Text

The Office of the Inspector Generals Fiscal Year 2023 Annual Plan for the U.S. Nuclear Regulatory Commission, Dated November 8, 2022
	ML22313A074
Person / Time
Issue date:	11/08/2022
From:	Feitel R; NRC/OIG
To:	Christopher Hanson; NRC/Chairman
References
	Download: ML22313A074 (1)
	v • d • e

Office of the Inspector General U.S. Nuclear Regulatory Commission Annual Plan Fiscal Year 2023

i FOREWORD I am pleased to present the Office of the Inspector Generals (OIG) fiscal year (FY) 2023 Annual Plan for our work pertaining to the U.S. Nuclear Regulatory Commission (NRC). The Annual Plan provides the audit and investigative strategies and associated summaries of the specific work planned for the coming year. In addition, it sets forth the OIGs formal process for identifying priority issues and managing its workload and resources for FY 2023. Effective April 1, 2014, the NRC OIG was also assigned to serve as the OIG for the Defense Nuclear Facilities Safety Board; a separate document contains the OIGs annual plan for our work pertaining to that agency.

The NRCs mission is to license and regulate the nations civilian use of radioactive materials to provide reasonable assurance of adequate protection of public health and safety, promote the common defense and security, and protect the environment. The OIG is committed to overseeing the integrity of the NRCs programs and operations.

Developing an effective planning strategy is a critical aspect of accomplishing this commitment. In addition, such planning ensures that the OIG uses audit and investigative resources efficiently.

The OIG prepared this Annual Plan to align with the OIGs Strategic Plan for FYs 2019-2023, which is based, in part, on an assessment of the strategic challenges facing the NRC. The Strategic Plan identifies the OIGs priorities and establishes a shared set of expectations regarding the goals we expect to achieve and the strategies we will employ over that timeframe. The OIG based this Annual Plan on the foundation of the Strategic Plan and the Inspector Generals Assessment of the Most Serious Management and Performance Challenges Facing the Nuclear Regulatory Commission in Fiscal Year 2023. The OIG sought input from the NRC Chair, the other NRC Commissioners, NRC headquarters and regional managers, and members of Congress in developing this Annual Plan.

We have programmed all available resources to address the matters identified in this plan. This approach maximizes the use of our resources.

However, it is sometimes necessary to modify this plan as circumstances, priorities, or resources warrant in response to a changing environment.

Robert J. Feitel Inspector General Robert J. Feitel NRC and DNFSB Inspector General

ii TABLE OF CONTENTS MISSION AND AUTHORITY.............................................................................................. 1 PLANNING STRATEGY...................................................................................................... 2 AUDIT AND INVESTIGATION OVERVIEW..................................................................... 3 AUDIT STRATEGY.................................................................................................. 4 INVESTIGATION STRATEGY................................................................................. 5 PERFORMANCE MEASURES............................................................................................ 6 OPERATIONAL PROCESSES............................................................................................. 7 AUDITS.................................................................................................................... 7 INVESTIGATIONS................................................................................................... 9 HOTLINE................................................................................................................12 APPENDICES A. NUCLEAR SAFETY AND SECURITY AUDITS PLANNED FOR FY 2023 Audit of NRC Processes for Deploying Reactive Inspection Teams............... A-1 Audit of NRC Safety Inspections at Research and Test Reactors.................. A-3 Audit of the NRCs Oversight of Long-Lived Reactor Component Aging Management................................................................................................... A-4 Audit of the NRCs Topical Report Process.................................................... A-5 Audit of the NRCs Reactor Operator Licensing Examination Process......... A-6 Audit of the NRCs Oversight of Irretrievable Well Logging Source Abandonments................................................................................................ A-8 Audit of the NRCs Security Oversight of Category 1 and Category 2 Quantities of Radioactive Material................................................................................... A-9 Audit of the NRCs Uranium Recovery Licensing Process............................ A-11 Audit of the NRCs Web-Based Licensing System........................................ A-13 Audit of the NRCs Inspection Program for Decommissioning Reactors.... A-14 Audit of the NRCs Oversight of Decommissioning License Transfers........ A-15 B. CORPORATE MANAGEMENT AUDITS PLANNED FOR FY 2023 Audit of the NRCs Fiscal Year 2022 Financial Statements............................ B-1

