OIG Fy 2020 Performance Report

ML21048A232
Person / Time
Issue date:	12/31/2020
From:	NRC/OIG/AIGA
To:
References
Download: ML21048A232 (21)
v • d • e

Text

Office of the Inspector General FY 2020 Performance Report December 2020 U.S. Nuclear Regulatory Commission Defense Nuclear Facilities Safety Board

1 Office of the Inspector General (OIG) Performance Report Fiscal Year 2020 INTRODUCTION The U.S. Nuclear Regulatory Commission (NRC) was formed in 1975, in accordance with the Energy Reorganization Act of 1974, to regulate the various commercial and institutional uses of nuclear materials. The agency succeeded the Atomic Energy Commission, which previously had responsibility for both developing and regulating nuclear activities. Under its responsibility to protect public health and safety, the NRC has the following main regulatory functions: (1) establish standards and regulations; (2) issue licenses, certificates, and permits; (3) ensure compliance with established standards and regulations; and (4) conduct research, adjudication, and risk and performance assessments to support regulatory decisions. These regulatory functions include regulating nuclear power plants, fuel cycle facilities, and other civilian uses of radioactive materials. Such civilian uses include nuclear medicine programs at hospitals, academic activities at educational institutions, research, and industrial gauges and testing equipment.

Congress created the Defense Nuclear Facilities Safety Board (DNFSB) as an independent agency within the executive branch to identify the nature and consequences of potential threats to public health and safety at the U.S. Department of Energys (DOE) defense nuclear facilities, to elevate such issues to the highest levels of authority, and to inform the public. Since the DOE is a self-regulating entity, the DNFSB constitutes the only independent technical oversight of operations at the nations defense nuclear facilities. The DNFSB is composed of experts in the field of nuclear safety with demonstrated competence and knowledge relevant to its independent investigative and oversight functions.

The NRCs OIG was established as a statutory entity on April 15, 1989, in accordance with the 1988 amendment to the Inspector General Act. The NRC OIGs mission is to provide independent, objective audit and investigative oversight of the NRC and DBFSB operations to protect people and the environment. In addition, the OIG reviews existing and proposed regulations, legislation and directives and provides comments, as appropriate, regarding any significant concern. Since FY 2014, per the Consolidated Appropriations Act, 2014, the NRCs OIG has exercised the same authorities with respect to the DNFSB.

The Inspector General keeps the NRC Chairman, DNFSB Chairman, and Members of Congress fully and currently informed about problems, makes recommendations to the agency for corrective actions, and monitors the NRCs and the DNFSBs progress in implementing such actions. In fulfilling this mission, the OIG assists the NRC and the DNFSB in accomplishing their missions by ensuring integrity, efficiency, and accountability in the agencies respective programs.

2 PROGRAM ACTIVITIES The OIG accomplishes its mission by conducting its audit, investigative, and management and operational support programs, as well as legislative and regulatory review activities. To fulfill its audit mission, the OIG conducts evaluations as well as performance, financial, and contract audits.

To fulfill its investigative mission, the OIG conducts investigations relating to the integrity of NRC and DNFSB programs and operations. Most OIG investigations focus on allegations of fraud, waste, and abuse and violations of law or misconduct by NRC and DNFSB employees and contractors.

ORGANIZATION OF THIS REPORT Sections I and II of this report describe, respectively, NRC and DNFSB strategic goals, strategies, actions, and performance data for their work during FY 2020.Section III describes the OIGs human capital strategic goal, strategies, actions, and performance data for FY 2020.

Section IV provides information on OIG resources, measurement methodology, cross-cutting efforts, and peer reviews, and Section V provides conclusions about FY 2020 performance.

SECTION I. THE OIGS STRATEGIC GOALS, STRATEGIES, ACTIONS, AND PERFORMANCE DATA FOR THE NRC The OIG Strategic Plan features three goals, and guides the activities of the Audits and Investigations programs at NRC for FY 2019 through FY 2023. The plan identifies the major challenges and risk areas facing the NRC, and generally aligns with the agencys mission.

OIG Strategic Goals for the NRC

• Strengthen the NRCs efforts to protect public health and safety, and the environment.

• Strengthen the NRCs security efforts in response to an evolving threat environment.

• Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

The plan presents the OIGs priorities for the covered timeframe and describes its strategic direction to stakeholders, including the NRC Chairman and the U.S. Congress. From this perspective, it presents the OIGs results-based business case, explaining the return on investment. It also strengthens the OIG by providing a shared set of expectations regarding the goals the OIG expects to achieve and the strategies that will be used to do so. The OIG adjusts

3 the plan as circumstances necessitate, uses it to develop its annual plan and performance budget, and holds managers and staff accountable for achieving the goals and outcomes.

The OIGs strategic plan also includes a number of supporting strategies and actions that describe planned accomplishments. Through associated annual planning activities, audit and investigative resources focus on assessing the NRCs safety, security, and corporate management programs involving the major challenges and risk areas facing the NRC. The work of OIG auditors and investigators support and complement each other in the pursuit of these objectives.

