ML19324F454

From kanterella
Jump to navigation Jump to search
Fy 2020 Annual Plan for the Defense Nuclear Facilities Board Dated November 20, 2019
ML19324F454
Person / Time
Issue date: 11/20/2019
From: Lee D
NRC/OIG
To:
References
Download: ML19324F454 (31)
v  d  e


Text

Office of the Inspector General U.S. Defense Nuclear Facilities Safety Board Annual Plan Fiscal Year 2020

FOREWORD The Consolidated Appropriations Act, 2014, provided that notwithstanding any other provision of law, the Inspector General (IG) of the Nuclear Regulatory Commission (NRC) is authorized in 2014 and subsequent years to exercise the same authorities with respect to the Defense Nuclear Facilities Safety Board (DNFSB), as determined by the NRC Inspector General (IG), as the IG exercises under the Inspector General Act of 1978 (5 U.S.C. App.)

with respect to the NRC. I am pleased to present the Office of the Inspector General's (OIG) FY 2020 Annual Plan for the Defense Nuclear Facilities Safety Board (DNFSB). The Annual Plan provides the audit and investigative strategies and associated summaries of the specific work planned for the coming year. It sets forth OIG's formal strategy for identifying priority issues and managing its workload and resources for Fiscal Year (FY) 2020.

Congress created DNFSB in September 1988 as an independent Executive Branch agency to identify the nature and consequences of potential threats to public health and safety at the Department of Energys (DOE) defense nuclear facilities, elevate those issues to the highest levels of authority, and inform the public. DNFSB strives to protect public health and safety by ensuring implementation of safety standards at DOE defense nuclear facilities, conducting in-depth reviews of new DOE defense facilities during design and construction to ensure the early integration of safety into design; and providing oversight to prevent an accidental detonation of a nuclear weapon during the evaluation, maintenance, or dismantlement process.

OIG sought input both from Congress and DNFSB in the development of this Annual Plan.

We have programmed all available resources to address the matters identified in this plan.

This approach maximizes the use of our resources. However, to respond to a changing environment, it is sometimes necessary to modify this plan as circumstances, priorities, and or resources warrant.

David C. Lee Deputy Inspector General

TABLE OF CONTENTS MISSION AND AUTHORITY ........................................................................................... 1 PLANNING STRATEGY .................................................................................................. 2 AUDIT AND INVESTIGATION UNIVERSE ..................................................................... 2 AUDIT STRATEGY ......................................................................................................... 3 INVESTIGATION STRATEGY ........................................................................................ 3 PERFORMANCE MEASURES ....................................................................................... 5 OPERATIONAL PROCESSES ....................................................................................... 6 AUDITS ................................................................................................................ 6 INVESTIGATIONS ............................................................................................... 8 HOTLINE .............................................................................................................. 9 APPENDICES A. AUDITS PLANNED FOR FY 2020 Audit of DNFSBs Compliance with Standards Established by the Digital Accountability and Transparency Act of 2014 (DATA Act) ........................... A-1 Audit of DNFSBs Human Resource Program .............................................. A-2 Audit of DNFSBs Fiscal Year 2019 Financial Statements ........................... A-3 Independent Evaluation of DNFSBs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2019 ............................. A-4 Audit of DNFSBs Internal Control Program ................................................. A-5 Independent Evaluation of DNFSBs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2020 ............................. A-6 Audit of DNFSBs Fiscal Year 2020 Financial Statements ........................... A-7 Audit of DNFSBs Process for Planning and Implementing Oversight Activities ....................................................................................... A-8 Survey of DNFSBs Culture and Climate ...................................................... A-9 B. INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2020 C. ISSUE AREAS AND DESIGNATED ISSUE AREA MONITORS D. ABBREVIATIONS AND ACRONYMS

MISSION AND AUTHORITY The Nuclear Regulatory Commissions (NRC) Office of the Inspector General (OIG) was established on April 15, 1989, pursuant to Inspector General Act Amendments contained in Public Law 100-504. In addition, the Consolidated Appropriations Act, 2014, provided that notwithstanding any other provision of law, the NRC Inspector General (IG) is authorized in 2014 and subsequent years to exercise the same authorities with respect to the Defense Nuclear Facilities Safety Board (DNFSB), as determined by the NRC IG, as the IG exercises under the Inspector General Act of 1978 (5 U.S. C. App.) with respect to NRC.

