develop an action plan with milestones to resolve equipment issues in the CIO HOLD account. Each item in the account should be located and PASS should be updated accordingly.
Resolve all discrepancies identified in OIG's sample inventory and tests of the mini-warehouse and provide the OIG with the status of each item.
Design and implement appropriate quality controls to ensure the accuracy of sensitive item designations in PASS.
Correct the 87 incorrect sensitive item designations in PASS.
B. Property Management Program Needs Improved Safeguards
NRC's property management program needs improved safeguards to deter and prevent loss through fraud or misuse. Specifically, NRC's management controls are not adequate or are lacking in the following areas:
These conditons result in a heightened potential for fraud or misuse of NRC equipment and the unlikely recovery of missing agency property.
Security Incident Reports
MD 13.1 requires that NRC provide sufficient controls over its equipment to deter or eliminate loss through fraud, waste or misuse. MD 13.1's Handbook requires agency employees to initiate a Security Incident Report (SIR) when a theft (loss) is suspected at headquarters.
Agency staff completed only four SIRs(13) since January 1, 1999, even though 187 items were identified as missing. In October 2000, NRC reported 187 missing items out of 18,402 items during its FY 2000 inventory.(14) As of March 6, 2001, 70 of the 187 missing items were reportedly found, leaving a balance of 117 missing items (including 27 laptop computers). Additionally, the agency's CIO HOLD account created in May 2000, includes 526 missing items (not subject to inventory) as of February 27, 2001.
In October 2000, OIG served as facilitator in a meeting attended by representatives from DCPM, the Division of Facilities and Security, and the Property Survey Board.(15) Meeting attendees agreed that agency guidance regarding lost or stolen NRC equipment is vague and requires revision. General agreement was reached that ADM representatives, in coordination with representatives of other interested offices, will rewrite the guidance in a simple, easy to follow, process-oriented style. OIG representatives emphasized a direct correlation between the timeliness of notification and the likelihood of recovery of lost or stolen equipment. Without an SIR, neither OIG nor the agency can investigate lost or stolen property and recovery becomes unlikely. Many opportunities to recover missing agency equipment have been lost because SIRs were not prepared.
Separated Employees' PASS Accounts
To determine whether open accounts exist for separated employees, OIG selected a judgmental sample of employees who separated during calendar years 1998 through 2000 (40 of 642). The test revealed that PASS contains open accounts for 29 of the 40 former employees (72.5 percent). Four of the 29 accounts contain active PASS equipment. One of the four accounts is for an individual who separated in March 1999 and has 13 items in that account. The agency has since advised that it has initiated action to (1) remove the names of former NRC employees from PASS, and (2) locate and properly account for active PASS equipment in separated employees' accounts.
The internal controls in this area need improvement to ensure that the PASS System Administrator closes PASS accounts for all separated employees within a reasonable time of their separation. Open PASS accounts for separated employees also heightens the potential for fraud and misuse of agency equipment. Those accounts can be used to hide lost or stolen equipment.
Separation Of Duties
NRC has not adequately separated responsibilities for property management functions. These functions include inventory duties and a property custodian's access to his/her own account. Separation of duties is a sound business practice and is required by U.S. General Accounting Office (GAO) standards for internal control. Inadequate separation of duties creates opportunities for fraud and misuse of agency equipment.
GAO's Standards for Internal Control in the Federal Government, November 1999, provides that control activities(16) include separation of duties. This control activity is described as follows:
Thus, property system administration and inventory control responsibilities must be adequately separated. The PASS System Administrator controls the key aspects of PASS transactions, participates in the conduct of NRC's physical inventory, prepares inventory discrepancy reports, and prepares reports on inventory results. As a result, the PASS System Administrator controls property system records and can conceal the location of missing equipment during an inventory.
Furthermore, property custodians should not have access to their own PASS accounts, which contain equipment assigned to them. This access level, which is not addressed in agency guidance, allows individuals the opportunity to manipulate their own PASS records and conceal the location of missing equipment.
Physical Inventory Procedures
NRC procedures do not require accountability for all property in PASS. Although, ADM's FY 2001 Operating Plan requires accountability for all PASS property, approximately 6,900 equipment items are not controlled through the inventory process. NRC Handbook 13.1, states:
Once nonsensitive equipment has depreciated below the $300 threshold, it will no longer be part of the property base for purposes of inventory. However, as long as equipment is in use, the record will remain active in PASS.
According to DCPM, the FY 1998 inventory was the first inventory that used the MD 13.1 guidance. PASS contains approximately 6,900 nonsensitive equipment items that have been depreciated below the agency's $300 threshold. Since DCPM excludes these items from the physical inventory, this property is not adequately controlled. For example, one OCIO property account includes 526 missing items, generally valued at less than $300 each.