Strategic Goal 1: Safety Strengthen the NRCs efforts to protect public health and safety, and the environment.

Discussion: The NRC performs critical functions to ensure the safe and secure use of radioactive materials in the United States, and to protect both the public and radiation workers from radiation hazards that could result from the use of radioactive materials. The NRC provides licensing and oversight activities for 99 commercial nuclear power reactors; research, test, and training reactors; radioactive materials used in medicine, academia, and industry; and nuclear waste.

The NRC is responsible for maintaining an established regulatory framework for the safe and secure use of civilian nuclear reactors, including commercial nuclear power plants as well as research, test, and training reactors. The NRCs regulatory oversight responsibilities in the reactors include developing policy and rulemaking, licensing and inspecting reactors, licensing reactor operators, and enforcing regulations. The agency is also facing an increased number of plants that are closing and undergoing decommissioning.

The NRC is also responsible for regulatory oversight of the safe and secure use of nuclear materials; medical, industrial, and academic applications, uranium recovery activities; and for the storage and disposal of high-level and low-level radioactive waste. The NRC is authorized to grant licenses for the possession and use of radioactive materials, and establish regulations to govern the possession and use of those materials.

Upon a states request, the NRC may enter into an agreement to relinquish its authority to the state to regulate certain radioactive materials and limited quantities of special nuclear material.

The state must demonstrate that its regulatory program is adequate to protect public health and safety, and is compatible with the NRCs program. The states that enter into an agreement assuming this regulatory authority from the NRC are called Agreement States. The number of Agreement States continues to increase.

4 The NRC regulates high-level radioactive waste generated from commercial nuclear power reactors. High-level radioactive waste is either spent (used) reactor fuel when it is accepted for disposal or waste material remaining after spent fuel is reprocessed. Because of its highly radioactive fission products, high-level radioactive waste must be handled and stored with care.

Because radioactive waste becomes harmless only through decay (which can take hundreds of thousands of years for high-level waste), the material must be stored and ultimately disposed of in a way that provides adequate protection of the public for a very long time. Due to the uncertainty surrounding a permanent repository for high-level radioactive waste, for the foreseeable future the NRC has been reviewing the issues associated with storing high-level radioactive waste at existing reactor sites, away-from-reactor sites, and at interim storage facilities.

The NRC must address its safety challenges to fulfill its mission of protecting public health and safety and the environment. The NRC must be prepared to address emerging technical and regulatory issues in a timely manner, and be able to capture and transfer knowledge learned through experience. In an ever evolving and resource-constrained climate, it is of paramount importance that the agency implements its programs as effectively and efficiently as possible.

Strategy 1-1: Identify risk areas associated with the NRCs oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The NRCs licensing and certification activities;

b. The NRCs inspection activities;

c. The NRCs activities for promoting a strong internal/external safety culture;

d. The NRCs research activities;

e. The NRCs risk management of aging, obsolescence, and decommissioning;

f. The NRCs ability to identify and effectively respond to emerging technical and regulatory issues in a timely manner;

g. The NRCs actions to integrate operating experience and lessons learned into regulatory activities;

h. The NRCs oversight of supply chain vulnerabilities to include the prevention of counterfeit, fraudulent, and substandard items entering the supply chain;

i. The NRCs efforts to address stakeholder and staff safety concerns (including those expressed as non-concurrences and Differing Professional Opinions (DPO)) related to the NRCs oversight of nuclear facilities; and,

j. Internal/external stakeholders concerns and allegations related to the NRCs oversight of nuclear facilities.

5 Strategy 1-2: Identify risk areas facing the NRCs oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The NRCs implementation of programs for tracking nuclear materials;

b. The NRCs regulatory activities with Agreement States;

c. The NRCs licensing and certification activities;

d. The NRCs inspection activities;

e. The NRCs activities for promoting a strong internal/ external safety culture;

f. The NRCs research activities;

g. The NRCs risk management of aging, obsolescence, and decommissioning;

h. The NRCs ability to identify and effectively respond to emerging technical and regulatory issues in a timely manner;

i. The NRCs actions to integrate operating experience and lessons-learned into regulatory activities;

j. The NRCs efforts to address stakeholder and staff safety concerns (including those expressed as non-concurrences and DPOs) related to the NRCs oversight of nuclear materials; and,

k. Internal/external stakeholders concerns and allegations related to the NRCs oversight of nuclear materials.

Strategy 1-3: Identify risk areas associated with the NRC's oversight of high-level and low-level waste, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The NRCs regulatory activities involving any interim and/or permanent high-level radioactive waste repositories;

b. The NRCs licensing and certification activities;

c. The NRCs inspection activities;

d. The NRCs activities for promoting a strong internal/external safety culture;

e. The NRCs research activities;

f. The NRCs ability to identify and effectively respond to emerging technical and regulatory issues in a timely manner;

g. The NRCs actions to integrate operating experience and lessons learned into regulatory activities;

6

h. The NRCs efforts to address stakeholder and staff safety concerns (including those expressed as non-concurrences and DPOs) related to the NRCs oversight of high-level and low-level waste; and,

i. Internal/external stakeholders concerns and allegations related to the NRCs oversight of high-level and low-level waste.

