ML22279B047
| ML22279B047 | |
| Person / Time | |
|---|---|
| Issue date: | 10/05/2022 |
| From: | Virkar H NRC/OIG/AIGA, OIG Watch |
| To: | Biggins J Defense Nuclear Facilities Safety Board, NRC/EDO |
| Cooper T | |
| References | |
| DNFSB-22-A-05 | |
| Download: ML22279B047 (3) | |
Text
MEMORANDUM DATE: October 05, 2022 TO: James Biggins Acting Executive Director of Operations FROM: Hruta Virkar, CPA /RA/
Assistant Inspector General for Audits
SUBJECT:
STATUS OF RECOMMENDATION: AUDIT OF THE DEFENSE NUCLEAR FACILITIES SAFETY BOARD'S FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 (DNFSB-22-A-05)
REFERENCE:
OFFICE OF THE GENERAL MANAGER, MEMORANDUM DATED SEPTEMBER 20, 2022 Attached is the Office of the Inspector Generals (OIG) analysis and status of the recommendation as discussed in the agencys response dated September 20, 2022.
Based on this response, all recommendations are now closed.
If you have any questions or concerns, please call me at (301) 415-1982 or Terri Cooper, Team Leader, at (301) 415-5965.
Attachment:
As stated cc: T. Tadlock O. Fawole NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 www.nrcoig.oversight.gov
RESULTS OF THE AUDIT OF THE DEFENSE NUCLEAR FACILITIES SAFETY BOARD'S FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 (DNFSB-22-A-05)
Status of Recommendations Recommendation 1: Review of the Service Organization Control (SOC 1) Reports.
We recommend the DNFSB implements policies and procedures to perform monitoring of the NFC, including obtaining and reviewing the SOC 1 report and appropriately implementing CUECs, as needed. Management should maintain evidence of its review of the USDA SOC 1 report and ensure all CUECs are implemented and operate effectively.
Agency Response Dated September 20, 2022: DNFSB developed the attached Service Provider, and Complimentary User Entity Controls Monitoring process narratives. The process narrative includes policies and procedures to perform monitoring of the USDA and NFC, including obtaining and reviewing the System and Organization Controls (SOC) 1 report and appropriately implementing CUECs, as needed. The Division of Budget and Finance (DBF) recently received and is reviewing the attached SOC 1, Type 2 Report on USDAs Description of Its Pegasys Financial System, Suitability of Design, and Operating effectiveness of Controls for the Period of July 1, 2021, through June 30, 2022. As stated in the process narrative, In FY2023, DBF will map CUEC to DNFSB controls. For all CUECs that are not mapped to a DNFSB control, DBF will document control gaps within the process narrative and develop corresponding self-identified deficiencies (SIDs) for all CUEC-related control gaps.
NFC has yet to provide its SOC 1 report, but in the meantime, the Division of Human Resources meets weekly with the NFC service provider to discuss Human Resources transactions, initiatives, and reports. Reports are used in executing HR tasks. Errors identified in the reports are communicated to NFC and resolved collaboratively. Sample meeting dates and agenda topics are attached.
DNFSB requests that this recommendation be closed. As evidenced, we have a robust process in place for monitoring our service providers.
2
RESULTS OF THE AUDIT OF THE DEFENSE NUCLEAR FACILITIES SAFETY BOARD'S FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 (DNFSB-22-A-05)
Status of Recommendations Recommendation 1 (contd):
OIG Analysis: OIG has reviewed DNFSBs policies and procedures for the monitoring of the National Finance Centers (NFC) SOC 1 reports, including obtaining and reviewing the SOC 1 report and appropriately implementing CUECs, as needed. DNFSB now also maintains evidence of its review of the USDA SOC 1 report and ensures CUECs are implemented and operate effectively. Based on this response, the recommendation is now closed.
Status: Closed.
3