ML22230B804
| ML22230B804 | |
| Person / Time | |
|---|---|
| Issue date: | 08/18/2022 |
| From: | Rivera E NRC/OIG/AIGA |
| To: | Dan Dorman, Clay Johnson NRC/EDO, NRC/OCFO |
| References | |
| OIG-22-A-03 | |
| Download: ML22230B804 (20) | |
Text
MEMORANDUM DATE: August 18, 2022 TO: Daniel H. Dorman Executive Director for Operations Cherish K. Johnson Chief Financial Officer FROM: Eric Rivera /RA/
Acting Assistant Inspector General for Audits
SUBJECT:
STATUS OF RECOMMENDATIONS: RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 (OIG-22-A-03)
REFERENCE:
CHIEF FINANCIAL OFFICER, OFFICE OF THE CHIEF FINANCIAL OFFICER, MEMORANDUM DATED JULY 20, 2022 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendation as discussed in the agencys response dated July 20, 2022. Based on this response, recommendations 1 through 8 and 10 through 19 are now closed. Recommendation 9 remains open and resolved. Please provide an updated status of the open, resolved recommendation by October 21, 2022.
If you have any questions or concerns, please call me at (301) 415-5915 or Terri Cooper, Team Leader, at (301) 415-5965.
Attachment:
As stated cc: M. Bailey, OEDO E. Stahl, OEDO J. Jolicoeur, OEDO RidsEdoMailCenter Resource OIG Liaison Resource EDO_ACS Distribution NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 www.nrcoig.oversight.gov
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 1: NRC management should enhance their controls processes over the compilation and preparation of the Agencys quarter-end and year-end financial statements to prevent or timely detect errors to their financial statements and the related note disclosures. Thorough and robust review of the financial statements and related note disclosures should be completed considering the latest requirements of OMB A-136.
Agency Response Dated July 20, 2022: OCFO has reviewed and improved the financial statement preparation process. The financial statement templates were reviewed for consistency with latest OMB Circular A-136 and were updated where required or needed. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed and verified the financial statement preparation process were updated for consistency with the latest OMB Circular A-136 guidance. This recommendation is now closed.
Status: Closed.
2
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 2: a. NRC management should update the instructions for the Accounts Payable Accrual Estimation Reconciliation to more clearly indicate that the validated amounts should be used rather than the previously estimated accrual amounts.
- b. NRC management should review the accounts payable reconciliation in sufficient detail to detect errors in the application of the estimation methodology.
Agency Response Dated July 20, 2022: OCFO has updated the checklist and procedures for the Accounts Payable Accrual Estimation Reconciliation to clearly indicate that validated amounts should be used. The updated checklist and procedures emphasize the proper level of review that should be conducted. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed the updated checklist and procedures for the Accounts Payable Accrual Estimation Reconciliation and verified that a step was included to use validated amounts. This recommendation is now closed.
Status: Closed.
3
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 3: a. NRC management should update the instructions for the Computation of Allowances for Losses portion of the Unbilled Revenue Accrual and Reconciliation Checklist to include more detailed descriptions of the parameters needed when generating reports used in the calculation process.
- b. NRC management should conduct its review of the calculation of Accounts Receivable - Non-Federal - Allowance for Uncollectable Accounts in sufficient detail to detect errors in the calculation.
- c. NRC management should implement stronger controls over the Unbilled Accounts Receivable calculation process and related reviews.
Agency Response Dated July 20, 2022: OCFO has updated the Computation of Allowances for Losses portion of the Unbilled Revenue Accrual and Reconciliation Checklist to include more detail on report generation and the calculation methodology has been updated, reviewed, and validated by management. The updated checklist emphasizes the proper level of review that should be conducted. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed the instructions for the Computation of Allowances for Losses portion of the Unbilled Revenue Accrual and Reconciliation Checklist and verified the checklist included more detail on report generation and the calculation methodology as well as steps to detects errors in the calculation. This recommendation is now closed.
Status: Closed.
4
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 4: NRC management should develop the ability to generate a complete and accurate listing of ULOs in a format which allows for appropriate oversight and review. The report should contain all ULOs at the individual obligation level and be reconciled to the GL with any reconciling items supported by appropriate documentation.
Agency Response Dated July 20, 2022: OCFO has updated the unliquidated obligations management report. The updated report contains unliquidated obligations at the individual level and reconciles to the general ledger. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed the unliquidated obligations management report and verified the updated report contains unliquidated obligations at the individual level and reconciles to the general ledger. This recommendation is now closed.