iii Audit of the NRCs Fiscal Year 2023 Financial Statements and Compliance with Improper Payment Laws........................................................................ B-2 Audit of the NRCs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023........................................... B-3 Audit of the NRCs Information Technology Services and Support.............. B-4 Audit of the NRCs Process for Announcing Technical Staff Vacancies........ B-5 Audit of the NRCs Travel Charge Card Program...........................................B-7 Audit of the NRCs Oversight of the Agencys Federally Funded Research and Development Center Contract........................................................................ B-8 Audit of the NRCs Equal Employment Opportunity Program..................... B-9 Audit of the NRCs Differing Professional Opinions Program......................B-10 Audit of the NRCs Personnel Vetting Process.............................................. B-11 Audit of the NRCs Voluntary Leave Transfer Program............................... B-13 Audit of the NRCs Process for Granting Discounted License Fees to Small Entities........................................................................................................... B-15 Audit of the NRCs Knowledge Management Program................................ B-16 Defense Contract Audit Agency Audits........................................................ B-17 C. INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2023 INTRODUCTION - PRIORITIES AND OBJECTIVES.................................. C-1 INITIATIVES.................................................................................................. C-2 ALLOCATION OF RESOURCES.................................................................... C-4 D. ABBREVIATIONS AND ACRONYMS............................................................. D-1

1 MISSION AND AUTHORITY The NRC OIG was established on April 15, 1989, pursuant to Inspector General Act Amendments contained in Public Law 100-504. The OIGs mission is to provide independent and objective oversight of the NRCs operations in order to protect people and the environment. To fulfill its mission, the OIG:

Conducts and supervises independent audits and investigations of agency programs and operations;

Promotes economy, effectiveness, and efficiency within the agency;

Prevents and detects fraud, waste, abuse, and mismanagement in agency programs and operations;

Develops recommendations regarding existing and proposed regulations relating to agency programs and operations; and,

Keeps the agency head and Congress fully and currently informed about problems and deficiencies relating to agency programs.

The Inspector General Act also requires the Inspector General (IG) to prepare a semiannual report to the NRC Chair and Congress summarizing the activities of the OIG.

The Reports Consolidation Act of 2000 (Public Law 106-531) requires the OIG to annually update our assessment of the NRCs most serious management and performance challenges facing the agency and the agencys progress in addressing those challenges. This assessment supports the execution of the OIGs mission and is an important component of the OIGs Annual Plan development. The IG identified the following as the most serious management and performance challenges facing the NRC for FY 2023: 1

1. Ensuring safety while transforming into a modern, risk-informed regulator;

2. Overseeing the decommissioning process and the management of decommissioning trust funds;

3. Strengthening NRC readiness to respond to future mission-affecting disruptions; 1 This Annual Plan notes these challenges without any ranking order of importance.

2

4. Advancing readiness to license and regulate new technologies in reactor design, fuels, and plant controls, and maintaining the integrity of the associated intellectual property;

5. Ensuring the effective acquisition, management, and protection of information technology and data;

6. Implementing strategic workforce planning during transformation and industry change;

7. Overseeing materials, waste, and the National Materials Program;

8. Managing financial and acquisitions operations to enhance transparency and fiscal prudence;

9. Reinforcing the NRCs readiness to address cyber and physical security threats to critical national infrastructure sectors impacting the NRCs public health and safety mission and/or NRC licensees; and,

10. Maintaining public outreach to continue strengthening the agencys regulatory process.

All audits and evaluations that the OIG initiates in FY 2023 will take into account these revised management and performance challenges.

Through its Issue Area Monitoring program, and the conduct of audits and investigations, OIG staff monitor agency performance on these management and performance challenges. In conjunction with the OIGs strategic goals, these challenges serve as an important basis for deciding which audits and evaluations to conduct each fiscal year.

PLANNING STRATEGY The OIG links the FY 2023 Annual Plan with the OIGs Strategic Plan for FYs 2019-2023. The Strategic Plan identifies the significant challenges and critical risk areas facing the NRC so that the IG may direct optimum resources to these areas.