OIGs mission is to (1) conduct and supervise independent audits and investigations of agency programs and operations; (2) promote economy, effectiveness, and efficiency within the agency; (3) prevent and detect fraud, waste, and abuse in agency programs and operations; (4) develop recommendations regarding existing and proposed regulations relating to agency programs and operations; and (5) keep the agency head and Congress fully and currently informed about problems and deficiencies relating to agency programs. The Act also requires the Inspector General (IG) to prepare a semiannual report to the DNFSB Chairman and Congress summarizing the activities of the OIG.

In furtherance of the execution of this mission and of particular importance to OIGs annual plan development, the IG summarized what he considers to be the most serious management and performance challenges facing DNFSB and assessed DNFSBs progress in addressing those challenges. In its latest annual assessment (October 2019), the IG identified the following as the most serious management and performance challenges facing DNFSB:1

1. Management of a healthy and sustainable organizational culture and climate.
2. Management of security over internal infrastructure (personnel, physical, and cyber security) and nuclear security.
3. Management of administrative functions.
4. Management of technical programs.

Through its Issue Area Monitor (IAM) program, OIG staff monitor DNFSB performance on these management and performance challenges. These challenges help inform decisions concerning which audits and evaluations to conduct each fiscal year.

1 The challenges are not ranked in any order of importance.

1

PLANNING STRATEGY The FY 2020 Annual Plan is based, in part, on knowledge gained through OIG audit and investigative activities. These activities pertain to DNFSB and its operations, work conducted under the IAM program, and management and performance challenges facing DNFSB as of October 2019 as identified by OIG.

AUDIT AND INVESTIGATION UNIVERSE DNFSB, an independent executive branch agency established by Congress in September 1988, is charged with providing technical safety oversight of the Department of Energys (DOE) defense nuclear facilities and activities in order to provide adequate protection of the health and safety of the public and workers. Its mission is to provide independent analysis, advice, and recommendations to the Secretary of Energy to inform the Secretary, as operator and regulator of DOEs defense nuclear facilities, in providing adequate protection of public health and safety at these facilities.

When fully staffed, DNFSBs board is composed of five Presidentially appointed, Senate confirmed members who are required by law to be respected experts in the field of nuclear safety with a demonstrated competence and knowledge relevant to its independent investigative and oversight functions. Most of DNFSBs approximate 117 full-time equivalents work at the agencys Washington, DC, headquarters.

DNFSBs FY 2020 budget is $31 million.

DNFSBs enabling statute assigns specific functions to the agency for accomplishing its safety oversight mission, including to

  • Review and evaluate the content and implementation of standards relating to the design, construction, operation, and decommissioning of DOE defense nuclear facilities at each facility and recommend to the Secretary of Energy specific measures needed to ensure that public health and safety are adequately protected.
  • Investigate any event or practice at a DOE defense nuclear facility DNFSB determines has adversely affected, or may adversely affect, public health and safety.
  • Review the design of new DOE defense nuclear facilities before construction begins and recommend modifications of the design deemed necessary to ensure public health and safety.
  • Make recommendations to the Secretary of Energy pertaining to operation, standards, and research needs pertaining to DOE defense nuclear facilities that DNFSB deems necessary to ensure public health and safety. In making its recommendations, DNFSB shall consider, and specifically assess, risk and 2

the technical and economic feasibility of implementing the recommended measures.

OIGs audit and investigation oversight responsibilities are derived from DNFSBs array of programs, functions, and support activities established to accomplish its mission.

AUDIT STRATEGY Effective audit planning requires current knowledge about DNFSBs mission and the programs and activities used to carry out that mission. Accordingly, OIG continually monitors specific issue areas to strengthen its internal coordination and overall planning process. Under the offices IAM program, staff designated as IAMs are assigned responsibility for keeping abreast of major DNFSB programs and activities.

The broad IAM areas address information management, nuclear safety, and corporate management. Appendix C contains a list of the IAMs and the issue areas for which they are responsible.

