United States Nuclear Regulatory Commission - Protecting People and the Environment

NRC: Office of the Inspector General Semiannual Report to Congress (NUREG-1415, Vol. 11, No. 2)

On this page:

Table of Contents

Publication Information

[ Next | Top of file ]

Manuscript Completed: April 1999
Date Published: April 1999
Reporting Period: October 1, 1998 - March 31, 1999

Office of the Inspector General
U.S. Nuclear Regulatory Commission
Washington, DC 20555

Availability Notice

Memorandum to the Chairman

[ Prev | Next | Top of file ]

On behalf of the Office of the Inspector General (OIG) for the U.S. Nuclear Regulatory Commission (NRC), I am pleased to submit this Semiannual Report to the U.S. Congress. This report summarizes significant OIG activities during the period from October 1, 1998, through March 31, 1999, in compliance with Sections 4 and 5 of the Inspector General Act of 1978, as amended.

During this reporting period, our office completed 9 performance and financial audits of the NRC's programs and operations. This work led the OIG to make several recommendations and suggestions to the NRC for program improvement. In addition, the OIG completed 35 investigations and 3 Event Inquiries, and made 46 referrals to NRC management. Finally, the OIG analyzed 20 contract audit reports issued by the Defense Contract Audit Agency. Overall, these analyses caused the OIG to question $485,853 in costs.

As detailed later in this report, the audit and investigative activities carried out during this period, together with other initiatives that are still in progress, have specifically addressed 8 of the 10 most serious management challenges facing the NRC, which the OIG identified to Congress in December 1998.

In light of these successes, I want to take this opportunity to thank you, NRC's senior managers, and the Congress for the strong support that the OIG received during this reporting period. I also want to commend all OIG employees for their continued professionalism, dedication, and willingness to accept new challenges during this period. Working together, I believe, we have taken positive steps to improve agency programs and operations.

Sincerely,

Hubert T. Bell
Inspector General

Reporting Requirements Index

[ Prev | Next | Top of file ]

The Inspector General Act of 1978, as amended (1988), specifies reporting requirements for semiannual reports. This index cross-references those requirements to the applicable pages where they are fulfilled in this report.

Citation Reporting Requirements

[ Prev | Next | Top of file ]

Section 4(a)(2) Review of Legislation and Regulations
Section 5(a)(1) Significant Problems, Abuses, and Deficiencies
Section 5(a)(2) Recommendations for Corrective Action
Section 5(a)(3) Prior Significant Recommendations Not Yet Completed
Section 5(a)(4) Matters Referred to Prosecutive Authorities
Section 5(a)(5) Information or Assistance Refused
Section 5(a)(6) Listing of Audit Reports
Section 5(a)(7) Summary of Significant Reports
Section 5(a)(8) Audit Reports -- Questioned Costs
Section 5(a)(9) Audit Reports -- Funds Put to Better Use
Section 5(a)(10) Audit Reports Issued Before Commencement of the Reporting Period for Which No Management Decision Has Been Made
Section 5(a)(11) Significant Revised Management Decisions
Section 5(a)(12) Significant Management Decisions with Which the OIG Disagreed

Executive Summary

[ Prev | Next | Top of file ]

The following two sections highlight selected audits and investigations completed during this reporting period. More detailed summaries appear in subsequent sections of this report.

Audits

[ Prev | Next | Top of file ]

  • The Office of the Inspector General (OIG) for the U.S. Nuclear Regulatory Commission (NRC) reviewed the management controls that the Office of the Chief Information Officer (OCIO) has established for the NRC's Personal Computer (PC) Refresh program. Guided by a Capital Planning and Investment Control document, this program calls for replacing about 4,000 PCs with Pentium-class systems by the end of Fiscal Year 1999 (FY 99), at an approximate cost of $7.9 million.
    Although this latest OIG review focused on the OCIO's management of the PC Refresh program, it revealed a variety of shortcomings that reaffirmed the OIG's long-standing concerns regarding the need for adequate management controls over the NRC's information technology (IT) activities. In addition, the OIG reviewed the OCIO's plan for upgrading the agency's network operating system to Microsoft Windows NT. The findings from this review led the OIG to make three recommendations that would reduce agency costs and result in fewer disruptions to the NRC staff.
  • In June 1998, the OIG initiated a review of the NRC's license renewal program in response to industry, public, and Congressional interest. The OIG's objectives were to determine (1) if the NRC actually required 3 to 5 years, as projected, to process and decide on a renewal request, and (2) if licensees believe the NRC has provided clear and reasonable guidance regarding what should be submitted in support of a license renewal application.
    Although the license renewal process is still evolving, the OIG's review revealed that the agency is actively reassessing its procedures, and taking steps to improve the structure and efficiency of the process. The OIG also found that the agency has so far met all of the established license renewal milestones and is taking steps to further reduce the time required to process a license renewal request. In addition, although complete and final guidance is unavailable at this time, the communication between the NRC and the industry appears to be good, and licensees believe the process is working effectively.
  • In November 1998, the OIG briefed the NRC's Chief Information Officer (CIO) on the results of its initial assessment of the agency's efforts to address the Year 2000 (Y2K) issues as they relate to mission-critical and other internal systems. The NRC staff swiftly addressed the issues raised during the OIG's review, and it appears that the agency has thorough and effective Y2K management programs.
  • Because some NRC offices have released sensitive information without the authority to do so, the NRC Chairman requested that the OIG conduct an agencywide review of the controls used to protect the agency's sensitive information. In conducting this audit, the OIG's overall objectives were to assess the adequacy of the management controls that the NRC uses to prevent inadvertent release of sensitive unclassified information, and determine if agency guidance is being implemented. Additionally, the OIG reviewed the development plans for the Agencywide Documents Access and Management System (ADAMS), the NRC's forthcoming electronic document management system, to determine if appropriate security measures will be taken to protect sensitive information.
    On the basis of this review, the OIG concluded that NRC controls used to prevent the unauthorized release of sensitive information generally appear adequate. Nonetheless, unintentional unauthorized releases of sensitive information do occasionally occur. As a result, the OIG report made four recommendations. In addition, an appendix to the OIG report identified numerous "Good practices" used by individual offices and regions, so that agency managers may consider their use on a case-by-case basis.
  • In accordance with the Chief Financial Officers Act of 1990, the OIG contracted with an independent public accounting firm to audit the NRC's Principal Financial Statements for FY 98. The independent auditors issued an unqualified opinion on the Balance Sheet and the Statements of Changes in Net Position, Net Cost, Budgetary Resources, and Financing. However, the auditors concluded that management's assertion did not fairly represent the effectiveness of the agency's internal controls because management did not identify the lack of managerial cost accounting as a material weakness. The auditors also identified four new reportable conditions and closed one prior-year reportable condition. In addition, with regard to the NRC's compliance with applicable laws and regulations, the auditors identified three new noncompliances, two of which constitute substantial noncompliances with the Federal Financial Management Improvement Act of 1996 (FFMIA).

Investigations

[ Prev | Next | Top of file ]

