OIG Performance Report - December 6, 20119

ML19340B352
Person / Time
Issue date:	12/06/2019
From:	NRC/OIG
To:
References
Download: ML19340B352 (21)
v • d • e

Text

U. S. Nuclear Regulatory Commission Office of Inspector General FY 2019 Performance Report December 2019

1 OIG PERFORMANCE REPORT Fiscal Year 2019 INTRODUCTION NRC was formed in 1975, in accordance with the Energy Reorganization Act of 1974, to regulate the various commercial and institutional uses of nuclear materials. The agency succeeded the Atomic Energy Commission, which previously had responsibility for both developing and regulating nuclear activities. Under its responsibility to protect public health and safety, NRC has three principal regulatory functions: (1) establish standards and regulations, (2) issue licenses for nuclear facilities and users of nuclear materials, and (3) inspect facilities and users of nuclear materials to ensure compliance with the requirements. These regulatory functions relate both to nuclear power plants and other uses of nuclear materials - like nuclear medicine programs at hospitals, academic activities at educational institutions, research, and such industrial applications as gauges and testing equipment.

Congress established the Defense Nuclear Facilities Safety Board (DNFSB) in 1988 in response to growing concerns about the level of health and safety protection that the Department of Energy (DOE) was providing the public and workers at defense nuclear facilities. In so doing, Congress sought to provide the general public with added assurance that DOEs defense nuclear facilities are being safely designed, constructed, operated, and decommissioned.

NRCs OIG was established as a statutory entity on April 15, 1989, in accordance with the 1988 amendment to the Inspector General Act of 1978. The act requires OIG to (1) independently and objectively conduct and supervise audits and investigations relating to programs and operations; (2) prevent and detect fraud, waste and abuse; and (3) promote economy, efficiency, and effectiveness in agency programs and operations. In addition, OIG reviews existing and proposed regulations, legislation and directives and provides comments, as appropriate, regarding any significant concern. Since FY 2014, per the Consolidated Appropriations Act, 2014, NRCs OIG has exercised the same authorities with respect to the Defense Nuclear Facilities Safety Board (DNFSB).

The Inspector General keeps the NRC Chairman, DNFSB Chairman, and Members of Congress fully and currently informed about problems, makes recommendations to the agency for corrective actions, and monitors NRCs and DNFSBs progress in implementing such actions. In fulfilling this mission, OIG assists the NRC and DNFSB to accomplish their missions by ensuring integrity, efficiency and accountability in the agencies respective programs.

2 PROGRAM ACTIVITIES OIG accomplishes its mission through the conduct of its audit, investigative, and management and operational support programs, as well as its legislative and regulatory review activities.

To fulfill its audit mission, OIG conducts performance, financial, and contract audits and evaluations.

To fulfill its investigative mission, OIG conducts investigations relating to the integrity of NRCs and DNFSBs programs and operations. Most OIG investigations focus on allegations of fraud, waste, and abuse and violations of law or misconduct by NRC and DNFSB employees and contractors.

ORGANIZATION OF THIS REPORT Section I of this report describes OIGs strategic goals, strategies, actions, and performance data for its work at NRC during FY 2019,Section II describes OIGs strategic goals, strategies, actions, and performance data for its work at DNFSB during FY 2019,Section III describes OIGs human capital strategic goal, strategies, actions, and performance data for FY 2019,Section IV provides information on OIG resources, measurement methodology, cross-cutting efforts, and peer reviews, and Section V provides conclusions about FY 2019 performance.

SECTION I. OIGS STRATEGIC GOALS, STRATEGIES, ACTIONS, AND PERFORMANCE DATA FOR NRC The OIG Strategic Plan features three goals and guides the activities of the Audits and Investigations programs at NRC for FY 2019 through FY 2023. The plan identifies the major challenges and risk areas facing the NRC and generally aligns with the agencys mission.

OIG Strategic Goals for NRC

• Strengthen NRCs efforts to protect public health and safety and the environment.

• Strengthen NRCs security efforts in response to an evolving threat environment.

• Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.

The plan presents OIGs priorities for the covered timeframe and describes OIGs strategic direction to stakeholders, including the NRC Chairman and the U.S. Congress. From this perspective, it presents OIGs results-based business case, explaining the return-on-investment.

It also strengthens OIG by providing a shared set of expectations regarding the goals OIG

3 expects to achieve and the strategies that will be used to do so. OIG adjusts the plan as circumstances necessitate, uses it to develop its annual plan and performance budget, and holds managers and staff accountable for achieving the goals and outcomes.

OIGs strategic plan also includes a number of supporting strategies and actions that describe planned accomplishments. Through associated annual planning activities, audit and investigative resources focus on assessing NRCs safety, security, and corporate management programs involving the major challenges and risk areas facing the NRC. The work of OIG auditors and investigators support and complement each other in the pursuit of these objectives.