The Strategic Plan recognizes the mission and functional areas of the agency and the significant challenges the agency faces in successfully implementing its regulatory program. The plan presents strategies for reviewing and evaluating NRC programs under the strategic goals that the OIG established. The OIGs strategic goals are to:

3

Strengthen the NRCs efforts to protect public health and safety and the environment;

Enhance the NRCs efforts to increase security in response to an evolving threat environment; and,

Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

To ensure that each audit and evaluation carried out by the OIG aligns with the Strategic Plan, program areas selected for audit and evaluation have been crosswalked from the Annual Plan to the Strategic Plan. See the planned audits in appendices A and B.

AUDIT AND INVESTIGATION OVERVIEW The NRCs FY 2023 budget request is $929.2 million, including 2879.6 full-time equivalent employees, which represents the total cost of agency programs. The agency has a significant role in enhancing nuclear safety and security throughout the world.

The NRC is headquartered in Rockville, Maryland, just outside of Washington, DC, and has four regional offices in Pennsylvania, Georgia, Illinois, and Texas.

It also operates a professional development center in Rockville, Maryland, and a technical training center in Chattanooga, Tennessee.

The agency carries out its mission through various licensing, inspection, research, and enforcement programs. The NRCs responsibilities include regulating:

92 commercial nuclear power reactors operating in 28 states at 54 sites;

74 licensed or operating independent spent fuel storage installations;

30 licensed and operating research and test reactors;

7 operational fuel cycle facility licenses; and,

Approximately 2,200 NRC material licenses.2 2 There are 39 Agreement States that opted to regulate certain radioactive materials under agreements with the NRC. These Agreement States then develop regulations consistent with the NRCs and appoint officials to ensure nuclear materials are used safely and securely. Agreement States oversee approximately 12,000 materials licensees.

4 The audit and investigation oversight responsibilities are, therefore, derived from the agencys wide array of programs, functions, and support activities established to accomplish the NRCs mission.

AUDIT STRATEGY Effective audit planning requires current knowledge about the agencys mission and the programs and activities used to carry out that mission. Accordingly, the OIG continually monitors specific issue areas to strengthen its internal coordination and overall planning processes. Under the offices Issue Area Monitoring program, the OIG assigns responsibilities to staff, designated as issue area monitors, to keep abreast of significant agency programs and activities. The broad Issue Area Monitoring areas address nuclear reactors, nuclear materials, nuclear waste, information management, security, financial and administrative programs, human resources, and international programs.

The OIG Strategic Plan and the identified agency management and performance challenges inform the audit planning process. The synergies yield audit assignments that identify opportunities for efficiency, economy, and effectiveness in NRC programs and operations; detect and prevent fraud, waste, abuse, and mismanagement; improve program and security activities at headquarters and regional locations; and respond to emerging circumstances and priorities. The OIG prioritizes audits based on:

Legislative requirements;

Critical agency risk areas;

Emphasis by the President, Congress, the NRC Chair, or other NRC Commissioners;

Susceptibility of a program to fraud, manipulation, or other irregularities;

Dollar magnitude or other resources involved in the proposed audit area;

Newness, changed conditions, or sensitivity of an organization, program, function, or activity;

Prior audit experience, including the adequacy of internal controls; and,

Availability of audit resources.

5 INVESTIGATION STRATEGY OIG investigation strategies and initiatives add value to agency programs and operations by identifying and investigating fraud, waste, abuse, and mismanagement allegations that may lead to criminal, civil, and administrative penalties, and recoveries. Accordingly, the OIG has designed specific performance targets focusing on effectiveness. Because the NRCs mission is to protect public health and safety, the fundamental investigative concentration involves alleged NRC misconduct or inappropriate actions that could adversely impact health-and safety-related matters. Typically, these investigations include allegations of:

Misconduct by high-ranking and other NRC officials, such as managers and inspectors, whose positions directly impact public health and safety;

Failure by NRC management to ensure that health and safety matters are appropriately addressed;

Failure by the NRC to appropriately transact nuclear regulation;

Conflicts of interest involving NRC employees and NRC contractors and licensees; and,

Management or supervisory retaliation.

The OIG will continue to monitor specific high-risk areas within the NRCs corporate management that are most vulnerable to fraud, waste, abuse, and mismanagement. A significant focus remains on matters that could negatively impact the security and integrity of the NRCs data and operations. This focus will also include efforts to ensure the continued protection of personal privacy information held within agency databases and systems. The OIG is committed to improving the security of the constantly changing electronic business environment by investigating computer-related fraud, waste, and mismanagement through proactive investigations and computer forensic examinations as warranted. Other actions to identify and prevent potential problems will focus on determining instances of procurement fraud and identifying vulnerabilities in NRC daily operations, including theft of property, insider threats, and U.S. government travel and purchase card mismanagement.

