Text

Office of the Inspector General, Semiannual Report to Congress for Period Ending September 30, 2020
	ML20335A211
Person / Time
Issue date:	09/30/2020
From:	; NRC/OIG
To:	;
References
	Download: ML20335A211 (84)
	v • d • e

Semiannual Report to Congress April 1, 2020September 30, 2020 U.S. Nuclear Regulatory Commission Defense Nuclear Facilities Safety Board

OIG VISION Advancing nuclear safety and security through audits, evaluations, and investigations.

OIG MISSION Provide independent, objective audit and investigative oversight of the Nuclear Regulatory Commission and the Defense Nuclear Facilities Safety Board operations to protect people and the environment.

COVER PHOTOS:

Background Photo: Calvert Cliffs nuclear power plant.

From left to right:

1. NuScale Power small modular reactor. (Photo courtesy: NuScale Power, LLC.)

2. Reactor nuclear fuel rod assembly.

3. Calvert Cliffs nuclear power plant.

4. NuScale Power small modular reactor. (Photo courtesy: NuScale Power, LLC.)

The NRC Office of the Inspector General Semiannual Report to Congress i April 1, 2020, to September 30, 2020

A MESSAGE FROM THE INSPECTOR GENERAL It is my pleasure to present my first Semiannual Report to Congress as Inspector General of the Nuclear Regulatory Commission (NRC) and the Defense Nuclear Facilities Safety Board (DNFSB). While theres no question that onboarding as an Inspector General during a global pandemic has presented its own unique challenges, it is also true that doing so created, by necessity, real efficiencies and tangible opportunities to streamline our operations. The warm and welcoming reception I received from my dedicated staff was not diminished in any manner by having to engage virtually, rather than in-person. I am grateful for the opportunity to lead this extraordinary group of managers, auditors, investigators, and support staff, and Im proud of their exceptional work.

This report highlights some of that work, completed between April 1, 2020, and September 30, 2020. During this time, we issued thirteen audit and evaluation reports, and recommended several ways to improve NRC and DNFSB safety, security, and corporate management programs. We also opened fourteen investigative cases and completed twenty-three, two of which were referred to the Department of Justice, and three of which were referred to NRC management for action.

Our reports are intended to strengthen the NRCs and DNFSBs oversight of their myriad endeavors and reflect the legislative mandate of the Inspector General Act, which is to identify and prevent fraud, waste, and abuse.

Summaries of the reports herein include reviews of the NRCs property management program, emergency preparedness program, surveillance test inspection program, and integrated materials performance evaluation program. We also highlighted our review of the oversight of radiation safety officers and the implementation of the drug-free workplace program, as well as cases involving grant fraud at a university, employee misconduct, depleted uranium on military bases, and government credit card fraud. Further, this report includes summaries of the legislatively mandated reports we issued, such as reviews of our compliance with relevant congressional Acts, and of the NRCs and the DNFSBs plans for returning employees to federal offices considering the COVID-19 pandemic.

One need only read a snapshot of the latest current event headlines to see the dramatic changes that are afoot with respect to the critical role of Inspectors General in the government, and the growing reliance on them.

Consequently, my vision for the office embodies significant growth in several key areas, including but not limited to expanded public outreach and the maintenance of a greater online and/or social media presence, broader congressional outreach and dialogue, expanding our personnel roster to meet the growing demand for IG services, information technology upgrades, and finding a larger, more updated, and more suitable physical workspace to accommodate our evolving needs, in order to create what I hope will be a state-of-the-art Office of Inspector General.

Our team dedicates their efforts to promoting the integrity, efficiency, and effectiveness of NRC and DNFSB programs and operations, and I greatly appreciate their commitment to that mission. Our success would not be possible without the collaborative efforts between my staff and those of the NRC and the DNFSB to address OIG findings and implement corrective actions in a timely manner. I thank them for their dedication, and I look forward to continued cooperation as we work together to ensure the integrity and efficiency of agency operations.

Robert J. Feitel Robert J. Feitel Inspector General The NRC Office of the Inspector General Semiannual Report to Congress ii April 1, 2020, to September 30, 2020

The NRC Headquarters complex.

The NRC Office of the Inspector General Semiannual Report to Congress iii April 1, 2020, to September 30, 2020

CONTENTS Highlights ............................................................................................ .vi Audits.................................................................................................................. vi Investigations ............................................................................................................. x Overview of the NRC and the OIG ................................................... 1 The NRCs Mission ...................................................................................................1 OIG History, Mission, and Goals ..............................................................................2 OIG History ........................................................................................................2 OIG Mission and Goals ......................................................................................3 OIG Programs and Activities ............................................................. 5 Audit Program ...........................................................................................................5 Investigative Program ................................................................................................6 OIG General Counsel Regulatory Review ................................................................7 Other OIG Activities .................................................................................................9 NRC Management and Performance Challenges ........................... 13 NRC Audits ......................................................................................... 14 Audit Summaries .................................................................................................... 14 Audits in Progress................................................................................................... 23 NRC Investigations ............................................................................ 28 Investigative Case Summaries ................................................................................ 28 Defense Nuclear Facilities Safety Board .......................................... 35 DNFSB Management and Performance Challenges ....................... 36 DNFSB Audits .................................................................................... 37 Audit Summaries .................................................................................................... 37 Audits in Progress................................................................................................... 39 DNFSB Investigations ........................................................................ 41 Investigative Case Summaries ................................................................................ 41 Summary of OIG Accomplishments at the NRC ............................ 45 NRC Investigative Statistics ....................................................................................45 NRC Audit Listings .................................................................................................47 NRC Audit Resolution Activities ............................................................................49 Summary of OIG Accomplishments at the DNFSB ........................ 52 DNFSB Investigative Statistics ...............................................................................52 DNFSB Audit Listings ............................................................................................54 DNFSB Audit Resolution Activities .......................................................................55 Unimplemented Audit Recommendations ....................................... 57 NRC .........................................................................................................................57 DNFSB ....................................................................................................................64 Abbreviations and Acronyms............................................................ 67 Reporting Requirements ................................................................... 68 Appendix ............................................................................................. 69 The NRC Office of the Inspector General Semiannual Report to Congress iv April 1, 2020, to September 30, 2020

A Resident Inspector performs a walk through inspection at Calvert Cliffs nuclear power plant.

The NRC Office of the Inspector General Semiannual Report to Congress v April 1, 2020, to September 30, 2020

HIGHLIGHTS The following sections highlight selected audits and investigations completed during this reporting period. More detailed summaries appear in subsequent sections of this report.

Audits Nuclear Regulatory Commission

The U.S. Nuclear Regulatory Commissions (NRC) property management program is subject to guidance in Public Law (P.L.) 107-217, Codifying Title 40, United States Code- Public Buildings, Property, and Works. Several space and property management automated systems support the program and include documentation of the receipt, management, and disposal processes. The NRC is required to establish internal control activities that are implemented correctly, are documented, and use and communicate quality information. The Office of the Inspector General (OIG) examined the NRCs system of internal controls for maintaining accountability and controls of government property.

The U.S. Department of Health and Human Services declared a Public Health Emergency on January 31, 2020, in response to the Coronavirus Disease-2019 (COVID-19) outbreak. The federal government took steps to contain the spread of COVID-19 among its workforce. The NRC made telework mandatory for all but a few employees effective March 19, 2020. On June 15, the Chairman of the Subcommittee on Government Operations, House Government Oversight and Reform Committee requested a review of the NRCs plans and procedures for returning employees to federal offices.

The NRC issues licenses for medical, industrial, and academic uses of source, byproduct, and special nuclear materials. The NRC expects that licensees will assign a qualified individual to serve as the Radiation Safety Officer (RSO) for licensed activities and name that individual on the license. The RSO is the person responsible for the licensees radiation protection program and is key to overseeing and ensuring its safe operation. Additionally, for up to 60 days each year, a licensee may permit an individual to function as a temporary RSO. RSOs must have adequate training to understand the hazards associated with radioactive material and be familiar with all applicable regulatory requirements. The audit examined the adequacy of the NRCs regulatory oversight of RSOs.

In February of 2020, the OIG contracted with an international survey firm and partnered with them to assess the NRCs safety culture and climate, as well as other aspects of employee experience such as engagement. The company, Willis Towers Watson (WTW), conducted the NRC Safety Culture and Climate Survey for approximately 2,802 employees. The survey was designed based on information gathered from onsite and phone interviews and onsite focus groups.

The analysis from the interviews and focus group meetings aided in the development of the survey instrument.

The NRC Office of the Inspector General Semiannual Report to Congress vi April 1, 2020, to September 30, 2020

The federal Drug-Free Workplace Program is a comprehensive program to address illicit drug use by federal employees. On September 15, 1986, President Reagan signed Executive Order 12564, establishing the goal of a drug-free federal workplace. The Order made it a condition of employment that all federal employees refrain from using illegal drugs on or off duty. The audit assessed the effectiveness and efficiency of the NRCs implementation of the Drug-Free Workplace Program.

The Three Mile Island Unit 2 reactor, near Middletown, Pennsylvania, partially melted down on March 28, 1979. This was the most serious commercial nuclear power plant accident in the U.S. Following the accident, the Federal Emergency Management Agency (FEMA), created in 1979, was assigned the responsibility to ensure offsite readiness. The statutory relationship between the NRC and the FEMA is governed by a memorandum of understanding (MOU), which delineates the authorities of each agency, as well as their separate and shared responsibilities for radiological emergency preparedness. Under the MOU, the NRC and the FEMA have developed parallel regulations and guidance documents to align their actions. The NRC reviews and approves nuclear power plant onsite emergency plans as a license condition and inspects equipment and organizational resources that support the plan. The audit examined the NRCs emergency preparedness oversight program for nuclear power plants.

NRC regulations require that resident and region-based inspectors conduct annually 13 to 21 surveillance test inspection samples per nuclear power reactor site. In calendar years 2018 and 2019, the NRC conducted 1,059 and 1,036 samples, respectively, meeting the annual sample requirements per nuclear power reactor site. NRC inspectors are responsible for performing surveillance test inspections, while regional managers are responsible for ensuring licensees complete surveillance test inspections in accordance with agency guidance. The NRC has budgeted 5,700 hours0.0081 days 0.194 hours 0.00116 weeks 2.6635e-4 months for surveillance test inspections, which is equivalent to approximately 3.8 full-time equivalents. The audit assessed the NRCs conduct of surveillance test inspection activities relative to inspection procedure requirements.

The NRC Integrated Materials Performance Evaluation Program (IMPEP) process employs a team of NRC and Agreement State staff to assess both Agreement State and NRC regional radioactive materials licensing and inspection programs. It is designed to assess whether public health and safety are adequately protected from the potential hazards associated with the use of radioactive materials, and that the Agreement State programs are compatible with the NRCs program. The IMPEP reviews approximately 8-10 Agreement State and NRC regional radioactive materials licensing and inspection programs per year. The audit assessed and evaluated the IMPEP program to determine if the program is meeting its stated objectives and to identify any areas for improvement.

The OIG issued an Official Use Only report, Independent Evaluation of the NRCs Potential Compromise of Systems (Social Engineering), which is not publicly available because it contains sensitive security information.

The NRC Office of the Inspector General Semiannual Report to Congress vii April 1, 2020, to September 30, 2020

The OIG and the Defense Contract Audit Agency (DCAA) have an interagency agreement whereby the DCAA provides contract audit services for the OIG. The DCAA is responsible for reviewing audit methodologies used to reach audit conclusions, monitoring the staffs qualifications, and ensuring compliance with the Generally Accepted Government Auditing Standards. The OIGs responsibility is to distribute the report to NRC management and follow-up on agency actions initiated as a result of this report. At the request of the OIG, the DCAA audited QiTech, LLC and provided the OIG with an audit report.

In November 2002, the Congress passed the Improper Payments Information Act of 2002 (IPIA) to enhance the accuracy and integrity of federal payments. An improper payment is (a) any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements, and (b) includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except for such payments where authorized by law), and any payment that does not account for credit for applicable discounts. The audit assessed the NRCs compliance with the IPIA.

The NRCs OIG engaged SBG Technology Solutions, Inc. (SBG), to conduct an independent evaluation of the NRCs overall information security program and practices to respond to the fiscal year (FY) 2019 Inspector General (IG) Federal Information Security Management Act (FISMA) Reporting Metrics. In FY 2019, SBG evaluated the effectiveness of the NRCs information security controls, including its policies, procedures, and practices on a representative subset of the agencys information systems. For the evaluation, SBG used the FISMA and other regulations, standards, and guidance referenced in the FY 2019 IG FISMA Reporting Metrics as the basis for evaluating the NRCs overall information security program.

The NRC Office of the Inspector General Semiannual Report to Congress viii April 1, 2020, to September 30, 2020

Defense Nuclear Facilities Safety Board

On March 13, 2020, the DNFSB activated the DNFSB Continuity of Operations Plan (COOP), dated February 2019. The DNFSB COOP delegates to the DNFSB Chairman the responsibility for providing overall decision authority and ordering the plans implementation. On June 15th, 2020, the Chairman of the Subcommittee on Government Operations, House Government Oversight and Reform Committee, requested the examination of the plans and procedures for returning employees to federal offices in the wake of the COVID-19 pandemic.

The Improper Payments Elimination and Recovery Act of 2010 (IPERA) requires agencies to perform a risk assessment at least once every 3 years for programs deemed to be at low risk for significant improper payments. Since the DNFSBs FY 2017 risk assessment found that the agency was not susceptible to significant improper payments, the DNFSB was not required to perform a risk assessment or to report its improper payment estimates or gross improper payment rate in FY 2019. The DNFSBs next risk assessment will be completed in FY 2020. The IPERA requires OIGs to determine agency compliance with the Act.

The OIG issued an Official Use Only report, Independent Evaluation of the DNBSFs Potential Compromise of Systems (Social Engineering), which is not publicly available because it contains sensitive security information.

The NRC Office of the Inspector General Semiannual Report to Congress ix April 1, 2020, to September 30, 2020

Investigations Nuclear Regulatory Commission

The OIG completed an investigation into an allegation from a citizen who questioned the NRCs handling of concerns regarding depleted uranium on U.S.

Military bases in Hawaii. Specifically, the alleger questioned why there was a public meeting on this issue in December 2013, but by the time of this complaint in 2019, the NRC had not presented a plan to address the issue.

The OIG completed an investigation into an allegation from a former contractor employee at a nuclear power plant that the NRC failed in its obligation to the safety of the public by not providing proper oversight and inspection of the plants construction. Specifically, the former contractor said the NRC relaxed safety standards, and that the NRCs responses to his allegations related to quality assurance, quality control, safety, and nuclear culture programs were not appropriately addressed by the staff.

The OIG completed an investigation into an allegation that a former NRC senior manager hand-picked an unqualified Senior Resident Inspector to participate in a special inspection after an event at a nuclear power plants independent spent fuel storage installation.

The OIG completed an investigation into an allegation that senior officials pressured staff members to approve test abstracts with insufficient review and analysis, and that the pressure caused a seriously degraded safety culture.

The OIG completed an investigation, in coordination with other federal agencies, into an allegation that a former employee at Idaho State University had falsified research and used federal contract and grant funds from multiple U.S.

government agencies for personal projects and travel. The NRC OIGs investigation focused on the employees involvement in falsely reporting student work as grant related, when, in fact, it was for his own personal business.