Strategic Goal 2: Security Strengthen the NRCs security efforts in response to an evolving threat environment.

Discussion: The NRC must ensure that nuclear power and materials licensees take adequate measures to protect their facilities against radiological sabotage. The NRC faces the challenge of adapting to dynamic threats while also maintaining a stable security oversight regime commensurate with the agencys mission as a fair and impartial regulator. The NRC has well-established inspection programs for evaluating the physical, cyber, and personnel security activities of nuclear power and materials licensees.

The NRC must respond to a cyber threat environment where adversaries tactics and capabilities rapidly evolve. Cyber security also entails oversight challenges related to the mix of digital and analog systems at NRC licensees. For example, digital equipment upgrades could impact licensee operations and security.

The NRC plays a critical role in overseeing and supporting the emergency preparedness and incident response capabilities of its licensees. This oversight includes the integration of licensee plans with government agencies in light of natural disasters and terrorist threats.

The NRC supports U.S. international interests in both the safe and secure use of nuclear material and technology and nuclear non-proliferation. This includes improving controls on the import and export of nuclear materials and equipment and exercising its international oversight commitments.

Strategy 2-1: Identify risk involved in securing nuclear reactors, fuel cycle facilities, and materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. Adequacy of the NRCs oversight of security of nuclear reactors, fuel cycle facilities, materials, and waste facilities;

b. Adequacy of the NRCs responses to an evolving threat environment;

c. The NRCs coordination with other agencies;

7

d. Adequacy of the NRCs efforts to develop and implement a comprehensive cyber security program for nuclear power plants and fuel cycle facilities;

e. The NRCs oversight of licensee security responsibilities;

f. The NRCs response to complaints or incidents related to a chilled work environment;

g. Effectiveness of the NRCs oversight against radiological sabotage and theft or diversion of materials;

h. The NRCs efforts to address stakeholder and staff concerns (including those expressed as non-concurrences and DPOs) related to the securing of nuclear reactors, fuel cycle facilities, and materials; and,

i. Internal/external stakeholders concerns and allegations related to the securing of nuclear reactors, fuel cycle facilities, and materials.

Strategy 2-2: Identify risks in emergency preparedness and incident response, and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The NRCs management of emergency preparedness guidelines, regulations, and programs;

b. The NRCs management of coordination with federal, state, and local governments, and licensees;

c. The NRCs addressing and responding to emergencies and nuclear incidents.

d. The NRCs efforts to address stakeholder and staff security concerns (including those expressed as non-concurrences and DPOs) related to emergency preparedness and incident response; and,

e. Internal/external stakeholders concerns and allegations related to emergency preparedness and incident response.

Strategy 2-3: Identify risks in international security activities and conduct audits and/or investigations that lead to program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The NRCs international activities (i.e., material control and accountability; incident response; and nonproliferation, import and export of nuclear materials);

b. The NRCs efforts to address stakeholder and staff security concerns (including those expressed as non-concurrences and DPOs) related to international security activities;

and,

8

c. Internal/external stakeholders concerns and allegations related to international security activities.

Strategic Goal 3: Corporate Management Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

Discussion: The NRC faces significant challenges to efficiently, effectively and economically manage its corporate resources within the parameters of its budget. The NRC must continue to provide infrastructure and support to accomplish its regulatory mission while responding to continuous scrutiny of budgetary levels, evolving regulatory requirements, changing industry and market conditions, and the continuously developing security threat environment.

Addressing limitations on agency budgetary and financial resources and the resulting impact on organizational staffing, human capital, information management and internal financial oversight will require a continuing, well-considered process of adaptation throughout the next strategic planning period. The NRC must continue its efforts to maintain its capability to effectively use its financial resources and to manage other factors that are largely budget dependent. Such factors include reductions in long-tenured staffing, which require knowledge preservation and transfer, the effective deployment of limited resources to meet changing regulatory requirements, efficient adaptation to changing industry conditions, and the need for continued improvement in information technology capabilities.

Further, the NRC must protect its infrastructure and take the necessary steps to ensure that its staff, facilities, information, and information technology assets are adequately protected against internal and external threats while maintaining operations. The NRC faces the challenge of balancing transparency with information security.

The OIG will continue to target corporate management risk areas for audits and investigations, to fulfill its statutory responsibilities to evaluate agency financial management, and to work with the NRC to identify and improve areas of weakness, particularly in areas subjected to budgetary pressures.

Strategy: 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program improvements.