  • The OIG conducted an Event Inquiry (EI) in response to a request from three members of the Connecticut Congressional delegation that the OIG review the process and specific conclusions contained in several investigations conducted by the NRC Office of Investigations (OI). In particular, the investigations dealt with complaints of harassment and intimidation (H&I) by several former employees who had been laid off from work at a nuclear power plant in Connecticut. The OIG inquiry revealed (1) deficiencies in the documentation of the process followed by the NRC staff; (2) portions of briefings provided by the staff to the Commission were not clear; and (3) the staff had insufficient information on which to base a conclusion contained in their written correspondence with some of the allegers.
  • The OIG received an anonymous complaint that an NRC contractor providing security guard services was operating without the State business license that was required under the terms of the NRC contract. In addition, the contract required the contractor's employees to carry firearms, but the employees did not possess valid State firearms permits. As a result, the OIG coordinated this investigation with the Maryland State Police, as well as another Federal agency which had a similar contract with the security firm. The NRC subsequently terminated its contract with the firm, and awarded a new contract to another security firm.
  • The OIG initiated an investigation concerning an allegation that errors were detected in the type and number of recycled materials reported by the Government's recycling program contractor in Metropolitan Washington, DC. Through a contract with the General Services Administration (GSA), the contractor pays the Government for recyclable paper collected from Federal agencies in the Metropolitan area. However, the OIG learned that the contractor did not accurately report NRC pickups. Although the NRC successfully resolved the contract irregularities, the GSA OIG questioned whether the recycling program contractor was also underreporting or improperly downgrading recyclable paper pickups at other Government facilities. The NRC OIG therefore participated in a joint investigation with the GSA OIG.
    The joint NRC-GSA investigative team conducted several surveillances on the contractor's activities and collected documentation of its pickups to determine how many containers of recyclable paper had been wrongly counted or improperly downgraded. Documents collected from GSA program managers revealed that the recycling program contractor improperly downgraded several containers during each pickup.
  • The OIG conducted an investigation regarding the improper release of an NRC Senior Management Meeting (SMM) document to the NRC Public Document Room (PDR). Specifically, the document contained predecisional information concerning three licensees.
    The OIG investigation revealed that the NRC staff member who prepared the SMM document did not mark the concurrence sheet to indicate release or non-release, and the Acting Office Deputy Director did not check to see if the document was properly marked. Other factors contributing to the improper release of the SMM document to the PDR included (1) the absence of key review personnel, (2) several managers operating in an acting capacity, (3) the relatively recent addition of new administrative procedures, and (4) the rush to complete work before an impending holiday.
  • The OIG conducted an inquiry based on information received from several current and former licensee employees at the Millstone Power Station who alleged potential wrongdoing by NRC staff and a consulting firm tasked with independent, third-party oversight of Milestone's Employee Concerns Program (ECP). The licensee employees alleged that a consulting firm's team member inappropriately became personally and substantially involved in resolving the complaints between the licensee and several of its current and former employees. The employees further alleged that NRC staff failed to provide sufficient review of the consulting firm's activities and allowed it to exceed the intended oversight role.
    The OIG's inquiry revealed that the consulting firm's team member did become substantially involved in resolving personnel disputes between the licensee's employees and plant management. Similarly, the firm provided guidance and recommendations to the licensee's management on resolving specific employee complaints. However, the OIG concluded that the firm's actions were allowed by the NRC Order establishing the oversight program and the NRC-approved Oversight Plan. The OIG also found that the NRC staff was aware of the firm's activities through discussions at meetings, reviews of documentation, onsite observation and monitoring of the firm's activities, and NRC team evaluations. The NRC staff considered the consulting firm's involvement with the licensee regarding employee concerns to be appropriate.
  • The OIG has conducted a series of investigations involving the review of NRC materials license files to identify potential instances of fraud related to a special program, under which certain licensees may claim small entity status and qualify for a reduced NRC annual license fee. In reviewing a sampling of the small entity claims made by such licensees, the OIG identified several companies that may have falsely claimed small entity status by indicating that their gross annual receipts were under the prescribed limit. In three of the investigations, the OIG determined that the licensee improperly claimed the small business entity status.
  • The OIG conducted an investigation into an anonymous allegation that a Regional Administrator improperly accepted the assistance of subordinate employees in moving his personal household goods; used Government equipment in the move after being informed that the use was not permitted; and manipulated official travel for personal business. The allegation was substantiated. A second OIG investigation concluded that the same Regional Administrator improperly avoided an agency random drug test by falsely claiming an emergency dental appointment. The agency proposed taking disciplinary action against the Regional Administrator, and he subsequently resigned from the agency.

The U.S. Nuclear Regulatory Commission

[ Prev | Next | Top of file ]

In 1974, the U.S. Congress established the U.S. Nuclear Regulatory Commission (NRC) as an independent Federal agency responsible for regulating the Nation's nonmilitary uses of byproduct, source, and special nuclear materials, in accordance with the Energy Reorganization Act of 1974. That act, together with the Atomic Energy Act of 1954, as amended, defines the mission of the NRC. Specifically, the NRC's primary mission is to ensure that nonmilitary uses of nuclear materials in the United States are carried out in a manner that adequately protects the health and safety of the public, as well as the environment, while promoting the Nation's common defense and security. The NRC accomplishes its mission through activities surrounding the following responsibilities:

License and regulate the construction, operation, and decommissioning of commercial nuclear power plants; nuclear test, research, and training reactors; nuclear fuel cycle facilities; and uranium enrichment facilities.
License the possession, use, processing, handling, storage, and exportation of nuclear materials for medical, academic, and industrial purposes. (This responsibility also includes certain aspects of transporting and disposing of nuclear materials and wastes.)
License the siting, design, construction, operation, and closure of low-level radioactive waste disposal sites and a geologic repository for high-level radioactive waste.
Safeguard nuclear materials and facilities from theft, damage, and sabotage.
Support the Nation's interests in the safe use and nonproliferation of nuclear materials worldwide.
Conduct inspections, and develop and enforce regulations to govern licensed nuclear activities.

The NRC and its licensees share a common responsibility to ensure that licensed uses of radioactive materials, applications, or facilities specified in the Atomic Energy Act do not result in any "undue risk" to the health and safety of the public or the environment. For its part, the NRC establishes regulatory requirements, rules, and standards, inspects facilities and operations; and imposes any required enforcement actions. In turn, NRC licensees have the primary responsibility for the safe use of nuclear materials, and the safe operation of nuclear facilities.

For Fiscal Year 1999 (FY 99), the NRC's total budget authority is approximately $470 million, which includes an appropriation of $4.8 million for the Office of the Inspector General (OIG). The NRC is relatively unique among Federal agencies because it is required by the Omnibus Budget Reconciliation Act of 1990 to assess fees in order to recover 100 percent of its budget authority, less the amounts appropriated from the Nuclear Waste Fund for high-level waste activities, and from the General Fund for regulatory reviews and other assistance provided by the U.S. Department of Energy (DOE). Therefore, the NRC must employ sound financial practices to fully comply with its legislative mandates. The OIG's financial audits help the NRC to meet these objectives.

The Office of the Inspector General

[ Prev | Next | Top of file ]

In passing the Inspector General Act of 1978, the U.S. Congress sought to ensure integrity and efficiency within the Federal Government and its programs. To achieve that objective, each Inspector General (IG) has a dual reporting responsibility to the Congress and the head of the respective agency. Each IG submits semiannual reports to the agency head and Congress regarding their findings, conclusions, and recommendations for corrective actions. The IGs may also issue immediate reports on particularly serious or flagrant problems they discover. Indeed, the IGs are required to keep the agency head and Congress fully and currently informed of serious issues and concerns related to the administration of programs through these reports and other mechanisms, including in-person meetings and testimony at hearings.

The existence of the IGs also relieves agency program managers and executives from being solely responsible for gathering objective data and evidence in circumstances where wrongdoing is suspected and where intense scrutiny and controversy exist. In this capacity, IGs consolidate responsibility for performing audits and investigations within the agency.

Established as permanent, independent, nonpartisan, and objective overseers, the IGs are tasked with combating waste, fraud, and abuse. In order to accomplish this broad mandate, the IGs have been granted a substantial amount of independence and authority. Within this broad purview, the IGs are authorized to conduct audits and investigations of agency programs; have direct access to agency records and materials; issue subpoenas for all necessary information, data, reports, and other documentary evidence; hire their own staffs; and request assistance from other Federal, State, and local government agencies. Consequently, IGs may perform services at the request of the agency head, and may serve as technical advisors in such areas as financial management systems and internal controls. In such instances, the IGs and management pursue the same ultimate objective -- efficient and effective program operation and delivery of services. Thus, the IGs should be viewed as a key element in any effective management program.

To accomplish their mission, IGs may work in cooperation with State or local authorities, private entities, or other organizations. Agency program managers provide ideas for the IG's workplans. Anyone may request that an IG conduct a specific audit, investigation, or study with assurance that the identity of the requester will not be revealed (unless totally unavoidable). As the need arises, the IGs also work together through the President's Council on Integrity and Efficiency to examine issues of major significance.

In the case of the NRC, Congress established an independent Office of the Inspector General (OIG) through the 1988 amendment to the Inspector General Act. Today, the OIG's primary mission is to assist the NRC by identifying ways to improve the agency's programs and operations by preventing and detecting fraud, waste, and abuse. The OIG accomplishes this mission by performing audits, special evaluations, investigations, and Event Inquiries.