6 The OIG will meet with agency internal and external stakeholders to identify actual and potential systemic issues or vulnerabilities as part of these proactive initiatives. This approach enables opportunities to improve agency performance.

With regard to the OIGs strategic goal concerning safety and security, the OIG routinely interacts with public interest groups, individual citizens, industry workers, and NRC staff to identify possible lapses in NRC regulatory oversight that could impact public health and safety. In addition, the OIG conducts proactive reviews into areas of regulatory safety or security to identify emerging issues or address ongoing concerns regarding the quality of the NRCs regulatory oversight. Such assessments might focus on new reactor licensing and license renewals of existing plants, aspects of the transportation and storage of high-level and low-level waste, and decommissioning activities. The OIG also participates in federal cyber, fraud, and other task forces to identify criminal activity targeted against the federal government. Finally, the OIG periodically conducts Event Inquiries and Special Inquiries. Event Inquiry reports document the OIGs examination of events or agency regulatory actions to determine if staff actions may have contributed to the occurrence of an event.

Special Inquiry reports document those instances when an investigation identifies inadequacies in NRC regulatory oversight that may have resulted in a potentially adverse impact on public health and safety.

Appendix C provides investigation objectives and initiatives for FY 2023.

Specific investigations are not included in the plan because the OIGs investigations are primarily responsive to reported violations of law and misconduct by NRC employees and contractors, as well as allegations of irregularities or mismanagement in NRC programs and operations.

PERFORMANCE MEASURES For FY 2023, we will use several key performance measures and targets for gauging the relevance and impact of our audit and investigative work. The OIG calculates these measures relative to each of the OIGs strategic goals to determine how well we are accomplishing our objectives. The performance measures are:

Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency safety, security, or corporate management programs; ratify adherence to agency policies, procedures, or requirements; or identify actual dollar savings or reduced regulatory

7 burden (i.e., high impact);

Percentage of audit recommendations agreed to by the agency;

Percentage of final agency actions taken within 2 years on audit recommendations;

Percentage of OIG investigative products and activities that identify opportunities to improve agency safety, security, or corporate management programs; ratify adherence to agency policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact);

Percentage of agency actions taken in response to investigative reports;

Percentage of active cases completed in less than 18 months on average;

Percentage of closed investigations referred to the U.S. Department of Justice (DOJ) or other relevant authorities; and,

Percentage of closed investigations resulting in indictments, convictions, civil suits or settlements, judgments, administrative actions, monetary results, or IG clearance letters.

OPERATIONAL PROCESSES The following sections detail the approach used to carry out the audit and investigative responsibilities previously discussed.

AUDITS The OIGs audit process comprises the steps taken to conduct audits and involves specific actions, ranging from annual audit planning to audit follow-up activities. The underlying goal of the audit process is to maintain an open channel of communication between the auditors and NRC officials to ensure that audit findings are accurate and fairly presented in the audit report. The OIG performs the following types of audits:

Performance audits focus on NRC administrative and program operations and evaluate the effectiveness and efficiency with which managerial responsibilities are carried out, including whether the programs achieve intended results;

Financial audits, which include the financial statement audit required by the Chief Financial Officers Act, attest to the reasonableness of the NRCs

8 financial statements, and evaluate financial programs; and,

Contract audits evaluate the costs of goods and services procured by the NRC from commercial enterprises.