The OIG completed an investigation into an allegation of misconduct by an NRC employee. The alleger sent the NRC a package via the U.S. Postal Service containing two explicit photographs and a letter from the alleger stating the male in the photographs was an NRC employee, and the photographs were taken in the employees NRC office.

The OIG completed an investigation based on information from the Office of the Chief Financial Officer alleging that a government-issued travel charge card account belonging to an NRC employee reflected potentially questionable charges. The OIGs review of the NRC employees government travel charge card statements and travel vouchers identified purchases of goods and services that did not appear to be made while on official travel.

The NRC Office of the Inspector General Semiannual Report to Congress x April 1, 2020, to September 30, 2020

The OIG completed an investigation into an allegation that an NRC employees travel charge card account had been suspended due to nonpayment. The account was more than 69 days past due and had an account balance of $6,293.73. A further review of the employees account statement revealed questionable charges that included cash advances and purchases of goods and services that did not appear to be made while on official travel.

Defense Nuclear Facilities Safety Board

The OIG completed an investigation into an allegation concerning possible fraudulent activities associated with the contract to develop a Financial Management System (FMS) for the DNFSB. According to the alleger, the contract showed inadequate definitions of service and requirements. Further, the alleger reported that the prime contractor assigned to develop the FMS failed to meet the product delivery deadline, but charged for maintenance of the system when there was no deliverable product. In addition, the subcontractor under the prime contract was a former DNFSB contractor, and the alleger suspected that the FMS contract was subjectively awarded because of the subcontractors relationship with DNFSB staff.

The OIG completed an investigation into an allegation that the DNFSB General Manager (GM) was inappropriately assigned as the acting Human Resources (HR) Director while overseeing the agencys Equal Employment Opportunity Program, which the alleger said created a conflict of interest. Further, the alleger reported that even though the GM was unqualified to act as the HR Director, the GM was chosen over other qualified candidates. In addition, the alleger said the GM violated HR practices and the Office of General Counsel engaged in unethical hiring practices by employing a summer intern without relying on HR staff expertise or following the HR procedures.

The NRC Office of the Inspector General Semiannual Report to Congress xi April 1, 2020, to September 30, 2020

Security gates at Calvert Cliffs power plant.

The NRC Office of the Inspector General Semiannual Report to Congress xii April 1, 2020, to September 30, 2020

OVERVIEW OF THE NRC AND THE OIG The NRCs Mission The NRC was formed in 1975, in accordance with the Energy Reorganization Act of 1974, to regulate the various commercial and institutional uses of nuclear materials.

The agency succeeded the Atomic Energy Commission, which previously had responsibility for both developing and regulating nuclear activities. The NRCs mission is to license and regulate the nations civilian use of radioactive materials to provide reasonable assurance of adequate protection of public health and safety, to promote the common defense and security, and to protect the environment. The NRCs regulatory mission covers three main areas:

Reactors - Commercial reactors that generate electric power, and research and test reactors used for research, testing, and training.

Materials - Use of nuclear materials in medical, industrial, and academic settings, and facilities that produce nuclear fuel.

Waste - Transportation, storage, and disposal of nuclear materials and waste, and decommissioning of nuclear facilities from service.

Under its responsibility to protect public health and safety, the NRC has the following main regulatory functions: (1) establish standards and regulations; (2) issue licenses, certificates, and permits; (3) ensure compliance with established standards and regulations; and, (4) conduct research, adjudication, and risk and performance assessments to support regulatory decisions. These regulatory functions include regulating nuclear power plants, fuel cycle facilities, and other civilian uses of radioactive materials - like nuclear medicine programs at hospitals, academic activities at educational institutions, research, and such industrial applications as gauges and testing equipment.

The NRC maintains a current website and a public document room at its headquarters in Rockville, MD; holds public hearings and public meetings in local areas and at NRC offices; and engages in discussions with individuals and organizations.

The NRC Office of the Inspector General Semiannual Report to Congress 1 April 1, 2020, to September 30, 2020

OIG History, Mission, and Goals OIG History In the 1970s, government scandals, oil shortages, and stories of corruption covered by newspapers, television, and radio stations took a toll on the American publics faith in its government. The U.S. Congress knew it had to take action to restore the publics trust. It had to increase oversight of federal programs and operations. It had to create a mechanism to evaluate the effectiveness of government programs. And, it had to provide an independent voice for economy, efficiency, and effectiveness within the federal government that would earn and maintain the trust of the American people.

In response, the Congress passed the landmark legislation known as the Inspector General Act (IG) Act, which President Jimmy Carter signed into law in 1978. The IG Act created independent IGs, who would protect the integrity of government; improve program efficiency and effectiveness; prevent and detect fraud, waste, and abuse in federal agencies; and keep agency heads, Congress, and the American people fully and currently informed of the findings of IG work.

Today, the IG concept is a proven success. IGs continue to deliver significant benefits to our nation. Thanks to IG audits and investigations, billions of dollars have been returned to the federal government or have been better spent based on recommendations identified through those audits and investigations. IG investigations have also contributed to the prosecution of thousands of wrongdoers.

In addition, the IG concepts of good governance, accountability, and monetary recovery encourage foreign governments to seek advice from IGs, with the goal of replicating the basic IG principles in their own governments.

The NRC Office of the Inspector General Semiannual Report to Congress 2 April 1, 2020, to September 30, 2020

OIG Mission and Goals The NRCs OIG was established as a statutory entity on April 15, 1989, in accordance with the 1988 amendment to the IG Act. The NRC OIGs mission is to provide independent, objective audit and investigative oversight of the Nuclear Regulatory Commission and the Defense Nuclear Facilities Safety Board operations to protect people and the environment.

The OIG is committed to ensuring the integrity of NRC programs and operations.

Developing an effective planning strategy is a critical aspect of meeting this commitment. Such planning ensures that audit and investigative resources are used effectively. To that end, the OIG developed a Strategic Plan that includes the major challenges and critical risk areas facing the NRC. The plan identifies the OIGs priorities and establishes a shared set of expectations regarding the goals it expects to achieve and the strategies that will be employed to do so. The OIGs Strategic Plan features three goals, which generally align with the NRCs mission and goals:

1. Strengthen the NRCs efforts to protect public health and safety, and the environment;

2. Strengthen the NRCs security efforts in response to an evolving threat environment; and,

3. Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

The NRC Office of the Inspector General Semiannual Report to Congress 3 April 1, 2020, to September 30, 2020

Presentation at Three Mile Island nuclear power plant.

The NRC Office of the Inspector General Semiannual Report to Congress 4 April 1, 2020, to September 30, 2020

OIG PROGRAMS AND ACTIVITIES Audit Program The OIG Audit Program focuses on management and financial operations; economy or efficiency with which an organization, program, or function is managed; and whether the programs achieve intended results. OIG auditors assess the degree to which an organization complies with laws, regulations, and internal policies in carrying out programs, and they test program effectiveness as well as the accuracy and reliability of financial statements. The overall objective of an audit is to identify ways to enhance agency operations and promote greater economy and efficiency.

Audits comprise four phases:

Survey - An initial phase of the audit process is used to gather information on the agencys organization, programs, activities, and functions. An assessment of vulnerable areas determines whether further review is needed.

Fieldwork - Auditors gather detailed information to develop findings and support conclusions and recommendations.

Reporting - The auditors present the information, findings, conclusions, and recommendations that are supported by the evidence gathered during the survey and fieldwork phases. They hold exit conferences with management officials to obtain their views on issues in the draft audit report and present those comments in the published audit report, as appropriate.

The published audit reports include formal written comments in their entirety as an appendix.

Resolution - Positive change results from the resolution process in which management takes action to improve operations based on the recommendations in the published audit report. Management actions are monitored until final action is taken on all recommendations.

When management and the OIG cannot agree on the actions needed to correct a problem identified in an audit report, the issue can be taken to the NRC Chairman for resolution.

Each October, the OIG issues an Annual Plan that summarizes the audits planned for the coming fiscal year. Unanticipated high-priority issues may arise that generate audits not listed in the Annual Plan. OIG audit staff continually monitor specific issue areas to strengthen the OIGs internal coordination and overall planning process. Under the OIG Issue Area Monitor (IAM) program, staff designated as IAMs are assigned responsibility for keeping abreast of major agency programs and activities. The broad IAM areas address nuclear reactors, nuclear materials, nuclear waste, international programs, security, information management, and financial management and administrative programs.

The NRC Office of the Inspector General Semiannual Report to Congress 5 April 1, 2020, to September 30, 2020

Investigative Program The OIGs responsibility for detecting and preventing fraud, waste, and abuse within the NRC and the DNFSB includes investigating possible violations of criminal statutes relating to agency programs and activities, investigating misconduct by employees and contractors, interfacing with the Department of Justice on OIG-related criminal and civil matters, and coordinating investigations and other OIG initiatives with federal, state, and local investigative agencies and other OIGs.

Investigations may be initiated as a result of allegations or referrals from private citizens; licensee employees; government employees; Congress; other federal, state, and local law enforcement agencies; OIG audits; the OIG Hotline; and OIG initiatives directed at areas bearing a high potential for fraud, waste, and abuse.

Because the NRCs mission is to protect the health and safety of the public, the OIGs Investigative Program directs much of its resources and attention to investigating allegations of NRC staff conduct that could adversely impact matters related to health and safety. These investigations may address allegations of:

Misconduct by high-ranking NRC officials and other NRC officials, such as managers and inspectors, whose positions directly impact public health and safety;

Failure by NRC management to ensure that health and safety matters are appropriately addressed;

Failure by the NRC to appropriately transact nuclear regulation publicly and candidly and to openly seek and consider the publics input during the regulatory process.

Conflicts of interest involving NRC employees and contractors and licensees, including such matters as promises of future employment for favorable or inappropriate treatment, and the acceptance of gratuities; and,

Fraud in NRCs procurement programs, involving contractors violating government contracting laws and rules.

The OIG has also implemented a series of proactive initiatives designed to identify specific high-risk areas that are most vulnerable to fraud, waste, and abuse. A primary focus is electronic-related fraud in the business environment. The OIG is committed to improving the security of this constantly changing electronic business environment by investigating unauthorized intrusions and computer-related fraud, and by conducting computer forensic examinations. Other proactive initiatives focus on determining instances of procurement fraud, theft of property, government credit card abuse, and fraud in federal programs.

The NRC Office of the Inspector General Semiannual Report to Congress 6 April 1, 2020, to September 30, 2020

OIG General Counsel Regulatory Review Pursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), the OIG reviews existing and proposed legislation, regulations, policy, and implementing management directives, and makes recommendations to the agency concerning their impact on the economy and efficiency of agency programs and operations.

Regulatory review is intended to provide assistance and guidance to the agency prior to the concurrence process to avoid formal implementation of potentially flawed documents. The OIG does not concur or object to the agencys actions reflected in the regulatory documents, but rather offers comments.

Comments provided in regulatory review reflect an objective analysis of the language of proposed agency statutes, directives, regulations, and policies resulting from OIG insights from audits, investigations, and historical data and experience with agency programs. OIG review is structured to identify vulnerabilities and offer additional or alternative choices.

To effectively track the agencys response to OIG regulatory reviews, significant comments should include a request for written replies within 90 days, with either a substantive reply or status of issues raised by the OIG.

From April 1, 2020, to September 30, 2020, the OIG reviewed a variety of agency documents. In its regulatory reviews, the OIG is cognizant of potential impacts to its functions as well as potentially negative impacts on its independence from the agency. In addition to impacts on OIG functions, some of the documents reviewed could have a major impact on agency operations or are of high interest to staff and stakeholders, and OIGs regulatory reviews reflect its knowledge and awareness of underlying trends and overarching developments at the agency and in the industry it regulates. OIG regulatory reviews also reflect auditing and investigative activities.

Comments may reflect issues first noted in the context of an audit or investigation.

The OIG did not identify any issues that would have a serious impact on its independence or conflict with its audit or investigatory functions during its review of agency documents in this reporting period. Some of its reviews, however, identified proposed staff polices that might impact the work of the OIG, so the OIG proposed edits or changes that would mitigate these impacts and requested a response from the staff. In all cases, the staff either accepted the OIGs proposals or offered a well-supported explanation as to why the proposed changes were not accepted. These reviews are described in further detail below.

Management Directive (MD) 10.99, Discipline and Adverse Actions, explains the NRCs policy for taking actions for disciplinary reasons, to address misconduct, or for budgetary or other nondisciplinary reasons. The proposed revisions are intended to address changes in law and NRC practice The NRC Office of the Inspector General Semiannual Report to Congress 7 April 1, 2020, to September 30, 2020

and to address appeals of disciplinary actionspreviously the subject of a separate Directiveand were of particular interest to the OIG because disciplinary and adverse actions may be the result of administrative investigations or may result in allegations of reprisal or discrimination being made to the OIG against NRC management. The OIGs review found that the revisions accurately reflect current law and governmentwide policy as well as the most updated NRC practices, but did suggest areas where the guidance could be clarified.

More importantly, the Directive included the OIG among the offices that must consult with the NRCs Office of the General Counsel and Office of the Chief Human Capital Officer prior to taking action against an employee. This provision is inconsistent with IGs independent personnel authority and the requirement in the IG Act that he or she receive legal advice from a counsel reporting directly to the IG. An appropriate change was suggested and accepted.

MD 10.158, The NRC Non-concurrence Process, provides policies and procedures to be used by NRC employees who have a differing view about a document in the agencys formal concurrence process. This Directive was of particular interest to the OIG because the nonconcurrence process and a related process, the differing professional opinion, has sometimes resulted in allegations being filed with the OIG at different stages of each process, and the OIGs review was careful to incorporate into its comments the lessons and insights gained from past investigations.

The review identified areas where the guidance should be clarified, and made suggestions regarding the processing of nonconcurrences as well as avoiding instances or allegations of reprisal against individuals who use the nonconcurrence process. The NRC staff accepted most of the proposed changes, and, where they did not, provided a complete explanation for why the changes are unnecessary. This explanation provided information that will assist the OIGs understanding of the process and any future related allegations.

MD 12.5, The NRC Cybersecurity Program, explains the implementation and maintenance of the agencywide program to protect information and information-technology systems as defined in 44 U.S.C. § 3542. The Directive affects the OIG as a user of the NRCs information technology system as well as the systems auditor. From an audit standpoint, the OIG review found the proposed revisions to the Directive implemented many comments from past audits.

The OIG may also investigate issues related to cybersecurity in the NRC. In order to effectively investigate, the OIG must be appropriately notified of potential issues. Therefore, the OIG suggested multiple changes that would clarify when and to whom notification should take place. All comments were accepted by the NRC staff.

The NRC Office of the Inspector General Semiannual Report to Congress 8 April 1, 2020, to September 30, 2020

In addition to the areas of concern described above, the OIG reviewed additional documents that did not result in major concerns. For each of these policies, the OIG focused on potential impacts on its independence or functions, and reviewed the documents for accuracy and clarity. The documents reviewed are described below:

MD 10.42, Work Schedules and Premium Pay, provides policy, guidance, and direction to agency employees on work schedules and premium pay. The proposed revisions reviewed by the OIG removed outdated guidance related to pay for positions that have been eliminated by the NRC and provided clarification and additional detail regarding current work schedule options for NRC employees.

