OIG/96A-19 - Results of the Audit of U.S. Nuclear Regulatory Commission's Fiscal Year 1996 Financial Statements
- Inspector General's Report
- Opinion on Principal Statements
- Inspector General's Report on Management's Assertion about The Effectiveness of The Internal Control Structure
- Reportable Conditions and Audit Follow-up
- Report on Compliance with Laws and Regulations
- Matter of Emphasis
- Consistency of Other Information
- Objectives, Scope and Methodology
- Agency Comments
Office of Inspector General
U.S. Nuclear Regulatory Commission
Results of the Audit of U.S. Nuclear Regulatory Commission's Fiscal Year 1996 Financial Statements
March 6, 1997
|Memorandum to:||Chairman Jackson,|
|From:||Hubert T. Bell|
|Subject:||Results of the Audit of U.S. Nuclear Regulatory Commission's Fiscal Year 1996 Financial Statements|
Attached is the Office of the Inspector General's (OIG) audit report of the U.S. Nuclear Regulatory Commission's (NRC) Fiscal Year 1996 financial statements. The Chief Financial Officers (CFO) Act requires OIG to annually audit the Principal Financial Statements of the NRC. The audit was performed to form an opinion on the Principal Financial Statements. The report contains the (1) principal statements, (2) our opinions on the principal statements and management's assertions about the effectiveness of internal controls, and (3) our report on NRC's compliance with laws and regulations. Written comments were obtained from the Acting CFO and are included as an appendix to our report.
On NRC's Fiscal Year 1996 Principal Financial Statements, we issued an unqualified opinion on the Statement of Financial Position, and the Statements of Operations, Cash Flows, and Budget and Actual Expenses.
In our opinion on management's assertions about the effectiveness of internal controls, we identified one new reportable condition and one carried over from prior fiscal years. The new condition concerns NRC's procedures for identifying capitalized software. The prior-year condition concerns NRC's lack of a system for reporting labor costs by program. Based on corrective actions taken in FY 1996, we closed two reportable conditions identified in our FY 1995 report. Those conditions related to (1) internal controls for NRC's fee recovery system, and (2) lack of Department of Energy (DOE) audit assurance for NRC funds spent at DOE labs. We have, however, retained the DOE issue as a Matter of Emphasis in our report.
Our report on NRC's compliance with laws and regulations states that with respect to the items tested, NRC was in compliance. Based on actions taken in FY 1996, we closed the compliance finding related to NRC's fee recovery system.
Under the Federal Manager's Financial Integrity Act, NRC must annually evaluate its internal controls processes. As of the date of our report, NRC management had completed its evaluation of financial controls, but was still evaluating a programmatic control issue.
On February 27, 1997, the Acting CFO responded to our draft report dated February 19, 1997. We appreciate NRC staff's cooperation and continued interest in improving financial management within NRC.
Inspector General's Report
In our audits of the U.S. Nuclear Regulatory Commission (NRC) for the years ended September 30, 1996 and 1995, as required by the Chief Financial Officers' (CFO) Act of 1990, we found the principal financial statements were reliable in all material respects. Management fairly stated that the internal control structure in place at September 30, 1996 was effective in (1) safeguarding assets from material loss, (2) assuring material compliance with laws and regulations governing the use of budgetary authority and with other relevant laws and regulations, and (3) assuring that there were no material misstatements in the Principal Statements. We found no reportable noncompliance with laws and regulations for the items tested.
The following sections outline our conclusions and discuss the Overview of the Reporting Entity and the scope of the audit.
Opinion on Principal Statements
The principal statements, including the accompanying notes, present fairly in all material respects, in conformity with a comprehensive basis of accounting other than generally accepted accounting principles, as described in Note 1, NRC's:
Assets, liabilities, and net position;
Revenue, financing sources and expenses;
Cash flows; and
Budgetary resources and actual expenses.
Inspector General's Report on Management's Assertion about The Effectiveness of The Internal Control Structure
The Office of Inspector General (OIG) evaluated management's assertion that the NRC maintained an effective internal control structure designed to:
Safeguard assets against loss from unauthorized acquisition, use or disposition;
Assure the execution of transactions in accordance with laws governing the use of budget authority and with other laws and regulations that have a direct and material effect on the Principal Statements or that are listed in the Office of Management and Budget (OMB) audit guidance and could have a material effect on the Principal Statements; and
Properly record, process, and summarize transactions to permit the preparation of reliable financial statements and to maintain accountability for assets.
NRC management fairly stated that internal controls in place on September 30 , 1996 provided reasonable assurance that losses, noncompliance, or misstatements material in relation to the Principal Statements would be prevented and detected on a timely basis. Management made this assertion based upon criteria established by the Federal Managers' Financial Integrity Act of 1982 (FMFIA) and OMB Circular A-123, Management Accountability and Control.