The audit process comprises the following steps:

1. Audit Planning - Each year, the OIG solicits suggestions from Congress, the Commission, agency management, external parties, and OIG staff. It develops this Annual Plan and distributes it to interested parties. The Annual Plan lists the audits planned to be initiated during the year and their general objectives. The annual Audit Plan is a living document that may be revised as circumstances warrant, with a subsequent redistribution of staff resources;

2. Audit Notification - The OIG formally notifies the office responsible for a specific program, activity, or function of its intent to begin an audit of that program, activity, or function;

3. Entrance Conference - The OIG meets with agency officials to advise them of the objective(s) and scope of the audit and the general methodology it will follow;

4. Survey - The OIG conducts exploratory work before the more detailed audit work commences to gather data for refining audit objectives, as appropriate; documenting internal control systems; becoming familiar with the activities, programs, and processes to be audited; and, identifying areas of concern to management. At the conclusion of the survey phase, the audit team will recommend to the Assistant Inspector General for Audits (AIGA) a go or no go decision regarding the fieldwork phase. If the audit team recommends a no go and it is approved by the AIGA, the audit is discontinued;

5. Audit Fieldwork - The OIG performs a comprehensive review of selected areas of a program, activity, or function using an audit program developed specifically to address the audit objectives;

6. End of Fieldwork Briefing with the Agency - At the conclusion of audit fieldwork, the audit team discusses the tentative report findings and recommendations with the auditee;

7. Discussion Draft Report - The OIG provides a discussion draft copy of the report to agency management to enable them to prepare for the exit conference;

9

8. Exit Conference - The OIG meets with the appropriate agency officials to review the discussion draft report and provide agency management the opportunity to confirm information, ask questions, and clarify data;

9. Formal Draft Report - If requested by agency management during the exit conference, the OIG provides a final draft copy of the report that includes comments or revisions from the exit conference and invites agency management to provide formal written comments;

10. Final Audit Report - The final report includes, as necessary, any revisions to the facts, conclusions, and recommendations of the draft report discussed in the exit conference or generated in written comments supplied by agency managers. Formal written comments are included as an appendix to the report, when applicable. Some audits are sensitive and/or classified.

In these cases, final audit reports are not made available to the public;

11. Response to Report Recommendations - Offices responsible for the specific program or audited process provide a written response, usually within 30 calendar days, on each recommendation contained in the final report. In the response, agency management states their agreement or disagreement with each recommended action. When they agree with the recommended action, agency management describes corrective actions taken or planned and actual or target dates for completion. When they disagree, agency management provides reasons for disagreement and any alternative proposals for corrective action;

12. Impasse Resolution - If the offices response to a recommendation is unsatisfactory, the OIG may determine that intervention at a higher level is required. The Executive Director for Operations is the NRCs audit follow-up official, but issues can be taken to the Chair for resolution, if warranted; and,

13. Audit Follow-up and Closure - This process ensures that recommendations made to management are implemented.

INVESTIGATIONS The OIGs investigative process typically begins with receiving an allegation of fraud, mismanagement, or misconduct. Because the OIG must decide whether to initiate an investigation within a few days of each referral, the office does not schedule specific investigations in its annual investigative plan.

The OIG opens investigations following its investigative priorities as outlined in the OIG Strategic Plan and considering prosecutorial guidelines established by

10 the DOJ. In addition, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) Quality Standards for Investigations, the OIG Special Agent Handbook, and various guidance provided periodically by the DOJ govern the OIGs investigations.

Only four individuals in the OIG can authorize the opening of an investigative case: the IG, the Deputy IG, the Assistant IG for Investigations (AIGI), and the Special Agent in Charge. Every allegation received by the OIG is given a unique identification number and entered into a database. Some allegations result in investigations, while the OIG retains others as the basis for audits, refers them to NRC management, or if appropriate, directs them to another law enforcement agency.

When the OIG opens an investigation, Assistant Special Agents in Charge assign it to an OIG special agent, who prepares a plan of investigation. This planning process includes reviews of relevant criminal and civil statutes, program regulations, and agency policies that may be involved. The special agent then investigates using various techniques to ensure investigations are thorough, objective, and fully pursued to a logical conclusion.

In cases when the special agent determines that a crime may have been committed, he or she will discuss the investigation with a federal or local prosecutor to determine if prosecution will be pursued. In cases when a prosecuting attorney decides to proceed with a criminal or civil prosecution, the special agent assists the attorney in any preparation for court proceedings that may be required.

For investigations that do not result in prosecution but are handled administratively by the agency, the special agent prepares a report summarizing the facts disclosed in the inquiry. The OIG distributes the report to agency officials who need to know the investigation results. For investigative reports provided to agency officials regarding substantiated administrative misconduct, the OIG requires a response within 120 days regarding any potential action based on the investigative findings. For all other investigative products, such as referrals of allegations and findings requiring a review of agency processes and procedures, the OIG requires a 90-day response unless the agency negotiates an alternative deadline. For certain non-criminal investigations, OIG special agents involve the OIG senior engineers from the Technical Services Office to assist in the review of the allegation(s).