MD 5.8, Proposed Section 274B Agreements with States, of the Atomic Energy Act of 1954, as amended, permits the NRC to enter into agreements with individual states whereby the states assume responsibility for regulating the possession and use of certain categories of radioactive materials. This Directive provides policy and guidance on implementing such agreements.

MD 10.135, Senior Executive Service Employment and Staffing Programs, was last updated in 1996. This revision was the first to incorporate the Inspector General Reform Act of 2008 and the Dr. Chris Kirkpatrick Whistleblower Protection Act of 2017, among other updates to law and governmentwide policy.

Despite extensive updates, the OIG review found that the revised document is accurate and clear.

Other OIG Activities Outreach and Training OIG General Counsel Addresses Licensing Board Panel Law Clerks The OIG General Counsel continued the policy of addressing new attorneys in the NRC as part of their education on the agency and the federal government by addressing individuals completing legal clerkships with the Atomic Safety and Licensing Board Panel. Panel law clerks are recent law school graduates just entering the legal profession who have been appointed to temporary 2-year terms with the NRC. The OIG General Counsel provided information describing the OIG both generally and at the NRC specifically, its history, statutory basis, implementing regulations, and relevant case law. In addition, the roles of IG General Counsel, as counsel and Whistleblower Protection Coordinator at the NRC, and in the federal community, were detailed and compared, as well as career paths for attorneys in the IG community.

The NRC Office of the Inspector General Semiannual Report to Congress 9 April 1, 2020, to September 30, 2020

Whistleblower Protection Coordinator The OIG General Counsel has been designated as the Whistleblower Protection Coordinator (WPC) for the OIG. In addition to providing information and education to individuals who believe they have been reprised against for raising safety concerns, the WPC coordinated with the Office of Special Counsel to provide refresher training on Whistleblower Rights and Protections for the entire OIG.

Additionally, the IG marked National Whistleblower Appreciation Day with a message to the entire NRC staff.

OIG Earns CIGIE Award for Excellence in Audit On October 17, 2020, the NRC OIGs Nuclear Reactor Safety/Security Team received an Award for Excellence in Audit from the Council of the Inspectors General on Integrity and Efficiency (CIGIE) for the OIG Audit of the NRCs Cyber Security Inspections at Nuclear Power Plants (https://www.nrc.gov/docs/ML1915/ML19155A317.pdf).

Under the Cyber Security Rule at 10 C.F.R. 73.54, the NRC requires that licensees operating a nuclear power plant provide high assurance that digital computer and communication systems and networks are adequately protected against cyber-attacks.

The Cyber Security Rule required licensees to submit a Cyber Security Plan with a proposed implementation schedule for NRC review and approval.

The NRC is conducting cyber security inspections through 2020 to verify that OIG receives CIGIE Award for Excellence. Pictured left to right are Paul licensees have fully developed cyber Rades, Team Leader; Magdala Boyer, Management Analyst; John E. Thorp, Technical Advisor; and Amy L. Hardin, Audit Manager.

security programs conforming to the Cyber Security Rule and licensing basis commitments, such as the approved Cyber Security Plan.

The audit objective was to determine whether the cyber security inspection program provides reasonable assurance that nuclear power plant licensees adequately protect digital computers, communication systems, networks, security, and emergency preparedness.

The audit team identified ways for the NRC to improve its cyber security inspection program by (1) creating strategies to support recruitment, training, and retention of personnel for a future inspection program, and (2) making the inspection program more performance based. The audit team found that the NRC is training current staff as cyber security inspectors, but the inspection program faces future staffing challenges. The audit team also found that the current cyber security inspection program is risk-informed but not yet fully performance based.

The NRC Office of the Inspector General Semiannual Report to Congress 10 April 1, 2020, to September 30, 2020

Newly Appointed Inspector General Robert J. Feitel was sworn in as the Inspector General of the Nuclear Regulatory Commission and the Defense Nuclear Facilities Safety Board, on May 27, 2020, after being nominated by President Donald J. Trump on October 30, 2019, and confirmed by the U.S. Senate on May 4, 2020. His predecessor, Hubert T. Bell, retired on December 31, 2018, after more than 20 years serving as the NRCs Inspector General.

Prior to this position, Mr. Feitel had a distinguished career in the Department of Justice (DOJ), most recently serving in the Robert J. Feitel Inspector General Capital Case Section of Main Justice, where he advised the Attorney General and his Capital Case Review Committee.

He also served as first chair trial counsel in federal capital trials around the nation, assisting U.S. Attorneys Offices with their litigation.

His other positions within the DOJ included Assistant U.S. Attorney for the District of Columbia and Special Assistant U.S. Attorney for the U.S. Attorneys Office, Eastern District of Virginia, as well as important detail assignments to the Presidents Executive Order Task Force for the Review of Guantanamo Bay Detainees, and the National Security Divisions Office of Intelligence, Counter-Terrorism Unit.

Mr. Feitel began his law career with the law firm of Carr, Goodson and Lee, P.C., in Washington, D.C., where he focused on product liability defense and professional malpractice defense litigation. He later joined the Federal Bureau of Investigation (FBI) Office of the General Counsel, where he managed contract and tort litigation, legal forfeiture matters, and advised the Chief Division Counsel for all FBI field offices nationwide.

During law school, Mr. Feitel clerked as a fellow for the Honorable Rosalyn B. Bell of the Court of Special Appeals of Maryland. Following law school, he served as a judicial law clerk to the Honorable Stephen M. Waldron, Circuit Court for Harford County, Maryland.

Mr. Feitel holds a Bachelor of Arts degree in English Literature from the University of Michigan, Ann Arbor, and a Juris Doctor degree from the University of Maryland School of Law. He is admitted to practice law in state and federal courts in Maryland and the District of Columbia, as well as the U.S. Supreme Court.

The NRC Office of the Inspector General Semiannual Report to Congress 11 April 1, 2020, to September 30, 2020

Byron Station in Region III, near Byron, IL.

The NRC Office of the Inspector General Semiannual Report to Congress 12 April 1, 2020, to September 30, 2020

NRC MANAGEMENT AND PERFORMANCE CHALLENGES Most Serious Management and Performance Challenges Facing the Nuclear Regulatory Commission

in FY 2020 (as identified by the Inspector General)

Challenge 1: NRC and Agreement State Coordination on Oversight of Materials and Waste.

Challenge 2: Continuous Improvement Opportunities for Information Technology (IT) and Information Management (includes internal IT security).

Challenge 3: Management and Transparency of Financial and Acquisitions Operations.

Challenge 4: Strategic Workforce Planning.

Challenge 5: Strengthening Oversight of External Security.

Challenge 6: Readiness for Advanced Reactor Technologies.

Challenge 7: Strengthening Risk Informed Oversight.

For more information on these challenges, see OIG-20-A-01, Inspector Generals Assessment of the Most Serious Management and Performance Challenges Facing the NRC (https://www.nrc.gov/docs/ML1930/ML19302D307.pdf).

The NRC Office of the Inspector General Semiannual Report to Congress 13 April 1, 2020, to September 30, 2020

NRC AUDITS Audit Summaries Audit of the NRCs Property Management Program OIG Strategic Goal: Corporate Management The NRC property management program is subject to guidance in Public Law (P.L.)

107-217, Codifying Title 40, United States Code - Public Buildings, Property, and Works. The law requires agency management to:

1. Maintain adequate inventory controls and accountability systems for property under its control;

2. Continuously survey property under its control to identify excess property;

3. Promptly report excess property to the Administrator of General Services;

4. Perform the care and handling of excess property; and,

5. Transfer or dispose of excess property as promptly as possible in accordance with applicable regulations.

Several space and property management automated systems support the program and include documentation of the receipt, management, and disposal processes. The NRC is required to establish internal control activities that are implemented correctly, are documented, and use and communicate quality information.

The audit objective was to determine if the NRC has established and implemented an efficient and effective system of internal controls for maintaining accountability and controls of government property.

Audit Results:

The NRC property management program has opportunities to improve data discrepancies, the adequacy of documentation, and information use and communication. The report recommended that the NRC review and modify the definition of accountable property to align with the agencys procedures for accounting for property under the property management program. This should encompass defining and addressing the accountability of items not tracked in Space and Property Management Systems including pilferable property.

(Addresses Management and Performance Challenge #3)

The NRC Office of the Inspector General Semiannual Report to Congress 14 April 1, 2020, to September 30, 2020

Audit of the NRCs Employee Reentry Plans OIG Strategic Goal: Safety The U.S. Department of Health and Human Services declared a Public Health Emergency on January 31, 2020, in response to the COVID-19 outbreak. The federal government took steps to contain the spread of COVID-19 among its workforce. The NRC made telework mandatory for all but a few employees effective March 19, 2020.

The NRC published its agency wide employee reentry plan on April 23, 2020. The NRC plan is a living document that is updated according to changing conditions and guidance.

On June 15, 2020, the Chairman of the Subcommittee on Government Operations, House Government Oversight and Reform Committee requested the NRC OIG review the NRCs plans and procedures for returning employees to federal offices.

The audit objective was to determine if the NRCs plans for returning employees to government facilities were prepared in accordance with governmentwide guidance and agreed-upon best practices for safe, healthy, and effective office reopening.

Audit Results:

The OIG found that the NRC developed employee reentry plans in accordance with governmentwide guidance and agreed-upon best practices to promote the health and safety of employees and their communities. However, more can be done to capture the results of the agencys planning and response to the pandemic to prepare for future events.

(Addresses Management and Performance Challenge #4)

Audit of the NRCs Regulatory Oversight of Radiation Safety Officers OIG Strategic Goal: Safety The NRC issues licenses for medical, industrial, and academic uses of source, byproduct, and special nuclear materials. The NRC expects that licensees will assign a qualified individual to serve as the Radiation Safety Officer (RSO) for licensed activities and name that individual on the license.

The RSO is responsible for the licensees radiation protection program and is key to overseeing and ensuring safe operation of the licensees radiation protection program.

Additionally, for up to 60 days each year, a licensee may permit an individual to function as a temporary RSO.

The NRC Office of the Inspector General Semiannual Report to Congress 15 April 1, 2020, to September 30, 2020

RSOs must have adequate training to understand the hazards associated with radioactive material and be familiar with all applicable regulatory requirements.

RSOs must have the knowledge, skill, and resources to reasonably determine that a licensees activities involving radiation and radioactive materials are conducted safely.

RSOs should also have independent authority to stop operations they consider unsafe.

Additionally, they should have enough time and commitment from management to fulfill their duties and responsibilities including determining whether radiation safety procedures are being implemented and that the required records of licensed activities are maintained.

As of April 30, 2020, there were 1,887 RSOs under the NRCs authority. The NRC provides oversight of the RSOs through licensing activities and inspections carried out by its regional offices.

The audit objective was to determine the adequacy of the NRCs regulatory oversight of the RSOs.

Audit Results:

The NRC provides adequate regulatory oversight of the RSOs through its licensing and inspection activities. However, an opportunity exists to enhance oversight of temporary RSOs by formally tracking the number of days an individual fulfills this role.

For up to 60 days each year, a licensee may permit an individual to function as a temporary RSO. However, the NRC does not formally track the amount of time that temporary RSOs fulfill their position. This is because there is no formal mechanism for tracking temporary RSOs. As a result, licensees could be in noncompliance with the NRCs regulations.

(Addresses Management and Performance Challenge #1)

The NRC Office of the Inspector General Semiannual Report to Congress 16 April 1, 2020, to September 30, 2020

The NRC Office of the Inspector General Safety Culture and Climate Survey OIG Strategic Goal: Corporate Management In February 2020, the OIG contracted with an international survey firm and partnered with them to assess the NRCs safety culture and climate as well as other aspects of employee experience, such as engagement. Willis Towers Watson (WTW) conducted the NRC Safety Culture and Climate Survey for 2,802 employees. The survey was designed based on information gathered from onsite and phone interviews and onsite focus groups. The analysis from the interviews and focus group meetings aided in the development of the survey instrument.

Overall summary-level results showed specific strengths and areas of improvement for the NRC. Results were analyzed looking at benchmark comparisons against the WTWs U.S. National Norm, the U.S. Research and Development Norm (U.S.

R&D), and the 2012 and 2015 NRC Safety Culture and Climate Survey results.

Following normative and historical analysis, WTW examined demographic comparisons, such as job function, job category, grade level, resident inspector versus nonresident inspector, and length of service, and reviewed Key Driver Analysis (multiple regression analysis) on employee engagement and safety.

Survey Results:

Overall findings indicated that while the NRC maintains a few strengths compared with external benchmarks, results have declined significantly since 2015 in several areas. Based on the survey results, overall strengths and opportunities and areas at risk are addressed and suggestions for action planning are provided.

(Addresses all Management and Performance Challenges)

Audit of the NRCs Drug-Free Workplace Program Implementation OIG Strategic Goal: Corporate Management The federal Drug-Free Workplace Program is a comprehensive program to address illicit drug use by federal employees. On September 15, 1986, President Reagan signed Executive Order 12564, establishing the goal of a drug-free federal workplace.

The Order made it a condition of employment that all federal employees refrain from using illegal drugs on or off duty.

Because of the NRCs national security and public health and safety responsibilities and the sensitive nature of its work, the NRC has a compelling obligation to detect and eliminate illegal drug use from its workplace and has developed the NRC Drug-Free Workplace Plan. The most recent revision was published in August 2007. The NRC Drug-Free Workplace Plan includes awareness and education opportunities for all employees, information about drug testing and counseling, and provisions for rehabilitation for employees who use illegal drugs.

The NRC Office of the Inspector General Semiannual Report to Congress 17 April 1, 2020, to September 30, 2020

By 2008, the NRC completed actions recommended by the NRC OIG contained in the Audit of the NRCs Drug Testing Program, thus strengthening the drug testing programs effectiveness as a deterrent to illegal drug use. However, recent revisions to marijuana use laws, as well as the opioid epidemic, have raised national awareness of the tragedies that may result from illegal drug use.

The audit objective was to assess the effectiveness and efficiency of the NRCs implementation of the NRC Drug-Free Workplace Program.

Audit Results:

The NRC complied with these regulations by developing and implementing the NRC Drug-Free Workplace Plan, which sets forth objectives, policies, procedures, and implementation guidelines. Additionally, the NRC assures uniform implementation of drug testing procedures for all NRC employees and applicants entering testing-designated positions using the NRC Drug Testing Manual.

Findings and recommendations were made to improve the effectiveness and efficiency of the NRCs drug-free workplace program by updating the NRC Drug-Free Workplace Plan and the NRC Drug Testing Manual, and by ensuring the availability of the Drug-Free Workplace training for supervisors.

(Addresses Management and Performance Challenge #4)

Audit of the NRCs Emergency Preparedness Program OIG Strategic Goal: Safety The Three Mile Island Unit 2 reactor, near Middletown, Pennsylvania, partially melted down on March 28, 1979. This was the most serious commercial nuclear power plant accident in the U.S. Following the accident, the Federal Emergency Management Agency (FEMA), created in 1979, was assigned the responsibility The NRC Office of the Inspector General Semiannual Report to Congress 18 April 1, 2020, to September 30, 2020

to ensure offsite readiness. The statutory relationship between the NRC and the FEMA is governed by a memorandum of understanding (MOU),which delineates the authorities of each agency, as well as their separate and shared responsibilities for radiological emergency preparedness. Under the MOU, the NRC and the FEMA have developed parallel regulations and guidance documents to align their actions.