Strategic Goal 1: Safety Strengthen NRCs efforts to protect public health and safety and the environment.

Discussion: NRC performs critical functions to ensure the safe and secure use of radioactive materials in the United States and to protect both the public and radiation workers from radiation hazards that could result from the use of radioactive materials. NRC provides licensing and oversight activities for 99 commercial nuclear power reactors; research, test, and training reactors; radioactive materials used in medicine, academia, and industry; and nuclear waste.

NRC is responsible for maintaining an established regulatory framework for the safe and secure use of civilian nuclear reactors, including commercial nuclear power plants as well as research, test, and training reactors. NRCs regulatory oversight responsibilities in the reactor arena include developing policy and rulemaking, licensing and inspecting reactors, licensing reactor operators, and enforcing regulations. The agency is also facing the increased number of plants that are closing down and undergoing decommissioning.

NRC is also responsible for regulatory oversight of the safe and secure use of nuclear materials; medical, industrial, and academic applications, uranium recovery activities; and for the storage and disposal of high-level and low-level radioactive waste. NRC is authorized to grant licenses for the possession and use of radioactive materials and establish regulations to govern the possession and use of those materials.

Upon a States request, NRC may enter into an agreement to relinquish its authority to the State to regulate certain radioactive materials and limited quantities of special nuclear material. The State must demonstrate that its regulatory program is adequate to protect public health and safety and compatible with NRCs program. The States that enter into an agreement assuming this regulatory authority from NRC are called Agreement States. The number of Agreement States continues to increase.

4 NRC regulates high-level radioactive waste generated from commercial nuclear power reactors.

High-level radioactive waste is either spent (used) reactor fuel when it is accepted for disposal or waste material remaining after spent fuel is reprocessed. Because of its highly radioactive fission products, high-level radioactive waste must be handled and stored with care. Because radioactive waste becomes harmless only through decay (which can take hundreds of thousands of years for high-level waste), the material must be stored, and ultimately disposed of in a way that provides adequate protection of the public for a very long time. Due to the uncertainty surrounding a permanent repository for high-level radioactive waste, NRC has been reviewing the issues associated with storing high-level radioactive waste at existing reactor sites or at away-from-reactor sites, and interim storage facilities for the foreseeable future.

NRC must address its safety challenges to fulfill its mission of protecting public health and safety and the environment. NRC must be prepared to address emerging technical and regulatory issues in a timely manner as well as be able to capture and transfer knowledge learned through experience. In an ever evolving and resource-constrained climate, it is of paramount importance that the agency implements its programs as effectively and efficiently as possible.

Strategy 1-1: Identify risk areas associated with NRCs oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. NRC's licensing and certification activities.

b. NRCs inspection activities.

c. NRC activities for promoting a strong internal/external safety culture.

d. NRC's research activities.

e. NRCs risk management of aging, obsolescence, and decommissioning.

f. NRC's ability to timely identify and effectively respond to emerging technical and regulatory issues.

g. NRCs actions to integrate operating experience and lessons-learned into regulatory activities.

h. NRCs oversight of supply chain vulnerabilities to include the prevention of counterfeit, fraudulent, and substandard items entering the supply chain.

i. NRCs efforts to address stakeholder and staff safety concerns (including those expressed as non-concurrences and Differing Professional Opinions) related to NRCs oversight of nuclear facilities.

j. Internal/external stakeholders concerns and allegations related to NRCs oversight of nuclear facilities.

5 Strategy 1-2: Identify risk areas facing NRC's oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. NRC's implementation of programs for tracking nuclear materials.

b. NRC's regulatory activities with Agreement States.

c. NRC's licensing and certification activities.

d. NRCs inspection activities.

e. NRC activities for promoting a strong internal/ external safety culture.

f. NRC's research activities.

g. NRCs risk management of aging, obsolescence, and decommissioning.

h. NRC's ability to timely identify and effectively respond to emerging technical and regulatory issues.

i. NRCs actions to integrate operating experience and lessons-learned into regulatory activities.

j. NRCs efforts to address stakeholder and staff safety concerns (including those expressed as non-concurrences and Differing Professional Opinions) related to NRCs oversight of nuclear materials.

k. Internal/external stakeholders concerns and allegations related to NRCs oversight of nuclear materials.

Strategy 1-3: Identify risk areas associated with NRC's oversight of high-level and low level waste, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. NRCs regulatory activities involving any interim and/or permanent high-level radioactive waste repositories.

b. NRC's licensing and certification activities.

c. NRCs inspection activities.

d. NRC activities for promoting a strong internal/external safety culture.

e. NRC's research activities.

f. NRC's ability to timely identify and effectively respond to emerging technical and regulatory issues.

g. NRCs actions to integrate operating experience and lessons-learned into regulatory activities.