Reportable Conditions and Audit Follow-up
OIG noted two matters involving the internal control structure and its operation that are considered reportable conditions under standards established by the American Institute of Certified Public Accountants and OMB Bulletin 93-06. Although not material in relation to the Principal Statements, these reportable conditions involve deficiencies in the internal control structure that, in our judgment, could adversely affect the NRC's ability to ensure that it meets the objectives of internal controls. Management considered these conditions in making their assertion on the effectiveness of the internal controls.
The matters listed below involve the design or operation of the internal control structure and warrant disclosure as reportable conditions. None of the reportable conditions noted are classifiable as material weaknesses.
Capitalization Procedures for Automatic Data Processing (ADP) Software Need Improvement
Our audit disclosed a need for improvements to software capitalization procedures. This latest finding represents a continuing OIG concern about NRC's financial reporting of property. While OIG has raised and the NRC has resolved similar issues over the past few years, we believe the current issue indicates a continuing concern and must be identified as a reportable condition.
The Office of the Controller's (OC) current procedure for accounting for capitalized ADP software was issued on April 26, 1996. This procedure provides guidance on how relevant information should be captured within the Division of Accounting and Finance (DAF). However, it does not identify specific responsibility for making capitalization decisions or for oversight of those decisions. OC advised us that they receive software data from NRC offices for review and possible capitalization, and that a contractor has primary responsibility for this function.
The capitalization procedure only vaguely infers that a contractor performs the review function. One of the procedural steps states, "The documentation for additions and deletions is independently reviewed by DAF on a monthly basis to ensure accuracy and completeness of the data." To establish adequate accountability, we believe the duties and responsibilities of the specific parties in the process must be stated.
At our initiation, OC asked NRC offices to examine a listing of capitalized software to determine accuracy and completeness. The request resulted in several additions and deletions(1) to the listing. Most additions were previously reported to OC but were not included as capitalized software. These additions totaled about one million dollars. Subsequent OIG inquiry disclosed that an OC contractor incorrectly decided against capitalizing these items. When a contractor has significant decision-making responsibilities, it is imperative that OC provide sufficient oversight to ensure that the appropriate decisions are made.
To bring greater discipline and accountability to the software capitalization process, we recommend that the Acting CFO:
Revise the software capitalization procedure to specify the responsible NRC group, position or contractor for making capitalization decisions and oversight.
Reemphasize the need for adequate oversight of contractor decisions.
Payroll System Must Be Integrated With The General Ledger and Possess Labor Distribution Capabilities
This issue is a carryover from the FY 1995 audit. NRC's accounting system does not include all of the necessary general accounting controls to produce timely and accurate financial information needed to prepare complete financial reports as required by OMB Bulletin 94-01, Form and Content of Agency Financial Statements. The principal weaknesses and issues that remain are:
The compatibility and integration of the NRC general ledger and subsystems used by NRC for payroll.
Heavy reliance on manual inputs due to the use of incompatible subsystems.
NRC is in the process of replacing its payroll system with a new subsystem that is integrated into the Federal Financial System (FFS) and will eventually provide labor distribution information. When the new payroll system is fully implemented, individual payroll transactions will be generated for FFS update within the program receiving the direct benefit of the expenditure. NRC continues to reconcile the non-compatible payroll subsystem with the FFS general ledger on a monthly and year end basis.
None, as NRC is in the process of replacing its payroll system.
Prior Year - Resolved
1. Fee Recovery System Lacks Internal Control
Based on actions taken in FY 1996, we are satisfied that OC has addressed the root causes for this problem. Further, OC is about to undertake a comprehensive review of the fee billing process. The corresponding condition reported in the compliance report for FY 1995 is resolved, as well.
2. Lack Of U. S. Department of Energy (DOE) Audit Assurance
During FY 1995, NRC took aggressive action to resolve this issue with DOE. NRC concluded its effort to implement our recommendations without success. While DOE did not believe a revision to the NRC/DOE Memorandum of Understanding was needed, DOE forwarded reports addressing internal controls and costs incurred at the DOE labs. However, these reports appeared to be of questionable value in assessing the proper use of NRC funds. In the interests of full disclosure, we will continue to report this issue as a Matter of Emphasis in this report.
Report on Compliance with Laws and Regulations
Our tests of compliance with selected provisions of laws and regulations disclosed no instances of noncompliance that would be reportable under Government Auditing Standards or OMB Bulletin 93-06, Audit Requirements for Federal Financial Statements. However, the objective of our audit was not to provide an opinion on overall compliance with laws and regulations. Accordingly, we do not express such an opinion.