The NRC reviews and approves nuclear power plant onsite emergency plans as a license condition and inspects equipment and organizational resources that support the plan.

Licensees must demonstrate coordination with State and local offsite response organizations. The FEMA evaluates plans for offsite preparedness and provides a determination of adequacy to the NRC.

The audit objective was to determine whether the NRCs emergency preparedness oversight program for nuclear power plants adequately addresses adverse weather conditions and related communications with external stakeholders.

Audit Results:

The report contains recommendations to revise existing guidance for the regional state liaison officers to promote knowledge management, to identify resources to support outreach to all government partners, and to redesign the emergency preparedness and incident response web pages and improve connections between public web pages with emergency preparedness information.

(Addresses Management and Performance Challenge #1)

Audit of the NRCs Nuclear Power Plant Surveillance Test Inspection Program OIG Strategic Goal: Corporate Management NRC regulations require that resident and region-based inspectors conduct annually 13 to 21 surveillance test inspection samples per nuclear power reactor site. In calendar years 2018 and 2019, the NRC conducted 1,059 and 1,036 samples, respectively. Additionally, the NRC met the annual sample requirements per nuclear power reactor site.

NRC inspectors are responsible for performing surveillance test inspections, while regional managers are responsible for ensuring licensees complete surveillance test inspections in accordance with agency guidance. The NRC has budgeted 5,700 hours0.0081 days 0.194 hours 0.00116 weeks 2.6635e-4 months for surveillance test inspections, which is equivalent to approximately 3.8 full-time equivalents.

The audit objective was to assess the NRCs conduct of surveillance test inspection activities relative to inspection procedure 71111.22 requirements.

The NRC Office of the Inspector General Semiannual Report to Congress 19 April 1, 2020, to September 30, 2020

Audit Results:

This report made two recommendations to support periodically reviewing surveillance test inspection hours in the agencys Replacement Reactor Program System.

(Addresses Management and Performance Challenge # 5)

Audit of the NRCs Integrated Materials Performance Evaluation Program OIG Strategic Goal: Security The NRC Integrated Materials Performance Evaluation Program (IMPEP) employs a team of NRC and Agreement State staff to assess 8 to 10 Agreement State and NRC regional radioactive materials licensing and inspection programs per year. It is designed to assess whether public health and safety are adequately protected from the potential hazards associated with the use of radioactive materials, and whether Agreement State programs are compatible with the NRCs program.

The audit objective was to assess and evaluate the IMPEP, to determine if the program is meeting its stated objectives, and identify any areas for improvement.

Audit Results:

The NRCs IMPEP is generally efficient and effective; however, the IMPEP could be strengthened through consolidation of the NRCs regional and Agreement States IMPEP reviews.

(Addresses Management and Performance Challenge #1)

Independent Evaluation of the NRCs Potential Compromise of Systems (Social Engineering)

OIG Strategic Goal: Safety This Official Use Only evaluation report was not issued publicly because it contains sensitive security information.

(Addresses Management and Performance Challenge #2)

The Defense Contract Audit Agency Audit Report Number 01321-2018V10100018 OIG Strategic Goal: Corporate Management The OIG and the Defense Contract Audit Agency (DCAA) have an interagency agreement whereby the DCAA provides contract audit services for the OIG.

The DCAA is responsible for the audit methodologies used to reach the audit conclusions, monitoring its staffs qualifications, and ensuring compliance with Generally Accepted Government Auditing Standards.

The NRC Office of the Inspector General Semiannual Report to Congress 20 April 1, 2020, to September 30, 2020

The OIGs responsibility is to distribute the report to NRC management and follow-up on agency actions initiated as a result of this report.

Audit Results:

At the request of the OIG, the DCAA audited QiTech, LLC., and provided the OIG with an audit report, dated April 17, 2020, which identified questioned costs to be addressed by NRC management.

(Addresses Management and Performance Challenge #3)

Audit of the NRCs Fiscal Year (FY) 2019 Compliance with Improper Payment Law OIG Strategic Goal: Corporate Management In November 2002, the Congress passed the IPIA to enhance the accuracy and integrity of federal payments. An improper payment is (a) any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements, and (b) includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except for such payments where authorized by law), and any payment that does not account for credit for applicable discounts.

On July 22, 2010, the President signed the IPERA, which requires federal agencies to periodically review all programs and activities that the agency administers and identify all programs and activities that may be susceptible to significant improper payments. In addition, the IPERA requires each agency to conduct recovery audits with respect to each program and activity of the agency that expends $1,000,000 or more annually, if conducting such audits would be cost effective. Lastly, the Improper Payment Elimination and Recovery Improvement Act of 2012 (IPERIA) amended the IPIA by establishing the Do Not Pay Initiative, which directs agencies to verify the eligibility of payments using databases before making payments.

The audit objectives were to assess the NRCs compliance with the IPIA, as amended by the IPERA and the IPERIA, and report any material weaknesses in internal controls.

Audit Results:

The OIG determined that for FY 2019 the agency complied with the Acts requirements and does not have any material weaknesses in internal controls. The NRC reported the required information and conducted the mandated risk assessment.

The OIG concluded that agency reporting of improper payments is accurate and complete.

(Addresses Management and Performance Challenge #3)

The NRC Office of the Inspector General Semiannual Report to Congress 21 April 1, 2020, to September 30, 2020

Independent Evaluation of the NRCs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2019 OIG Strategic Goal: Security The NRC OIG engaged SBG Technology Solutions, Inc. (SBG) to conduct an independent evaluation of the NRCs overall information security program and practices to respond to the FY 2019 IG FISMA Reporting Metrics.

In FY 2019, SBG evaluated the effectiveness of the NRCs information security controls, including its policies, procedures, and practices on a representative subset of the agencys information systems. For the evaluation, SBG used the FISMA and other regulations, standards, and guidance referenced in the FY 2019 IG FISMA Reporting Metrics as the basis for evaluation of the NRCs overall information security program.

Evaluation Results:

SBG concluded that while the NRC established an effective agencywide information security program and practices, auditors identified weaknesses that may have some impact on the agencys ability to adequately protect the NRCs systems and information. To be consistent with the FISMA, SBG auditors recommended that the NRC strengthen its information security risk management framework by implementing seven recommended remedial actions.

(Addresses Management and Performance Challenge #2)

The Defense Contract Audit Agency Audit Report Number 01321-2018M10100020 OIG Strategic Goal: Corporate Management The OIG and the DCAA have an interagency agreement whereby the DCAA provides contract audit services for the OIG. The DCAA is responsible for the audit methodologies used to reach the audit conclusions, monitoring its staffs qualifications, and ensuring compliance with the Generally Accepted Government Auditing Standards. The OIGs responsibility is to distribute the report to NRC management and follow-up on agency actions initiated as a result of this report.

Audit Results:

At the request of the OIG, the DCAA audited Advanced Systems Technology Management, Inc., and provided the OIG with an audit report, dated February 14, 2020, which identified questioned costs to be addressed by NRC management.

(Addresses Management and Performance Challenge #3)

The NRC Office of the Inspector General Semiannual Report to Congress 22 April 1, 2020, to September 30, 2020

Audits in Progress Audit of the NRCs Oversight of Licensee Use of Decommissioning Trust Funds OIG Strategic Goal: Corporate Management The NRC must obtain reasonable assurances from nuclear reactor licensees that funds will be available for the decommissioning process before operations begin. As a means of oversight of licensees decommissioning funding assurance (DFA),

licensees are required to provide a DFA status report to the NRC biennially. Five years prior to permanent cessation of operations, licensees are required to provide a DFA status reports annually. Prior to, or within 2 years after permanent cessation of operations, licensees are required to submit a Post Shut-Down Decommissioning Activity Report that includes a description and schedule for the planned decommissioning activities and a site-specific cost estimate. Decommissioning trust funds may be used by licensees if the a) withdrawals are for expenses for legitimate decommissioning activities consistent with the definition of decommissioning in Title 10 of the Code of Federal Regulation part 50.2; b) expenditure would not reduce the value of the decommissioning trust below an amount necessary to place and maintain the reactor in a safe storage condition if unforeseen conditions or expenses arise; and (c) withdrawals would not inhibit the ability of the licensee to complete funding of any shortfalls in the decommissioning trust needed to ensure the availability of funds to ultimately release the site and terminate the license.

The audit objective is to determine if the NRCs oversight of licensee use of decommissioning trust funds is adequate.

(Addresses Management Challenge # 3)

Audit of the NRCs Use of Requests for Additional Information in Licensing Processes for Spent Nuclear Fuel OIG Strategic Goal: Safety The Division of Spent Fuel Management within the Office of Nuclear Material Safety and Safeguards (NMSS) develops and implements the NRCs regulatory, licensing, and inspection program for the safe and secure storage of nuclear reactor spent fuel.

To become licensed to store spent fuel safely, an entity must apply to the NRC and respond to any requests for additional information (RAIs) from the NRC staff. RAIs are intended to help agency staff obtain information needed to make a regulatory decision that is fully informed, technically correct, and legally defensible. RAIs are necessary when the information was not included in an applicants initial submission, is not contained in any other docketed correspondence, or cannot reasonably be inferred from the information available to agency staff.

During a 2015 audit on the oversight of spent fuel pools, the OIG cited concerns about RAIs, including the amount of time it took to complete the RAI process and the resources required to conduct and review complex research and analyses requested through the RAIs.

The NRC Office of the Inspector General Semiannual Report to Congress 23 April 1, 2020, to September 30, 2020

The objective of this audit is to assess the efficiency and effectiveness of the NRCs use of RAIs during the spent fuel licensing process.

(Addresses Management Challenge # 1)

Independent Evaluation of the NRCs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2020 OIG Strategic Goal: Security The Federal Information Security Modernization Act (FISMA) of 2014 outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by agency IGs. In addition, the FISMA includes provisions, such as the development of minimum standards for agency systems, aimed at further strengthening the security of the federal government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.

The FISMA provides the framework for securing the federal governments information technology, including both unclassified and national security systems.

All agencies must implement the requirements of the FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.

(Addresses Management Challenge # 2)

Audit of the NRCs Reactor Inspection Issue Screening OIG Strategic Goal: Safety NRC guidance (Inspection Manual Chapter 0612) requires inspectors to screen issues of concern identified at nuclear power plants to determine whether the issues in question fall under the agencys traditional enforcement program and the Reactor Oversight Process (ROP). If an issue of concern screens positive for traditional enforcement, a violation may result. If an issue screens positive for a performance deficiency under the ROP, inspectors must determine if it is of minor or more-than-minor safety or security significance. Issues that screen minor are generally not documented, while more-than-minor issues become potential findings to be assessed following the Significance Determination Process (i.e., green, white, yellow, and red). In 2013, the Government Accountability Office identified inconsistency among NRC regional inspection findings. Since 2015 there has been a sharp overall decline in the number of green findings, which raises questions about the focus on the consistency with which inspectors are applying the Inspection Manual Chapter 0612 issue screening guidance both for traditional enforcement and the ROP.

The audit objective is to assess the consistency with which staff screen issues of concern for traditional enforcement and the ROP purposes in accordance with agency guidance.

(Addresses Management Challenge # 7)

The NRC Office of the Inspector General Semiannual Report to Congress 24 April 1, 2020, to September 30, 2020

Audit of the NRCs Material Control and Accounting Inspection Program for Special Nuclear Material OIG Strategic Goal: Safety The NRC grants licenses for the possession and use of special nuclear material (SNM) and establishes regulations to govern the possession and use of it. Those regulations require that SNM license holders have material control and accounting (MC&A) systems to prepare and maintain accounting records, perform measurements, and analyze the information to confirm the presence of nuclear materials.

The objective of MC&A systems is to protect against the loss or misuse of SNM.

The MC&A systems are used by the licensee and the NRC to confirm in a timely manner that SNM has not been lost, stolen, or diverted. Failure to maintain knowledge of the location of SNM significantly increases the risk of loss. The NMSS is responsible for the MC&A Inspection program. Routine inspections typically are performed on a semiannual to annual basis, but the NRC can inspect as necessary in response to an event. All inspections are performed by certified inspectors with specialized training and experience in material control and accounting.

The objective of this audit is to assess the effectiveness of the NRCs MC&A inspection program over the accounting and control of SNM at fuel facilities.

(Addresses Management Challenge # 1)

Audit of the NRCs Grants Pre-Award and Award Processes OIG Strategic Goal: Corporate Management In FY18, the NRC awarded grants totaling $15.5 million to universities for scholarships, fellowships, and faculty development grants. This figure also included grants to trade schools and community colleges. The NRC uses grant funding to help support education in nuclear science, engineering, and related trades in order to develop a workforce capable of designing, constructing, operating, and regulating nuclear facilities and the safe handling of nuclear materials. The Office of Management and Budget requested that the NRC develop performance metrics for the grants program, and require grantees to address those metrics in 6-month performance progress reports. While the NRCs grant program supports over 500 students annually, it directs most of the grant money to university faculty and curriculum development.

The audit objectives are to determine if: (1) the NRCs process and procedures for reviewing grant proposals and making awards comply with applicable federal regulations; and, (2) internal controls over the pre-award and award process are adequate.

(Addresses Management Challenge # 3)

The NRC Office of the Inspector General Semiannual Report to Congress 25 April 1, 2020, to September 30, 2020

Audit of the NRCs Fiscal Year 2020 Financial Statements OIG Strategic Goal: Corporate Management Under the Chief Financial Officers Act, the Government Management and Reform Act, and Office of Management and Budget (OMB) Bulletin 17-03, Audit Requirements for Federal Financial Statements, the OIG is required to audit the NRCs financial statements. The report on the audit of the agencys financial statements is due on November 16, 2020.

The audit objectives are to:

1. Express opinions on the agencys financial statements and internal controls;

2. Review compliance with applicable laws and regulations;

3. Review controls in the NRCs computer systems that are significant to the financial statements; and,

4. Assess the agencys compliance with OMB Circular A-123, Revised, Managements Responsibility for Enterprise Risk management and Internal Control.

(Addresses Management Challenge # 3)

The NRC Office of the Inspector General Semiannual Report to Congress 26 April 1, 2020, to September 30, 2020

A technician on a bridge over a fuel pool.

The NRC Office of the Inspector General Semiannual Report to Congress 27 April 1, 2020, to September 30, 2020

NRC INVESTIGATIONS Investigative Case Summaries NRC Staff Handling of Concerns Regarding Depleted Uranium OIG Strategic Goal: Safety The OIG completed an investigation into an allegation from a concerned citizen who questioned the NRCs handling of concerns regarding depleted uranium on U.S.

Military bases in Hawaii. Specifically, the alleger questioned why there was a public meeting on this issue in December 2013, but by the time of this complaint in 2019, the NRC had not presented a plan to address the issue.

Investigative Results:

The investigation did not substantiate misconduct; however, the OIG identified that the NRC failed to track a reported action item from the December 12, 2013, Public Meeting Summary, even though MD 3.5, Attendance at the NRC Staff-Sponsored Meetings, requires appropriate actions be tracked. As a result, it took the NRC more than 6 years to produce an official plan for identifying potential unlicensed depleted uranium at military sites in Hawaii. On March 14, 2019, the approved version of the depleted uranium implementation plan was made available to the public.