Status: Closed.
5
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 5: a. NRC management should implement controls to prevent postings in FAIMIS resulting in a negative obligation.
- b. NRC management should increase management review and scrutiny over correcting entries before entries are posted.
- c. NRC management should review the financial statements in sufficient detail to detect similar errors in future periods.
Agency Response Dated July 20, 2022: OCFO implemented controls to prevent postings in FAIMIS resulting in negative obligations in FY 2015. Financial Statement checklists have been updated to emphasizes the proper level of review that should be conducted. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed the financial statement checklists and noted that steps were included to prevent postings improper postings in FAIMIS as well as steps to increase management review. This recommendation is now closed.
Status: Closed.
6
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 6: NRC management should perform reviews of all software, including fully amortized IUS, throughout the year to verify the accuracy of the information reported and ensure disposals of property are recorded in a timely manner.
Agency Response Dated July 20, 2022: OCFO has reviewed the internal use software records to ensure that they are accurate and up to date. Additionally, OCFO has implemented quarterly meetings with the major offices to discuss the status of internal use software projects. Additionally, tickets are issued to the offices quarterly to request updates to internal use software. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed the OCFOs supporting documentation for internal use software review and verified the OCFOs implementation of quarterly meetings. This recommendation is now closed.
Status: Closed 7
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 7: a. NRC management should enhance its review procedures to include which documentation should be used in the imputed financing calculations.
- b. NRC management should perform the review of the imputed costs calculation and related disclosures in sufficient detail to detect any errors.
Agency Response Dated July 20, 2022: OCFO has updated the imputed financing procedures and updated the calculation methodology. The updated procedures emphasize the proper level of review that should be conducted. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed the imputed financing procedures and verified the calculation methodology was updated to include imputed cost documentation in the review, and the procedures included proper level of management review. This recommendation is now closed.
Status: Closed.
8
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 8: a. NRC management should enforce the execution of its existing control activities to document explanations for identified variances.
- b. NRC management should implement processes and controls which verify that leasehold improvements are depreciated using the appropriate useful life and in operation date, in accordance with the managements policy.
Agency Response Dated July 20, 2022: OCFO has reviewed and updated leasehold improvement documentation to ensure amounts are properly supported, correct useful life and in operation dates are being used and references to supporting documents are accurate. The updated documentation emphasizes the proper level of review that should be conducted.
We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed the updated leasehold improvement documentation to determine if the controls and procedures that were implemented identified variances and accurately recorded depreciation. This recommendation is now closed.
Status: Closed.
9
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 9: NRC management should enhance its fluctuation analysis control by requiring the explanations documented are supported by underlying business events, therefore connecting changes in the agencys accounting records to its business environment and operations.
Agency Response Dated July 20, 2022: OCFO will work with NRC offices to better determine the causes of account fluctuations. The updated fluctuation language will be included in the quarter 3 FY2022 financial statements which will be completed by the end of August 2022.
OIG Analysis: The proposed actions meet the intent of the recommendation. The OIG will close this recommendation when the NRC enhances its fluctuation analysis control by requiring the explanations documented are supported by underlying business events, therefore connecting changes in the agencys accounting records to its business environment and operations.
Status: Open: Resolved.
10
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 10: a. NRC management should improve its processes for reviewing and adjusting aged/stale obligations.
- b. NRC management should improve its processes to only record an obligation in the accounting system when a legal obligation exists and appropriately retain supporting documentation.
Agency Response Dated July 20, 2022: OCFO has included language in the monthly allowance holder certification to emphasize the review of aged unliquidated obligations. This certification includes a statement that the open obligations are accurate, including aged obligations. Additionally, ADM implemented a focused effort to eliminate the contract close out backlog. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed supporting documentation provided to ensure processes were improved for reviewing and adjusting aged/stale obligations and to only record an obligation in the accounting system when a legal obligation exists and appropriately retain supporting documentation. This recommendation is now closed.
Status: Closed.
11
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 11: Periodically review the segregation of duties matrix and update it to reflect relevant changes in business processes or role configurations within the application.
Agency Response Dated July 20, 2022: OCFO has incorporated the review of the segregation of duties matrix as part of the bi-annual FAIMIS user access review. We believe that these actions close this recommendation.
OIG Analysis: The OIG verified the reviewing of the segregation of duties matrix will be included as part of the bi-annual FAIMIS user access review. This recommendation is now closed.