The audit planning process yields audit assignments that identify opportunities for increased efficiency, economy, and effectiveness in DNFSB programs and operations; detect and prevent fraud, waste, and mismanagement; improve program and security activities at headquarters and site locations; and respond to emerging circumstances and priorities. The priority for conducting audits is based on (1) mandatory legislative requirements; (2) critical agency risk areas; (3) emphasis by the President, Congress, Board Chairman, or other Board Members; (4) a programs susceptibility to fraud, manipulation, or other irregularities; (5) dollar magnitude or resources involved in the proposed audit area; (6) newness, changed conditions, or sensitivity of an organization, program, function, or activities; (7) prior audit experience, including the adequacy of internal controls; and (8) availability of audit resources.

INVESTIGATION STRATEGY OIG investigation strategies and initiatives add value to DNFSB programs and operations by identifying and investigating allegations of fraud, waste, and abuse leading to criminal, civil, and administrative penalties and recoveries. By focusing on results, OIG has designed specific performance targets focusing on effectiveness.

Because DNFSBs mission is to protect public health and safety, the main investigative concentration involves alleged DNFSB misconduct or inappropriate actions that could adversely impact health and safety-related matters. These investigations typically include allegations of:

3

  • Misconduct by high-ranking DNFSB officials and other DNFSB officials, such as managers and inspectors, whose positions directly impact public health and safety.
  • Failure by DNFSBs management to ensure that health and safety matters are appropriately addressed.
  • Conflict of interest and ethics violations.
  • Indications of management or supervisory retaliation or reprisal.

OIG will also implement initiatives designed to monitor specific high-risk areas within DNFSBs corporate management that are most vulnerable to fraud, waste, and abuse. A significant focus will be on emerging information technology and national security issues that could negatively impact the security and integrity of DNFSB data and operations. OIG is committed to improving the security of the constantly changing electronic business environment by investigating unauthorized intrusions and computer-related fraud, and by conducting computer forensic examinations.

Other proactive initiatives will focus on determining instances of procurement fraud, theft of property, insider threats, and Government travel charge card and government purchase card misuse and abuse.

As part of these proactive initiatives, OIG will meet with DNFSBs internal and external stakeholders to identify systemic issues or vulnerabilities. This approach will allow the identification of potential vulnerabilities and an opportunity to improve agency performance, as warranted.

OIG personnel will routinely interact with public interest groups, individual citizens, industry workers, and DNFSB staff to identify possible lapses in DNFSBs regulatory oversight that could impact public health and safety. OIG will also conduct proactive initiatives and reviews into areas of current or future regulatory safety or security interest to identify emerging issues or address ongoing concerns regarding the quality of DNFSBs regulatory oversight.

Appendix B provides investigation priorities, objectives and initiatives for FY 2020.

Specific investigations are not included in the plan because investigations are primarily responsive to reported violations of law and misconduct by DNFSB employees and contractors, as well as allegations of irregularities or abuse in DNFSBs programs and operations.

4

PERFORMANCE MEASURES

1. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency safety, security, or corporate management programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).
2. Percentage of audit recommendations agreed to by agency.
3. Percentage of final agency actions taken within 2 years on audit recommendations.
4. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency safety, security, or corporate management programs; ratify adherence to policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact).
5. Percentage of agency actions taken in response to investigative reports.
6. Percentage of cases completed within 18 months.

5

OPERATIONAL PROCESSES The following sections detail the approach used to carry out the audit and investigative responsibilities previously discussed.

AUDITS OIGs audit process comprises the steps taken to conduct audits and involves specific actions, ranging from annual audit planning to audit follow up activities.

The underlying goal of the audit process is to maintain an open channel of communication between the auditors and DNFSB officials to ensure that audit findings are accurate and fairly presented in the audit report.

OIG performs the following types of audits Performance - Performance audits focus on DNFSB administrative and program operations and evaluate the effectiveness and efficiency with which managerial responsibilities are carried out, including whether the programs achieve intended results.

Financial - These audits, which include the financial statement audit required by the Accountability of Tax Dollars Act of 2002 and OMB Bulletin 15-02 (Audit Requirements for Federal Financial Statements), attest to the reasonableness of DNFSBs financial statements and evaluate financial programs.

Contract - Contract audits evaluate the costs of goods and services procured by DNFSB from commercial enterprises.

The key elements in the audit process are as follows Audit Planning - Each year, suggestions are solicited from Congress, DNFSB management, external parties, and OIG staff. An annual audit plan (i.e., this document) is developed and distributed to interested parties. It contains a listing of planned audits to be initiated during the fiscal year depending on availability of resources and the general objectives of the audits. The annual audit plan is a living document that may be revised as circumstances warrant, with a subsequent redistribution of staff resources.