The OIG's audit staff conducts performance and financial audits, as well as special evaluations. In performance audits, the OIG focuses on the NRC's administrative and programmatic operations. Through financial audits, the OIG examines the NRC's internal control systems, transaction processing, and financial systems. In special evaluations, the OIG considers the implications of NRC programs that affect national issues.

The OIG's investigative staff conducts investigations and Event Inquiries. The staff investigates violations of law or misconduct by NRC employees and contractors, as well as allegations of fraud, waste, or abuse affecting NRC programs and operations. Event Inquiries are investigative reports documenting the examination of events or agency actions that do not specifically involve individual misconduct. Instead, these reports identify institutional weaknesses that led to or allowed the occurrence of a problem.

The OIG's Counsel reviews existing and proposed legislation, regulations, and policies. The resulting commentary documents an objective analysis of regulatory vulnerabilities created within NRC programs and operations. The intent of these reviews is to assist the agency in prospectively identifying and preventing potential problems.

The OIG shares in the NRC's responsibility to assure the public that its health and safety are adequately protected in the commercial use of nuclear materials and in the operation of nuclear facilities. The OIG assists the agency by assessing and reporting on the NRC's efforts to ensure that its safety-related programs are operating effectively.

10 Management Challenges Facing the NRC

[ Prev | Next | Top of file ]

In response to a Congressional request in August 1998, the OIG updated the list of what it considers to be the 10 most serious management challenges facing the NRC:

(1) Developing and Implementing a Risk-Informed, Performance-Based Approach to Regulatory Oversight

(2) Developing Information Management Systems and Being Able to Anticipate and Measure the Benefits to be Gained

(3) Responding to the Impact of Industry De-Regulation and License Transfers

(4) Administering and Overseeing Agency Procurement Under Government Contracting Rules. Government Contracting Rules Allow the Opportunity for Fraud to Occur

(5) Effectively Communicating with the Public and Industry

(6) Maintaining an Unqualified Financial Statement Opinion in Light of New and Existing CFO Requirements

(7) Ensuring that NRC's Processes, such as Spent Fuel Cask Certification and License Renewal, Are Responsive to Industry Needs

(8) Ensuring that NRC's Enforcement Program Has an Appropriate Safety Focus and Reflects Improved Licensee Performance

(9) Refocusing NRC's Research Program to Reflect a Mature Industry

(10) Responding to External Influences for Changing NRC's Operations. For Example, the Ability to Meet NRC's Mission and Requirements of the Government Performance and Results Act, as the Result of a Proposed Agency Reorganization, Poses a Significant Challenge to NRC.

The OIG's audits and investigative activities since August 1998, together with other initiatives that are still in progress, have specifically addressed challenges 1, 2, 3, 4, 5, 6, 7, and 10.

The Audit Program

[ Prev | Next | Top of file ]

To help the agency improve its effectiveness, during this period, the OIG completed 9 performance and financial audits, which resulted in several recommendations and suggestions to NRC management In addition, the OIG analyzed 20 contract audit reports issued by the Defense Contract Audit Agency (DCAA). Overall, these analyses caused the OIG to question $485,853 in costs.

Audit Summaries

[ Prev | Next | Top of file ]

Review of NRC's Controls over the PC Refresh Program

The OIG reviewed the management controls over the NRC's Personal Computer (PC) Refresh program. The Capital Planning and Investment Control process guides the program, which calls for replacing about 4,000 PCs with Pentium-class systems by the end of FY 99, at an approximate cost of $7.9 million.

While this OIG review focused on the Office of the Chief Information Officer's (OCIO) management of the PC Refresh program, the OIG has long been concerned with the need for adequate management controls over the NRC's information technology (IT) activities. The OIG had previously reported on several issues related to the control over IT projects. The concerns that the OIG found with the PC Refresh program were similar to management control shortcomings noted in several previous reports covering IT activities.

In addition, the OIG reviewed the OCIO's plan for upgrading the agency's network operating system to Microsoft Windows NT.

The OCIO advised the OIG that they will place Pentiums on agency desktops and then upgrade the machines with NT later. However, for regional and remote resident inspector sites, the OCIO planned to install some Pentiums already upgraded with NT. The OIG believes that this one-step approach would reduce agency costs and result in fewer disruptions to NRC staff. The OIG's report made three recommendations to address the identified issues. (Addresses Management Challenges #2 and #4)

Review of NRC Representation Funds

The U.S. Congress first appropriated monies to the NRC to use as an Official Representation Fund (hereinafter referred to as the "fund") in 1976. When Congress annually appropriates monies to NRC for official representation expenses, it gives a dollar limit on the amount of official representation expenses. The NRC must use this fund primarily for NRC-sponsored protocol functions and international cooperation activities that satisfy the intent expressed by Congress. For FY 98, the fund had an available total of $38,000, which included an appropriation of $20,000 for the current year, plus a carryover of $18,000 from previous years.

In evaluating fund transactions for FY 98, the OIG reached the following conclusions:

The NRC manages and operates the fund in an acceptable manner in accordance with guidance from the applicable NRC Management Directive.
Fund-related files maintained by the Office of International Programs were complete, and access to and accountability for fund-related records and resources was limited to authorized NRC employees.
Fund transactions and Government protocol functions were promptly and accurately recorded and classified.
NRC personnel acting within the scope of their authority authorized and executed fund transactions.
Key duties and responsibilities for authorizing, processing, recording, and reviewing fund transactions were properly separated among employees.

On the basis of these conclusions, the OIG made no recommendations.

NRC's License Renewal Program

In June 1998, the OIG initiated a review of the NRC's license renewal program in response to industry, public, and Congressional interest. The OIG's objectives were to determine if (1) the NRC actually required 3 to 5 years, as projected, to process and decide on a renewal request, and (2) licensees believe the NRC has provided clear and reasonable guidance regarding what should be submitted in support of a license renewal application.

This review revealed that the agency is actively reassessing its procedures, and taking steps to make the license renewal process more efficient. Although the process is still evolving, the agency has focused considerable attention and made significant progress to improve the structure and efficiency of the program. In addition, the OIG noted that, currently, all of the established license renewal milestones have been met. The agency has reduced the time requirements of its license renewal review and now plans to process the renewal applications of its earliest applicants within 30 to 36 months. Further efficiencies are expected as the process becomes more familiar.

Although the agency has planned extensively for the license renewal reviews, the agency is only now reviewing the first two applications and its program is still evolving. The agency plans to use feedback and lessons learned from reviewing the first few applications to finalize its guidance, which is now in draft form. Although complete and final guidance is unavailable at this time, the communication between the NRC and the industry appears to be good, and the licensees feel that the process is working. (Addresses Management Challenge #7)

NRC's Year 2000 Efforts Regarding Its Internal Systems

In November 1998, the OIG briefed the NRC's Chief Information Officer (CIO) on the results of its initial assessment of the agency's efforts to address the Year 2000 (Y2K) issues as they relate to mission-critical and other internal systems. Because of the pressing deadline for completing Y2K programs, the OIG focused on providing information and suggestions to the agency as quickly as possible. Therefore, the OIG provided input during the course of the review, rather than waiting to complete the assessment and issue a formal report. The OIG believes that this approach allowed us to contribute to the NRC's efforts in a timely and cooperative manner. As a result, the NRC staff swiftly addressed any issues raised during the course of the OIG's review. The OIG concluded that it appears that the agency has a thorough and effective Y2K management program. The OIG was particularly impressed with the methodology applied and documentation maintained regarding systems repaired by the OCIO.

It is expected that all OIGs will continue to closely monitor their agencies' progress in addressing Y2K issues. As a result and as appropriate, the OIG will continue to monitor the NRC's progress and/or participate in their efforts to some degree. In addition, the OIG will work with the NRC staff to develop input regarding the OIG's Y2K review efforts for the next quarterly report to Congress and the Office of Management and Budget (OMB). (Addresses Management Challenge #2)

NRC Should Reconsider the Methodology and Implementation of the Management Control Program

The Federal Managers' Financial Integrity Act of 1982 (FMFIA) requires Federal managers to establish a continuous process for evaluating, improving, and reporting on the internal control and accounting systems for which they are responsible. The FMFIA also specifies that, by December 31 of each year, the head of each executive agency submits to the President and Congress (1) a statement on whether there is reasonable assurance that the agency's controls are achieving their intended objectives, and (2) a report on material weaknesses in the agency's controls. OMB Circular A-123, Revised, Management Accountability and Control, is the implementing guidance for FMFIA. The policy and procedures for the NRC's management control program are documented in Management Directive (MD) 4.4, "Management Controls."