Additionally, the OIG found that the NRC inaccurately communicated, in the depleted uranium implementation plan cover letter, that the Department of Defense was involved in the approaches for development of the plan. The OIG determined that approximately 6 months prior to the plan being finalized, the NRC briefed the Department of Defense on the development of a depleted uranium implementation plan, but the Department of Defense was not involved in the process. Furthermore, the OIG determined that implementation of the depleted uranium plan will continue to be delayed due to a lack of initial inclusion of the Department of Defense in its development, since the Department will need to pursue funding appropriations.

NMSS senior management agreed that, consistent with MD 3.5, the commitment from the 2013 public meeting to develop the plan could have been tracked using its ticketing system, which would have facilitated improved continuity through several changes in project managers. Accordingly, NMSS management reinforced to its staff the importance of tracking commitments through completion, and of the need for following NRC procedures.

NMSS acknowledged that the wording of its implementation plan cover letter could have been clearer and decided to search NRC historical records and provide information to the Department of Defense for verification and completeness reviews.

The staff requested that the Army, Navy, and Air Force review the information to ensure all sites have been appropriately identified. The Military Branches response confirmed that the staffs information was complete and there were no additional sites.

The NRC Office of the Inspector General Semiannual Report to Congress 28 April 1, 2020, to September 30, 2020

Based upon this work, the staff has concluded that current military possession of depleted uranium is appropriately authorized by an NRC license or is being addressed through the memorandum of understanding between the NRC and the Department of Defense. Therefore, the staff concluded no further action was warranted on this issue and there should be no risks related to possible delays due to funding.

(Address Management and Performance Challenge #7)

Concerns Regarding Quality Control Issues at a Nuclear Power Plant OIG Strategic Goal: Safety The OIG completed an investigation into an allegation from a former contract employee (the alleger) at a nuclear power plant that the NRC failed to appropriately address his allegations related to quality assurance (QA), quality control (QC), safety, and nuclear culture programs; moreover, he said that during the evaluation of his concerns, the NRC relaxed safety standards.

Investigative Results:

Starting in March 2016 through October 3, 2017, the alleger submitted more than 900 documents to the NRC to support alleged deficiencies he found while working at the plant.

The OIG found that the allegers concerns were documented, assigned for evaluation, assessed for safety significance, and evaluated according to NRC safety standards.

Specifically, the OIG reviewed how the NRC processed these allegations: documents described the technical evaluations completed (i.e., in-office and onsite inspection),

component walkdowns, and advice from headquarters staff. The OIG noted that the NRC requested information from the licensee related to a chilled work environment within the QA/QC program, and found that a review of employee and training records and the Nuclear Safety Concerns surveys did not indicate that requirements working in the plants QC inspection group were relaxed.

From the information received, however, the Allegation Review Board did determine there were 17 concerns that needed to be addressed: 11 were classified as nonallegations (mainly because the NRC was already aware of them) and 6 were processed as allegations. The OIG confirmed that one of the allegations was substantiated.

Furthermore, the regions allegation staff received one additional concern after the completion of the allegation review process that it did not address. Thus, the OIG referred that one concern to them for response, and senior management told the OIG they would consider this concern in future process improvement initiatives.

(Addresses Management and Performance Challenge #7)

The NRC Office of the Inspector General Semiannual Report to Congress 29 April 1, 2020, to September 30, 2020

NRC Managers Alleged Assignment of an Unqualified NRC Inspector OIG Strategic Goal: Safety The OIG completed an investigation into an allegation that a former NRC senior manager hand-picked an unqualified Senior Resident Inspector to participate in a special inspection after an event at a nuclear power plant involving its independent spent fuel storage installation (ISFSI).

Investigative Results:

The OIG did not substantiate misconduct by the former senior manager, finding that the senior manager was authorized to staff the inspection team and to select the Senior Resident Inspector for the special ISFSI inspection per the NRC Inspection Manual Chapter 2690, Inspection Program for Dry Storage of Spent Reactor Fuel at Independent Spent Fuel Storage Installations and For Part 71 Transportation Packaging.

The inspection team members and management interviewed told the OIG that the Senior Resident Inspector was qualified, and his particular knowledge was useful during the inspection. Specifically, members of the inspection team told the OIG that the Senior Resident Inspector had experience with root cause analysis and the Supplemental Inspection Procedures, which was needed for the ISFSI inspection, and other team members did not have that experience. They said that the Senior Resident Inspector was an asset to the team.

Senior managers also said that the Senior Resident Inspector was qualified and that they had no issues with his selection for the team. They also agreed with the process the team used to complete the inspection.

(Addresses Management and Performance Challenge #1)

NRC Managers Allegedly Pressured Staff to Finalize Safety Evaluations Without Conducting Adequate Analysis OIG Strategic Goal: Corporate Management The OIG completed an investigation into an allegation that senior officials pressured staff members to approve the test abstracts in a report for NuScale Power, LLC (NuScale), without sufficient review and analysis. In addition, the alleger said that senior managements decision to pressure the staff to approve the abstracts caused a seriously degraded safety culture.

Investigative Results:

The OIG found that in 2017, NuScale submitted 108 test abstracts as part of its initial test program. In its Phase 2 Safety Evaluation Report (ML-19092A423), NRC staff reviewed, closed, and documented 60 of the 108 test abstracts. The staff believed that the remaining 48 needed further review and would be reviewed later in The NRC Office of the Inspector General Semiannual Report to Congress 30 April 1, 2020, to September 30, 2020

the process; however, the senior manager reviewed the remaining 48 abstracts himself and concluded that since they would have little or no safety significance, they could be closed without significant additional work.

The OIG did not substantiate that senior managers pressured the technical staff to approve the test abstracts without adequate analysis or a detailed review because the staff performed a risk-informed analysis and adapted the work scope based on the NRCs safety significance criteria. The OIG found that most of the staff members agreed that the remaining test abstracts did not require detailed review because of those criteria. Furthermore, the OIG did not develop evidence that the alleged pressure constituted a seriously degraded safety culture among the staff.

(Addresses Management and Performance Challenge #6)

Grant Fraud at Idaho State University OIG Strategic Goal: Corporate Management The OIG completed an investigation in conjunction with the Department of Energy OIG and the Department of Defense OIG, based on information derived from an audit report prepared by Idaho State University (ISU). ISU conducted the audit after the university discovered that a former ISU employee may have falsified research and used federal contract and grant funds from different government agencies for personal projects and travel. The NRC OIG focused its investigation on the employees involvement in falsely reporting student work as grant related when, in fact, it was for his own personal business.

Investigative Results:

The NRC awarded ISU with an educational grant for $144,858 to offer a suite of nuclear safety courses within the ISU Nuclear Engineering program, effective from August 22, 2011, to August 31, 2014. The OIG found that in 2012, the former ISU employee, who was identified on the grant as its principle investigator, falsely charged federal grants by employing ISU students to work on his personal research projects for his consulting business and charging their work time to the NRC grant.

An ISU internal audit reviewed consulting invoices that the former employee sent to his customer (the company) from his personal consulting business from May to August of 2012, charging the company $4,320 for work performed by two ISU computer science students. The records revealed the company paid the former employee directly to his personal consulting business account for work performed by these two students.

The ISU timesheets showed that during this time, the students reported working 37 hours4.282407e-4 days 0.0103 hours 6.117725e-5 weeks 1.40785e-5 months each per week on the NRC grant, which paid the students exclusively. The internal audit also revealed that of the $51,264 in gross wages paid via the NRC grant between May 2012 and May 2014, more than $41,000 was charged to the NRC grant for work performed that was not grant related.

The OIG also found that the ISU Private Professional Consulting policy allowed faculty to perform professional consulting in addition to their official duties if it was The NRC Office of the Inspector General Semiannual Report to Congress 31 April 1, 2020, to September 30, 2020

disclosed, approved by the employees supervisor, included an approved list of ISU equipment or facilities to be used during the consulting, and had provisions to reimburse ISU for such use. The OIG did not identify evidence to suggest the former employee disclosed or received approval to conduct his personal consulting business.

Further, according to testimony from both the students and other university employees, the OIG found that the former employee was one of the principal investigators of the grant. As such, the former employee was responsible for reporting progress and effort for the hours devoted by ISU students to the NRC grant.

When the OIG questioned him about this involvement with the grant, the former employee minimized his role as a principal investigator, stating he was not involved in the administration of the NRC grant.

The U.S. Department of Justice declined prosecution of this matter due to the statute of limitation. The former employee resigned from his position at ISU, but before he left, he placed his encrypted work computers and tablets into a factory reset condition, preventing anyone from obtaining any information from those devices.

After leaving the school, he went to work for the company. An NRC contracting official told the OIG that both the former employee and the company would receive proper review before awarding future grants associated with them.

(Addresses Management and Performance Challenge #4)

Alleged Sexual Misconduct by an NRC Employee OIG Strategic Goal: Corporate Management The OIG completed an investigation into an allegation of misconduct by an NRC employee. The alleger sent the NRC a package via the U.S. Postal Service containing two explicit photographs and a letter from the alleger stating the male in the photographs was an NRC employee, and the photographs were taken in the employees NRC office.

Investigative Results:

The OIG substantiated that the two photographs were of the NRC employee and one of the photographs was taken in his NRC office. The employee admitted to taking the photograph in his office with his personal cellular phone, but told the OIG that the second photograph was not taken at the NRC or any other government building.

To address the matter, the NRC issued the employee a 25-day suspension.

(Addresses Management and Performance Challenge #4)

Misuse of Government Travel Charge Card by an NRC Employee OIG Strategic Goal: Corporate Management The OIG completed an investigation based on information from the Office of the Chief Financial Officer (OCFO) alleging that there may be some questionable charges on a government-issued travel charge card account belonging to an NRC employee.

The NRC Office of the Inspector General Semiannual Report to Congress 32 April 1, 2020, to September 30, 2020

Investigative Results:

The OIG determined that the NRC employee used the government travel card for purposes not associated with official travel. There were 124 unauthorized transactions between January 22, 2015, and October 10, 2019, which included charges for car rentals, restaurants, parking, gas station/convenience stores and travel agencies. The transactions totaled $3,622.75 and violated NRC MD 14.1, Official Temporary Duty Travel.

In addition, the NRC employee submitted costs associated with 21 unauthorized transactions for fuel-related expenses on travel vouchers when, according to Federal Travel Regulation Section 301-10.304, gasoline expense is not allowable in addition to the personally owned vehicle mileage rate allowance. The submitted vouchers related to travels between October 1, 2015, through November 23, 2015, and totaled

$576.43. The OCFO mistakenly reimbursed the NRC employee for these fuel expenses, and the Financial Services and Operations Branch notified the NRC employee that he was overpaid for his official travels in 2015.

NRC staff informed the OIG that it intends to seek repayment of $576.43 and refer the matter to the U.S. Treasury Department for collection, as needed. The employee resigned from the NRC before the Report of Investigation was issued and the agency is annotating the adverse action in the employees personnel record.

(Addresses Management and Performance Challenge #4)

Misuse of Government Travel Charge Card by an NRC Employee OIG Strategic Goal: Corporate Management The OIG completed an investigation into an allegation that an NRC employees government travel charge card account had been suspended due to nonpayment. The account was more than 69 days past due and had an account balance of $6,293.73.

Investigative Results:

The OIG determined that the NRC employee used the government travel card for purposes not associated with official travel. There were nine unauthorized transactions between July and December 2018, which included a rental car, costs associated with two hotel reservations, two upgraded premium airline tickets, and four cash withdrawals totaling $3,164.20. The transactions the NRC employee made while not on official travel violated NRC MD 14.1, Official Temporary Duty Travel.

Although the NRC employee acknowledged making unauthorized transactions, he provided inaccurate information pertaining to the use of the government credit card to upgrade two airline coach seats to premium seats. The NRC employee claimed the NRC system had only reserved these airline seats, and when he arrived at the airport, he had to pay for the reserved seats. The NRC employee told the OIG that he should have claimed the cost of the upgraded seats on his travel voucher.

The NRC Office of the Inspector General Semiannual Report to Congress 33 April 1, 2020, to September 30, 2020

In addition, he acknowledged making four separate cash withdrawals in the amount of $600.00 from his current USBank government travel charge card account to pay an outstanding balance due on his previous Citibank government account.

According to NRC Yellow Announcement YA-18-0092, Reminder on the Use of the Government Contractor Issued Travel Charge Card, dated October 2, 2018, Under no circumstance can the USBank travel charge card be used for any personal expenses when not on official travel. The NRC employee was issued a Letter of Reprimand for the misuse of the government charge card.

(Addresses Management and Performance Challenge #4)

The NRC Office of the Inspector General Semiannual Report to Congress 34 April 1, 2020, to September 30, 2020

DEFENSE NUCLEAR FACILITIES SAFETY BOARD Congress created the Defense Nuclear Facilities Safety Board (DNFSB) as an independent agency within the executive branch to identify the nature and consequences of potential threats to public health and safety at the Department of Energys (DOE) defense nuclear facilities, to elevate such issues to the highest levels of authority, and to inform the public. Since the DOE is a self-regulating entity, the DNFSB constitutes the only independent technical oversight of operations at the Nations defense nuclear facilities. The DNFSB is composed of experts in the field of nuclear safety with demonstrated competence and knowledge relevant to its independent investigative and oversight functions.

The Consolidated Appropriations Act of 2014 provided that, notwithstanding any other provision of law, the Inspector General of the Nuclear Regulatory Commission is authorized in 2014 and subsequent years to exercise the same authorities with respect to the Defense Nuclear Facilities Safety Board, as determined by the Inspector General of the Nuclear Regulatory Commission, as the Inspector General exercises under the Inspector General Act of 1978 (5 U.S.C. App.) with respect to the Nuclear Regulatory Commission.

The NRC Office of the Inspector General Semiannual Report to Congress 35 April 1, 2020, to September 30, 2020

DNFSB MANAGEMENT AND PERFORMANCE CHALLENGES Most Serious Management and Performance Challenges Facing the Defense Nuclear Facilities Safety Board in FY 2020*

(as identified by the Inspector General)

Challenge 1: Management of a healthy and sustainable organizational culture and climate.

Challenge 2: Management of security over internal infrastructure (personnel, physical, and cyber security) and nuclear security.

Challenge 3: Management of administrative functions.

Challenge 4: Management of technical programs.

For more information on the challenges, see DNFSB-20-A-01, Inspector Generals Assessment of the Most Serious Management and Performance Challenges Facing the Defense Nuclear Facilities Safety Board (https://www.nrc.gov/docs/ML1930/ML19302D596.pdf )

The NRC Office of the Inspector General Semiannual Report to Congress 36 April 1, 2020, to September 30, 2020

DNFSB AUDITS Audit Summaries Audit of the DNFSBs COVID-19 Reentry Plans OIG Strategic Goal: Safety On March 13, 2020, the DNFSB activated the DNFSB Continuity of Operations Plan (COOP),

dated February 2019. The DNFSB COOP designates to the DNFSB Chairman the responsibility for providing overall decision authority and ordering the plans implementation.

The DNFSB Chairman updated DNFSB employees weekly from March 13, 2020, to August 4, 2020, through email communication and attached the COOP for COVID-19 Pandemic Response, as revised per the Chairman. The communication encouraged DNFSB employees to telework during core duty hours, with the exception of essential staff, including information technology, front desk staff, and the leadership team. The Chairman directed resident inspectors to follow DOE guidance for their assigned sites.

