ML22055A225
| ML22055A225 | |
| Person / Time | |
|---|---|
| Issue date: | 02/24/2022 |
| From: | Rivera E NRC/OIG |
| To: | Dan Dorman, Clay Johnson NRC/EDO, NRC/OCFO |
| References | |
| OIG-22-A-03 | |
| Download: ML22055A225 (20) | |
Text
February 24, 2022 MEMORANDUM TO: Daniel H. Dorman Executive Director for Operations Cherish K. Johnson Chief Financial Officer FROM: Eric Rivera /RA/
Acting Assistant Inspector General for Audits
SUBJECT:
STATUS OF RECOMMENDATIONS: RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 (OIG-22-A-03)
REFERENCE:
CHIEF FINANCIAL OFFICER, OFFICE OF THE CHIEF FINANCIAL OFFICER, MEMORANDUM DATED DECEMBER 3, 2021 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendation as discussed in the agencys response dated December 3, 2021.
Based on this response, the recommendations in this report are open and resolved.
Please provide an updated status of the open, resolved recommendations by August 5, 2022.
If you have any questions or concerns, please call me at (301) 415-5915 or Terri Cooper, Team Leader, at (301) 415-5965.
Attachment:
As stated cc: S. Miotla, OEDO J. Jolicoeur, OEDO RidsEdoMailCenter Resource OIG Liaison Resource EDO_ACS Distribution NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 1: NRC management should enhance their controls processes over the compilation and preparation of the Agencys quarter-end and year-end financial statements to prevent or timely detect errors to their financial statements and the related note disclosures. Thorough and robust review of the financial statements and related note disclosures should be completed considering the latest requirements of OMB A-136.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will enhance the controls over the financial statement preparation process.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC enhances their control processes over the compilation and preparation of the agencys quarter-end and year-end financial statements to prevent or timely detect errors to their financial statements and the related note disclosures.
Status: Open: Resolved.
2
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 2: a. NRC management should update the instructions for the Accounts Payable Accrual Estimation Reconciliation to more clearly indicate that the validated amounts should be used rather than the previously estimated accrual amounts.
- b. NRC management should review the accounts payable reconciliation in sufficient detail to detect errors in the application of the estimation methodology.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the improve the accounts payable accrual estimation process.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC a.) updates the instructions for the Accounts Payable Accrual Estimation Reconciliation to more clearly indicate that the validated amounts should be used rather than the previously estimated accrual amounts; and b.)
reviews the accounts payable reconciliation to detect errors in the application of the estimation methodology.
Status: Open: Resolved.
3
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 3: a. NRC management should update the instructions for the Computation of Allowances for Losses portion of the Unbilled Revenue Accrual and Reconciliation Checklist to include more detailed descriptions of the parameters needed when generating reports used in the calculation process.
- b. NRC management should conduct its review of the calculation of Accounts Receivable - Non-Federal -
Allowance for Uncollectable Accounts in sufficient detail to detect errors in the calculation.
- c. NRC management should implement stronger controls over the Unbilled Accounts Receivable calculation process and related reviews.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the instructions for the unbilled revenue accrual checklist.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC a.) updates the instructions for the Computation of Allowances for Losses portion of the Unbilled Revenue Accrual and Reconciliation Checklist to include more detailed descriptions of the parameters needed when generating reports used in the calculation process; b.)
conducts its review of the calculation of Accounts Receivable
- Non-Federal - Allowance for Uncollectable Accounts in sufficient detail to detect errors in the calculation; and c.)
implements stronger controls over the Unbilled Accounts Receivable calculation process and related reviews.
Status: Open: Resolved.
4
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 4: NRC management should develop the ability to generate a complete and accurate listing of ULOs in a format which allows for appropriate oversight and review. The report should contain all ULOs at the individual obligation level and be reconciled to the GL with any reconciling items supported by appropriate documentation.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the unliquidated obligations report.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC develops the ability to generate a complete and accurate listing of unliquidated obligations (ULOs)in a format which allows for appropriate oversight and review.
Status: Open: Resolved.
5
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 5: a. NRC management should implement controls to prevent postings in FAIMIS resulting in a negative obligation.
- b. NRC management should increase management review and scrutiny over correcting entries before entries are posted.
- c. NRC management should review the financial statements in sufficient detail to detect similar errors in future periods.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer has corrected the FAIMIS system and will improve the review of correcting entries.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC a.) provides documentation that they have implemented controls in the Financial Accounting and Integrated Management Information System (FAIMIS) to prevent postings resulting in a negative obligation; b) increases management review and scrutiny over correcting entries before they are posted; and c.) reviews the financial statements in sufficient detail to detect similar errors in future periods.
Status: Open: Resolved.
6
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 6: NRC management should perform reviews of all software, including fully amortized IUS, throughout the year to verify the accuracy of the information reported and ensure disposals of property are recorded in a timely manner.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the reviews of software.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC performs reviews of all software, including fully amortized Internal Use Software (IUS), throughout the year to verify the accuracy of the information reported and ensure disposals of property are recorded in a timely manner.
Status: Open: Resolved.