9 Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The NRCs management of human capital to include training and development programs, knowledge management, and recruiting and retention activities;

b. The NRCs financial management practices to include development and collection of fees and budget processes;

c. Provide reasonable assurance that the NRCs financial statements are presented fairly in all material aspects;

d. The NRCs development, implementation, and lifecycle management of information technology tools and systems;

e. The NRCs management of administrative functions, such as training, procurement, property and facilities;

f. The efficiency and effectiveness of the NRCs management of changes caused by internal and external factors;

g. The NRC activities and their effectiveness in fostering an environment in which corporate management issues can be raised without fear of retaliation;

h. The NRCs efforts to address stakeholder and staff corporate management concerns (including those expressed as non-concurrences and DPOs) related to human capital, procurement, and information technology; and,

i. Internal/external stakeholders concerns and allegations related to human capital, procurement, financial management, and information technology.

Strategy 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security) and conduct audits and/or investigations that lead to NRC program and operational improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The NRCs management of threats to its facilities, personnel, and information systems;

b. The NRCs implementation of physical, personnel, and cyber security controls and procedures;

c. Internal and external cyber breaches of the NRCs infrastructure;

d. The NRCs management of controls on transparency and information security;

e. The NRCs efforts to address stakeholder and staff security concerns (including those expressed as non-concurrences and DPOs) related to the maintenance of a secure infrastructure and the balance of transparency and information security; and,

f. Internal/external stakeholders concerns and allegations related to the maintenance of a secure infrastructure and the balance of transparency and information security.

10 OIG PERFORMANCE DATA FOR THE NRC The following tables include the OIGs strategic goals, measures, and targets for the NRC based on this strategic plan. They also provide actual performance data for FY 2016 - FY 2020.

OIG Strategic Goal 1: Strengthen the NRCs Efforts To Protect Public Health and Safety and the Environment 2016 2017 2018 2019 2020 Measure 1: Percentage of OIG products and activities that have a high impact0F1 on improving the NRCs safety program1F2 Target 85%

85%

85%

Actual 100%

100%

91%

Measure 2. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency safety programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).2F3 Target 85%

85%

Actual 100%

100%

Measure 3. Percentage of audit recommendations agreed to by agency Target 92%

92%

92%

92%

92%

Actual 100%

95%

100%

100%

100%

Measure 4. Percentage of final agency actions taken within 2 years of audit recommendations Target 70%

70%

70%

70%

70%

Actual 76%

75%

67%3F4 78%

63%4F5 Measure 5. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency safety programs; ratify adherence to policies/procedure; or confirm or disprove allegations of wrongdoing (e.g., high impact).5F6 Target 85%

85%

Actual 100%

100%

Measure 6. Percentage of agency actions taken in response to investigative reports.

Target 90%

90%

90%

90%

90%

Actual 100%

0%6F7 N/A N/A 100%

Measure 7. Percentage of active cases completed in less than 18 months.

Target 90%

90%

90%

90%

90%

Actual 60%7F8 0%8F9 83%9F10 N/A 43%10F11 Measure 8. Percentage of closed investigations referred to DOJ or other relevant authorities.11F12 Target 20%

20%

20%

20%

20%

Actual N/A N/A 0%12F13 0%13F14 N/A Measure 9. Percentage of closed investigations resulting in indictments, convictions, civil suits or settlements, judgments, administrative actions, monetary results, or IG clearance letters.14F15 Target 60%

60%

60%

60%

60%

Actual 100%

0%15F16 0%16F17 N/A 67%

OIG Strategic Goal 2: Enhance the NRCs Efforts To Increase Security in Response To an Evolving Threat Environment 2016 2017 2018 2019 2020 Measure 1. Percentage of OIG products and activities that have a high impact on improving the NRCs security program17F18 Target 85%

85%

85%

Actual 91%

100%

100%

Measure 2. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency security programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).18F19 Target 85%

85%

Actual 100%

100%

Measure 3. Percentage of audit recommendations agreed to by the agency.

Target 92%

92%

92%

92%

92%

Actual 100%

100%

100%

100%

100%

Measure 4. Percentage of final agency actions taken within 2 years of audit recommendations.

Target 70%

70%

70%

70%

70%

Actual 64%19F20 55%20F21 88%

78%

59%21F22

11 Measure 5. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency security programs; ratify adherence to policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact).22F23 Target 85%

85%

Actual 100%

N/A Measure 6. Percentage of agency actions taken in response to investigative reports.

Target 90%

90%

90%

90%

90%

Actual 100%

N/A N/A N/A N/A Measure 7. Percentage of active cases completed in less than 18 months.

Target 90%

90%

90%

90%

90%

Actual 80%23F24 100%

N/A 33%24F25 N/A Measure 8. Percentage of closed investigations referred to DOJ or other relevant authorities.

Target 20%

20%

20%

20%

20%

Actual 100%

50%

N/A 0%25F26 N/A Measure 9. Percentage of closed investigations resulting in indictments, convictions, civil suits or settlements, judgments, administrative actions, monetary results or IG clearance letters.