During the current reporting period, the OIG found that the NRC's program remains in general compliance with the FMFIA requirements. However, the OIG identified several weaknesses that diminish the program's effectiveness. The OIG review disclosed that (1) the agency does not consistently follow MD 4.4, and the OIG believes that supplemental guidance has undermined the program's effectiveness, and (2) the Executive Committee for Management Controls (ECMC) is not functioning as intended. As a result, the information provided to the ECMC varies widely and is of questionable value to the offices and senior agency managers.

Because the OMB does not require a separate management control program to meet FMFIA requirements, the OIG believes that this is an opportune time to reevaluate how the NRC assesses its management controls. Thus, the NRC has the opportunity to modify its current procedures, or to develop a new process, to provide timely and useful management information. Whatever direction the NRC decides upon, the OIG believes that the process must establish expectations for the participants and include centralized oversight to ensure consistency and consideration of issues from an agencywide perspective. (Addresses Management Challenge #6)

Review of NRC Controls to Prevent the Inadvertent Release of Sensitive Information

The NRC Chairman requested that the OIG conduct an agencywide review of the controls used to protect the agency's sensitive information from unauthorized release. The OIG's overall objectives in conducting this audit were to determine if NRC's management controls protecting sensitive unclassified information from inadvertent release are adequate and if agency guidance is being implemented. Additionally, the OIG reviewed the development plans for the Agencywide Documents Access and Management System (ADAMS), the NRC's upcoming electronic document management system, to determine if appropriate security measures will be taken to protect sensitive information.

The OIG concluded that the NRC controls preventing the unauthorized release of sensitive information generally appear adequate. However, on occasion, unintentional unauthorized releases of sensitive information occur. The OIG believes that the agency can take steps to improve its processes and enhance employee awareness. The OIG found that the agency's guidance and policies on sensitive information were scattered among at least 38 Management Directives, manuals, and other resources. Furthermore, the OIG found that the guidance (particularly the information contained in the Management Directives), is not consistently cross-referenced or indexed. In addition, the OIG found that agency staff have varied levels of training and awareness regarding sensitive information, and this inconsistency increases the potential for inadvertent releases to occur.

With regard to ADAMS, the OIG found that security measures to protect sensitive information are still under development. Therefore, the OIG was unable to test the effectiveness of the proposed measures. However, to minimize the chance of inadvertent release, the NRC needs to ensure that it identifies and addresses information security requirements before implementing ADAMS.

As a result of this review, the OIG's report made four recommendations to improve the effectiveness of the NRC's program to protect sensitive unclassified information. In addition, an appendix to the OIG's report identified numerous "good practices" used by individual offices and regions, so that agency managers may consider their use on a case-by-case basis.

Independent Auditors Report and Principal Statements for the Year Ended September 30, 1998

The Chief Financial Officers Act of 1990 requires the OIG to annually audit NRC's Principal Financial Statements. The report contains (1) the principal statements and the auditors' opinion on those statements, (2) the auditors' opinion on management's assertion about the effectiveness of internal controls, and (3) a report on NRC's compliance with laws and regulations. Written comments were obtained from the CFO and are included as an appendix to the independent auditors' report.

The independent auditors issued an unqualified opinion on the Balance Sheet and the Statements of Changes in Net Position, Net Cost, Budgetary Resources, and Financing. In the opinion on management's assertion about the effectiveness of internal controls, the auditors concluded that management's assertion was not fairly stated. The auditors reached this conclusion because management did not identify the lack of managerial cost accounting as a material weakness.

The auditors also identified four new reportable conditions, including (1) the lack of managerial cost accounting; (2) the lack of fully aligned strategic, budget, and performance plans for financial reporting; (3) inadequate fund controls for the NRC's Comprehensive Information System Support Consolidation (CISSCO); and (4) improper revenue recognition for reimbursable agreements. In addition, the auditors closed one reportable condition from a prior year, which concerned inadequate segregation of duties.

The report on NRC's compliance with laws and regulations disclosed three noncompliances. The first is that the NRC's license fee rates are not based on full cost, as specified in Title 10, Part 170, of the Code of Federal Regulations (10 CFR Part 170). The second is that the agency had not implemented managerial cost accounting as required, and the third is that the agency failed to properly classify accounting information to support reporting of governmental and public information.

Issues two and three are considered substantial noncompliances with the Federal Financial Management Improvement Act of 1996 (FFMIA). Further, the prior year's reportable condition related to business continuity plans the general ledger system and fee systems remains in substantial noncompliance with FFMIA. Tests of compliance with selected provisions of other laws and regulations disclosed no other instances of noncompliance. (Addresses Management Challenge #6)

Review of N RC's Implementation of the Federal Managers' Financial Integrity Act for Fiscal Year 1998

To assist the NRC in evaluating its management control program, the OIG annually reviews the NRC's program. The OIG reported that the NRC's absence of a managerial cost accounting process constitutes a material weakness. Such a process is required by Statement of Federal Financial Accounting Standards Number 4, Managerial Cost Accounting Standards, issued in July 1995. The original effective date was for reporting periods beginning after September 30, 1996. Because of concerns raised by the Chief Financial Officers Council, the Federal Accounting Standards Advisory Board amended the effective date for periods beginning after September 30, 1997 (FY 98).

The OIG found that NRC has complied with the procedural requirements of the FMFIA during FY 98. However, the OIG disagreed with the Agency's determination that the absence of managerial cost accounting is not a material weakness. Managerial cost accounting is intended to be an integral process for managing Government operations, and it is a vital component for implementing the Government Performance and Results Act (GPRA). (Addresses Management Challenge #6)

Results Act Review Plan

[ Prev | Next | Top of file ]

In 1993, Congress passed the GPRA, which mandated that Federal agencies must establish strategic plans and prepare annual performance plans. The first performance plans, due for FY 99, are to establish measurable goals that define accomplishments expected during the year. The GPRA also requires agencies to submit annual reports to Congress comparing actual performance to the goals expressed in the performance plan. The first of these reports, for FY 99, is due on March 1, 2000.

The GPRA does not require IGs to audit agency performance information. However, the Chief Financial Officers Act of 1990 requires IGs to annually audit their agency's financial statements. The implementing audit guidance, OMB Bulletin 98-08, "Audit Requirements for Federal Financial Statements," requires that financial statement audits include an examination of performance data to provide reasonable assurance that "transactions and other data that support reported performance measures are properly recorded, processed, and summarized to permit the preparation of performance information in accordance with criteria stated by management." To satisfy this requirement, auditors "shall obtain an understanding of the components of internal control relating to the existence and completeness assertions relevant to the performance measures included in the Overview of the Reporting Entity."

To fulfill financial statement audit requirements and to be responsive to the spirit of the GPRA, the OIG has adopted a two-tiered approach to reviewing the NRC's performance information. The first tier will report information required by OMB Bulletin 98-08, and the second tier will report information to meet the intent and the spirit of the GPRA.

For financial statement reporting purposes, the OIG will review and evaluate the data used to support the NRC's broad outcome goals (first tier) The OIG reviewed outcome goals in FY 98 based on guidance provided by the U.S. General Accounting Office (GAO). To meet the intent and spirit of GPRA, the OIG will examine the data supporting the NRC's output measures (second tier). This second effort will become a part of the OIG's regularly scheduled audit activity. It will be conducted under the auspices of the Issue Area Manager program. Under this program, senior staff designated as Issue Area Managers, are assigned responsibility for keeping abreast of major agency programs and activities. As part of the audit planning process, the OIG will select specific output measures for examination.

To the extent possible, reviews conducted under each tier will examine the data systems used, and determine the accuracy and reliability of the data used to support reported outcome goals and output measures. The OIG believes that this approach satisfies the requirements of the Chief Financial Officer Act of 1990 and the intent and spirit of the GPRA.