6

h. NRCs efforts to address stakeholder and staff safety concerns (including those expressed as non-concurrences and Differing Professional Opinions) related to NRCs oversight of high-level and low-level waste.

i. Internal/external stakeholders concerns and allegations related to NRCs oversight of high-level and low-level waste.

Strategic Goal 2: Security Strengthen NRCs security efforts in response to an evolving threat environment.

Discussion: NRC must ensure that nuclear power and materials licensees take adequate measures to protect their facilities against radiological sabotage. NRC faces the challenge of adapting to dynamic threats while also maintaining a stable security oversight regime commensurate with the agency's mission as a fair and impartial regulator. NRC has well-established inspection programs for evaluating the physical, cyber, and personnel security activities of nuclear power and materials licensees.

NRC must respond to a cyber threat environment where adversaries' tactics and capabilities rapidly evolve. Cyber security also entails oversight challenges related to the mix of digital and analog systems at NRC licensees. For example, digital equipment upgrades could impact licensee operations and security.

NRC plays a critical role in overseeing and supporting the emergency preparedness and incident response capabilities of its licensees. This oversight includes the integration of licensee plans with government agencies in light of natural disasters and terrorist threats.

NRC supports U.S. international interests in both the safe and secure use of nuclear material and technology and nuclear non-proliferation. This includes improving controls on the import and export of nuclear materials and equipment and exercising its international oversight commitments.

Strategy 2-1: Identify risk involved in securing nuclear reactors, fuel cycle facilities, and materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. Adequacy of NRC oversight of security of nuclear reactors, fuel cycle facilities, materials, and waste facilities.

b. Adequacy of NRC responses to an evolving threat environment.

c. NRC coordination with other agencies.

7

d. Adequacy of NRC efforts to develop and implement a comprehensive cyber security program for nuclear power plants and fuel cycle facilities.

e. NRCs oversight of licensee security responsibilities.

f. NRCs response to complaints or incidents related to a chilled work environment.

g. Effectiveness of NRCs oversight against radiological sabotage and theft or diversion of materials.

h. NRCs efforts to address stakeholder and staff concerns (including those expressed as non-concurrences and Differing Professional Opinions) related to the securing of nuclear reactors, fuel cycle facilities, and materials.

i. Internal/external stakeholders concerns and allegations related to the securing of nuclear reactors, fuel cycle facilities, and materials.

Strategy 2-2: Identify risks in emergency preparedness and incident response, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Action: Conduct audits/evaluations and/or investigations in the following areas:

a. NRCs management of emergency preparedness guidelines, regulations, and programs.

b. NRCs management of coordination with Federal, state, and local governments, and licensees.

c. NRCs addressing and responding to emergencies and nuclear incidents.

d. NRCs efforts to address stakeholder and staff security concerns (including those expressed as non-concurrences and Differing Professional Opinions) related to emergency preparedness and incident response.

e. Internal/external stakeholders concerns and allegations related to emergency preparedness and incident response.

Strategy 2-3: Identify risks in international security activities and conduct audits and/or investigations that lead to program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. NRCs international activities, (i.e., material control and accountability, incident response, and non-proliferation, import and export of nuclear materials).

b. NRCs efforts to address stakeholder and staff security concerns (including those expressed as non-concurrences and Differing Professional Opinions) related to international security activities.

8

c. Internal/external stakeholders concerns and allegations related to international security activities.

Strategic Goal 3: Corporate Management Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.

Discussion: NRC faces significant challenges to efficiently, effectively and economically manage its corporate resources within the parameters of its budget. NRC must continue to provide infrastructure and support to accomplish its regulatory mission while responding to continuous scrutiny of budgetary levels, evolving regulatory requirements, changing industry and market conditions, and the continuously developing security threat environment.

Addressing limitations upon agency budgetary and financial resources and the resulting impact on organizational staffing, human capital, information management and internal financial oversight will require a continuing, well considered process of adaptation throughout the next strategic planning period. NRC must continue its efforts to maintain its capability to effectively use its financial resources and to manage other factors that are largely budget dependent. Such factors include reductions in long-tenured staffing, which require knowledge preservation and transfer, the effective deployment of limited resources to meet changing regulatory requirements, efficient adaptation to changing industry conditions, and the need for continued improvement in information technology capabilities.

Further, NRC must protect its infrastructure and take the necessary steps to ensure that its staff, facilities, information, and information technology assets are adequately protected against insider and external threats while maintaining operations. NRC faces the challenge of balancing transparency with information security.

OIG will continue to target corporate management risk areas for audits and investigations, to fulfill its statutory responsibilities to evaluate agency financial management, and work with NRC to identify and improve areas of weakness, particularly in areas subjected to budgetary pressures.

Strategy: 3-1: Identify areas of corporate management risk within NRC and conduct audits and/or investigations that lead to NRC program improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. NRCs management of human capital to include training and development programs, knowledge management, and recruiting and retention activities.