Audit Notification - Formal notification is provided to the office responsible for a specific program, activity, or function, informing them of OIGs intent to begin an audit of that program, activity, or function.

6

Entrance Conference - A meeting is held to advise DNFSB officials of the objective(s), and scope of the audit, and the general audit methodology to be followed.

Survey - Exploratory work is conducted before the more detailed audit work commences to gather data for refining audit objectives, as appropriate; documenting internal control systems; becoming familiar with the activities, programs, and processes to be audited; and identifying areas of concern to management. At the conclusion of the survey phase, the audit team will recommend to the Assistant Inspector General for Audits (AIGA) a Go or No Go decision regarding the verification phase. If the audit team recommends a No Go, and it is approved by the AIGA, the audit is dropped.

Audit Fieldwork - A comprehensive review is performed of selected areas of a program, activity, or function using an audit program developed specifically to address the audit objectives.

End of Fieldwork Briefing With Agency - At the conclusion of audit fieldwork, the audit team discusses the tentative report findings and recommendations with the auditee.

Discussion Draft Report - A discussion draft copy of the report is provided to DNFSB management to allow them the opportunity to prepare for the exit conference.

Exit Conference - A meeting is held with the appropriate DNFSB officials to discuss the discussion draft report. This meeting provides DNFSB management the opportunity to confirm information, ask questions, and provide any necessary clarifying data.

Final Draft Report - If requested by DNFSB management during the exit conference, a final draft copy of the report that includes comments or revisions from the exit conference is provided to DNFSB to obtain formal written comments.

Final Audit Report - The final report includes, as necessary, any revisions to the facts, conclusions, and recommendations of the draft report discussed in the exit conference or generated in written comments supplied by DNFSB managers. Written comments are included as an appendix to the report.

Some audits are sensitive and/or classified. In these cases, final audit reports are not made available to the public.

7

Response to Report Recommendations - Offices responsible for the specific program or process audited provide a written response on each recommendation (usually within 30 days) contained in the final report.

DNFSB management responses include a decision for each recommendation indicating agreement or disagreement with the recommended action. For agreement, DNFSB management provides corrective actions taken or planned and actual or target dates for completion. For disagreement, DNFSB management provides their reasons for disagreement and any alternative proposals for corrective action.

Impasse Resolution - If the response by the action office to a recommendation is unsatisfactory, OIG may determine that intervention at a higher level is required.

Audit Follow up and Closure - This process ensures that recommendations made to management are implemented.

INVESTIGATIONS OIGs investigative process normally begins with the receipt of an allegation of fraud, mismanagement, or misconduct. Because a decision to initiate an investigation must be made within a few days of each referral, OIG does not schedule specific investigations in its annual investigative plan.

Investigations are opened in accordance with OIG priorities in consideration of prosecutorial guidelines established by the local U.S. attorneys for the Department of Justice (DOJ). OIG investigations are governed by the Council of the Inspectors General on Integrity and Efficiency Quality Standards for Investigations, the OIG Special Agent Handbook, and various guidance provided periodically by DOJ.

Only four individuals in the OIG can authorize the opening of an investigative case: the Inspector General (IG), the Deputy IG, the Assistant IG for Investigations, and the Senior Assistant for Investigative Operations. Every allegation received by OIG is given a unique identification number and entered into a database. Some allegations result in investigations, while others are retained as the basis for audits, referred to DNFSB management, or, if appropriate, referred to another law enforcement agency.

8

When an investigation is opened, it is assigned to a special agent who prepares a plan of investigation. This planning process includes a review of the criminal and civil statutes, program regulations, and agency policies that may be involved. The special agent then conducts the investigation, and uses a variety of investigative techniques to ensure completion.

In cases where the special agent determines that a crime may have been committed, he or she will discuss the investigation with a Federal and/or local prosecutor to determine if prosecution will be pursued. In cases where a prosecuting attorney decides to proceed with a criminal or civil prosecution, the special agent assists the attorney in any preparation for court proceedings that may be required.

For investigations that do not result in prosecution but are handled administratively by the agency, the special agent prepares a Report of Investigation or a Memorandum to the Chairman summarizing the facts disclosed during the investigation. The report is distributed to agency officials who have a need to know the results of the investigation. For investigative reports provided to agency officials, OIG requires a response within 120 days regarding action taken as a result of the investigative finding(s). OIG monitors corrective or disciplinary actions that are taken.