On June 15, 2020, the Chairman of the Subcommittee on Government Operations, House Government Oversight and Reform Committee requested the OIG examine the DNFSBs plans and procedures for returning employees to federal offices in the wake of the coronavirus pandemic.

The audit objective was to determine if the DNFSBs plan for returning employees to government facilities was prepared in accordance with governmentwide guidance and agreed-upon best practices for safe, healthy, and effective office reopenings Audit Results:

The OIG found that the DNFSBs plan for returning employees to work was not prepared in full accordance with governmentwide guidance and agreed-upon best practices for safe, healthy, and effective office reopenings.

(Addresses Management and Performance Challenges #1, 3, and 4)

Audit of the DNFSBs Fiscal Year (FY) 2019 Compliance with Improper Payment Laws OIG Strategic Goal: Corporate Management The IPERA requires agencies to perform a risk assessment at least once every 3 years for programs deemed to be at low risk for significant improper payments. Since the DNFSBs FY 2017 risk assessment found that the agency was not susceptible to significant improper payments, the DNFSB was not required to perform a risk assessment or to report its improper payment estimates or gross improper payment rate in FY 2019.

The NRC Office of the Inspector General Semiannual Report to Congress 37 April 1, 2020, to September 30, 2020

The DNFSBs next risk assessment will be completed in FY 2020. The IPERA requires the OIG to determine agency compliance with the Act.

Audit Results:

The OIG confirmed that the DNFSB published an Agency Financial Report for the most recent fiscal year and posted the report and any required accompanying materials on the agencys website. The OIG determined that the DNFSB met the IPERA requirements for FY 2019.

(Addresses Management and Performance Challenge #3)

Independent Evaluation of DNFSB Potential Compromise of Systems (Social Engineering)

OIG Strategic Goal: Security This Official Use Only evaluation report was not issued publicly because it contains sensitive security information.

(Addresses Management and Performance Challenge #2)

The NRC Office of the Inspector General Semiannual Report to Congress 38 April 1, 2020, to September 30, 2020

Audits in Progress Audit of the DNFSBs Culture and Climate OIG Strategic Goal: Corporate Management In 2014, the OIG contracted with an international survey firm to evaluate the organizational culture and climate of the DNFSBs workforce and identify agency strengths and opportunities for improvements. Comparisons were made to the other surveys as well as to national and government norms. In response to the survey results, the agency evaluated the key areas for improvement and developed strategies for addressing them.

Culture is defined as the complex sum of the mission, characteristics, and policies of an organization, and the thoughts and actions of its individual members, which establish and support nuclear health and safety as overriding priorities. Climate refers to the current work environment that affects employees performance and behavior.

Conducting this second survey of the DNFSBs culture and climate will facilitate identification of the organizations strengths and opportunities for improvement, as it continues to experience significant challenges. These challenges include the implementation of new policies and oversight mechanisms, staff turnover, operating with a reduced budget, and legislation that froze federal hiring.

The audit objective is to:

Measure the DNFSBs culture and climate to identify areas of strength and opportunities for improvement; and,

Provide, where practical, benchmarks for the qualitative and quantitative findings against other organizations.

(Addresses All Management and Performance Challenges)

Independent Evaluation of the DNFSBs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2020 OIG Strategic Goal: Corporate Management The Federal Information Security Modernization Act (FISMA) of 2014 outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by the agencys OIG. In addition, the FISMA includes provisions, such as the development of minimum standards for agency systems, aimed at further strengthening the security of federal government information and information systems.

The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.

The FISMA provides the framework for securing the federal governments information technology, including both unclassified and national security systems.

The NRC Office of the Inspector General Semiannual Report to Congress 39 April 1, 2020, to September 30, 2020

All agencies must implement the requirements of the FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.

The evaluation objective is to conduct an independent assessment of the DNFSBs implementation of the FISMA for FY 2020.

(Addresses Management and Performance Challenge #2)

Audit of the DNFSBs Fiscal Year 2020 Financial Statements OIG Strategic Goal: Corporate Management Under the Chief Financial Officers Act, as updated by the Accountability of Tax Dollars Act of 2002, and Office of Management and Budget (OMB) Bulletin 19-01, Audit Requirements for Federal Financial Statements, the OIG is required to audit the DNFSBs financial statements and produce a public report of the results to include the following specific activities:

1. Express opinions on the DNFSBs financial statements and internal controls;

2. Review compliance with applicable laws and regulations;

3. Review the controls in the DNFSBs computer systems that are significant to the financial statements; and,

4. Assess the agencys compliance with OMB Circular A-123, (Revised),

Managements Responsibility for Enterprise Risk Management and Internal Control.

(Addresses Management Challenge #3)

The NRC Office of the Inspector General Semiannual Report to Congress 40 April 1, 2020, to September 30, 2020

DNFSB INVESTIGATIONS Investigative Case Summaries Alleged Contract Fraud Concerning the DNFSB Financial Management System OIG Strategic Goal: Corporate Management The OIG completed an investigation into potentially fraudulent activities associated with a contract to develop a Financial Management System (FMS) for the DNFSB.

Specifically, the alleger told the OIG that the FMS contract showed inadequate definition of service and requirements, and there was little information on the statement of work (SOW). Further, the alleger reported that the prime contractor assigned to develop the FMS failed to meet the product delivery deadline, but charged for maintenance of the system when there was no deliverable product. In addition, because the subcontractor was a former DNFSB contractor, the alleger speculated that the FMS contract was subjectively awarded because of its previous relationship with DNFSB staff.

Investigative Results:

The investigation did not substantiate fraud or misconduct pertaining to the contract solicitation or the award process. The OIG found that the prime contractor delivered the FMS based on the specifications outlined in the SOW and within the specified time. The OIG also found that the prime contractors charging for maintenance was justified since the contract allocated funding for maintenance as part of the integration process. The contract had a base period to develop the system and conduct preliminary maintenance of the developed program, which needed to be integrated into the DNFSBs IT infrastructure. Further, the OIG found no evidence that DNFSB staff had influenced the award of the FMS contract.

When the OIG reviewed monthly invoices dated between July 2016 and May 2017, it found that the prime contractor violated the Small Business Administrations (SBA) contract rule by allowing its subcontractor to perform 84 percent of the contracted work. The SBAs 8(a) contract regulation prohibits the prime contractor from allowing subcontractors to perform more than 50 percent of the U.S. governments contracted work. Further, DNFSB staff reviewed and approved the submitted invoices monthly. Even though DNFSB had intended to allow the subcontractor to be part of the contract and be the primary developer of the FMS because of its subject matter expertise, the contract did not reflect any workload distribution of the prime and its subcontractor.

Additionally, the OIG found that the DNFSB paid the prime contractor $134,361.95 to develop the FMS program; however, the agency terminated the contract after receiving the deliverables because the system required additional funding and resources to be able to use it. The agency staff failed to recognize that any newly developed software requires system verification and validation, an additional cost they had not adequately considered prior to awarding the contract.

The NRC Office of the Inspector General Semiannual Report to Congress 41 April 1, 2020, to September 30, 2020

Based on the results of this investigation and at the direction of the former DNFSB Chairman, the entire financial management and contracting team was retrained on 13 C.F.R. Part 125, Government Contracting Programs. The team also received training to ensure that all relevant considerations, such as system verification and validation requirements, are considered prior to awarding a contract. Additionally, the agency is transitioning to an electronic procurement process to standardize its procurement procedures and provide greater rigor in the pre-acquisition phase.

(Addresses Management and Performance Challenge #3)

Concerns Regarding the DNFSB General Manager Serving as the Acting Human Resources Director OIG Strategic Goal: Corporate Management The OIG completed an investigation into an allegation that the DNFSB General Manager (GM) was inappropriately assigned as the acting Human Resources (HR)

Director while overseeing the agencys Equal Employment Opportunity (EEO)

Program, which the alleger says created a conflict of interest. Further, the alleger said that even though the GM was unqualified to hold the acting HR Director position, the GM was chosen over other qualified candidates. In addition, the alleger said the GM violated HR practices and the Office of General Counsel (OGC) engaged in unethical hiring practices by employing a summer intern without relying on HR staff expertise or following HR procedures.

Investigative Results:

The OIG determined there was no conflict of interest due to the GM acting in a temporary role as the HR Director, from February to May 2018, while serving as the GM and the EEO Programs Project Manager.

Because the EEO Project Manager administers investigative duties while the HR Director directs the defense of the agency against discrimination claims, the GM serving in both roles could be perceived as a conflict of interest. The U.S. Equal Employment Opportunity Commission (EEOC) guidelines provide an option should that situation arise. Though EEOC guidelines require an agencys personnel function and leadership to be separate from the EEO complaint process and leadership, they also state that if the EEO office is perceived to have a conflict of interest or the appearance of a conflict exists, then the agency should enter into a formal contract with a third party to handle one or more of the stages in the EEO process.

The OIG found that there was a reported EEO complaint filed by an aggrieved DNFSB employee while the GM held both positions. To avoid a conflict of interest, the GM hired a contractor specializing in EEO investigative services so that he could recuse himself from any EEO-related issues while he focused on his HR Director duties.

The OIG found that the GM served in the acting HR position for three months until the DNFSB hired a new HR Director. The OIG learned that the then-DNFSB Chairman decided to temporarily place the GM in the acting HR position because he was deemed the most eligible among the other candidates.

The NRC Office of the Inspector General Semiannual Report to Congress 42 April 1, 2020, to September 30, 2020

Although there was a senior manager who had previously served as the acting HR Director, she was not chosen because she was in a full-time telework status.

According to the GM, the then-DNFSB Chairman did not believe that a manager who was permanently working from home would be able to manage and oversee the department without physically being in the office.

Further, the OIG did not find any violations when the OGC did not follow the guidelines recommended by the HR Department during the summer intern hiring process. The OIG found that HR advised the OGC to use procedures suggested by the Office of Personnel Managements Pathways Program, which outlines the hiring procedures for paid student interns and college graduates. However, according to the then-DNFSB General Counsel, the OGC wanted to temporarily hire unpaid interns, which is not covered under the Pathways Program. As a result, OGC staff drafted its own procedures following guidance in 5 U.S.C. § 3111, Acceptance of Volunteer Service, which allows government agencies to hire individuals and not compensate them. The then-General Counsel also stated that the OGC tailored this procedure to suit its needs rather than follow a set of guidance that did not apply to the office.

(Addresses Management and Performance Challenge #3)

The NRC Office of the Inspector General Semiannual Report to Congress 43 April 1, 2020, to September 30, 2020

Pilgrim nuclear power station.

The NRC Office of the Inspector General Semiannual Report to Congress 44 April 1, 2020, to September 30, 2020

SUMMARY

OF OIG ACCOMPLISHMENTS AT THE NRC April 1, 2020 - September 30, 2020 Investigative Statistics Source of Allegations NRC Employee 26 NRC Management 21 Intervenor 1 General Public 14 Other Government Agency 2 Anonymous 29 Regulated Industry 2 Allegations resulting from NRC OIG Hotline: 48 Total: 95 Disposition of Allegations Total 95 Closed Administratively 35 Referred for OIG Investigation 12 Referred for Management 34 Pending Review Action 3 Correlated to Existing Case 6 Referred to Audits 2 Referred to Other Agency 3 The NRC Office of the Inspector General Semiannual Report to Congress 45 April 1, 2020, to September 30, 2020

Status of Investigations Federal DOJ Referrals 2 DOJ Declinations 1 DOJ Pending 1 Criminal Information/Indictments 0 Criminal Convictions 0 Criminal Penalty Fines 0 Civil Recovery 0 State and Local State and Local Referrals 1 Criminal Information/Indictments 0 Criminal Convictions 0 Criminal Penalty Fines 0 Civil Recovery 0 NRC Administrative Actions Counseling and Letter of Reprimand 1 Terminations and Resignations 0 Suspensions and Demotions 1 Other (e.g., PFCRA) 0 Summary of Investigations classification of Opened Closed Reports Cases in Investigations Carryover Cases Cases Issued* Progress Employee Misconduct 10 4 7 2 7 Event Inquiry 0 1 0 0 1 External Fraud 2 1 2 1 1 Internal Fraud 2 0 2 0 0 Management Misconduct 11 5 4 0 12 Miscellaneous 2 0 2 0 0 Proactive Initiatives 2 0 1 0 1 Technical Allegations 8 3 5 0 6 Theft 1 0 0 0 1 Total 38 14 23 3 29

Number of reports issued represents the number of closed cases for which allegations were substantiated and the results were reported outside of the OIG.

The NRC Office of the Inspector General Semiannual Report to Congress 46 April 1, 2020, to September 30, 2020

NRC Audits Completed Date Title Audit Number 09/30/2020 Audit of the NRCs Property Management Program OIG-20-A-17 09/21/2020 Audit of the NRCs Employee Reentry Plans OIG-20-A-16 Audit of the NRCs Regulatory Oversight of Radiation Safety 08/10/2020 OIG-20-A-15 Officers The NRC Office of the Inspector General Safety Culture and 07/29/2020 OIG-20-A-14 Climate Survey 07/08/2020 Audit of the NRCs Drug-Free Workplace Program Implementation OIG-20-A-13 06/23/2020 Audit of the NRCs Emergency Preparedness Program OIG-20-A-12 Audit of the NRCs Nuclear Power Plant Surveillance Test 06/16/2020 OIG-20-A-11 Inspection Program Audit of the NRCs Integrated Materials Performance Evaluation 06/15/2020 OIG-20-A-10 Program Independent Evaluation of the NRCs Potential Compromise of Systems (Social Engineering) 06/02/2020 OIG-20-A-09 OFFICIAL USE ONLY - SENSITIVE INTERNAL INFORMATION The Defense Contract Audit Agency (DCAA) Audit Report 05/21/2020 OIG-20-A-08 No. 01321-2018V10100018 Audit of the NRCs Fiscal Year (FY) 2019 Compliance with 05/12/2020 OIG-20-A-07 Improper Payment Laws Independent Evaluation of the NRCs Implementation 04/29/2020 of the Federal Information Security Modernization OIG-20-A-06 Act (FISMA) of 2014 for Fiscal Year 2019 The Defense Contract Audit Agency (DCAA) Audit OIG-20-A-05 04/15/2020 Report No. 01321-2018M10100020 The NRC Office of the Inspector General Semiannual Report to Congress 47 April 1, 2020, to September 30, 2020

NRC Contract Audit Reports OIG Issue Date Contractor/Title/Contract No. Questioned Costs Unsupported Costs 05/21/2020 QiTech, LLC. $308,743 0 Independent Audit Report on Qi Tech, LLCs Proposed Amounts on Unsettled Flexibly Priced Contracts for Fiscal Year (FY) 2018 ended December 31, 2018 NRC-HQ-7G-14-C-0001 NRC-HQ-84-14-C-0013 The NRC Office of the Inspector General Semiannual Report to Congress 48 April 1, 2020, to September 30, 2020

Audit Resolution Activities Table I OIG Reports Containing Questioned Costs*

Reports Number of Questioned Unsupported Reports Costs ($) Costs ($)

A. For which no management decision had been made by the commencement of the reporting period 3 $3,263,149 0 B. Which were issued during the reporting period 1 $308,743 0 Subtotal (A + B) 4 $3,571,892 0 C. For which a management decision was made during the reporting period:

(i) dollar value of disallowed costs 0 0 0 (ii) dollar value of costs not disallowed 0 0 0 D. For which no management decision had been made by the end of the reporting period 4 $3,571,892 0

The OIG questions costs when an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the audit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable.