Target 60%

60%

60%

60%

60%

Actual 100%

33%26F27 N/A 33%27F28 N/A OIG Strategic Goal 3: Improve the Economy, Efficiency, and Effectiveness with Which the NRC Manages and Exercises Stewardship Over Its Resources 2016 2017 2018 2019 2020 Measure 1. Percentage of OIG completed products and activities that have a high impact on improving corporate management Programs.28F29 Target 85%

85%

85%

Actual 85%

93%

88%

Measure 2. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency corporate management programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).29F30 Target 85%

85%

Actual 100%

100%

Measure 3. Percentage of audit recommendations agreed to by the agency.

Target 92%

92%

92%

92%

92%

Actual 100%

100%

100%

100%

96%

Measure 4. Percentage of final agency actions taken within 2 years of audit recommendations.

Target 70%

70%

70%

70%

70%

Actual 80%

81%

62%30F31 67%31F32 75%

Measure 5. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency corporate management programs; ratify adherence to policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact).32F33 Target 85%

85%

Actual 86%

100%

Measure 6. Percentage of agency actions taken in response to investigative reports.

Target 90%

90%

90%

90%

90%

Actual 100%

89%33F34 100%

100%

100%

Measure 7. Percentage of active cases completed in less than 18 months.

Target 90%

90%

90%

90%

90%

Actual 78%34F35 85%35F36 72%36F37 59%37F38 14%38F39 Measure 8. Percentage of closed investigations referred to DOJ or other relevant authorities.

Target 20%

20%

20%

20%

20%

Actual 45%

44%

12%39F40 25%

44%

Measure 9. Percentage of closed investigations resulting in indictments, convictions, civil suits or settlements, judgments, administrative actions, monetary results, or IG clearance letters.

Target 60%

60%

60%

60%

60%

Actual 71%

70%

46%40F41 42%41F42 63%

12 SECTION II. THE OIGS STRATEGIC GOALS, STRATEGIES, ACTION, AND PERFORMANCE FOR THE DNFSB The OIG Strategic Plan features three goals and guides the activities of the Audits and Investigations programs at the DNFSB for FY 2019 through FY 2023. The OIGs audit and investigative oversight responsibilities are derived from the agencys wide array of programs, functions, and support activities established to accomplish the DNFSBs mission.

OIG Strategic Goals for the DNFSB

• Strengthen the DNFSBs efforts to oversee the safe operation of the DOEs defense nuclear facilities.

• Strengthen the DNFSBs security efforts in response to an evolving threat environment.

• Increase the economy, efficiency, and effectiveness with which the DNFSB manages and exercises stewardship over its resources.

The plan presents the OIGs priorities for the covered timeframe and describes the OIGs strategic direction to stakeholders, including the DNFSB Chairman and the U.S. Congress. It also strengthens the OIG by providing a shared set of expectations regarding the goals the OIG expects to achieve and the strategies that will be used to do so. The OIG adjusts the plan as circumstances necessitate, uses it to develop its annual plan and performance budget, and holds managers and staff accountable for achieving the goals and outcomes.

The OIGs strategic plan also includes a number of supporting strategies and actions that describe planned accomplishments. Through associated annual planning activities, audit and investigative resources focus on assessing the DNFSBs safety, security, and corporate management programs involving the major challenges and risk areas facing the DNFSB. The work of OIG auditors and investigators support and complement each other in the pursuit of these objectives.

Strategic Goal 1: Safety Strengthen the DNFSBs efforts to oversee the safe operation of the DOEs defense nuclear facilities.

Strategy 1-1: Identify risk areas associated with the DNFSBs oversight of the DOEs defense nuclear facilities and conduct audits and/or investigations that lead to improved DNFSB performance and communications.

13 Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The DNFSBs work plan development process;

b. The DNFSBs process for reviewing designs for construction and modifications;

c. The DNFSBs process for reviewing decommissioning progress;

d. The DNFSBs process for balancing the assessment for emergent issues versus planned work;

e. The DNFSBs process for maintaining staffs technical skill sets;

f. The DNFSBs conduct of self-assessment (to include mission effectiveness and communication with DOE) and process improvement;

g. The DNFSBs automated work and issue tracking capabilities; and,

h. Internal/external stakeholders concerns and allegations related to DNFSBs oversight of the DOEs defense nuclear facilities.

0BStrategic Goal 2: Security 1BStrengthen the DNFSBs security efforts in response to an evolving threat environment.

Strategy 2-1: Identify risks in maintaining a secure infrastructure (i.e., facility, personnel, and cyber security) and conduct audits and/or investigations that lead to DNFSB improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The DNFSBs management of threats to its facility, personnel, and information systems;

b. The DNFSBs implementation of facility, personnel, and cyber security controls and procedures;

c. Internal and external cyber breaches of the DNFSBs infrastructure;

d. The adequacy of the DNFSBs response to complaints or incidents related to a chilled work environment;

e. Physical and personnel security, including insider threat mitigation or economic espionage; and,

f. Internal/external stakeholders concerns and allegations related to the security of the DNFSBs infrastructure.