9

b. NRCs financial management practices to include development and collection of fees and budget processes.

c. Provide reasonable assurance that NRCs financial statements are presented fairly in all material aspects.

d. NRCs development, implementation, and lifecycle management of information technology tools and systems.

e. NRCs management of administrative functions, such as training, procurement, property and facilities.

f. The efficiency and effectiveness of NRC's management of changes caused by internal and external factors.

g. NRC activities and their effectiveness in fostering an environment where corporate management issues can be raised without fear of retaliation.

h. NRCs efforts to address stakeholder and staff corporate management concerns (including those expressed as non-concurrences and Differing Professional Opinions) related to human capital, procurement, and information technology.

i. Internal/external stakeholders concerns and allegations related to human capital, procurement, financial management, and information technology.

Strategy 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. NRCs management of threats to its facilities, personnel, and information systems.

b. NRCs implementation of physical, personnel, and cyber security controls and procedures.

c. Internal and external cyber breaches of NRCs infrastructure.

d. NRCs management of controls on transparency and information security.

e. NRCs efforts to address stakeholder and staff security concerns (including those expressed as non-concurrences and Differing Professional Opinions) related to the maintenance of a secure infrastructure and the balance of transparency and information security.

f. Internal/external stakeholders concerns and allegations related to the maintenance of a secure infrastructure and the balance of transparency and information security.

10 OIG PERFORMANCE DATA FOR NRC The following tables include OIGs strategic goals, measures, and targets for the NRC based on this strategic plan. They also provide actual performance data for FY 2015-FY 2019.

OIG Strategic Goal 1: Strengthen NRCs Efforts To Protect Public Health and Safety and the Environment 2015 2016 2017 2018 2019 Measure 1: Percentage of OIG products and activities that have a high impact1 on improving the NRCs safety program2 Target 85%

85%

85%

85%

Actual 100%

100%

100%

91%

Measure 2. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency safety programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).3 Target 85%

Actual 100%

Measure 3. Percentage of audit recommendations agreed to by agency Target 92%

92%

92%

92%

92%

Actual 86%4 100%

95%

100%

100%

Measure 4. Percentage of final agency actions taken within 2 years on audit recommendations Target 70%

70%

70%

70%

70%

Actual 47%5 76%

75%

67%6 78%

Measure 5. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency safety programs; ratify adherence to policies/procedure; or confirm or disprove allegations of wrongdoing (e.g., high impact).7 Target 85%

Actual 100%

Measure 6. Percentage of agency actions taken in response to investigative reports.

Target 90%

90%

90%

90%

90%

Actual 100%

100%

0%8 N/A N/A Measure 7. Percentage of active cases completed in less than 18 months.

Target 90%

90%

90%

90%

90%

Actual 50%9 60%10 0%11 83%12 N/A Measure 8. Percentage of closed investigations referred to DOJ or other relevant authorities.13 Target 20%

20%

20%

20%

20%

Actual N/A N/A N/A 0%14 0%15 Measure 9. Percentage of closed investigations resulting in indictments, convictions, civil suits or settlements, judgments, administrative actions, monetary results, or IG clearance letters.16 Target 60%

60%

60%

60%

60%

Actual 50%

100%

0%17 0%18 N/A OIG Strategic Goal 2: Enhance NRCs Efforts To Increase Security in Response To an Evolving Threat Environment 2015 2016 2017 2018 2019 Measure 1. Percentage of OIG products and activities that have a high impact on improving the NRCs security program19 Target 85%

85%

85%

85%

Actual 100%

91%

100%

100%

Measure 2. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency security programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).20 Target 85%

Actual 100%

Measure 3. Percentage of audit recommendations agreed to by the agency.

Target 92%

92%

92%

92%

92%

Actual 100%

100%

100%

100%

100%

11 2015 2016 2017 2018 2019 Measure 4. Percentage of final agency actions taken within 2 years on audit recommendations.

Target 70%

70%

70%

70%

70%

Actual 82%

64%21 55%22 88%

78%

Measure 5. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency security programs; ratify adherence to policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact).23 Target 85%

Actual 100%

Measure 6. Percentage of agency actions taken in response to investigative reports.

Target 90%

90%

90%

90%

90%

Actual 100%

100%

N/A N/A N/A Measure 7. Percentage of active cases completed in less than 18 months.

Target 90%

90%

90%

90%

90%

Actual 100%

80%24 100%

N/A 33%25 Measure 8. Percentage of closed investigations referred to DOJ or other relevant authorities.

Target 20%

20%

20%

20%

20%

Actual N/A 100%

50%

N/A 0%26 Measure 9. Percentage of closed investigations resulting in indictments, convictions, civil suits or settlements, judgments, administrative actions, monetary results or IG clearance letters.