11 The OIG summarizes the criminal and administrative actions taken as a result of its investigations and includes this information in its Semiannual Report to Congress. As part of the investigation function, the OIG also periodically conducts Event Inquiries and Special Inquiries, as discussed earlier.

12 HOTLINE The OIG Hotline Program provides NRC employees, contract employees, and the public with a confidential means of reporting to the OIG instances of fraud, waste, and abuse relating to agency programs and operations.

Please

Contact:

E-mail:

Online Form Telephone:

1-800-233-3497 TDD:

Address:

1-800-201-7165, or 7-1-1 U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852-2746

APPENDIX A NUCLEAR SAFETY AND SECURITY AUDITS PLANNED FOR FY 2023

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-1 Audit of NRC Processes for Deploying Reactive Inspection Teams DESCRIPTION AND JUSTIFICATION: The NRC conducts routine inspections at nuclear power plants to maintain baseline safety and security oversight of nuclear power licensees. However, the agency also conducts reactive inspections in response to events that may have compromised the safety or security at nuclear power plants. The agency may also deploy more resource-intensive augmented or incident inspection teams depending on an incidents risk significance, complexity, and generic safety or security implications.

According to Management Directive 8.3, NRC Incident Investigation Program, NRC managers should use a combination of deterministic and quantitative risk criteria in deciding whether to deploy special, augmented, or incident inspection teams to power reactor sites. Deterministic criteria include major design, construction, or operational deficiencies that could have generic implications; failure of plant safety-related equipment; and, physical or information security breaches. Risk criteria are based on conditional core damage probabilities ranging on a scale from 1E-6 or lower to 1E-3; accordingly, lower risk events merit special inspection teams, while progressively higher risk events merit augmented and incident inspection teams.

The NRC may also deploy special, augmented, and integrated inspection teams to non-power reactor sites based on deterministic criteria. For example, Management Directive 8.3 states that incident inspection teams should be considered in response to events that cause significant radiological releases, or occupational or public radiological exposures that exceed specific regulatory limits. The guidance also recommends incident inspection teams for a variety of other events that have actual or potential adverse health, safety, or security consequences.

OBJECTIVE: The audit objective is to assess the consistency with which the NRC follows agency guidance for deploying special, augmented, and incident inspection teams in response to safety and security incidents at nuclear power plants.

SCHEDULE: Initiated in the third quarter of FY 2022.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-2 nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Ensuring safety while transforming into a modern, risk-informed regulator.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-3 Audit of NRC Safety Inspections at Research and Test Reactors DESCRIPTION AND JUSTIFICATION: The NRC currently licenses 30 operating research and test reactors in the United States. Most are located at universities and colleges, while others are located at federal, state, and private sector facilities. Research and test reactors contribute to research in diverse fields such as physics, medicine, archeology, and materials science. Research and test reactors use a limited amount of radioactive material in their diverse designs and are rated at power levels ranging from 5 watts thermal energy to 20 megawatts. All are designed to be inherently safe and resistant to unintentional or intentional mis-operation.

The NRC categorizes operating research and test reactors into two classes for inspection purposes. Class I reactors are rated at 2 megawatts or higher and are inspected annually. Class II reactors are rated below 2 megawatts and are inspected biennially. NRC staff use different procedures to inspect these two classes of research and test reactors; however, the procedures all address safety, security, and transportation of radiological materials used in the reactors. The OIG audited NRC security inspections at research and test reactors in FY 2018 (OIG-18-A-07) and conducted investigative work pertaining to safety inspections at Class I research and test reactors during FY 2022.

OBJECTIVE: The audit objective is to determine whether the NRC performs safety inspections at Class II research and test reactors in accordance with agency guidance and inspection program objectives.