Matter of Emphasis
NRC's principal statements include reimbursable expenses of the DOE's National Laboratories. For Fiscal Year 1996 and 1995, NRC's Statements of Operations included about $89 and $110 million, respectively, of reimbursed expenses, which represent approximately 17% and 20%, respectively, of total expenses. Our audits included testing of these expenses and financing sources for compliance with laws and regulations within NRC. The work placed with DOE is under the auspices of a Memorandum of Understanding between NRC and DOE. The examination of DOE National Laboratories for compliance with laws and regulations is DOE's responsibility. This responsibility was further clarified by a memorandum of the General Accounting Office's Assistant General Counsel, dated March 6, 1995, where he opined that "...DOE's inability to assure that its contractors' costs [National Laboratories] are legal and proper...does not compel a conclusion that NRC has failed to comply with laws and regulations." DOE also has the cognizant responsibility to assure audit resolution and should provide the results of its audits to NRC.
Consistency of Other Information
The overview of the NRC, program performance, and other supplemental financial and management information sections contain a wide range of data, some of which is not directly related to the Principal Statements. We do not express an opinion on this information. We have, however, compared this information for consistency with the Principal Statements and discussed the measurement and presentation methods with NRC management. Based on this limited effort, we found no material inconsistencies with the Principal Statements or nonconformance with OMB guidance.
Objectives, Scope and Methodology
NRC management is responsible for (1) preparing the Principal Statements in conformity with the basis of accounting described in Note 1, (2) establishing, maintaining, and assessing the internal control structure to provide reasonable assurance that the broad control objectives of FMFIA are met, and (3) complying with applicable laws and regulations.
We are responsible for obtaining reasonable assurance about whether (1) the Principal Statements are free of material misstatement and presented fairly, in all material respects, in conformity with the basis of accounting described in Note 1, and (2) management's assertion about the effectiveness of the internal control structure is fairly stated, in all material respects, based upon criteria established by FMFIA and OMB Circular A-123, Management Accountability and Control. As of the date of our report, NRC management had completed its evaluation of financial controls, but was still evaluating a programmatic control issue. We are also responsible for testing compliance with selected provisions of laws and regulations and for performing limited procedures with respect to certain other information in this annual financial statement.
In order to fulfill these responsibilities, we:
Examined, on a test basis, evidence supporting the amounts and disclosures made in the Principal Statements;
Assessed the accounting principles used and significant estimates made by management;
Obtained an understanding of the internal control structure related to safeguarding of assets, compliance with laws and regulations including execution of transactions in accordance with budget authority, financial reporting, and performance measures reported in the annual financial statements;
Assessed control risk and tested relevant internal controls over safeguarding of assets, compliance, and financial reporting and evaluated management's assertion about the effectiveness of internal controls;
Tested compliance with selected provisions of the following laws and regulations: Anti-Deficiency Act (Title 31 U.S.C.), National Defense Appropriation Act (PL 101-510), Omnibus Budgetary Reconciliation Act of 1990, Debt Collections Act of 1982 (PL 97-365), Prompt Pay Act (PL 97-177), Civil Service Retirement Act, Civil Service Reform Act (PL 97-454), Federal Managers' Financial Integrity Act (PL 97-255), CFO's Act (PL 101-576), Budget and Accounting Act;
Reviewed compliance with the process required by FMFIA for evaluating and reporting on internal control and accounting systems; and
Assessed the design of selected performance measure controls and whether they had been placed in operation.
We did not evaluate all internal controls relevant to operating objectives as broadly as defined in FMFIA, such as those controls for preparing statistical reports and those for ensuring efficient and effective operations. We limited our internal control tests to those necessary to achieve the objective described in our opinion on management's assertion about the effectiveness of internal controls. Because of inherent limitation in any internal control structure, losses, noncompliance, or misstatements may nevertheless occur and not be detected. Also, projection of any evaluation of the internal control structure over financial reporting to future periods is subject to the risk that the internal control structure may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
We performed our work in accordance with Government Auditing Standards and OMB Bulletin 93-06, Audit Requirements for Federal Financial Statements.
This report is intended solely for the use of management of the U. S. Nuclear Regulatory Commission. This restriction is not intended to limit the distribution of this report, which is a matter of public record.
On February 27, 1997, the Acting CFO responded to our draft report and addressed the two recommendations to improve the procedures for capitalizing ADP software. We requested and received additional information about the Acting CFO's corrective actions on March 3, 1997. Based on our review of this information, we are satisfied that the actions taken meet the intent of our recommendations. We appreciate NRC staff's cooperation and continued interest in improving financial management within NRC.
1. Deletions were primarily the result of NRC's recent decision to expense rather than capitalize software related to analytical codes and mathematical models.