OIG collects data summarizing the criminal and administrative action taken as a result of its investigations and includes this data in its semiannual reports to Congress.

HOTLINE The OIG Hotline Program provides DNFSB employees, contract employees, and the public with a confidential means of reporting to the OIG instances of fraud, waste, and abuse relating to Board programs and operations.

Please

Contact:

E-mail: Online Form Telephone: 1-800-233-3497 TDD 1-800-201-7165, or 7-1-1 Address: U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852 9

APPENDICES APPENDIX A A AUDITS PLANNED FOR FY 2020

Appendix A Audit of DNFSBs Compliance with Standards Established By the Digital Accountability and Transparency Act of 2014 (DATA Act)

DESCRIPTION AND JUSTIFICATION:

The Digital Accountability and Transparency Act of 2014 (DATA Act) was enacted May 9, 2014 and requires Federal agencies to report financial and payment data in accordance with data standards established by the Department of Treasury and the Office of Management and Budget. The data reported will be displayed on a Web site available to taxpayers and policy makers. In addition, the DATA Act requires Inspectors General (IGs) to review the data submitted by the agency under the act and report to Congress on the completeness, timeliness, quality and accuracy of this information. In accordance with the act, the IG issued an audit in November 2017, and plans to issue the next audits in 2019 and 2021. This audit pertains to the review of data sampled for FY 2019. The report is due November 8, 2019.

OBJECTIVES:

The audit objectives are to review the 1st quarter data submitted by DNFSB under the DATA Act and (1) determine the completeness, timeliness, accuracy and quality of the data sampled and (2) assess the implementation of the governing standards by the agency.

SCHEDULE:

Initiated in the 3rd quarter of FY 2019.

STRATEGIC GOAL 3:

Increase the economy, efficiency, and effectiveness with which DNFSB manages and exercises stewardship over its resources Strategy 3-1:

Identify areas of corporate management risk within DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

MANAGEMENT CHALLENGE 3:

Management of administrative functions.

A-1

Appendix A Audit of DNFSBs Human Resource Program2 DESCRIPTION AND JUSTIFICATION:

The Office of Personnel Management (OPM) requires that agencies use guidance to plan, implement, evaluate, and improve human capital policies and procedures.

OPM established the Human Capital Framework (HCF) to provide comprehensive guidance on strategic human capital management in the government. The framework provides direction on human capital planning, implementation, and evaluation in the Federal environment. The HCF's flexible structure supports organizational agility and adaptability. HCFs components are

1. Strategic Alignment System
2. Performance Culture
3. Talent Management System
4. Evaluation OBJECTIVES:

To determine if DNFSB's human resource program is designed and implemented to effectively support the execution of its mission.

SCHEDULE:

Initiated in the 3nd quarter of FY 2019.

STRATEGIC GOAL 3:

Increase the economy, efficiency, and effectiveness with which DNFSB manages and exercises stewardship over its resources Strategy 3-1:

Identify areas of corporate management risk within DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

MANAGEMENT CHALLENGE 3:

Management of administrative functions.

2 The title of this audit was changed from Audit of DNFSBs Talent Management System for Filling Vacancies Within the Human Capital Framework (HCF) as communicated at the May 8, 2019, entrance conference.

A-2

Appendix A Audit of DNFSBs Fiscal Year 2019 Financial Statements DESCRIPTION AND JUSTIFICATION:

Under the Chief Financial Officers Act, as updated by the Accountability of Tax Dollars Act of 2002 and OMB Bulletin 17-03, Audit Requirements for Federal Financial Statements, OIG is required to audit DNFSBs financial statements. The report on the audit of DNFSBs financial statements is due on November 19, 20193.

OBJECTIVES:

The audit objectives are to:

  • Express opinions on DNFSBs financial statements and internal controls.
  • Review compliance with applicable laws and regulations.
  • Review the controls in DNFSBs computer systems that are significant to the financial statements.
  • Assess the agencys compliance with OMB Circular A-123, (Revised),

Managements Responsibility for Enterprise Risk Management and Internal Control.

SCHEDULE:

Initiated in the 4th quarter of FY 2019.

