Text

Audit of the Nuclear Regulatory Commissions Fiscal Year 2021 Compliance with Improper Payment Laws OIG 22-A-08 June 6, 2022 NRC All publicly Headquarters available l 11555including OIG reports, Rockville this Pikereport, l Rockville, Maryland 20852 are accessible l 301.415.5930 through the OIGs website at:

www.nrcoig.oversight.gov https://nrcoig.oversight.gov/

MEMORANDUM DATE: June 6, 2022 TO: Chairman Christopher T. Hanson Digitally signed by Robert FROM: Robert J. Feitel Robert J. J. Feitel Date: 2022.06.06 Inspector General Feitel 14:00:34 -04'00'

SUBJECT:

AUDIT OF THE NRCS FISCAL YEAR 2021 COMPLIANCE WITH IMPROPER PAYMENT LAWS (OIG 22-A-08)

Attached is the Office of the Inspector Generals (OIG) report titled Audit of the NRCs Fiscal Year 2021 Compliance with Improper Payment Laws.

The report presents the results of the subject audit. Following issuance of the discussion draft, NRC staff indicated that they had no formal comments for inclusion in this report.

We appreciate the cooperation extended to us by members of the Nuclear Regulatory Commission staff during the audit. If you have any questions or comments about our report, please contact me at (301) 415-5930, or Eric Rivera, Acting Assistant Inspector General for Audits, at (301) 415-5915.

Attachment:

As stated cc: Commissioner Baran Commissioner Wright NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 www.nrcoig.oversight.gov

I. BACKGROUND Improper Payment Law Enacted in 2020, the Payment Integrity Information Act of 2019 (PIIA) requires executive agencies to periodically review all programs and activities an agency administers and identify all programs and activities with outlays exceeding $10 million that may be susceptible to significant improper payments. The review should occur not less than once every three years for each program and activity. The PIIA requires the Office of the Inspector General (OIG) of each executive agency to annually determine agency compliance.

Each executive agency must complete the following, if applicable, for PIIA compliance:

Publish improper payments information with the annual financial statement of the executive agency for the most recent fiscal year and post the statement on the agency website with any accompanying materials required by the Office of Management and Budget (OMB);

Conduct a program specific risk assessment for each program or activity that meets the PIIA requirements; Publish improper payments estimates in the accompanying materials to the annual financial statement; Publish programmatic corrective action plans; Publish improper payments reduction targets for programs and activities assessed to be at risk; and, Report an improper payment rate of less than 10 percent for each program and activity where an estimate was published.

Federal Improper Payment Guidance for Executive Agencies On March 5, 2021, the OMB issued Memorandum M-21-19, Appendix C to OMB Circular A-123, Requirements for Payment Integrity Improvement. In addition, OMB Circular A-136 establishes additional payment integrity reporting requirements for executive agencies. Table 1 of this report lists the OMB requirements that correspond with the PIIA compliance requirements.

1

II. OBJECTIVES The objectives of this audit were to assess the Nuclear Regulatory Commissions (NRCs) compliance with the PIIA and report any material weaknesses in internal control. Appendix A of this report contains information on the audit scope and methodology.

III. FINDING The NRC is compliant with the PIIA and does not have any material weaknesses in internal control. The NRC reported the required information and conducted the mandated risk assessment. The OIG concluded that agency reporting of improper payments is accurate and complete, as noted in Table 1.

Compliance with Improper Payment Laws The OIG determined for fiscal year (FY) 2021 the NRC is compliant with the PIIA requirements, as demonstrated in Table 1.