Target 60%

60%

60%

60%

60%

Actual 100%

100%

33%27 N/A 33%28 OIG Strategic Goal 3: Improve the Economy, Efficiency, and Effectiveness with Which NRC Manages and Exercises Stewardship Over Its Resources 2015 2016 2017 2018 2019 Measure 1. Percentage of OIG completed products and activities that have a high impact on improving corporate management Programs.29 Target 85%

85%

85%

85%

Actual 87%

85%

93%

88%

Measure 2. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency corporate management programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).30 Target 85%

Actual 100%

Measure 3. Percentage of audit recommendations agreed to by the agency.

Target 92%

92%

92%

92%

92%

Actual 100%

100%

100%

100%

100%

Measure 4. Percentage of final agency actions taken within 2 years on audit recommendations.

Target 70%

70%

70%

70%

70%

Actual 90%

80%

81%

62%31 67%32 Measure 5. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency corporate management programs; ratify adherence to policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact).33 Target 85%

Actual 86%

Measure 6. Percentage of agency actions taken in response to investigative reports.

Target 90%

90%

90%

90%

90%

Actual 100%

100%

89%34 100%

100%

Measure 7. Percentage of active cases completed in less than 18 months.

Target 90%

90%

90%

90%

90%

Actual 58%35 78%36 85%37 72%38 59%39 Measure 8. Percentage of closed investigations referred to DOJ or other relevant authorities.

Target 20%

20%

20%

20%

20%

Actual 28%

45%

44%

12%40 25%

Measure 9. Percentage of closed investigations resulting in indictments, convictions, civil suits or settlements, judgments, administrative actions, monetary results, or IG clearance letters.

Target 60%

60%

60%

60%

60%

Actual 73%

71%

70%

46%41 42%42

12 Section II. OIGs Strategic Goals, Strategies, Action, and Performance for DNFSB The OIG Strategic Plan features three goals and guides the activities of the Audits and Investigations programs at DNFSB for FY 2019 through FY 2023. OIGs audit and investigative oversight responsibilities are derived from the agencys wide array of programs, functions, and support activities established to accomplish DNFSBs mission.

OIG Strategic Goals for DNFSB

• Strengthen DNFSBs efforts to oversee the safe operation of DOE defense nuclear facilities.

• Strengthen DNFSBs security efforts in response to an evolving threat environment.

• Increase the economy, efficiency, and effectiveness with which DNFSB manages and exercises stewardship over its resources.

The plan presents OIGs priorities for the covered timeframe and describes OIGs strategic direction to stakeholders, including the DNFSB Chairman and the U.S. Congress. It also strengthens OIG by providing a shared set of expectations regarding the goals OIG expects to achieve and the strategies that will be used to do so. OIG adjusts the plan as circumstances necessitate, uses it to develop its annual plan and performance budget, and holds managers and staff accountable for achieving the goals and outcomes.

OIGs strategic plan also includes a number of supporting strategies and actions that describe planned accomplishments. Through associated annual planning activities, audit and investigative resources focus on assessing DNFSBs safety, security, and corporate management programs involving the major challenges and risk areas facing the DNFSB. The work of OIG auditors and investigators support and complement each other in the pursuit of these objectives.

Strategic Goal 1: Safety Strengthen DNFBs efforts to oversee the safe operation of DOE defense nuclear facilities.

Strategy 1-1: Identify risk areas associated with DNFSBs oversight of DOE defense nuclear facilities and conduct audits and/or investigations that lead to improved DNFSB performance and communications.

Action: Conduct audits/evaluations and/or investigations in the following areas:

a. DNFSBs work plan development process.

b. DNFSBs process for reviewing designs for construction and modifications.

13

c. DNFSBs process for reviewing decommissioning progress.

d. DNFSBs process for balancing the assessment for emergent issues versus planned work.

e. DNFSBs process for maintaining staffs technical skill sets.

f. DNFSBs conduct of self-assessment (to include mission effectiveness and communication with DOE) and process improvement.

g. DNFSBs automated work and issue tracking capabilities.

h. Internal/external stakeholders concerns and allegations related to DNFSBs oversight of DOE defense nuclear facilities.

Strategic Goal 2: Security Strengthen DNFSBs security efforts in response to an evolving threat environment.

Strategy 2-1: Identify risks in maintaining a secure infrastructure (i.e., facility, personnel, and cyber security), and conduct audits and/or investigations that lead to DNFSB improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. DNFSBs management of threats to its facility, personnel, and information systems.

b. DNFSBs implementation of facility, personnel, and cyber security controls and procedures.

c. Internal and external cyber breaches of DNFSBs infrastructure.

d. The adequacy of DNFSBs response to complaints or incidents related to a chilled work environment.

e. Physical and personnel security, including insider threat mitigation or economic espionage.

f.