SCHEDULE: Initiate in the first quarter of FY 2023.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Ensuring safety while transforming into a modern, risk-informed regulator.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-4 Audit of the NRCs Oversight of Long-Lived Reactor Component Aging Management DESCRIPTION AND JUSTIFICATION: The application for renewal of a nuclear power plant operating license must include an assessment of structures and components subject to an aging management review. Such structures and components include the reactor vessel, pressure retaining boundaries, containment, seismic structures, electrical cables, and other components not subject to replacement based on a qualified life or time period. Further, the application must also demonstrate that the effects of aging on such components will be adequately managed so their intended function will be maintained for the period of extended operation. These components may be safety-related or non-safety-related items, the failure of which could diminish safety functions.

The NRC inspects each licensees aging management review and program implementation both during the license renewal process and after license approval. Once a nuclear power plant has been in a period of extended operation for 5 to 10 years, the NRC will verify that implementation of a licensees aging management program ensures components are able to perform their intended functions. In addition, baseline inspection procedures for maintenance effectiveness and design basis assurance include assessment of aging management programs for plants in the period of extended operation. The NRC has issued license renewals for 85 operating nuclear power plants at 52 sites, and 34 of these plants have not yet entered the period of extended operation.

OBJECTIVE: The audit objective is to determine whether the NRC provides adequate oversight of licensee aging management programs for long-lived passive reactor components.

SCHEDULE: Initiate in the fourth quarter of FY 2023.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Ensuring safety while transforming into a modern, risk-informed regulator.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-5 Audit of the NRCs Topical Report Process DESCRIPTION AND JUSTIFICATION: Through the NRCs topical report process, agency staff review safety-related topics that apply to multiple nuclear power plants for licensing activities such as license amendment requests. Topical reports are intended to increase the efficiency of the licensing process and reduce regulatory burden by minimizing the time and resources that both industry and NRC staff expend on multiple reviews of the same topic.

A report submitted for review as a topical report should: 1) deal with a specific safety-related or other generic subject regarding a U.S. nuclear power plant that requires a safety evaluation by NRC staff (e.g., component design, analytical models or techniques, etc.); 2) be applicable to multiple licensees, for multiple requests for licensing actions, or both; and, 3) increase the efficiency of the review process for applications that reference the topical report.

The NRC encourages but does not require the submission of nonproprietary versions of topical reports and any other information provided in support of the topical report review. All nonproprietary topical reports, nonproprietary versions of proprietary topical reports, and nonproprietary correspondence regarding the NRCs review of topical reports are available to the public through the Agencywide Documents Access and Management System and in the NRCs Public Document Room.

OBJECTIVE: The audit objective is to determine whether NRC staff apply appropriate screening criteria to topical report submittals and optimize use of publicly available information in topical reports to support commercial power reactor licensing actions.

SCHEDULE: Initiate in the second quarter of FY 2023.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Ensuring safety while transforming into a modern, risk-informed regulator.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-6 Audit of the NRCs Reactor Operator Licensing Examination Process DESCRIPTION AND JUSTIFICATION: The NRCs four regional offices are responsible for issuing licenses for reactor operators (RO) and senior reactor operators (SRO) of commercial nuclear power plants in accordance with NRCs regulations for Title 10 of the Code of Federal Regulations (C.F.R.) Part 55, Operators Licenses. An applicant submits a completed application to the Regional Administrator having jurisdiction over the plant at which the applicant hopes to work. A completed application describes the applicants qualifications and requires the facility licensee, for which the applicant will work, to certify that the applicant has satisfied the facility licensees training and experience requirements to be a licensed reactor operator or senior reactor operator.

Following completion of the facility-administered training program, the initial licensing examination is administered to one or more applicants. As set out in 10 C.F.R. Part 55, the initial licensing examination for ROs consists of a 75-question-multiple-choice written examination and a NRC-administered operating test that includes a plant walkthrough and a performance demonstration on the facility licensees power plant simulator. SRO license applicants must pass an additional 25-question written examination and a rigorous operating test. The examinations may be prepared by the facility licensee and approved by the NRC, or the facility licensee may request the NRC to prepare the examinations. In either case, the examinations are prepared, administered, and graded using the guidance in the Operator Licensing Examination Standards for Power Reactors (NUREG-1021).

Following the 2022 Revision 12 of NUREG-1021, the NRC no longer offers a separate Generic Fundamentals Examination. Nuclear power plant fundamentals have been integrated into the site-specific initial licensing examination. Staff raised concerns about this change, contending that eliminating the reactor fundamentals exam could impact the NRC processes for licensing reactor operators, compromising the agencys safety mission.