Questioned costs that pertained to another agency were included in the previous semiannual report to Congress and have been removed.

The agency cannot make a management decision on $676,601 (current QiTech questionable cost of $308,743, and the prior period questionable cost of $367,858) of the subtotal dollar amount at this time due to potential related civil action.

The NRC Office of the Inspector General Semiannual Report to Congress 49 April 1, 2020, to September 30, 2020

Table II OIG Reports Issued with Recommendations That Funds Be Put to Better Use*

Reports Number of Questioned Unsupported Reports Costs ($) Costs ($)

A. For which no management decision had been made by the commencement of the reporting period 0 0 0 B. Which were issued during the reporting period 0 0 0 C. For which a management decision was made during the reporting period:

(i) dollar value of disallowed costs 0 0 0 (ii) dollar value of costs not disallowed 0 0 0 D. For which no management decision had been made by the end of the reporting period 0 0 0

A recommendation that funds be put to better use is a recommendation by the OIG that funds could be used more efficiently if NRC management took actions to implement and complete the recommendation, including reductions in outlays; deobligation of funds from programs or operations; withdrawal of interest subsidy costs on loans or loan guarantees, insurance, or bonds; costs not incurred by implementing recommended improvements related to the operations of the NRC, a contractor, or a grantee; avoidance of unnecessary expenditures noted in preaward reviews of contract or grant agreements; or any other savings which are specifically identified.

The NRC Office of the Inspector General Semiannual Report to Congress 50 April 1, 2020, to September 30, 2020

Table III NRC Significant Recommendations Described in Previous Semiannual Reports on Which Corrective Action Has Not Been Completed No Data to Report The NRC Office of the Inspector General Semiannual Report to Congress 51 April 1, 2020, to September 30, 2020

SUMMARY

OF OIG ACCOMPLISHMENTS AT THE DNFSB April 1, 2020, through September 30, 2020 Source of Allegations Anonymous 1 DNFSB Employee 1 DNFSB Management 1 Allegations resulting from NRC OIG Hotline: 2 Total: 3 Disposition of Allegations Total 3 Referred to OIG Investigation 1 Referred to OIG Audit 1 Referred to Other Agency 1 The NRC Office of the Inspector General Semiannual Report to Congress 52 April 1, 2020, to September 30, 2020

Status of Investigations Federal DOJ Referrals 0 DOJ Declinations 0 DOJ Pending 0 Criminal Information/Indictments 0 Criminal Convictions 0 Criminal Penalty Fines 0 Civil Recovery 0 State and Local 0 State and Local Referrals Criminal Information/Indictments 0 Criminal Convictions 0 Civil Penalty Fines 0 Civil Recovery 0 DNFSB Administrative Actions Counseling and Letter of Reprimand 0 Terminations and Resignations 0 Suspensions and Demotions 0 Other (e.g., PFCRA) 0 Summary of Investigations Classification of Opened Closed Reports Cases in Carryover Investigations Cases Cases Issued* Progress Employee Misconduct 1 1 0 0 2 Management Misconduct 3 0 3 1 0 Proactive Initiatives 1 0 1 0 0 Total 5 1 4 1 2

Number of reports issued represents the number of closed cases in which allegations were substantiated and the results were reported outside of the OIG.

The NRC Office of the Inspector General Semiannual Report to Congress 53 April 1, 2020, to September 30, 2020

DNFSB Audits Completed Date Title Audit Number Audit of the DNFSBs COVID-19 Re-Entry 09/25/2020 DNFSB-20-A-08 Plans Independent Evaluation of the DNFSBs Potential Compromise of Systems (Social 06/08/2020 DNFSB-20-A-07 Engineering) - OFFICIAL USE ONLY -

SENSITIVE INTERNAL INFORMATION 05/13/2020 Audit of the DNFSB'S Fiscal Year (FY) 2019 DNFSB-20-A-06 Compliance with Improper Payment Laws The NRC Office of the Inspector General Semiannual Report to Congress 54 April 1, 2020, to September 30, 2020

DNFSB Audit Resolution Activities Table I OIG Reports Containing Questioned Costs*

Reports Number of Questioned Unsupported Reports Costs ($) Costs ($)

A. For which no management decision had been made by the commencement of the reporting period 0 0 0 B. Which were issued during the reporting period 0 0 0 Subtotal (A + B) 0 0 0 C. For which a management decision was made during the reporting period:

(i) dollar value of disallowed costs 0 0 0 (ii) dollar value of costs not disallowed 0 0 0 D. For which no management decision had been made by the end of the reporting period 0 0 0

The OIG questions costs due to an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the audit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable.

The NRC Office of the Inspector General Semiannual Report to Congress 55 April 1, 2020, to September 30, 2020

Table II OIG Reports Issued with Recommendations That Funds Be Put to Better Use*

Reports Number of Questioned Unsupported Reports Costs ($) Costs ($)

A. For which no management decision had been made by the commencement of the reporting period 0 0 0 B. Which were issued during the reporting period 0 0 0 C. For which a management decision was made during the reporting period:

(i) dollar value of disallowed costs 0 0 0 (ii) dollar value of costs not disallowed 0 0 0 D. For which no management decision had been made by the end of the reporting period 0 0 0

A recommendation that funds be put to better use is a recommendation by the OIG that funds could be used more efficiently if NRC management took actions to implement and complete the recommendation, including reductions in outlays; deobligation of funds from programs or operations; withdrawal of interest subsidy costs on loans or loan guarantees, insurance, or bonds; costs not incurred by implementing recommended improvements related to the operations of the NRC, a contractor, or a grantee; avoidance of unnecessary expenditures noted in preaward reviews of contract or grant agreements; or any other savings which are specifically identified.

The NRC Office of the Inspector General Semiannual Report to Congress 56 April 1, 2020, to September 30, 2020

UNIMPLEMENTED AUDIT RECOMMENDATIONS Nuclear Regulatory Commission Audit of the NRCs Safeguards Information Local Area Network and Electronic Safe (OIG-13-A-16) 2 of 7 recommendations open since April 1, 2013 Recommendation 3: Evaluate and update the current folder structure to meet user needs.

Recommendation 7: Develop a structured access process that is consistent with the SGI need-to-know requirement and least privilege principle. This should include (1) Establishing folder owners within SLES and providing the owners the authority to approve the need-to-know authorization (as opposed to branch chiefs); (2) Conducting periodic reviews of user access to folders; and (3) Developing a standard process to grant user access.

Audit of the NRCs Budget Execution Process (OIG-13-A-18) 1 of 8 recommendations open since May 7, 2013 Recommendation 3: Enforce the use of correct budget object codes.

Audit of the NRCs Oversight of Spent Fuel Pools (OIG-15-A-06) 1 of 4 recommendations open since February 10, 2015 Recommendation 1: Provide a generic regulatory solution for spent fuel pool criticality analysis by developing and issuing detailed licensee guidance along with NRC internal procedures.

Audit of the NRCs Decommissioning Funds Program (OIG-16-A-16) 2 of 9 recommendations open since June 8, 2016 Recommendation 1: Clarify guidance to further define legitimate decommissioning activities by developing objective criteria for this term.

Recommendation 2: Develop and issue clarifying guidance to NRC staff and licensees specifying instances when an exemption is not needed.

Audit of the NRCs Implementation of Federal Classified Information Laws and Policies (OIG-16-A-17) 1 of 3 recommendations open since June 8, 2016 Recommendation 1: Complete and fully implement current initiatives: (a) Finalize and provide records management training for authorized classifiers, (2) Complete the current inventories of classified information in safes and secure storage areas, (3) Develop declassification training to prepare and authorize declassifiers, (4) Develop an updated declassification guide, (5) Identify classified records requiring transfer to National Archives and Records Administration and complete the transfers, (6)

Complete the Office Instruction for performing mandatory declassification reviews.

The NRC Office of the Inspector General Semiannual Report to Congress 57 April 1, 2020, to September 30, 2020

Audit of the NRCs Foreign Assignee Program (OIG 17-A-07) 2 of 3 recommendations open since December 19, 2016 Recommendation 2: Develop a secure, cost-efficient method to provide foreign assignees an email account which allows for the NRC detection and mitigation of inadvertent transmission of sensitive information and seek the Commission approval to implement it.

Recommendation 3: When an NRC approved email account is available, develop specific Computer Security Rules of Behavior for foreign assignees using the approved email.

Audit of the NRCs PMDA/DRMA Functions to Identify Program Efficiencies (OIG-17-A-18) 1 of 1 recommendation open since July 3, 2017 Recommendation 1: Complete implementation of all Mission Support Task Force recommendations that may assist in optimizing the use of resources and result in improving standardization and centralization throughout the agency.

Audit of the NRCs Consultation practices with Federally Recognized Native American Tribal Governments (OIG-18-A-10) 2 of 5 recommendations open since April 4, 2018 Recommendation 1: Update MD 5.1 to include FSTB when working with Tribes. The guidance should also clearly define FSTBs role and responsibilities with regard to Tribal outreach and consultation.

Recommendation 2: Update NRC office procedures to include more specific direction on how to coordinate with FSTB and how to work with Tribes.

Audit of the NRCs Special and Infrequently Performed Inspections (OIG-18-A-13) 1 of 6 recommendations open since May 15, 2018 Recommendation 1: Update IMC 2515 Appendix C and applicable NRR guidance to reflect the requirement to ensure consistent and period reviews of IMC 2515 Appendix C inspection procedures.

The U.S. Nuclear Regulatory Commission Office of the Inspector General External Vulnerability Assessment and Penetration Testing (OIG-18-A-14) 1 of 1 recommendation open since June 6, 2018 Recommendation 1: Remediate the identified vulnerabilities in the findings matrix.

Audit of the NRCs License Amendment Request Acceptance Review Process (OIG-19-A-05) 1 of 3 recommendations open since December 13, 2018 Recommendation 3: Complete the Replacement Reactor Program System-Licensing Module upgrade efforts to generate automated reports.

The NRC Office of the Inspector General Semiannual Report to Congress 58 April 1, 2020, to September 30, 2020

Audit of the NRCs Process for Developing and Coordinating Research Activities (OIG-19-A-06) 4 of 4 recommendations open since December 13, 2018 Recommendation 1: Involve RES and requesting office senior managers earlier in the work request development process to ensure work requests are properly understood, resourced, and achievable before they are formally submitted to RES.

Recommendation 2: Implement a standard template for ES staff to use when preparing acceptance memoranda or email responses to all work request types.

Recommendation 3: Implement a single agency-wide tracking system with the capabilities needed to effectively and efficiently keep the agency aware of research activities.

Recommendation 4: Develop and implement a process for obtaining and using feedback from requesting offices. The process should include, but not be limited to, guidance on obtaining feedback during interim project milestones, creating access controls, and roles and responsibilities.

Audit of the NRC's Training Selection Process for Agreement State Personnel (OIG-19-A-11) 1 of 1 recommendation open since May 31, 2019 Recommendation 1: Update SA-600 to more accurately reflect the training selection process and the roles and responsibilities of NRC parties involved.

Audit of the NRC's Cyber Security Inspections at Nuclear Power Plants (OIG-19-A-13) 1 of 2 recommendations open since December 1, 2019 Recommendation 2: Use the results of operating experience and discussions with industry to develop and implement suitable cyber security performance measure(s) (e.g., testing, analysis of logs, etc.) by which licensees can demonstrate sustained program effectiveness.

Evaluation of the NRC's Oversight of the Voice over Internet Protocol Contract and Implementation (OIG-19-A-17) 3 of 6 recommendations open since October 3, 2019 Recommendation 4: Strengthen telecommunications expertise through knowledge management and training.

Recommendation 5: Update the relevant management directives to include a) current telecommunications infrastructure and current organizational responsibilities, and b) a requirement to comply with MD 10.162 Disability Programs and Reasonable Accommodation when deploying any IT projects.

Recommendation 6: Identify and implement a solution to address the issue pertaining to diverting an assigned phone line.

Audit of the NRC's Oversight of Supplemental Inspection Corrective Actions (OIG-19-A-19) 2 of 2 recommendations open since October 10, 2019 Recommendation 1: Update the NRC inspection guidance to support documentation of significant planned corrective actions associated with 95001 and 95002 supplemental inspections.

Recommendation 2: Implement an efficient means for inspectors to readily identify and retrieve information about completed and planned corrective actions associated with 95001 and 95002 supplemental inspections.

The NRC Office of the Inspector General Semiannual Report to Congress 59 April 1, 2020, to September 30, 2020

Audit of the NRCs Process for Placing Official Agency Records in ADAMS (OIG-19-A-20) 3 of 5 recommendations open since October 31, 2019 Recommendation 3: Conduct an initial review of ADAMS to identify and remove personal papers, and implement a policy to conduct such reviews on a periodic basis.

Recommendation 4: Strengthen internal controls to prevent individuals from entering personal papers in ADAMS.

Recommendation 5: Strengthen internal controls to ensure use of the Capstone tool and compliance with NARA requirements.

Audit of the NRC's Grants Administration and Closeout (OIG-19-A-21) 1 of 9 recommendations open since October 28, 2019 Recommendation 4: Implement knowledge management procedures such as maintaining an accurate succession planning document and desk procedures for grant functions.

Audit of the NRCs Compliance under the Digital Accountability and Transparency (DATA) Act of 2014 (OIG-20-A-03) 1 of 3 recommendation open since March 27, 2020 Recommendation 1: The NRC should enhance its internal control and detective procedures surrounding DATA Act submissions. Procedures should include reviewing all records in File C and verifying that they have corresponding transactions in Files D1 and D2. Additionally, NRC should consider increasing the size of samples selected for record level testing between Files C, D1, and D2.

The NRC Office of the Inspector General Semiannual Report to Congress 60 April 1, 2020, to September 30, 2020

Independent Evaluation of the NRCs Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2019 (OIG-20-A-06) 7 of 7 recommendations open since July 9, 2020 Recommendation 1: Fully define the NRC ISA across the enterprise and business processes and system levels.

Recommendation 2: Use the fully defined ISA to:

a) Assess enterprise, business process, and information system level risks.

b) Update the list of high value assets by considering risks from the supporting business functions and mission impacts.

c) Formally define enterprise, business process, and information system level risk tolerance and appetite levels necessary for prioritizing and guiding risk management decisions.

d) Conduct an organization-wide security and privacy risk assessment.

e) Conduct a supply chain risk assessment.

f) Identify and update NRC risk management policies, procedures, and strategy.

Recommendation 3: Identify and implement a software whitelisting tool to detect authorized software and block the risk of unauthorized software on its network.

Recommendation 4: Perform an assessment of role-based privacy training gaps.

Recommendation 5: Identify individuals having specialized role-based responsibilities for PII or activities involving PII and develop role-based privacy training for them.

Recommendation 6: Updates the NRCs contingency planning policies and procedures to address supply chain risk.

Recommendation 7: Continue efforts to conduct agency and system level business impact assessments to determine contingency planning requirements and priorities, including for mission essential functions/high value assets, and update contingency planning policies and procedures accordingly.

Independent Evaluation of the NRC's Potential Compromise of Systems (Social Engineering)

(OIG-20-A-09) 11 of 13 recommendations open since July 8, 2020 Recommendation 1: Verify or update training for all staff to include awareness for:

a) Observing the incoming caller ID.

b) Questioning the caller's intent (e.g., why they are asking for personal information, such as PIV card information).