STRATEGIC GOAL 3:

Increase the economy, efficiency, and effectiveness with which DNFSB manages and exercises stewardship over its resources Strategy 3-1:

Identify areas of corporate management risk within DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

MANAGEMENT CHALLENGE 3:

Management of administrative functions.

3 The due date for this audit is now December, 2019, by mutual agreement between OIG and DNFSB.

A-3

Appendix A Independent Evaluation of DNFSBs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2019 DESCRIPTION AND JUSTIFICATION:

The Federal Information Security Modernization Act (FISMA) was enacted in 2014.

FISMA outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by agencies Inspectors General. In addition, FISMA includes provisions such as the development of minimum standards for agency systems aimed at further strengthening the security of the Federal Government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.

FISMA provides the framework for securing the Federal Governments information technology including both unclassified and national security systems. All agencies must implement the requirements of FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.

OBJECTIVES:

The evaluation objective is to conduct an independent assessment of DNFSBs implementation of FISMA for Fiscal Year 2019.

SCHEDULE:

Initiated in the 4th quarter of FY 2019.

STRATEGIC GOAL 2:

Strengthen DNFSB's security efforts in response to an evolving threat environment.

Strategy 2-1:

Identify risks in maintaining a secure infrastructure (i.e., facility, personnel, and cyber security), and conduct audits and/or investigations that lead to DNFSB improvements.

MANAGEMENT CHALLENGE 2:

Management of security over internal infrastructure (personnel, physical, and cyber security) and nuclear security.

A-4

Appendix A Audit of DNFSBs Internal Control Program DESCRIPTION AND JUSTIFICATION:

DNFSBs Directive 211.1 states that DNFSBs Internal Control Program is to establish and maintain cost-effective internal controls, in part, to ensure programs achieve their intended results and that resources are used consistent with the Boards mission. DNFSBs Internal Control Program Operating Procedures require formal assessment of, at minimum, 30 of the Boards significant work processes each year. The Executive Committee on Internal Control (ECIC), a small group selected from among Board members and DNFSB staff, determines which processes will be assessed each year. Choosing the specific processes is based on:

1) a risk assessment; 2) consideration of the recency of previous assessments; 3) a review of any open corrective actions from previous Internal Control Program assessments; 4) the results of external audits, internal management reviews, and other assessments; and 5) the cost of any new assessments versus their benefit.

OBJECTIVE:

To determine the effectiveness of DNFSBs Internal Control Program.

SCHEDULE:

Initiate in 2nd quarter of FY 2020.

STRATEGIC GOAL:

Addresses all strategic goals.

Strategy:

Addresses all strategies.

MANAGEMENT CHALLENGE:

Addresses all management challenges.

A-5

Appendix A Independent Evaluation of DNFSBs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2020 DESCRIPTION AND JUSTIFICATION:

The Federal Information Security Modernization Act (FISMA) was enacted in 2014.

FISMA outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by agencies Inspectors General. In addition, FISMA includes provisions such as the development of minimum standards for agency systems aimed at further strengthening the security of the Federal Government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.

FISMA provides the framework for securing the Federal Governments information technology including both unclassified and national security systems. All agencies must implement the requirements of FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.

OBJECTIVES:

The evaluation objective is to conduct an independent assessment of DNFSBs implementation of FISMA for Fiscal Year 2020.

SCHEDULE:

Initiate in the 3rd quarter of FY 2020.

STRATEGIC GOAL 2:

Strengthen DNFSB's security efforts in response to an evolving threat environment.

Strategy 2-1:

Identify risks in maintaining a secure infrastructure (i.e., facility, personnel, and cyber security), and conduct audits and/or investigations that lead to DNFSB improvements.

MANAGEMENT CHALLENGE 2:

Management of security over internal infrastructure (personnel, physical, and cyber security) and nuclear security.

A-6

Appendix A Audit of DNFSBs Fiscal Year 2020 Financial Statements DESCRIPTION AND JUSTIFICATION:

Under the Chief Financial Officers Act, as updated by the Accountability of Tax Dollars Act of 2002 and OMB Bulletin 17-03, Audit Requirements for Federal Financial Statements, OIG is required to audit DNFSBs financial statements. The report on the audit of DNFSBs financial statements is due on November 15, 2020.