Status: Closed.
12
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 12: Include a justification for the conflicting roles that reference to compensating controls in place for the requested conflicting roles as part of requests for conflicting roles to be granted to a FAIMIS user.
Agency Response Dated July 20, 2022: OCFO documents the rationale and compensating controls when users have conflicting security roles. This documentation is included in the bi-annual FAIMIS user access review. We believe that these actions close this recommendation.
OIG Analysis: The OIG determined the rationale and compensating controls were documented in the bi-annual FAIMIS user review. This recommendation is now closed.
Status: Closed.
13
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 13: Log and review any conflicting transactions performed by users with authorized conflicting roles to determine if the conflicting transactions were in fact authorized.
Agency Response Dated July 20, 2022: OCFO reviews conflicting transactions to assess risks and remediate, if necessary, as part of the bi-annual FAIMIS user access review. We believe that these actions close this recommendation.
OIG Analysis: The OIG verified conflicting transactions to assess risks and remediate were reviewed in the bi-annual FAIMIS user access review. This recommendation is now closed.
Status: Closed.
14
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 14: Validate temporary role assignments as a part of the bi-annual user access review to ensure they were removed on a timely basis.
Agency Response Dated July 20, 2022: OCFO reviews temporary role assignments and confirms such access has been revoked in a timely manner, as part of the FAIMIS bi-annual user access review. We believe that these actions close this recommendation.
OIG Analysis: The OIG verified temporary role assignments are reviewed and access is revoked in the FAIMIS bi-annual user access review.
This recommendation is now closed.
Status: Closed.
15
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 15: Review administrator logged activity and document log activities that would require further investigation.
Agency Response Dated July 20, 2022: OCFO reviews the help desk audit log report and documents any activities that may require additional investigation as part of the bi-annual FAIMIS user access review. We believe that these actions close this recommendation.
OIG Analysis: The OIG verified the help desk audit log report is reviewed and activities that may require additional investigation are documented in the bi-annual FAIMIS user access review. This recommendation is now closed.
Status: Closed.
16
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 16: Implement the technical capability to disable or remove users who are inactive for greater than the organizationally defined threshold of 90 days.
Agency Response Dated July 20, 2022: OCFO has implemented scripts to automatically inactivate users.
We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed supporting documentation that demonstrates scripts are implemented to automatically inactivate users. This recommendation is now closed.
Status: Closed.
17
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 17: Enhance the periodic recertification of access by ensuring that managers review the access privileges of their staff against the most current segregation of duties matrix to ensure the roles currently assigned conform to policy. In addition, we recommend the help desk documents the removal of roles that management has noted as unnecessary and communicates the confirmation with management that the users roles were removed.
Agency Response Dated July 20, 2022: OCFO has enhanced the periodic recertification of access by ensuring that managers review the access privileges of their staff against the most current segregation of duties matrix and documents this as part of the bi-annual FAIMIS user access review. We believe that these actions close this recommendation.
OIG Analysis: The OIG reviewed supporting documentation that demonstrates that managers review the access privileges of their staff against the most current segregation of duties matrix and documents this in the bi-annual FAIMIS user access review. This recommendation is now closed.
Status: Closed.
18
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 18: Enhance the process to help ensure that STAQS Access Request Forms are completed and retained.
Agency Response Dated July 20, 2022: The process for retaining STAQS Access Request Forms has been updated. A STAQS Help Desk Operating Procedure was established requiring all completed STAQS Access Request Forms to be stored with the initial request in the Help Desk Ticketing System. STAQS User Access Forms are also stored in a SharePoint repository. We believe that these actions close this recommendation.
OIG Analysis: The OIG verified the process for completing and retaining STAQS Access Request Forms is updated. This recommendation is now closed.
Status: Closed.
19
Audit Report RESULTS OF THE AUDIT OF THE NUCLEAR REGULATORY COMMISSIONS FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 OIG-22-A-03 Status of Recommendations Recommendation 19: Enhance the process to help ensure that NRC Form 270 is completed and retained for each employee that is separated from the NRC.
Agency Response Dated July 20, 2022: OCIO/OCHCO has automated the NRC Form 270 and is currently in use. This supports improved tracking and capture of the forms.
OCHCO launched the automated form on December 1, 2021 and is running a parallel process allowing employees to use either the automated or paper form. The paper form will be retired March 2023.
OIG Analysis: The OIG verified the NRC Form 270 is now automated. This recommendation is now closed.
Status: Closed.
20