Recommendation 2: Inform NRC staff that they will be tested periodically for their awareness.

Recommendation 3: Within the next year, perform follow-on telephone tests to gauge the efficacy of the updated training.

Recommendation 6: Inform NRC staff that they will be tested periodically for their awareness.

Recommendation 7: Within the next year, perform follow-on email tests to gauge the efficacy of the updated awareness training.

Recommendation 8: Verify or update training or guidance that reminds personnel about their responsibilities to protect passwords. The training/guidance should contain a reference to the consequences of violating the safeguarding procedures.

Recommendation 9: Within the next year, perform follow-on checks to determine if passwords are being protected.

Recommendation 10: Verify or update training or guidance that reminds personnel about their use of locked screen savers for computers that are not in their immediate control. The training/guidance should contain a reference to the consequences of violating the safeguarding procedures.

The NRC Office of the Inspector General Semiannual Report to Congress 61 April 1, 2020, to September 30, 2020

Recommendation 11: Perform periodic spot checks for employees away during the 15-minute window before the screen locks to ensure that PCs are being protected from unauthorized viewing.

Recommendation 12: Verify or update training for the NRC cleaning staff so that they are not using methods to keep corridor doors open during cleaning operations. Perform spot checks to ensure that they are complying with all security procedures.

Recommendation 13: Provide the OIG with a strategy to ensure the risk sensitive information is not left unattended in NRC office desks or uncontrolled spaces.

Audit of the NRCs Integrated Materials Performance Evaluation Program (OIG-20-A-10) 1 of 1 recommendation open since July 15, 2020 Recommendation 1: Finalize existing IMPEP guidance that addresses the organization, structure, and procedures to consistently implement the NRCs consolidated IMPEP Program.

Audit of the NRC's Nuclear Power Plant Surveillance Test Inspection Program (OIG-20-A-11) 2 of 2 recommendations open since July 16, 2020 Recommendation 1: Implement policies and procedures to periodically review the completeness and accuracy of data generated from the Replacement Reactor Program System.

Recommendation 2: Periodically test data generated from the Replacement Reactor Program System for completeness and accuracy.

Audit of the NRCs Emergency Preparedness Program (OIG-20-A-12) 3 of 3 recommendations open since July 23, 2020 Recommendation 1: Revise the existing guidance in SL-100 to capture best practices and serve as a knowledge management tool for the Regional State Liaison Officer role.

Recommendation 2: Coordinate with government partners at the federal, State, and local levels to identify resources, such as recorded training videos or presentations, to supplement Regional State Liaison Officers outreach.

Recommendation 3: Make content and design changes to improve accessibility and clarity of the emergency preparedness and incident response public web pages, including:

a) Use Plain Language and best practices to provide information targeting specific audiences (e.g., industry, government partners, general public).

b) Improve connections between the program office pages with emergency preparedness information and existing public affairs resources.

Audit of the NRCs Drug-Free Workplace Program Implementation (OIG-20-A-13) 2 of 4 recommendations open since August 7, 2020 Recommendation 1: Revise the NRC Drug-Free Workplace Plan to reflect the most up-to-date U.S.

Department of Health and Human Services requirements.

Recommendation 2: Revise the NRC Drug Testing Manual to reflect the most up-to-date U.S.

Department of Health and Human Services requirements.

The NRC Office of the Inspector General Semiannual Report to Congress 62 April 1, 2020, to September 30, 2020

Audit of the NRCs Regulatory Oversight of Radiation Safety Officers (OIG-20-A-15) 1 of 1 recommendation open since September 9, 2020 Recommendation 1: Evaluate and document the benefits of strengthening internal controls to ensure temporary RSOs appointments are established and terminated in accordance with NRC policy.

The NRC Office of the Inspector General Semiannual Report to Congress 63 April 1, 2020, to September 30, 2020

The Defense Nuclear Facilities Safety Board Audit of the DNFSBs Telework Program (DNFSB-17-A-06) 3 of 3 recommendations open since July 13, 2017 Recommendation 1: Revise the telework directive and operating procedure to a) clarify the process for telework denials; b) list information technology security training as part of the requirements; and c) incorporate a requirement to update agency telework training to reflect changes made in policy.

Recommendation 2: Finish updating all telework agreements in accordance with the telework agreement template.

Recommendation 3: Develop and implement a checklist for telework recordkeeping to ensure the employee telework files are consistent.

Audit of the DNFSBs Issue and Commitment Tracking System (IACTS) and Its Related Processes (DNFSB-19-A-02) 1 of 8 recommendations open since November 1, 2018 Recommendation 5: Create and implement a policy to consistently track RFBAs through a tracking mechanism or through IACTS.

Audit of the DNFSBs Compliance under the Digital Accountability and Transparency (DATA)

Act of 2014 (DNFSB-20-A-02) 1 of 2 recommendations open since November 12, 2019 Recommendation 1: The DNFSB should work with its FSSP to correct the PIIDs for new obligations in its accounting system and to correct the mapping of certain data elements to ensure that data elements are in accordance with the data standards established by OMB and the Treasury.

Audit of the DNFSBs Human Resources Program (DNFSB-20-A-04) 6 of 6 recommendations open since March 24, 2020 Recommendation 1: With the involvement of the Office of the Technical Director, develop and implement an Excepted Service recruitment strategy and update guidance to reflect this strategy.

Recommendation 2: Develop and implement a step-by-step hiring process metric with periodic reporting requirements.

Recommendation 3: Update and finalize policies and procedures relative to determining the technical qualifications of the Office of the Technical Director (OTD) applicants. This should include examples of experiences such as military and teaching, and their applicability to OTD positions.

Recommendation 4: Develop and issue hiring-process guidance and provide training to DNFSB staff involved with the hiring process.

Recommendation 5: Conduct analyses to determine (1) the optimal SES span-of-control that promotes agency efficiency and effectiveness; and (2) the impact on agency activities when detailing employees to vacant SES positions.

Recommendation 6: Develop and implement an action plan to mitigate negative effects shown by the SES analyses.

The NRC Office of the Inspector General Semiannual Report to Congress 64 April 1, 2020, to September 30, 2020

Independent Evaluation of the DNFSBs Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2019 (DNFSB-20-A-05) 11 of 11 recommendations open since April 30, 2020 Recommendation 1: Define an ISA in accordance with the federal Enterprise Architecture Framework.

Recommendation 2: Use the fully defined ISA to:

a) Assess enterprise, business process, and information system level risks.

b) Formally define enterprise, business process, and information system level risk tolerance and appetite levels necessary for prioritizing and guiding risk management decisions.

c) Conduct an organization wide security and privacy risk assessment.

d) Conduct a supply chain risk assessment.

Recommendation 3: Using the results of recommendations one (1) and two (2) above:

a) Implement an automated solution to help maintain an up-to-date, complete, accurate, and readily available agency-wide view of the security configurations for all its GSS components; Cybersecurity Team exports metrics and vulnerability reports and sends them to the CISO and CIOs Office monthly for review. Develop a centralized dashboard that Cybersecurity Team and the CISO can populate for real-time assessments of compliance and security policies.

b) Collaborate with the DNFSB Cybersecurity Team Support to establish performance metrics in service level agreements to measure, report on, and monitor the risks related to contractor systems and services being monitored by Cybersecurity Team.

c) Establish performance metrics to more effectively manage and optimize all domains of the DNFSB information security program.

d) Implement a centralized view of risk across the organization.

Recommendation 4: Finalize the implementation of a centralized automated solution for monitoring authorized and unauthorized software and hardware connected to the agencys network in near real time. Continue ongoing efforts to apply the Track-It!, ForeScout and KACE solutions.

Recommendation 5: Management should reinforce requirements for performing DNFSBs change control procedures in accordance with the agencys Configuration Management Plan by defining consequences for not following these procedures and conducting remedial training as necessary.

Recommendation 6: Implement procedures and define roles for reviewing configuration change activities to the DNFSB information system production environment by those with privileged access to verify the activity was approved by the system CCB and executed appropriately.

Recommendation 7: Complete and document a risk-based justification for not implementing an automated solution (e.g. Splunk) to help maintain an up-to-date, complete, accurate, and readily available view of the security configurations for all information system components connected to the organizations network.

Recommendation 8: Continue efforts to meet milestones of the DNFSB ICAM Strategy necessary for fully transitioning to DNFSBs to-be" ICAM architecture.

Recommendation 9: Complete current efforts to refine existing monitoring and assessment procedures to more effectively support ongoing authorization of the DNFSB system.

Recommendation 10: Identify and fully define requirements for the incident response technologies DNFSB plans to utilize in the specified areas and how these technologies respond to detected threats (e.g. cross-site scripting, phishing attempts, etc.).

Recommendation 11: Based on the results of DNFSBs supply chain risk assessment included in the recommendation for the Identify function above, update the DNFSBs contingency planning policies and procedures to address ICT supply chain risk.

The NRC Office of the Inspector General Semiannual Report to Congress 65 April 1, 2020, to September 30, 2020

Independent Evaluation of the DNFSBS Potential Compromise of Systems (Social Engineering)

(DNFSB-20-A-07) 1 of 3 recommendations open since July 8, 2020 Recommendation 2: Within the next year, perform follow-on checks to see if passwords are being protected.

The NRC Office of the Inspector General Semiannual Report to Congress 66 April 1, 2020, to September 30, 2020

ABBREVIATIONS AND ACRONYMS COVID-19 Coronavirus Disease-2019 DCAA Defense Contract Audit Agency DNFSB Defense Nuclear Facilities Safety Board DOE Department of Energy DOJ Department of Justice EEO Equal Employment Opportunity FBI Federal Bureau of Investigation FEMA Federal Emergency Management Agency FISMA Federal Information Security Modernization Act of 2014 FY Fiscal Year GC General Counsel GM General Manager HR Human Resources IAM Issue Area Monitoring IG Inspector General IMPEP Integrated Materials Performance Evaluation Program IPERA Improper Payments Elimination and Recovery Act IPERIA Improper Payments Elimination and Recovery Improvement Act IPIA Improper Payments Information Act MD Management Directive NMSS Office of Nuclear Material Safety and Safeguards NNSA National Nuclear Security Administration NOED Notices of Enforcement Discretion NRC Nuclear Regulatory Commission OGC Office of the General Counsel OI Office of Investigations OIG Office of the Inspector General OMB Office of Management and Budget RFBA Request for Board Action RSO Radiation Safety Officer SBG SBG Technology Solutions, Inc.

WTW Willis Towers Watson The NRC Office of the Inspector General Semiannual Report to Congress 67 April 1, 2020, to September 30, 2020

REPORTING REQUIREMENTS The Inspector General Act of 1978, as amended (1988), specifies reporting requirements for semiannual reports. This index cross-references those requirements to the applicable pages where they are fulfilled in this report.

Citation Reporting Requirements Page(s)

Section 4(a)(2) Review of legislation and regulations 13-14 Section 5(a)(1) Significant problems, abuses, and deficiencies 15-27;35-38 Section 5(a)(2) Recommendations for corrective action 15-27 Section 5(a)(3) Prior significant recommendations not yet completed N/A Section 5(a)(4) Matters referred to prosecutive authorities 50, 56 Section 5(a)(5) Listing of audit reports 51, 52, 57 Listing of audit reports with questioned costs or funds put to Section 5(a)(6) 52 better use Section 5(a)(7) Summary of significant reports 15-27 Section 5(a)(8) Audit reports questioned costs 53, 59 Section 5(a)(9) Audit reports funds put to better use 54, 60 Audit reports issued before commencement of the reporting period (a) for which no management decision has been made, (b)

Section 5(a)(10) which received no management comment within 60 days, and (c) 61-70 with outstanding, unimplemented recommendations, including aggregate potential costs savings Section 5(a)(11) Significant revised management decisions 43 Section 5(a)(12) Significant management decisions with which the OIG disagreed N/A Section 5(a)(13) FFMIA section 804(b) information N/A Section Peer review information 75 5(a)(14)(15)(16)

Section 5(a)(17) Investigations statistical tables 40-50; 55-56 Section 5(a)(18) Description of metrics 50, 56 Investigations of senior government officials where misconduct Section 5(a)(19) was substantiated N/A Section 5(a)(20) Whistleblower retaliation N/A Section 5(a)(21) Interference with IG independence N/A Section 5(a)(22) Audits not made public 20 Investigations involving senior government employees where misconduct was not substantiated and report was not made public 30-35, 36-37, Section 5(a)22(b) 38-40 The NRC Office of the Inspector General Semiannual Report to Congress 68 April 1, 2020, to September 30, 2020

APPENDIX Peer Review Information Audits The NRC OIG audit program was peer reviewed by the OIG for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau. The review was conducted in accordance with Government Auditing Standards and Council of the Inspectors General on Integrity and Efficiency requirements. In a report dated September 4, 2018, the NRC OIG received an external peer review rating of pass. This is the highest rating possible based on the available options of pass, pass with deficiencies, or fail.

Investigations The NRC OIG investigative program was peer reviewed by the Department of Commerce OIG. The peer review final report, dated November 1, 2019, reflected that the NRC OIG is in full compliance with the quality standards established by the Council of the Inspectors General on Integrity and Efficiency and the Attorney General Guidelines for OIGs with Statutory Law Enforcement Authority. These safeguards and procedures provide reasonable assurance of confirming with professional standards in the planning, execution, and reporting of investigations.

The NRC Office of the Inspector General Semiannual Report to Congress 69 April 1, 2020, to September 30, 2020

OIG STRATEGIC GOALS FOR THE NRC

1. Strengthen the NRCs efforts to protect public health and safety and the environment.

2. Strengthen the NRC's security efforts in response to an evolving threat environment.

3. Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

OIG STRATEGIC GOALS FOR THE DNFSB

1. Strengthen the DNFSB's efforts to oversee the safe operation of DOE defense nuclear facilities.

2. Strengthen the DNFSB's security efforts in response to an evolving threat environment.

3. Increase the economy, efficiency, and effectiveness with which the DNFSB manages and exercises stewardship over its resources.

October 1, 2018, to March 31, 2019 71

The NRC OIG Hotline The Hotline Program provides NRC and DNFSB employees, other government employees, licensee/utility employees, contractors, and the public, with a confidential means of reporting suspicious activity concerning fraud, waste, abuse, and employee or management misconduct.

Mismanagement of agency programs or danger to public health and safety may also be reported.

We do not attempt to identify persons contacting the Hotline.

What should be reported:

Contract and Procurement Irregularities

Abuse of Authority

Conflicts of Interest

Misuse of Government Credit Card

Theft and Misuse of Property

Time and Attendance Abuse

Travel Fraud

Misuse of Information Technology Resources

Misconduct

Program Mismanagement Ways to Contact the OIG Call:

OIG Hotline 1-800-233-3497 TTY/TDD: 7-1-1, or 1-800-201-7165 7:00 a.m. - 4:00 p.m. (EST)

After hours, please leave a message.

Submit:

Online Form www.nrc.gov Click on Inspector General Click on OIG Hotline Write:

The U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program, MS O5 E13 11555 Rockville Pike Rockville, MD 20852-2738 NUREG-1415, Vol. 34, No. 2 October 2020

ML20335A211

Text

SUMMARY

SUMMARY

Navigation menu

Search