OBJECTIVES:

The audit objectives are to:

  • Express opinions on DNFSBs financial statements and internal controls.
  • Review compliance with applicable laws and regulations.
  • Review the controls in DNFSBs computer systems that are significant to the financial statements.
  • Assess the agencys compliance with OMB Circular A-123, (Revised),

Managements Responsibility for Enterprise Risk Management and Internal Control.

SCHEDULE:

Initiate in the 3rd quarter of FY 2020.

STRATEGIC GOAL 3:

Increase the economy, efficiency, and effectiveness with which DNFSB manages and exercises stewardship over its resources Strategy 3-1:

Identify areas of corporate management risk within DNFSB and conduct audits and investigations that lead to DNFSB program improvements.

MANAGEMENT CHALLENGE 3:

Management of administrative functions.

A-7

Appendix A Audit of DNFSBs Process for Planning and Implementing Oversight Activities DESCRIPTION AND JUSTIFICATION:

The Defense Nuclear Facilities Safety Board (DNFSB) routinely develops an annual plan to conduct oversight of Department of Energy (DOE) defense nuclear facilities.

DNFSBs independent oversight of DOE defense nuclear facilities is carried out by technical experts located at DNFSB headquarters as well as by Resident Inspectors who are located at the various facilities throughout the country. Together this cadre of highly experienced and knowledgeable staff conduct reviews to determine if the facilities are operated safely and in accordance with established regulations.

OBJECTIVE:

The objectives of this audit are to determine whether

  • DNFSBs planning and implementation of oversight activities are efficiently and effectively conducted; and
  • Staffing and prioritization of oversight activities are reasonably determined SCHEDULE:

Initiate in 4th quarter of FY 2020.

STRATEGIC GOAL 1:

Strengthen DNFSBs efforts to oversee the safe operation of DOE defense nuclear facilities.

Strategy 1-1:

Identify risk areas associated with DNFSBs oversight of DOE defense nuclear facilities and conduct audits and/or investigations that lead to improved DNFSB performance and communications.

MANAGEMENT CHALLENGE 4:

Management of technical programs.

A-8

Appendix A Survey of the Defense Nuclear Facilities Safety Boards Culture and Climate DESCRIPTION AND JUSTIFICATION:

In 2015 OIG contracted with an international firm to conduct an independent survey that evaluated the organizational culture and climate of DNFSBs workforce. This survey identified agency strengths and opportunities for improvements.

Comparisons were made to national and Government norms.

A clear understanding of DNFSBs current culture and climate will facilitate identification of agency strengths and opportunities for improvement as it continues to experience significant challenges. These challenges include attrition, knowledge management, a major reorganization, DNFSB leadership publicly expressing a desire to downsize, and controversy regarding DNFSBs collaboration with DOE.

The degree to which the level of employee engagement and morale have been affected by these challenges will be assessed in the survey.

OBJECTIVES:

The survey objectives will be to

  • Measure the Boards culture and climate to identify areas of strength and opportunities for improvement;
  • Compare the results of this survey against the survey results that OIG previously reported; and
  • Provide, where practical, benchmarks for the qualitative and quantitative findings against other organizations.

SCHEDULE:

Initiated in the 4th quarter of FY 2020.

STRATEGIC GOAL 1 through 3:

Addresses all strategic challenges facing DNFSB.

Strategy 1 through 3:

Incorporates all OIG goals, strategies, and actions.

MANAGEMENT CHALLENGE Addresses all management challenges.

A-9

APPENDIX B INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2020

INTRODUCTION The Assistant Inspector General for Investigations (AIGI) has responsibility for developing and implementing an investigative program that furthers OIGs objectives. The AIGIs primary responsibilities include investigating possible violations of criminal statutes relating to DNFSBs programs and activities, investigating allegations of misconduct by DNFSB employees, interfacing with DOJ on OIG-related criminal matters, and coordinating investigations and OIG initiatives with other Federal, State, and local investigative agencies and other AIGIs.

Investigations cover a broad range of allegations concerning criminal wrongdoing or administrative misconduct affecting various DNFSB programs and operations.

Investigations may be initiated as a result of allegations or referrals from private citizens; DNFSB employees; Congress; other Federal, State, and local law enforcement agencies; OIG audits; the OIG Hotline; and proactive efforts directed at areas bearing a high potential for fraud, waste, and abuse.

This investigative plan was developed to focus OIG investigative priorities and use available resources most effectively. It provides strategies and planned investigative work for FY 2020. The most serious management and performance challenges facing DNFSB, as identified by the IG, were also considered in the development of this plan.