Internal/external stakeholders concerns and allegations related to the security of DNFSBs infrastructure.

Strategy 2-2: Identify risks in balancing transparency and information security, and conduct audits and/or investigations that lead to DNFSB improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. DNFSBs management of controls on transparency and information security.

b. Information security violations.

c. Internal/external stakeholders concerns and allegations related to the balance of transparency and information security.

14 Strategy 3-1: Identify areas of corporate management risk within DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. DNFSBs management of human capital to include training and development programs, knowledge management, and recruiting and retention activities.

b. DNFSBs management of administrative functions and financial activities to include congressional requirements.

c. DNFSBs development, implementation, and lifecycle management of information technology tools and systems.

d. DNFSBs management of change through its implementation of best practices (to include training, project management, knowledge management, and process improvement).

e. Implementation of processes at DNFSB to encourage an environment where technical or non-technical issues can be raised without fear of retaliation.

f. Internal/external stakeholders concerns and allegations related to human capital, procurement, financial management, and information technology.

Strategic Goal 3: Corporate Management Increase the economy, efficiency, and effectiveness with which DNFSB manages and exercises stewardship over its resources.

15 OIG PERFORMANCE DATA FOR DNFSB Performance Measures for the DNFSB OIG Program 2015 2016 2017 2018 2019 Measure 1. Percentage of OIG audits undertaken and issued within a year.43 Target 60%

60%

60%

60%

Actual 83%

100%

100%

100%

Measure 2. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency safety, security, or corporate management programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).44 Target 85%

Actual 100%

Measure 3. Percentage of audit recommendations agreed to by the agency.45 Target 50%

Actual 100%

Measure 4. Percentage of final agency Board actions taken within 2 years on audit recommendations.46 Target 50%

50%

50%

50%

50%

Actual 100%

100%

100%

100%

75%

Measure 5. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency safety, security, or corporate management programs; ratify adherence to policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact).47 Target 85%

Actual 100%

Measure 6. Percentage of Board actions taken in response to investigative reports.48 Target 90%

90%

90%

90%

90%

Actual 100%

100%

100%

N/A N/A Measure 7. Percentage of active cases completed in less than 18 months.49 Target 85%

85%

85%

85%

85%

Actual 100%

100%

100%

N/A 25%50 SECTION III. OIGS HUMAN CAPITAL GOAL, STRATEGIES, ACTIONS, AND PERFORMANCE DATA The Office of Personnel Management (OPM) issued 5 CFR Part 250, Personnel Management in Agencies, effective April 11, 2017, to align human capital management practices to broader agency strategic planning activities, and better align human capital activities with an agencys mission and strategic goals. OPM envisioned this would enable agency leadership to better leverage the workforce to achieve results.

OIG Strategic Human Capital Goal:

Maintain support for a workforce that is skilled, collaborative, and engaged in high-impact audit, investigative, and other activities for the Office of the Inspector General.

Based on the direction in 5 CFR Part 250 and recognizing the potential benefits of a strategic human capital goal, OIG developed a goal, strategies, and actions that focus specifically on maintaining and supporting excellence in OIGs workforce. Unlike OIGs other strategic goals, the human capital goal is not specific to NRC or DNFSB, but rather is applicable to the entire OIG staff regardless of job function or agency focus.

16 Strategy 1-1: Provide continual learning and professional development opportunities.

Action:

Require all staff to prepare an individual training and development plan to be reviewed and approved by their supervisor that describes skills needed and the corresponding training and developmental activities identified to meet an employees career goals and support work assignments.

Strategy 1-2: Increase collaboration and knowledge sharing across OIG.

Actions:

a. Enhance knowledge sharing at audits/investigations counterpart meetings.

b. Seek opportunities for audits and investigations staff to support each other in ongoing work.

Strategy 1-3: Ensure prioritization of critical work activities and appropriate alignment with available resources.

Action:

Assign resources to maximize timely completion of high-impact activities.

Strategy 1-4: Support staff efforts to optimize work-life balance.

Action:

Integrate work activities with opportunities to telework.

PERFORMANCE DATA FOR OIG HUMAN CAPITAL GOAL The following table presents OIGs strategic measures for OIGs human capital goal. OIG began measuring these items in FY 2019.

Performance Measures for the OIG Human Capital Goal 2015 2016 2017 2018 2019 Measure 1. Percentage of OIG employees with approved Individual training/development plans.

Target 90%

Actual 100%

Measure 2. Percentage of audits and investigations that involve collaboration between the two entities.

Target 25%

Actual 18%51 Measure 3. Percentage of OIG employee FEVS responses that reflect a positive work-life balance52 Target 70%

Actual 71%

17 IV. RESOURCES, METHODOLOGY, CROSS-CUTTING FUNCTIONS, AND PEER REVIEWS Resources The following table depicts the relationship of the NRC Inspector General program and associated FY 2019 budget resources to the OIGs strategic and general goals.