Strategy 2-2: Identify risks in balancing transparency and information security, and conduct audits and/or investigations that lead to DNFSB improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The DNFSBs management of controls on transparency and information security;

14

b. Information security violations; and,

c. Internal/external stakeholders concerns and allegations related to the balance of transparency and information security.

Strategy 3-1: Identify areas of corporate management risk within the DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

Actions: Conduct audits/evaluations and/or investigations in the following areas:

a. The DNFSBs management of human capital, to include training and development programs, knowledge management, and recruiting and retention activities;

b. The DNFSBs management of administrative functions and financial activities to include congressional requirements;

c. The DNFSBs development, implementation, and lifecycle management of information technology tools and systems;

d. The DNFSBs management of change through its implementation of best practices (to include training, project management, knowledge management, and process improvement);

e. Implementation of processes at the DNFSB to encourage an environment where technical or non-technical issues can be raised without fear of retaliation; and,

f. Internal/external stakeholders concerns and allegations related to human capital, procurement, financial management, and information technology.

Strategic Goal 3: Corporate Management Increase the economy, efficiency, and effectiveness with which the DNFSB manages and exercises stewardship over its resources.

15 OIG PERFORMANCE DATA FOR THE DNFSB Performance Measures for the DNFSB OIG Program 2016 2017 2018 2019 2020 Measure 1. Percentage of OIG audits undertaken and issued within a year.42F43 Target 60%

60%

60%

Actual 100%

100%

100%

Measure 2. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency safety, security, or corporate management programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).43F44 Target 85%

85%

Actual 100%

100%

Measure 3. Percentage of audit recommendations agreed to by the agency.44F45 Target 50%

50%

Actual 100%

100%

Measure 4. Percentage of final agency Board actions taken within 2 years of audit recommendations.45F46 Target 50%

50%

50%

50%

50%

Actual 100%

100%

100%

75%

100%

Measure 5. Percentage of OIG investigative products and activities that identify opportunities for improvements to agency safety, security, or corporate management programs; ratify adherence to policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact).46F47 Target 85%

85%

Actual 100%

100%

Measure 6. Percentage of Board actions taken in response to investigative reports.47F48 Target 90%

90%

90%

90%

90%

Actual 100%

100%

N/A N/A 100%

Measure 7. Percentage of active cases completed in less than 18 months.48F49 Target 85%

85%

85%

85%

85%

Actual 100%

100%

N/A 25%49F50 0%50F51 SECTION III. THE OIGS HUMAN CAPITAL GOAL, STRATEGIES, ACTIONS, AND PERFORMANCE DATA The Office of Personnel Management (OPM) issued 5 C.F.R. Part 250, Personnel Management in Agencies, effective April 11, 2017, to align human capital management practices to broader agency strategic planning activities, and better align human capital activities with an agencys mission and strategic goals. The OPM envisioned this would enable agency leadership to better leverage the workforce to achieve results.

OIG Strategic Human Capital Goal Maintain support for a workforce that is skilled, collaborative, and engaged in high-impact audit, investigative, and other activities for the Office of the Inspector General.

Based on the direction in 5 C.F.R. Part 250 and recognizing the potential benefits of a strategic human capital goal, the OIG developed a goal, strategies, and actions that focus specifically on maintaining and supporting excellence in the OIGs workforce. Unlike the OIGs other strategic goals, the human capital goal is not specific to the NRC or the DBFSB, but rather is applicable to the entire OIG staff regardless of job function or agency focus.

16 Strategy 1-1: Provide continual learning and professional development opportunities.

Action:

Require all staff to prepare an individual training and development plan to be reviewed and approved by their supervisor that describes skills needed and the corresponding training and developmental activities identified to meet an employees career goals and support work assignments.

Strategy 1-2: Increase collaboration and knowledge sharing across the OIG.

Actions:

a. Enhance knowledge sharing at audits/investigations counterpart meetings; and,

b. Seek opportunities for audits and investigations staff to support each other in ongoing work.

Strategy 1-3: Ensure prioritization of critical work activities and appropriate alignment with available resources.

Action:

Assign resources to maximize timely completion of high-impact activities.

Strategy 1-4: Support staff efforts to optimize work-life balance.

Action:

Integrate work activities with opportunities to telework.

PERFORMANCE DATA FOR THE OIG HUMAN CAPITAL GOAL The following table presents the OIGs strategic measures for OIGs human capital goal. The OIG began measuring these items in FY 2019.

Performance Measures for the OIG Human Capital Goal 2016 2017 2018 2019 2020 Measure 1. Percentage of OIG employees with approved Individual Training/Development Plans.

Target 90%

90%

Actual 100%

100%

Measure 2. Percentage of audits and investigations that involve collaboration between the two entities.