7
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 7: a. NRC management should enhance its review procedures to include which documentation should be used in the imputed financing calculations.
- b. NRC management should perform the review of the imputed costs calculation and related disclosures in sufficient detail to detect any errors.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the preparation and review of imputed financing.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC a.) enhances its review procedures to include which documentation should be used in the imputed financing calculations; and, b.) performs the review of the imputed costs calculation and related disclosures in sufficient detail to detect any errors.
Status: Open: Resolved.
8
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 8: a. NRC management should enforce the execution of its existing control activities to document explanations for identified variances.
- b. NRC management should implement processes and controls which verify that leasehold improvements are depreciated using the appropriate useful life and in operation date, in accordance with the managements policy.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the review of future lease payments, including coordinating with the Office of Administration.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC a.) enforces the execution of its existing control activities to document explanations for identified variances; and, b.) implements processes and controls which verify that leasehold improvements are depreciated using the appropriate useful life and in operation date, in accordance with the managements policy.
Status: Open: Resolved.
9
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 9: NRC management should enhance its fluctuation analysis control by requiring the explanations documented are supported by underlying business events, therefore connecting changes in the agencys accounting records to its business environment and operations.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the fluctuation analysis process.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC enhances its fluctuation analysis control by requiring the explanations documented are supported by underlying business events, therefore connecting changes in the agencys accounting records to its business environment and operations.
Status: Open: Resolved.
10
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 10: a. NRC management should improve its processes for reviewing and adjusting aged/stale obligations.
- b. NRC management should improve its processes to only record an obligation in the accounting system when a legal obligation exists and appropriately retain supporting documentation.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the process to oversee obligations.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC a.) improves its processes for reviewing and adjusting aged/stale obligations; and, b.) improves its processes to only record an obligation in the accounting system when a legal obligation exists and appropriately retains supporting documentation.
Status: Open: Resolved.
11
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 11: Periodically review the segregation of duties matrix and update it to reflect relevant changes in business processes or role configurations within the application.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will periodically review the segregation of duties matrix for FAIMIS.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC periodically reviews the segregation of duties matrix and updates it to reflect relevant changes in business processes or role configurations within the application.
Status: Open: Resolved.
12
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 12: Include a justification for the conflicting roles that reference to compensating controls in place for the requested conflicting roles as part of requests for conflicting roles to be granted to a FAIMIS user.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will include a justification for conflicting roles for FAIMIS.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC includes a justification for the conflicting roles that reference to compensating controls in place for the requested conflicting roles as part of requests for conflicting roles to be granted to a FAIMIS user.
Status: Open: Resolved.
13
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 13: Log and review any conflicting transactions performed by users with authorized conflicting roles to determine if the conflicting transactions were in fact authorized.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will review conflicting transactions in FAIMIS.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC logs and reviews any conflicting transactions performed by users with authorized conflicting roles to determine if the conflicting transactions were in fact authorized.
Status: Open: Resolved.
14
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 14: Validate temporary role assignments as a part of the bi-annual user access review to ensure they were removed on a timely basis.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the bi-annual review process for FAIMIS.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC validates temporary role assignments as a part of the bi-annual user access review to ensure they were removed on a timely basis.
Status: Open: Resolved.
15
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 15: Review administrator logged activity and document log activities that would require further investigation.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will review administrator logged activity for FAIMIS.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC reviews administrator logged activity and documents log activities that would require further investigation.
Status: Open: Resolved.
16
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 16: Implement the technical capability to disable or remove users who are inactive for greater than the organizationally defined threshold of 90 days.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will review the feasibility of a technical capability to remove users in FAIMIS.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC implements the technical capability to disable or remove users who are inactive for greater than the organizationally defined threshold of 90 days.
Status: Open: Resolved.
17
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 17: Enhance the periodic recertification of access by ensuring that managers review the access privileges of their staff against the most current segregation of duties matrix to ensure the roles currently assigned conform to policy. In addition, we recommend the help desk documents the removal of roles that management has noted as unnecessary and communicates the confirmation with management that the users roles were removed.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will enhance the recertification of access process for FAIMIS.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC enhances the periodic recertification of access by ensuring that managers review the access privileges of their staff against the most current segregation of duties matrix to ensure the roles currently assigned conform to policy. In addition, when the help desk documents the removal of roles that management has noted as unnecessary and communicates the confirmation with management that the users roles were removed.
Status: Open: Resolved.
18
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 18: Enhance the process to help ensure that STAQS Access Request Forms are completed and retained.
Agency Response Dated December 3, 2021: Agree. The Office of the Chief Financial Officer will improve the process for STAQS access request forms.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC enhances the process to help ensure that STAQS Access Request Forms are completed and retained.
Status: Open: Resolved.
19
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 19: Enhance the process to help ensure that NRC Form 270 is completed and retained for each employee that is separated from the NRC.
Agency Response Dated December 3, 2021: Agree. The office of the Human Capital Officer will improve the NRC Form 270 process.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC enhances the process to help ensure that NRC Form 270 is completed and retained for each employee that is separated from the NRC.
Status: Open: Resolved.
20