Audits in Progress

[ Prev | Next | Top of file ]

NRC's Controls over Work Performed under CISSCO

In 1996, the U.S. Congress enacted the Clinger-Cohen Act (formerly called the Information Technology Management Reform Act) to reform the guidance regarding Government acquisition of information systems. The NRC's primary vehicle for acquiring information systems is called the Comprehensive Information Systems Support Consolidation program (CISSCO). During this reporting period, the OIG initiated an audit of the NRC's controls related to work performed under CISSCO. The objectives of the audit are to determine (1) whether the NRC has implemented adequate controls over the use of CISSCO resources, and (2) whether existing quality assurance measures are effective. (Addresses Management Challenges #2 and #4)

Survey of NRC's Process for Developing License Fees

The OIG initiated a survey that yielded increased familiarity with the process and mechanisms that the NRC uses to formulate license fees. In addition, because the survey identified several issues, the OIG initiated a more detailed audit to determine (1) if the license fee development process complies with pertinent laws and regulations, and (2) whether the NRC has implemented adequate management controls over the fee development process. (Addresses Management Challenges #3 and #7)

Survey of NRC's Senior Reactor Analyst Program

The OIG initiated a survey of the NRC's Senior Reactor Analyst Program to gain an understanding of the Senior Reactor Analyst's role and associated responsibilities with respect to probabilistic risk analysis and other risk methodologies. This survey is near completion. (Addresses Management Challenges #1 and #10)

Review of NRC's Agencywide Documents Access and Management System

The OIG conducted a survey of the Agencywide Documents Access and Management System (ADAMS), which resulted in the need for a more detailed audit. The overall objective of this audit is to determine whether ADAMS will provide a single agencywide document management system that meets the NRC's current and future programmatic needs. In particular, the OIG is conducting this audit to determine whether (1) the original goals and objectives established for the project will be met, (2) the currently approved ADAMS budget is adequate and reasonable to cover the proposed deliverables, and (3) current ADAMS deliverables will be delivered on schedule. (Addresses Management Challenges #2, #4, and #5)

Review of NRC's Separation Clearance Process for Exiting Staff and Contractors

The OIG recently became aware of a problem with the timely termination of former NRC employee and contractor accounts on the local area network (LAN). The OIG identified at least 33 former NRC employees who still had LAN accounts, even though some had left the agency more than a year ago. As a result, the OIG initiated a review to assess the cause of the problem and the conditions that gave rise to it. In addition, the OIG's initial exploration of the LAN issue also raised questions regarding other aspects of the agency's separation clearance process. The ongoing review will address these additional questions.

Review of Expenses Associated with Renovation, Remodeling, Furnishing, or Redecorating Commission Offices

The OIG initiated this review to determine whether the NRC complies with applicable laws and regulations for spending or obligating funds, within prescribed limits for expenses associated with renovating, remodeling, furnishing, or redecorating the Commissioners' offices. In addition, given the results of a previous review in this area, the OIG also plans to examine the NRC's procedures for monitoring such costs.

Special Evaluation of the Role and the Structure of NRC's Commission

The OIG initiated a special evaluation of the role and structure of the NRC's Commission. Specifically, the overall objectives of this special evaluation are to determine if (1) the Commission is operating in accordance with applicable laws, and (2) the current Commission structure is the most economic and efficient way for the NRC to fulfill its mission. (Addresses Management Challenge #10)

Review of NRC's Implementation of the Federal Managers' Financial Integrity Act for Fiscal Year 1999

The OIG initiated a review of the NRC's implementation of the Federal Managers' Financial Integrity Act (FMFIA) for FY 99. The objective of this review is to assess the program's effectiveness and determine its compliance with the FMFIA. (Addresses Management Challenges #4 and #6)

The Investigative Program

[ Prev | Next | Top of file ]

During this reporting period, the QIG received 119 allegations, initiated 15 investigations and 1 Event Inquiry, and closed 35 cases and 3 Event Inquiries. In addition, the OIG made 46 referrals to NRC management.

Investigative Case Summaries

[ Prev | Next | Top of file ]

NRC Staff's Handling of Harassment and Intimidation Complaints

The OIG conducted an Event Inquiry (EI) in response to a request from three members of the Connecticut Congressional delegation. Specifically, the Congressional members requested that the OIG review the process and specific conclusions contained in several investigations conducted by the NRC Office of Investigations (OI). These investigations dealt with complaints of harassment and intimidation (H&I) by several former employees who had been laid off from work at a nuclear power plant in Connecticut.

The OIG inquiry revealed deficiencies in the documentation of the process followed by the NRC staff in reaching a conclusion regarding enforcement action in one of the cases. Additionally, the OIG found that portions of briefings provided by the staff to the Commission were not clear with regard to the staff's intended actions. Finally, the OIG found that the staff had insufficient information on which to base a conclusion contained in their written correspondence with some of the allegers. (Addresses Management Challenge #5)

NRC Contractor Operating Without the Required License

The OIG received an anonymous complaint that an NRC contractor providing security guard services was operating without the State business license that was required under the terms of the NRC contract. Subsequent development of additional information regarding past criminal activity by a senior company official raised questions concerning the contractor's ability to obtain a license. In addition, the NRC contract required the contractor's employees to carry firearms, but the employees did not possess valid State firearms permits. As a result, the OIG coordinated this investigation with the Maryland State Police, as well as another Federal agency which had a similar contract with the security firm. The NRC subsequently terminated its contract with the firm and awarded a new contract to another security firm. (Addresses Management Challenge #4)

Fraud Against the Government -- Government Recycling Program Contractor

The OIG initiated an investigation concerning an allegation that errors were detected in the type and number of recycled materials reported by the Government's recycling program contractor in Metropolitan Washington, DC. Through a contract with the General Services Administration (GSA), the contractor pays the Government for recyclable paper collected from Federal agencies in the Metropolitan area. The NRC receives $125 for each container of Grade 1 paper (white) and $10 for each container of Grade 2 paper (mixed). According to an NRC Building Management Specialist, the contractor failed to report NRC pickups and downgraded other pickups, thereby causing a potential loss to the NRC. The NRC resolved the contract irregularities by obtaining reimbursement for the unreported and downgraded pickups, and instituted procedural controls to avoid improper downgrading in the future. However, the GSA OIG questioned whether the recycling program contractor was also under-reporting or improperly downgrading recyclable paper pickups at other Government facilities. The NRC OIG therefore participated in a joint investigation with the GSA OIG.

The joint NRC-GSA investigative team conducted several surveillances on the contractor's activities and collected documentation of its pickups to determine how many of the Grade 1 containers had been wrongly counted or improperly downgraded. Documents collected from GSA program managers revealed that the recycling program contractor improperly downgraded several Grade 1 containers during each pickup. The GSA OIG presented this information to the Assistant United States Attorney for the District of Columbia, Criminal Division, who declined criminal prosecution in lieu of administrative action. (Addresses Management Challenge #4)

Release of Senior Management Meeting Document to the Public Document Room

The OIG conducted an investigation regarding the release of an NRC Senior Management Meeting (SMM) document to the NRC Public Document Room (PDR) that contained predecisional information concerning three licensees. One of the licensees was concerned that the release of the SMM document might have a negative impact on the impending Initial Public Offering of their stock.

The OIG investigation revealed that the SMM document was improperly released to the NRC PDR. In addition, the OIG discovered that during the 24-hour period that the SMM document was in the PDR, copies were made by representatives of the media, a law firm, and other entities.

The OIG investigation also revealed that the NRC staff member who prepared the SMM document did not mark the concurrence sheet to indicate release or non-release, thus allowing the secretary to erroneously mark the document for public release. In addition, the Acting Office Deputy Director did not check to see if the document was properly marked. Other factors contributing to the improper release of the SMM document to the PDR included (1) the absence of key review personnel, (2) several managers operating in an acting capacity, (3) the relatively recent addition of new administrative procedures, and (4) the rush to complete work before an impending holiday.

Consultant's Involvement in Resolution of Employee Complaints at Millstone Power Station

The OIG conducted this inquiry based on information received from several current and former licensee employees at the Millstone Power Station who alleged potential wrongdoing on the part of NRC staff and a consulting firm tasked with independent, third-party oversight of Millstone's Employee Concerns Program (ECP). The third-party oversight of the licensee's ECP was ordered by the NRC in October 1996 because of agency concerns about past failures in the licensees' management processes and procedures to effectively handle safety issues raised by its employees.