Program Links to Strategic and General Goals

($M)

OIG Strategic and General Goals for NRC Advance NRCs Safety Efforts ($M)

Enhance NRCs Security Efforts ($M)

Improve NRCs Corporate Management ($M)

FY 2019 Programs ($11,506; 58 FTE)

Audits

($7,611; 37 FTE)

$3,275 18.5 FTE

$1,297 6.5 FTE

$3,039 12.0 FTE Investigations

($3,895; 21 FTE)

$1,516 8.0 FTE

$0.649 3.5 FTE

$1,730 9.5 FTE The following table shows the breakdown of audit and investigative resources applied at DNFSB. OIG does not align performance at DNFSB to strategic goals due to the small size of the agency but examines completion of goals overall.

Breakdown of Audit and Investigative Resources at DNFSB

($1,103; 5 FTE)

Dollars

($K)

FTE Audits

$907 4.0 Investigations

$196 1.0 Verification and Validation of Measured Values and Performance OIG uses an automated management information system to capture program performance data for the Audits and Investigations Programs. The integrity of the system was thoroughly tested and validated prior to implementation. Reports generated by the system provide both detailed information and summary data. All system data are deemed reliable.

Cross-Cutting Functions with Other Government Agencies NRC OIG has cross-cutting functions with other law enforcement agencies. For example, OIG provides investigatory case referrals to the Department of Justice (DOJ). It also coordinates investigative activities with U.S. Attorneys offices, as well as with other agencies as required.

18 Peer Reviews The NRC OIG audit program was peer reviewed in 2018 by the OIG for the Board of Governors of the Federal Reserve System and the Bureau of Consumer Financial protection in a report dated September 4, 2018, NRC OIG received an external peer review rating of pass. This is the highest rating possible based on the available options of pass, pass with deficiencies, or fail.

In addition, an independent investigative peer review was conducted in July 2019 by the Department of Commerce OIG. The program was found to be in full compliance with quality standards established by the Council of the Inspectors General on Integrity and Efficiency and the Attorney General Guidelines for Offices of Inspectors General with Statutory Law Enforcement Authority.

V. Conclusion OIG met more than two-thirds (68 percent) of its audit, investigative, and human capital measures for FY 2019 by achieving or exceeding 19 of 28 measurable items (5 investigative items were not measurable because there were no investigations applicable to these measures during FY 2019). One audit related measure was not met because the associated audit recommendations, by their nature, took longer than 2 years to complete. Seven investigative measures were not met due to varying circumstances (e.g., cases did not meet the criteria for referral, case complexity and competing priorities required contributed to completion times greater than 18 months, OIG played a cooperating role with another agency, the agency did not take action, or the subject left the agency). Regarding OIGs new human capital goal concerning collaboration among OIG entities, OIGs initial target of 25 percent was selected without the benefit of historic data and will need to be reevaluated as data is gathered concerning the types of collaboration that occur and determination of an appropriate target to realistically encourage further collaboration. OIG continuously reviews its strategic plan to ensure that its goals and work strategies continue to add value to NRC in carrying out its important safety and security mission.

19 1 High impact is the effect of an issued report or activity undertaken that results in: (a) confirming risk areas or management challenges that caused the agency to take corrective action, (b) real dollar savings or reduced regulatory burden, (c) identifying significant wrongdoing by individuals that results in criminal or administrative action, (d) clearing an individual wrongly accused, or (e) identifying regulatory actions or oversight that may have contributed to the occurrence of a specific event or incident or resulted in a potential adverse impact on public health or safety.

2 This measure was replaced, beginning in FY 2019, with measures 2 and 5 to clarify the definitions of high impact for audits and investigations.

3 This high-impact measure for audits was added, beginning in FY 2019.

4 The agency required more than 90 days to resolve the two recommendations in the audit of NRCs oversight of active component aging. Subsequently both recommendations were resolved and closed.

5 The agency required more than 2 years for final action on one of four recommendations on the audit of the NRCs issuance of general licenses. These recommendations are now closed.

6 Several audit reports included recommendations that required more than 2 years for the agency to finalize action on. These recommendations are now closed.

7 This high-impact measure for investigations was added beginning in FY 2019.

8 Only one case was applicable to this measure and the agency did not take action in response to the report.

9 Of two active investigative cases measured in the safety arena for the year, one case was closed in less than 18 months, which resulted in an achievement rate of 50 percent.

10 The complexity of two investigations in the safety arena required additional time to close these investigations.

11 There was only one case applicable to this measure; the case was not closed within 18 months.

12 Five out of six cases were closed within 18 months. The sixth case took longer due to case complexity and the ongoing nature of the issue.

13 In FY 2014, OIG began to measure closed investigations that resulted in a referral to the Department of Justice, State or local law enforcement officials, or relevant administrative authority.