Target 25%

25%

Actual 18%51F52 45%

Measure 3. Percentage of OIG employee FEVS responses that reflect a positive work-life balance52F53 Target 70%

70%

Actual 71%

76%

17 SECTION IV. RESOURCES, METHODOLOGY, CROSS-CUTTING FUNCTIONS, AND PEER REVIEWS Resources The following table depicts the relationship between the NRC Inspector General program and associated FY 2020 budget resources and the OIGs strategic and general goals.

Program Links to Strategic and General Goals

($M)

OIG Strategic and General Goals for the NRC Advance the NRCs Safety Efforts ($M)

Enhance the NRCs Security Efforts ($M)

Improve the NRCs Corporate Management ($M)

FY 2020 Programs ($12.1; 58 FTE)

Audits

($8.0; 37 FTE)

$1.6 18.5 FTE

$1.6 6.5 FTE

$4.8 12.0 FTE Investigations

($4.1; 21 FTE)

$1.4 8.0 FTE

$0.4 3.5 FTE

$2.3 9.5 FTE The following table shows the breakdown of audit and investigative resources applied at the DNFSB. The OIG does not align performance at the DNFSB to strategic goals due to the small size of the agency, but examines completion of goals overall.

Breakdown of Audit and Investigative Resources at the DNFSB

($1,171; 5 FTE)

Dollars

($K)

FTE Audits

$969 4.0 Investigations

$202 1.0 Verification and Validation of Measured Values and Performance The OIG uses an automated management information system to capture program performance data for the Audits and Investigations Programs. The integrity of the system was thoroughly tested and validated prior to implementation. Reports generated by the system provide both detailed information and summary data. All system data are deemed reliable.

Cross-Cutting Functions with Other Government Agencies The NRC OIG has cross-cutting functions with other law enforcement agencies. For example, the OIG provides investigatory case referrals to the U.S. Department of Justice (DOJ). It also coordinates investigative activities with U.S. Attorneys offices, as well as with other agencies as required.

18 Peer Reviews The OIG for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau peer reviewed the NRC OIG audit program in accordance with Government Auditing Standards and Council of the Inspectors General on Integrity and Efficiency requirements. In a report dated September 4, 2018, the NRC OIG received an external peer review rating of pass. This is the highest rating possible based on the available options of pass, pass with deficiencies, or fail.

In addition, the U.S. Department of Commerce OIG peer reviewed the NRC OIG investigative program. Its report, dated November 1, 2019, reflected that the NRC OIG is in full compliance with the quality standards established by the Council of the Inspectors General on Integrity and Efficiency and the Attorney General Guidelines for OIGs with Statutory Law Enforcement Authority. These safeguards and procedures provide reasonable assurance of conforming with professional standards in the planning, execution, and reporting of investigations.

SECTION V. CONCLUSION The OIG met more than 81 percent of its audit, investigative, and human capital measures for FY 2020 by achieving or exceeding 22 of 27 measurable items (6 investigative items were not measurable because there were no investigations applicable to these measures during FY 2020).

Two audits related measure was not met because the associated audit recommendations, by their nature, took longer than 2 years to complete. Three investigative measures were not met due to varying circumstances (e.g., cases did not meet the criteria for referral, case complexity and competing priorities required contributed to completion times greater than 18 months, the OIG played a cooperating role with another agency, the agency did not take action, or the subject left the agency). The OIG continuously reviews its strategic plan to ensure that its goals and work strategies continue to add value to the NRC in carrying out its important safety and security mission.

1 High impact is the effect of an issued report or activity undertaken that results in: (a) confirming risk areas or management challenges that caused the agency to take corrective action, (b) real dollar savings or reduced regulatory burden, (c) identifying significant wrongdoing by individuals that results in criminal or administrative action, (d) clearing an individual wrongly accused, or (e) identifying

19 regulatory actions or oversight that may have contributed to the occurrence of a specific event or incident or resulted in a potential adverse impact on public health or safety.

2 In FY 2019, this measure was replaced with measures 2 and 5 to clarify the definitions of high impact for audits and investigations.

3 This high-impact measure for audits was added in FY 2019.

4 Several audit reports included recommendations that required more than 2 years for the agency to finalize action. These recommendations are now closed.

5 Several audit reports included recommendations that required more than 2 years for the agency to finalize action. These recommendations are now closed.

6 This high-impact measure for investigations was added beginning in FY 2019.

7 Only one case was applicable to this measure and the agency did not take action in response to the report.

8 The complexity of two safety-related investigations required additional time to close.

9 There was only one case applicable to this measure; the case was not closed within 18 months.

10 Five out of six cases were closed within 18 months. The sixth case took longer due to case complexity and the ongoing nature of the issue.

11 Three out of seven cases were closed within 18 months. The other four cases took longer due to case complexity and the ongoing nature of the issue.

12 In FY 2014, the OIG began to measure closed investigations that resulted in a referral to the DOJ, State, or local law enforcement officials, or relevant administrative authority.