The licensee employees alleged that a consulting firm's team member inappropriately became personally and substantially involved in resolving the complaints between the licensee and several of its current and former employees. The employees further alleged that NRC staff failed to provide sufficient review of the consulting firm's activities and allowed it to exceed the intended oversight role.

The OIG's inquiry revealed that the consulting firm's team member did become substantially involved in resolving personnel disputes between the licensee's employees and plant management. The employees who lacked confidence in Millstone's ECP raised concerns directly to the consulting firm. Similarly, the firm provided guidance and recommendations to the licensee's management on resolving specific employee complaints. However, the OIG concluded that the firm's actions were allowed by the NRC Order establishing the oversight program and the NRC-approved Oversight Plan. The OIG also found that the NRC staff was aware of the firm's activities through discussions at meetings, reviews of documentation, onsite observation and monitoring of the firm's activities, and NRC team evaluations. The NRC staff considered the consulting firm's involvement with the licensee regarding employee concerns to be appropriate.

Alleged False Certification of Small Entity Status

The OIG has conducted a series of investigations involving the review of NRC materials license files to identify potential instances of fraud related to a special program, under which certain licensees may claim small entity status and qualify for a reduced NRC annual license fee. One of the criteria used to qualify a licensee for this status is the amount of the licensee's annual gross receipts. In reviewing a sampling of the small entity claims made by such licensees, the OIG compared the Status claimed on the licensee's application against data from Dun and Bradstreet reports. The comparison identified several companies that may have falsely claimed small entity status by indicating that their gross annual receipts were under the prescribed limit. In three of the investigations, the OIG determined that the licensee improperly claimed the small business entity status. (Addresses Management Challenge #4)

Misconduct by Regional Administrator

The OIG conducted an investigation into an anonymous allegation that a Regional Administrator solicited the aid of subordinates to move his personal household goods; used NRC equipment and secretaries for personal business; and manipulated his official travel to allow him to conduct personal business at Government expense. The OIG's investigation disclosed that the NRC official accepted the assistance of nine subordinates on several occasions to help move his household goods during non-duty hours. Government equipment was also used during the move, even after the official was advised that such use was prohibited. The OIG investigation also revealed that the NRC official improperly arranged official travel or unnecessarily extended official trips at Government expense for personal reasons.

The OIG subsequently investigated the same Regional Administrator for avoiding an agency random drug test by falsely claiming an emergency dental appointment. The investigation confirmed that this official provided false information to agency representatives regarding his unavailability to undergo a drug screening test. The false excuse was exposed after the Regional Administrator's staff asked him to provide verification of his claimed emergency dental appointment.

Although make-up testing for NRC employees who avoid drug screening tests is not specifically addressed in the NRC drug screening program, the OIG learned that there was substantial delay between the time that senior agency officials became aware of the individual's false excuse and the date he was directed to undergo a drug screening test. That test was negative for illegal drugs.

At the completion of the OIG's investigations, the agency proposed taking disciplinary action against the Regional Administrator. He subsequently resigned from Federal service.

Investigative Statistics

[ Prev | Next | Top of file ]

Source of Allegations -- October 1, 1998 through March 31, 1999

Anonymous 15
NRC Employee 16
NRC Management 30
Congressional 3
Other Government Agency 3
Intervenor 1
General Public 50
OIG Investigation/Audit 1
Total

Disposition of Allegations -- October 1, 1998 through March 31, 1999

Closed Administratively 38
Referred for OIG Investigation 25
Referred for OIG Audit 4
Referred to NRC Management and Staff 45
Referred to External Agency 1
Pending Review or Action 6
Total 119

Status of Investigations

DOJ Referrals 5
DOJ Declinations 5
Pending DOJ Action 0
Indictments and Arrests 0
Convictions 0
PFCRA Referrals 0
PFCRA Recoveries $1,766.00
Other Recoveries $32.23
NRC Administrative Actions:
Terminations and Resignations 1
Suspensions and Demotions 2
Other Administrative Actions 1
Counseling 4

Summary of Investigations

Classification of Investigations Carryover Opened Cases Closed Cases Cases in Progress
A - Conflict of Interest 3 4 2 5
B - Internal Fraud 2 1 0 3
C - External Fraud 15 1 12 4
D - False Statements 2 1 1 2
E - Theft 0 0 0 0
F - Misuse of Government Property 2 1 2 1
G - Employee Misconduct 8 2 5 5
H - Management Misconduct 14 3 11 6
I - Technical Allegations - Other 5 2 1 6
J - Whistleblower Reprisal 2 0 1 1
Total Investigations 53 15 35 33
Total Event Inquiries 3 1 3 1

Special Feature: Working with the Agency on Y2K

[ Prev | Next | Top of file ]

The OIG has been actively involved with periodic assessments of the NRC's program to address computer-related concerns surrounding the Year 2000 (Y2K) issue. In June 1997, the OIG issued a Special Evaluation report regarding the agency's progress on the Y2K issue. In that report, the OIG identified several actions that the agency could take to improve its Y2K program. In response, NRC management initiated actions related to each of the OIG's suggestions, made other changes, and substantially improved the Y2K program. However, the issue continued to garner significant attention from Congress, the Office of Management and Budget (OMB), the U.S. General Accounting Office (GAO), the Executive Office of the President, and others.

In FY 98, the OIG initiated two followup surveys concerning the NRC's progress toward resolving the Y2K issue to help ensure that the agency will continue to meet its established goals. Because the time left to complete Y2K programs is rapidly diminishing, the audit staff worked closely with agency officials and outside entities to ensure that licensee's efforts are adequate to protect the health and safety of the public. Additionally, the OIG worked with NRC staff to ensure the adequacy and accuracy of the NRC's progress reporting and contingency planning for mission-critical and other systems. The OIG's work in this area proved to be very helpful to the agency, because the staff focused on providing information and suggestions to agency officials as quickly as possible through meetings, rather than waiting to issue formal audit reports.

In the external licensee arena, the OIG conducted an active information exchange with the responsible NRC programs, as well as the Atomic Energy Control Board of Canada, Senator Robert Bennett's Year 2000 Technology Problem Committee, and the Rx2000 Solutions Institute. During this exchange, the OIG provided suggestions in a number of areas. Also, based on our initiative and participation in one of the Rx2000 Solutions Institute meetings, the OIG became aware of the problems that exist with vendor certifications and embedded chips. In addition, the OIG's contacts led to officials of the Institute participating in a hearing conducted by Senator Bennett's committee.

In March 1999, as we continued to monitor these issues, the OIG provided the agency with a summary of our followup activities in these areas. With regard to power plants, the OIG stated the belief that the agency continues to pursue a suitably aggressive program. The OIG pointed out that the addition of audits covering all plants will solidify the NRC's assurance that Y2K problems at reactors will be minimal. Additionally, the OIG was encouraged to learn that (1) the agency is more fully including Resident Inspectors in this effort, and (2) the agency recognized the importance of adding sample audits of contingency planning to the effort.

However, the OIG identified a continuing concern regarding the agency's Y2K efforts with respect to materials licensees. For example, the OIG found that the NRC's external World Wide Web page for the Office of Nuclear Material Safety and Safeguards Y2K efforts remains rudimentary, with only dated information. Moreover, the site provides no clear links to locations with highly relevant and useful information, such as the Rx2000 Solutions Institute. The OIG's concerns are particularly relevant to the NRC's ability to help build public confidence in its licensee's efforts, or to at least ensure public awareness of the status of those efforts. In the OIG's opinion, given the short amount of time left until the Y2K issue may impact NRC licensees, public awareness and confidence in the efforts of NRC's licensees can be addressed only through proactive disclosure.

Because the NRC announced in February 1999 that it had completed work on all internal computer systems needed to address the Year 2000 problem, March seemed to be an opportune time to revisit the internal Y2K issue. As part of this effort, the OIG reviewed documentation and conducted interviews pertaining to computer systems remediated since November, systems related to the operation and maintenance of the NRC headquarters facilities (i.e., elevators, security, energy management, and fire alarms), telecommunications system components, and agency contingency planning efforts.