PRIORITIES The OIG estimates it will initiate approximately five investigations in FY 2020. Reactive investigations into allegations of criminal and other wrongdoing will claim priority on OIGs use of available resources. Because DNFSBs mission is to protect public health and safety, Investigations main concentration of effort and resources will involve investigations of alleged DNFSB employee misconduct that could adversely impact public health and safety related matters.

OBJECTIVES To facilitate the most effective and efficient use of limited resources, Investigations has established specific objectives aimed at preventing and detecting fraud, waste, and abuse as well as optimizing DNFSBs effectiveness and efficiency. Investigations will focus its investigative efforts in areas, which include possible violations of criminal statutes relating to DNFSBs programs and operations and allegations of misconduct by DNFSB employees.

B-1

Investigations Appendix B INITIATIVES

  • Investigate allegations of misconduct by DNFSB employees and contractors in accordance with the federal statutes, regulations, and management directives.
  • Investigate alleged violations of government-wide ethics regulations posed by conflict of interest.
  • Conduct fraud awareness briefings and information presentations to provide practical and implementable knowledge-basis for DNFSB employees and external stakeholders that support anti-fraud activities.
  • Conduct activities to protect DNFSBs Information Technology (IT) infrastructure against both internal and external computer intrusions by working in close coordination with DNFSB IT staff.
  • Attempt to detect possible wrongdoing perpetrated against DNFSBs procurement and contracting program. This will include periodic meetings with DNFSB management officials, contract specialists, project managers, project officers, and other identified employees.
  • Proactive review of government travel charge card and the government purchase card programs to prevent, detect, and investigate alleged misuse and abuse.
  • Proactively review and attain awareness in areas of DNFSB emphasis to identify emerging issues that may require future OIG involvement.

B-2

Investigations Appendix B OIG Hotline

  • Promptly process complaints received via the OIG Hotline. Initiate investigations when warranted and properly dispose of allegations that do not warrant OIG investigation.

Freedom of Information Act (FOIA) & Privacy Act

  • Promptly process all requests for OIG information received under FOIA.

Coordinate as appropriate with General Counsel to the IG and the FOIA and Privacy Section.

Liaison Program

  • Maintain close working relationships with the Intelligence Community (IC) and other law enforcement agencies, public interest groups, and the Congress. This will be accomplished through periodic meetings with pertinent congressional staff, public interest groups, and appropriate IC and law enforcement organizations.

ALLOCATION OF RESOURCES Investigations undertakes both proactive initiatives and reactive investigations.

Approximately 85 percent of available investigative resources will be used for reactive investigations. The balance will be allocated to proactive investigative efforts such as reviews of DNFSB contract files, examinations of DNFSB information technology systems to identify weaknesses or misuse by agency employees, reviews of delinquent Government travel and purchase card accounts, and other initiatives.

B-3

APPENDIX C C ISSUE AREAS AND DESIGNATED ISSUE AREA MONITORS

Issue Area Monitors Appendix C ISSUE AREAS AND DESIGNATED ISSUE AREA MONITORS NUCLEAR MATERIALS (SAFTEY AND SECURITY)

Kristen Lipuma FINANCIAL Felicia Silver INFORMATION TECHNOLOGY Terri Cooper CORPORATE SUPPORT Ziad Buhaissi C-1

APPENDIX D D ABBREVIATIONS AND ACRONYMS

ABBREVIATIONS AND ACRONYMS AIGA Assistant Inspector General for Audits AIGI Assistant Inspector General for Investigations CIGIE Council of the Inspectors General on Integrity and Efficiency DATA Digital Accountability and Transparency Act DOE U.S. Department of Energy DOJ U.S. Department of Justice DNFSB Defense Nuclear Facilities Safety Board FISMA Federal Information Security Modernization Act FOIA Freedom of Information Act FY Fiscal Year HCF Human Capital Framework HCAAF Human Capital Assessment and Accountability Framework IAM Issue Area Monitor IC Intelligence Community IG Inspector General IT Information Technology NRC U.S. Nuclear Regulatory Commission OIG Office of the Inspector General OMB Office of Management and Budget OPM Office of Personnel Management D-1

Retrieved from "https://kanterella.com/w/index.php?title=ML19324F454&oldid=2269138"