13 Neither of the safety-related investigations warranted referral because neither identified a criminal violation of law.

14 There was only one applicable case in FY 2019 that was not referred because it was not eligible for referral.

15 Starting in FY 2014, the OIG began measuring the percentage of closed investigations that resulted in an indictment, conviction, civil suit or settlement, judgment, administrative action, or monetary restitution. Starting in FY 2017, the OIG added closed investigations that resulted in IG clearance letters to this measure. A clearance letter is a document provided to an employee in cases when an investigation is initiated in response to an allegation of employee misconduct and the misconduct is not substantiated.

16 Only one case was applicable to this measure and it did not result in any of the listed outcomes.

17 Four technical cases focused on safety related procedures; none involved had individual misconduct and none were substantiated.

18 In FY 2019, this measure was replaced with measures 2 and 5 to clarify the definitions of high impact for audits and investigations.

19 This high-impact measure for audits was added in FY 2019.

20 One audit recommendation in the security arena required additional time to close. This recommendation has been closed.

21 Four of eight recommendations on the Independent Evaluation of NRCs Implementation of the Federal Information Security Management Act (FISMA) for Fiscal Year 2012 required additional time to close. These four recommendations have since been closed.

22 Several audit reports included recommendations that required more than 2 years for the agency to finalize action. These recommendations are now closed.

23 This high-impact measure for investigations was added in FY 2019.

24 The complexity of one investigation in the security arena required additional time to close.

25 The two cases eligible did not meet the target due to case complexity and competing priorities.

26 The two cases eligible for referral did not meet the criteria for referral.

27 Only one of three closed investigations resulted in an indictment, conviction, civil suit or settlement, judgment, administrative action, monetary result or IG clearance letter, resulting in a 33 percent achievement rate.

28 Two out of three cases did not meet this measure. One case was a joint operation for which the OIG provided support. In the other case, the employee left before action could be taken.

29 This measure was replaced in FY 2019 with measures 2 and 5 to clarify the definitions of high impact for audits and investigations.

30 This high-impact measure for audits was added in FY 2019.

31 Several audit reports included recommendations that require more than 2 years for the agency to finalize action. The agency is working to finalize actions so that these recommendations can be closed.

32 Recommendations required additional time to close due to system changes that were needed.

33 This high-impact measure for investigations was added in FY 2019.

34 One of nine investigative cases resulted in no action taken in response to an investigative report, resulting in an 89 percent achievement rate.

35 The complexity of several investigations in the corporate management arena required additional time to close.

36 The complexity of several investigations required additional time to close.

37 Ibid.

38 Due to their complexity and competing priorities, several investigations required additional time to close.

39 Ibid.

40 Although the OIG initially identified 17 cases with potential criminal violations, only 2 developed sufficient evidence to warrant referral.

41 Two investigations were inconclusive; therefore, a clearance letter could not be issued. In another case, misconduct was identified; however, the agency did not take action.

20 42 In several cases, either the subject left the agency before the agency could take action or the cases pertained to ownership of prohibited securities; therefore, a clearance memo was not warranted.

43 The OIG anticipates issuing six audit reports per year. This measure has been tracked since FY 2015 and replaced with measure 2 beginning in FY 2019.

44 This high-impact measure for audits was added in FY 2019.

45 This measure was added in FY 2019 46 This measure has been tracked since FY 2015.

47 This high-impact measure for investigations was added in FY 2019.

48 This measure has been tracked since FY 2015.

49 Ibid.

50 Out of the four cases, one case was completed within 18 months. A second case was referred; however, the individual retired before the agency could take action and the 18-month target was exceeded.

51 Due to complexity and competing priorities, the investigations required additional time to close.

52 The OIG began measuring this item in FY 2019 to encourage optimum collaboration among OIG components. An initial target of 25 percent was established without the benefit of historic data. The OIG intends to reassess the target after collecting further data on how often and what types of collaboration are occurring within the office.

53 For this measure, the OIG seeks to assess primarily work-life balance matters within OIGs control. The OIG identified six FEVS 2020 questions as indicators of overall OIG specific work-life satisfaction: #3 My work gives me a feeling of personal accomplishment;

1. 5 My workload is reasonable; #19 My supervisor supports my need to balance work and other life issues; #32 Senior leaders demonstrate support for work-life programs; #36 Considering everything, how satisfied are you with your job?; and #60 How satisfied are you with the following Work-Life programs in your agency(e.g., CWS, AWS)? Although #60 pertains to the agencys programs, the response can reasonably be construed to indicate satisfaction with the OIGs implementation of scheduling alternatives. To derive a score for the OIGs human capital measure related to work-life balance, the percentages of positive responses to each of these questions were totaled and divided by 6, providing an indicator of OIG respondents work-life balance satisfaction.

• The dash symbol indicates that this measure was replaced with other measures The not applicable symbol indicates that investigative items were not measurable because there were no investigations applicable to these measures during FY 2020.