On the basis of this review, it appears that the NRC did, in fact, complete its repair and replacement work on the mission critical, business essential, and non-critical systems that fell under the purview of the "Y2K program" reported to the OMB. However, the OIG also identified eight noncompliant systems that are being replaced as part of the agency's systems life cycle work. This means that while the ÒY2K program" is complete as defined for OMB reporting purposes, the agency's work to prepare for January 1, 2000, is not.

According to officials in the Office of the Chief Information Officer (OCIO), the OMB's Y2K program reporting guidance -- which focused on mission critical repairs and replacements, nonmission critical repairs, and budget information that excluded systems life cycle work -- led to the decision to view systems life cycle replacement work as outside of the NRC's official Y2K program. The OIG did not disagree with the OCIO's interpretation of the OMB's guidance on reporting. Nonetheless, the OIG emphasized that the remaining noncompliant systems still need to be replaced in order for the agency to be ready for the Year 2000. For example, the forthcoming Agencywide Documents Access and Management System (ADAMS) is one such replacement for other agency systems that are not Y2K compliant.

In reviewing the NRC's contingency planning efforts, while applying GAO guidance, the OIG noted inconsistencies related to the documentation and testing of contingency plans. While the agency has put its contingency plans into writing for the seven mission-critical systems, some of the plans have not been updated and consolidated to reflect the latest planning efforts. In addition, there are no plans to test the contingency plan for at least one of the mission critical systems. Given these concerns, the OIG made three suggestions for consideration by NRC management. In addition, the OIG reemphasized the fact that while the agency's reportable internal "Y2K program" appears to be complete, its Y2K work is not.

The OIG will continue to closely monitor the agency's progress in addressing its Y2K responsibilities. The OIG has discussed the nature and extent of its future involvement with each NRC office, and will continue to monitor their progress and/or participate in their efforts to some degree.

Other Activities

[ Prev | Next | Top of file ]

Regulatory Review

[ Prev | Next | Top of file ]

The Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), requires the OIG to review existing and proposed legislation and regulations and to make recommendations concerning the impact of such legislation or regulations on the economy and efficiency of programs and operations administered by the agency.

From October 1, 1998, through March 31, 1999, the OIG reviewed more than 200 agency documents, including approximately 150 documents issued by the Office of the Secretary (SECYs) and 57 regulatory actions and statutes. Upon completing this review, the OIG provided regulatory commentaries, which are intended to assist in preventing and detecting fraud, waste, and abuse within the agency. Specifically, the commentaries advise agency managers of the importance of considering aspects of agency policy and procedures that impact the OIG's mission, functions, and responsibilities. The commentaries also address issues related to preserving the independence and integrity of the OIG under its statutory precept. In addition, the OIG initiated dialogue with the agency on process-related as well as policy-related concerns, and cooperative efforts resulted in guidance to the agency staff. This section summarizes the commentaries that raised the most significant issues.

Two notable commentaries written during this reporting period focused on the importance of the independence of the OIG functions, as provided under the IG Act. Section 3(a) of that Act places severe limitations on any agency action that would prevent the IG from initiating, carrying out, or completing any audit or investigation. Within the NRC, Management Directives (MDs) serve as the immediate reference for organizational functions and operations. Therefore, review and comment on the precise language of the instructions contained in them is essential to ensure consistency with applicable statutes and regulations. This is particularly important when the directive provisions potentially impact the independence or integrity of the OIG's investigative function.

Management Directive 12.1, "NRC Facility Security Program," governs the NRC's Facility Security Program as it relates to the physical security requirements and procedures required to protect classified and sensitive information, as well as facilities and NRC assets. The agency's practices and procedures in this directive affect the OIG, as they relate to access to restricted data, authority to conduct investigative activities, and use of associated support equipment.

The IG Act assigns the IG independent responsibility to investigate allegations of wrongdoing related to agency operations and programs. In order to fulfill this statutory responsibility, IG agents are deputized by the U.S. Department of Justice (DOJ) to perform a broad range of law enforcement functions. As a result of these dual mandates, the OIG properly exercises independent authority over all aspects of conducting individual investigations, including those addressed in this directive. To ensure consistency between the IG Act and the agency directives, the OIG commented that the Management Directive should include reference to the IG's authority with regard to having agents carry firearms, as well as the use of surveillance techniques and devices.

The second commentary related to the OIG's functional authority was directed to the need for maintaining "Q" level clearances for OIG employees. Specifically, "Q" level clearances permit individuals to have access, on a need to know basis, to Top Secret, Secret, and Confidential Restricted Data. Currently, all OIG employees have the "Q" level clearance. The agency proposed lowering the clearance level for most of the OIG staff. The OIG comment conveyed that the proposed clearance degradation, to below the "Q" level, would directly and adversely impact the OIG's ability to perform fundamental investigative and audit functions. Without the requisite clearance, the OIG would be deprived of timely, independent access to matters restricted by classification. The comment further stated that this impediment to access is in direct conflict with Section 6(a) of the IG Act, which specifies that an IG shall have access to all reports, records, documents, and other material available within the agency.

The third commentary recounts the OIG concern with achieving the stated purpose of the "Public meeting" under the NRC's regulatory procedures. Management Directive 3.5, "Public Attendance at Certain Meetings Involving the NRC Staff," is intended to provide effective means for the public to communicate with decision makers within the agency. The draft directive contains detailed directions for meeting procedures and notification processes. OIG concerns were raised by provisions in the directive whereby the agency would be permitted to waive notice requirements. In response, the OIG's comments emphasized the importance of adequate notice to the public as to the time and place of planned meetings whenever possible. The OIG's comments also noted the obligation to construct balanced agendas for public meetings so as to achieve their fundamental purpose of giving fair and equal opportunity to all parties to be heard.

The NRC's OIG Hosts Annual Conference for the Association of Directors of Investigations

[ Prev | Next | Top of file ]

Section 4(a) of the Inspector General Act provides that it shall be the duty and responsibility of each Inspector General to... conduct, supervise, and coordinate relationships between such establishment and other Federal agencies... with respect to all matters related to the promotion of economy and efficiency in the administration, prevention, or detection of fraud and abuse in programs and operations... or the identification and prosecution of participants in such fraud and abuse. In furtherance of this part of its statutory mandate, the NRC's OIG hosted the Annual Conference for the Association of Directors of Investigations. This annual conference enables Assistant Inspectors General for Investigations throughout Government to meet and discuss current and upcoming investigative, legal, and legislative issues that may affect the IG community.

Held on February 9-11, 1999, at the Federal Law Enforcement Training Center in Glynco, Georgia, this year's conference was well-attended by representatives from both the President's Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency. The 3-day conference featured speakers from agencies including the Federal Bureau of Investigation (FBI), the Department of Justice (DOJ) Criminal Division, and Public Integrity Section, as well as senior attorneys from the Civil Division. Presentations by the DOJ speakers covered computer crimes and computer investigative techniques, subpoenas, evidence issues, and civil recovery. In addition, counsels from the OIG offices of the NRC, the Federal Deposit Insurance Corporation, and the National Credit Union Administration provided a panel presentation on current topics and issues including subject warnings, fraud awareness, and evidentiary discovery.

Fraud Awareness Brochure -- New and Improved

[ Prev | Next | Top of file ]

Continuing in its ongoing educational efforts within the agency and the IG community, the NRC's OIG published its second edition of "Fraud Awareness." This brochure, almost twice the volume of the initial edition, added new topics and greater detail for each of the topic areas addressed. The genesis for this second edition was the experience gleaned from the NRC OIG's 10 years of audit and investigative efforts. Over these years, it has become evident that several types of fraud may be prevented or deterred with the help of training and awareness. In addition to procurement fraud, this second volume discusses acts of fraud in time and attendance, travel, disability claims, and use of Government property and equipment. Under each subject area, the brochure provides definitions and examples, as well as prevention advice and information concerning applicable "fraud indicators." The brochure also contains a section on "Prosecuting Fraud," which describes criminal, civil, and administrative penalties. Advice on avoiding and reporting fraud concludes this reference.