Once equipment is no longer included as part of the physical inventory, there is increased risk that the agency will lose control over such equipment. For example, a system unit could be depreciated below $300 and would no longer be inventoried.
Handbook For Property Custodians
The Handbook for Property Custodians and the NRC Handbook 13.1 contain significant responsibilities and guidance for property custodians. However, NRC Handbook 13.1 contains responsibilities and guidance not contained in the Handbook for Property Custodians.
Handbook 13.1, provides the following responsibilities and guidance that are not found in the Handbook for Property Custodians:
Assess available property and determine if it is fully used before certifying new property requests.
Assist in locating missing equipment and providing purchase documentation for any non-tagged equipment.
Additional responsibilities of regional property custodians:
Provide to DCPM, copies of receiving documents (showing model number, purchase date, and price) for NRC equipment.
Maintain custodial receipts (NRC Form 119) and records of sensitive NRC property.
Review appropriate excess property lists and recommend acquisition of excess property in lieu of purchase.
Because the duties of property custodians are not consolidated in a single document, the custodians may not be fully aware of or perform the full scope of their responsibilities.
Summary
NRC's property management program needs improved safeguards. Management controls are inadequate or lacking in five areas: Security Incident Reports, separated employees' PASS accounts, separation of duties, physical inventory procedures, and the Handbook for Property Custodians. As a result, NRC's noncapitalized IT equipment is susceptible to loss from fraud or misuse and the recovery of missing agency equipment is unlikely.
Recommendations
OIG recommends that the Executive Director for Operations:
Revise NRC Handbook 13.1 to clarify guidance regarding lost or stolen equipment, and clearly explain when a Security Incident Report is needed.
Design and implement internal controls to ensure that the PASS accounts for separated employees are closed within a reasonable time of their separation from the agency.
Ensure that active equipment listed in separated employees' accounts is reassigned or properly disposed of and that PASS records are updated accordingly.
Separate property management duties, in particular, inventory duties and a property custodian's access to his/her own account.
Include all nonsensitive equipment controlled in PASS (regardless of current value) in the property base for inventory purposes.
Consolidate property custodian responsibilities and guidance from NRC Handbook 13.1 into the Handbook for Property Custodians.
A. Property and Financial Management Systems Integration
The JFMIP publication, Property Management Systems Requirements, notes that "Financial management systems must be designed with effective and efficient interrelationships between software, hardware, personnel, procedures, controls and data contained within the systems." Furthermore, it states that the design of such a system should eliminate unnecessary duplication of transaction entry.
NRC is presently considering alternatives to PASS, which is not integrated with the agency's financial system. This lack of integration results in duplicate transaction entry: all transactions (property) are either considered expensed or capitalized in PASS, and corresponding entries must also be made for the financial system. As NRC works toward replacing the current property management system, the time is opportune for the Office of the Chief Financial Officer and ADM to work together to define user needs and procure a system that has an efficient and effective interrelationship between the property and financial systems.
B. Status of Region III's Property Management Corrective Actions
In Region III's November 2000, Reasonable Assurance Statement, the Region self-identified deficiencies in its property management program after an inventory disclosed 16 missing computers, including 12 laptops. To mitigate property management deficiencies, the Region prepared a corrective action plan. Region III staff stated that they are making progress toward implementing the plan. The Region issued a new Divisional Instruction (DI-9936), Property Management, with an effective date of December 29, 2000. Additionally, a revised Regional Procedure concerning property management was drafted and distributed to regional staff for comment, and heightened attention is being given to complying with property management policies. The Region is also in the process of filling the property custodian vacancy. Furthermore, headquarters has scheduled a physical inventory at Region III during FY 2001. Thus, reasonable action has been taken or is in process to resolve property management deficiencies at Region III.
OIG recommends that the Executive Director for Operations:
Institute the use of annual property confirmations by end users to help ensure the accuracy of PASS information.
Coordinate with NRC offices to establish and implement consistent performance standards (i.e., Elements and Standards) for property custodian/alternate property custodian duties.
Include representatives from offices with supplemental property systems on the Market Research Team.
Distribute this audit report to all property custodians and their alternates. The transmittal letter should emphasize the need to keep PASS information current and accurate.
Develop an action plan with milestones to resolve equipment issues in the CIO HOLD account. Each item in the account should be located and PASS should be updated accordingly.
Resolve all discrepancies identified in OIG's sample inventory and tests of the mini-warehouse and provide the OIG with the status of each item.