2

Table 1: The NRCs FY 2021 Compliance with the PIIA Program Name Commercial Grant Employee Government Compliance Requirements Payroll Payments Payments Payments Charge Card 1a. Published payment integrity information with the annual financial Compliant Compliant Compliant Compliant Compliant statement 1b. Posted the annual financial statement and accompanying Compliant Compliant Compliant Compliant Compliant materials on the agency website 2a. Conducted Improper Payment (IP) risk assessments for each program with annual outlays greater Compliant Compliant Compliant Compliant Compliant than $10,000,000 at least once in the last three years 2b. Adequately concluded whether the program is likely to make IPs and Compliant Compliant Compliant Compliant Compliant Unknown Payments (UP) above or below the statutory threshold

3. Published IP and UP estimates for N/A N/A N/A N/A N/A programs susceptible to significant IPs in the accompanying materials to the annual financial statement

4. Published corrective action plans N/A N/A N/A N/A N/A for each program for which an estimate above the statutory threshold was published in the accompanying materials to the annual financial statement 5a. Published IP and UP reduction N/A N/A N/A N/A N/A target for each program for which an estimate above the statutory threshold was published in the accompanying materials to the annual financial statement 5b. Has demonstrated improvements N/A N/A N/A N/A N/A to payment integrity or reached a tolerable IP and UP rate 5c. Has developed a plan to meet the N/A N/A N/A N/A N/A IP and UP reduction target

6. Reported an IP and UP estimate of N/A N/A N/A N/A N/A less than 10% for each program for which an estimate was published in the accompanying materials to the annual financial statement Source: OIG-generated from OMB M-21-19 requirements Two of the six OMB requirements depicted in Table 1 were applicable to the NRC. Per Appendix C to OMB Circular A-123, the NRC is required to publish payment integrity information with the annual financial statement and publish the annual financial statement and any accompanying materials required by the OMB on the agency website.

The NRC complied with these requirements by including sufficient improper payment information in its FY 2021 Agency Financial Report.

3

The PIIA requires agencies to triennially review all programs and activities that meet the statutory threshold to determine susceptibility to significant improper payments. In FY 2020, the NRC hired a contractor, Castro & Company, LLC, to conduct a risk assessment of programs selected by management to determine if any were susceptible to making significant improper payments. Based on the contractors qualitative and quantitative risk assessment, the NRC did not identify any programs susceptible to significant improper payments. The NRC is not due to complete another risk assessment until FY 2023 and did not report any new programs or activities meeting the statutory threshold for FY 2021. Therefore, the NRC complied with the risk assessment requirements.

4

IV. NRC COMMENTS NRC management reviewed a discussion draft, stated their general agreement, and had no formal comments for inclusion in this report.

5

Appendix A OBJECTIVES, SCOPE, AND METHODOLOGY Objectives The objectives of this audit were to assess the NRCs compliance with the PIIA and report any material weaknesses in internal control.

Scope The audit focused on improper payment compliance for FY 2021. We conducted this audit at the NRC headquarters in Rockville, Maryland, from February through May 2022.

Components of internal controls related to the audit objective were reviewed and analyzed. The OIG reviewed the components of control environment, control activities, information and communication, and monitoring. Within those components, the OIG reviewed the principles of overseeing the internal control system; establishing structure, responsibility, and authority; designing control activities; implementing control activities through policies; using quality information; communicating internally; and, establishing and operating monitoring activities.

Methodology To accomplish the audit objectives, the OIG reviewed agency documents related to the NRCs compliance with the PIIA for FY 2021. The OIG also reviewed applicable federal laws, regulations, and requirements for the PIIA.

Since the NRC is subject to a triennial Appendix C risk assessment, the OIG reviewed the NRCs FY 2020 Improper Payments Risk Assessment report and supporting documentation as part of the review.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

6

Throughout the audit, auditors considered the possibility of fraud, waste, and abuse in the program.

The audit was conducted by Terri Cooper, Team Leader; Felicia Silver, Audit Manager; and Curtis Browne, Senior Auditor.

7

TO REPORT FRAUD, WASTE, OR ABUSE Please

Contact:

Email: Online Form Telephone: 1-800-233-3497 TTY/TDD: 7-1-1, or 1-800-201-7165 Address: U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852 COMMENTS AND SUGGESTIONS If you wish to provide comments on this report, please email the OIG using this link.

In addition, if you have suggestions for future OIG audits, please provide them using this link.

8