Appendices

[ Prev | Next | Top of file ]

Audit Listings

[ Prev | Next | Top of file ]

Internal Program Audit and Special Evaluation Reports

Date Title Audit Number
10/9/98 Review of NRC's Control over the PC Refresh Program OIG/98A-07
12/9/98 NRC Should Reconsider the Methodology and Implementation of the Management Control Program OIG/98A-08
3/1/99 Independent Auditors Report and Principal Statements for Years Ended September 30, 1998 OIG/98A-09
11/17/98 NRC's Year 2000 Efforts Regarding its Internal Systems OIG/98A-11
11/13/98 NRC's License Renewal Program OIG/98A-13
2/3/99 Review of NRC's Controls to Prevent the Inadvertent Release of Sensitive Information OIG/98A-16
10/9/98 Review of NRC Representation Funds OIG/98A-17
11/17/98 Report on the Application of Agreed-Upon Procedures for U.S. Office of Personnel Management OIG/99A-05
3/3/99 Review of NRC's Implementation of the Federal Managers' Financial Integrity Act for Fiscal Year 1998 OIG/99A-11

Contract Audit Reports

OIG Issue Date Contractor/Contract Number Questioned Costs Funds Put to Better Use
10/2/98 Risk Engineering, Incorporated
NRC-04-96-037 0 0
10/6/98 ANSTEC, Inc.
NRC-33-93-201 $397,876 0
10/13/98 Statistica, Inc.
NRC-39-88-211 0 0
11/5/98 Southwest Research Institute
NRC-02-91-002 0 0
11/9/98 Advanced Systems Technology, Inc.
NRC-04-91-047 0 0
11/9/98 UES, Inc.
NRC-04-94-086 0 0
11/17/98 Micro Analysis and Design, Inc.
NRC-04-94-085 0 0
11/17/98 Micro Analysis and Design, Inc.
NRC-04-94-085 0 0
11/23/98 Parameter, Incorporated
NRC-03-93-026 0 0
11/27/98 Conger & Elsea, Inc.
RS-AED-98-263 0 0
12/30/98 Ebasco Services, Inc.
NRC-04-90-099 0 0
NRC-04-90-100 0 0
1/26/99 Science and Engineering Associates
NRC-04-91-066 $63,422 0
2/26/99 Modeling and Computing Services
NRC-04-92-048 0 0
3/1/99 Athey Consulting, Inc.
NRC-26-98-262 0 0
3/2/99 Pentek, Incorporated
NRC-05-84-156 $5,995 0
3/11/99 Scientech, Inc.
NRC-03-93-031 0 0
NRC-03-95-026 0 0
NRC-04-91-068 0 0
NRC-04-93-049 0 0
NRC-04-95-045 0 0
3/23/99 Scientech, Inc.
NRC-03-93-031 0 0
NRC-04-88-095 0 0
NRC-04-91-068 0 0
NRC-04-93-049 0 0
3/30/99 Adsystech, Inc.
NRC-33-93-225
NRC-33-94-191
3/31/99 Scientech, Inc.
NRC-04-89-067 $18,560 0
3/31/99 Wang Government Services, Inc.
NRC-10-93-133 0 0

Audit Tables

[ Prev | Next | Top of file ]

During this reporting period, the OIG analyzed 20 contract audit reports issued by the DCAA. The following tables depict the cost savings from this work.

Table I. -- Post-Award Findings

OIG Reports Containing Questioned Costs
October 1, 1998 - March 31, 1999
Reports Number of Reports Questioned Costs (Dollars) Unsupported Costs (Dollars)
A. For which no management decision had been made by the commencement of the reporting period 0 0 0
B. Which were issued during the reporting period 4 $485,853 0
Subtotal (A + B) 4 $485,853 0
C. For which a management decision was made during the reporting period:
(i) dollar value of disallowed costs 4 $485,853 0
(ii) dollar value of costs not disallowed 0 0 0
D. For which no management decision had been made by the end of the reporting period 0 0 0
E. For which no management decision was made within 6 months of issuance 0 0 0

Table II. -- Pre-Award Findings

OIG Reports Issued with Recommendations That Funds Be Put to Better Use October 1, 1998 - March 31, 1999
Reports Number of Reports Dollar Value of Funds
A. For which no management decision had been made by the commencement 0 0
B. Which were issued during the reporting period 1 0
Subtotal (A + B) 1 0
C. For which a management decision was made during the reporting period:
(i) dollar value of recommendations that were agreed to by management 1 0
(ii) dollar value of recommendations that were not agreed to by management 0 0
D. For which no management decision had been made by the end of the reporting period 0 0
E. For which no management decision was made within 6 months of issuance 0 0

Abbreviations

[ Prev | Next | Top of file ]

ADAMS Agencywide Documents Access and Management System
CFO Chief Financial Officer (NRC)
CIO Chief Information Officer (NRC)
CISSCO Comprehensive Information Support Systems Consolidation
DCAA U.S. Defense Contract Audit Agency
DOE U.S. Department of Energy
DOJ U.S. Department of Justice
ECMC Executive Committee for Management Controls
ECP Employee Concerns Program
EI Event Inquiry
FBI Federal Bureau of Investigation
FFMIA Federal Financial Management Improvement Act
FMFIA Federal Managers' Financial Integrity Act
FY Fiscal Year
GAO U.S. General Accounting Office
GPRA Government Performance and Results Act
GSA U.S. General Services Administration
H&I harassment and intimidation
IAM Issue Area Manager
IG Inspector General
IT information technology
LAN local area network
MD Management Directive
NRC U.S. Nuclear Regulatory Commission
NT Microsoft Windows NT
OCIO Office of the Chief Information Officer (NRC)
OI Office of Investigations (NRC)
OIG Office of the Inspector General
OMB Office of Management and Budget
OPM U.S. Office of Personnel Management
PC Personal Computer
PDR Public Document Room (NRC)
SMM Senior Management Meeting
Y2K Year 2000

Glossary

[ Prev | Next | Top of file ]

Event Inquiry

The Event Inquiry is an investigative product documenting examination of events or agency actions that do not specifically focus on individual misconduct. These reports identify institutional weaknesses that led to or allowed a problem to occur. This type of investigative effort was previously referred to as an inspection.

Financial Audit

A financial audit assesses the effectiveness of internal control systems, transaction processing, financial systems, and contracts.

Funds Put to Better Use

Funds identified in audit recommendations that could be used more efficiently by avoiding unnecessary expenses.

Hotline

A toll-free telephone number (1-800-233-3497) available to anyone for reporting incidents of possible fraud, waste, and abuse to the NRC's Office of the Inspector General.

Management Decision

A final decision founded on management's response to audit recommendations and findings.

Material Weakness

A specific instance of noncompliance with the FMFIA of sufficient importance to be reported to the President and the Congress. Such instances typically involve a weakness that would significantly impair the fulfillment of an agency component's mission; deprive the public of needed services; violate statutory or regulatory requirements; significantly weaken safeguards against waste, loss, unauthorized use, or misappropriation of funds, property, or other assets; or result in a conflict of interest.

Questioned Cost

A cost questioned as a result of an alleged violation of law, regulation, contract, or agreement
governing the expenditure of funds (costs unsupported by adequate documentation or funds for a particular purpose that are unnecessary or unreasonable).

Special Evaluation

An OIG audit report that examines the implications of NRC programs that affect national issues, such as high-level radioactive waste disposal, nuclear power plant decommissioning, or the use of radiation by the medical community in treating disease.

The NRC OIG Hotline

[ Prev | Top of file ]

The OIG established a toll-free number (1-800-233-3497) to provide NRC employees, contractors, and others with direct access to OIG's Hotline Program. Hotline procedures and guidelines were carefully developed to ensure the confidentiality (unless totally unavoidable) of NRC employees wishing to report incidents of possible fraud, waste, and abuse within the NRC. Trained OIG staff are available to answer calls Monday through Friday, between 10:00 a.m. and 4:00 p.m. (eastern standard time).

Individuals may also provide information to hotline personnel by writing to the address below.

U.S. Nuclear Regulatory Commission
Office of the Inspector General
Hotline Program
Mail Stop T-5 D28
Washington, DC 20555-0001

HOTLINE NUMBER:
1-800-233-3497

[ Top of file ]

Page Last Reviewed/Updated Thursday, March 29, 2012