Design and implement appropriate quality controls to ensure the accuracy of sensitive item designations in PASS.
Correct the 87 incorrect sensitive item designations in PASS.
Revise NRC Handbook 13.1 to clarify guidance regarding lost or stolen equipment, and clearly explain when a Security Incident Report is needed.
Design and implement internal controls to ensure that PASS accounts for separated employees are closed within a reasonable time of their separation from the agency.
Ensure that active equipment listed in separated employees' accounts is reassigned or properly disposed of and that PASS records are updated accordingly.
Separate property management duties, in particular, inventory duties and a property custodian's access to his/her own account.
Include all nonsensitive equipment controlled in PASS (regardless of current value) in the property base for inventory purposes.
Consolidate property custodian responsibilities and guidance from NRC Handbook 13.1 into the Handbook for Property Custodians.
At an exit conference on May 22, 2001, NRC officials stated general agreement with the report's findings and recommendations. They also suggested several report revisions which were incorporated where appropriate.
To accomplish the audit objectives, the Office of the Inspector General (OIG) reviewed and analyzed pertinent laws, regulations, authoritative guidance, and prior U. S. Nuclear Regulatory Commission (NRC) OIG and U. S. General Accounting Office reports. In addition, OIG identified, analyzed and compared NRC guidance with the aforementioned criteria. OIG conducted interviews with selected NRC officials to gain an understanding of NRC's property management guidance and to determine current issues, problems, or known deficiencies. At NRC headquarters, OIG interviewed personnel in the Offices of Administration, Human Resources, Chief Financial Officer, Chief Information Officer, Nuclear Materials Safety and Safeguards, Nuclear Reactor Regulation, Nuclear Regulatory Research, and the General Counsel. OIG visited two Regional offices and two contractors. We also interviewed personnel from all four Regions.
OIG conducted tests to determine whether location and sensitive item designation information maintained in the property and supply system (PASS) is accurate. OIG selected a stratified random sample of noncapitalized information technology equipment from PASS to physically verify location. OIG further tested PASS location data for items (laptop computers and system units) located in a mini-warehouse.(17) Additionally, OIG compared selected data to determine whether there is consistent designation of sensitive property in PASS.
Management controls related to the audit objectives were reviewed and analyzed. Throughout the review, auditors were aware of the possibility or existence of fraud, waste or misuse in the program. OIG conducted the audit in accordance with Generally Accepted Government Auditing Standards from August 2000 through March 2001.
The major contributors to this report were Anthony Lipuma, Team Leader; Steven Zane, Audit Manager; Michael Steinberg, Senior Auditor; and Debra Lipkey, Management Analyst.
1. Noncapitalized equipment represents NRC property (either in the agency's possession or contractor-held) with an initial acquisition cost of less than $50,000.
2. Equipment that is desirable for personal use and can be easily removed from the premises (e.g., laptop computers, cell phones).
3. Security Incident Reports are used to report missing/stolen property and serve as the basis for notifying the OIG.
4. This is a separate Handbook from that contained in MD 13.1.
5. Equipment that is desirable for personal use and can be easily removed from the premises (e.g., laptop computers, cell phones).
6. This internal PASS computation is performed to determine the $300 physical inventory threshold and is not related to depreciation for financial statement purposes.
7. Noncapitalized IT equipment represents NRC IT property (either in the agency's possession or contractor-held) with an initial acquisition cost of less than $50,000.
8. JFMIP is a joint undertaking of the U.S. Department of the Treasury, the General Accounting Office, the Office of Management and Budget, and the Office of Personnel Management, working with other agencies to improve financial management practices in Government.
9. PASS could not be used to determine an item's specific room location at Region II or at the two contractors. Those locations maintain separate inventory systems to identify room locations within their facilities.
10. A system unit is occasionally referred to as a central processing unit.
11. The CIO HOLD account includes 50 of the 104 system units identified above as missing from the mini-warehouse.
12. NRC Form 395 is used to determine financial liability, if any, for Government property that is lost, stolen, or damaged. It is also used to authorize adjustments to property records to reflect such occurrences.
13. Security Incident Reports are used to report missing/stolen property and serve as the basis for notifying the OIG of such matters.
14. DCPM conducted the FY 2000 inventory from June through August 2000.
15. A three-member Board that determines financial liability, or release from liability, of accountable individuals for loss or damage to agency equipment.
16. Control activities are the policies, procedures, techniques, and mechanisms that enforce management's directives. Control activities are an integral part of an agency's accountability for stewardship of government resources.
17. The mini-warehouse is located in room O2A1 at headquarters.
|
Privacy Policy |
Site Disclaimer |
]