14 Neither of the safety related investigations warranted referral because neither identified a criminal violation of law.

15 There was only one applicable case in FY 19 which was not referred because it was not eligible for referral.

16 Starting in FY 2014, OIG began measuring the percentage of closed investigations that resulted in an indictment, conviction, civil suit or settlement, judgment; administrative action, or monetary result. Starting in FY 2017, OIG added closed investigations that resulted in IG clearance letters to this measure. A clearance letter is a document provided to an employee in cases where an investigation is initiated in response to an allegation of employee misconduct and the misconduct is not substantiated.

17 Only one case was applicable to this measure and it did not result in any of the listed outcomes.

18 Four technical cases focused on safety related procedures; none involved had individual misconduct and none were substantiated.

19 This measure was replaced, beginning in FY 2019, with measure 2 and 5 to clarify the definitions of high impact for audits and investigations.

20 This high-impact measure for audits was added, beginning in FY 2019.

21 One audit recommendation in the security arena required additional time to close. This recommendation has been closed.

22 Four of eight recommendations on the Independent Evaluation of NRCs Implementation of the Federal Information Security Management Act (FISMA) for Fiscal Year 2012 required additional time to close. These four recommendations have since been closed.

23 This high-impact measure for investigations was added beginning in FY 2019.

24 The complexity of one investigation in the security arena required additional time to close this investigation.

25 The two cases eligible did not meet the target due to case complexity and competing priorities.

26 The two cases eligible for referral did not meet the criteria for referral.

27 Only one of three closed investigations resulted in an indictment, conviction, civil suit or settlement, judgment, administrative action, monetary result or IG clearance letter which resulted in an achievement rate of 33 percent.

28 Two out of three cases did not meet this measure. One case was a joint operation in which OIG provided support. In the other, case the employee left before action could be taken.

29 This measure was replaced, beginning in FY 2019, with measure 2 and 5 to clarify the definitions of high impact for audits and investigations.

30 This high-impact measure for audits was added, beginning in FY 2019.

31 Several audit reports included recommendations that require more than two years for the agency to finalize action on. The agency is working to finalize actions so that these recommendations can be closed.

32 Recommendations required additional time to close due to system changes that were needed.

33 This high-impact measure for investigations was added beginning in FY 2019.

34 One of nine investigative cases resulted in no action taken in response to an investigative report which resulted in an 89 percent achievement rate 35 In the corporate management arena, OIG needed more than 18 months to complete action on average for 18 of 31 cases.

36 The complexity of several investigations in the corporate management arena required additional time to close these investigations.

37 The complexity of several investigations required additional time to close these investigations.

38 The complexity of several investigations required additional time to close these investigations.

39 Due to the complexity and competing priorities, several investigations required additional time to close.

40 Although OIG initially identified 17 cases with potential criminal violations, only 2 developed sufficient evidence to warrant referral.

20 41 Two investigations were inconclusive; therefore, a clearance letter could not be issued. In another case, misconduct was identified; however, the agency did not take action.

42 In several cases, either the subject left the agency before the agency could take action or the cases pertained to ownership of prohibited securities; therefore, a clearance memo was not warranted.

43 OIG anticipates issuing six audit reports per year. This measure has been tracked since FY 2015 and replaced with measure 2 beginning in FY 2019.

44 This high-impact measure for audits was added, beginning in FY 2019.

45 This measure was added, beginning in FY 2019 46 This measure has been tracked since FY 2015.

47 This high-impact measure for investigations was added, beginning FY 2019.

48 This measure has been tracked since FY 2015.

49 This measure has been tracked since FY 2015.

50 Out of the four cases, one case completed within 18 months. A second case was referred; however, the individual retired before the agency could take action and the 18-month target was exceeded.

51 OIG began measuring this item in FY 2019 to encourage optimum collaboration among OIG components. An initial target of 25 percent was established without the benefit of historic data. OIG intends to reassess the target after collecting further data on how often and what types of collaboration are occurring within the office.

52 For this measure, OIG seeks to assess primarily work-life balance matters within OIGs control. OIG identified six FEVS 2019 questions as indicators of overall OIG specific work-life satisfaction: #5 I like the kind of work I do; #10 My workload is reasonable;

1. 42 My supervisor supports my need to balance work and other life issues; #62 Senior leaders demonstrate support for work-life programs; #69 Considering everything, how satisfied are you with your job; and #81 How satisfied are you with the following Work-Life programs in your agency? Alternative Work Schedules (for example, CWS, AWS). Although #81 pertains to the agencys programs, the response can reasonably be construed to indicate satisfaction with OIGs implementation of scheduling alternatives. To derive a score OIGs human capital measure related to work-life balance, the percentages of positive responses to each of these questions were totaled and divided by 6, providing an indicator of OIG respondents work-life balance satisfaction.