OBJECTIVE: The audit objective is to determine whether the NRCs reactor operator examination process assures that applicants possess appropriate and sufficient knowledge of reactor fundamentals to support safe operation of commercial nuclear power reactors.

SCHEDULE: Initiate in the second quarter of FY 2023.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-7 STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Ensuring safety while transforming into a modern, risk-informed regulator.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-8 Audit of the NRCs Oversight of Irretrievable Well Logging Source Abandonments DESCRIPTION AND JUSTIFICATION: Well logging is a process used to determine whether a well drilled deep into the ground has the potential to produce oil. This process uses a byproduct or special nuclear material tracer and sealed sources in connection with the exploration for oil, gas, or minerals in wells. If a sealed source becomes lodged in a well and it becomes apparent that efforts to recover the sealed source will not be successful, the source is considered irretrievable, and licensees are permitted to abandon the well logging source.

The regulations in 10 C.F.R. Part 39 prescribe requirements for license issuance and radiation safety in connection with well logging. Under Part 39, if a licensee has an irretrievable well logging source, the licensee must notify the NRC to obtain approval to implement abandonment procedures.

OBJECTIVE: The audit objective is to determine the adequacy of NRCs handling and processing of irretrievable well logging source abandonments.

SCHEDULE: Initiated in the fourth quarter of FY 2022.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-2: Identify risk areas associated with the NRCs oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Overseeing materials, waste, and the National Materials Program.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-9 Audit of the NRCs Security Oversight of Category 1 and Category 2 Quantities of Radioactive Material DESCRIPTION AND JUSTIFICATION: Radioactive materials are used throughout the U.S. for medical and industrial purposes such as treating cancer, sterilizing medical instruments, and detecting flaws in metal welds. Among the materials most commonly used for these applications are americium-241/beryllium, cesium-137, cobalt-60, and iridium-192. However, these materials, if used improperly, can be harmful and dangerous.

The International Atomic Energy Agencys Code of Conduct on the Safety and Security of Radioactive Sources establishes basic principles and guidance to promote the safe and secure use of radioactive material. It defines categories of radiation source quantities:

A Category 1 of a given radionuclide, such as americium-241, is defined as an amount 1,000 times or more than the amount necessary to cause permanent human injury;

A Category 2 is defined as an amount at least 10 times but less than 1,000 times the amount necessary to cause permanent human injury;

A Category 3 of a given radionuclide is defined as at least the minimum amount, but less than 10 times the amount, sufficient to cause permanent injury; and,

Category 4 and 5 of radioactive materials are unlikely to cause permanent injury.

The regulations in 10 C.F.R. Part 37 prescribe requirements for the physical protection program for any licensee that possesses an aggregated category 1 or category 2 quantity of radioactive material listed in Appendix A to this part.

These requirements provide reasonable assurance of the security of Category 1 or Category 2 quantities of radioactive material by protecting these materials from theft or diversion. Only Categories 1 and 2 radiation sources are subject to Part 37s requirements since Categories 3 through 5 sources are not considered to be as dangerous.

OBJECTIVE: The audit objective is to determine whether the NRC provides adequate security oversight of Category 1 and Category 2 quantities of radioactive material.

SCHEDULE: Initiate in the first quarter of FY 2023.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-10 STRATEGIC GOAL 2: Security - Strengthen the NRCs security efforts in response to an evolving threat environment.

STRATEGY 2-1: Identify risk areas involved in securing nuclear reactors, fuel cycle facilities, and materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Overseeing materials, waste, and the National Materials Program.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-11 Audit of the NRCs Uranium Recovery Licensing Process DESCRIPTION AND JUSTIFICATION: The production of fuel for nuclear power plants involves purifying and processing uranium ore through a series of steps. This process, also known as uranium recovery, focuses on extracting natural uranium ore from the earth and concentrating (or milling) that ore.

These recovery operations produce a product, called yellowcake, which is then transported to a succession of fuel cycle facilities where the yellowcake is eventually transformed into fuel for nuclear power reactors. The NRC does not regulate uranium mining or mining exploration, but does have authority over in situ recovery, where the uranium ore is chemically altered underground before being pumped to the surface for further processing.

As part of its regulatory authority, the NRC oversees the licensing of uranium recovery facilities. By issuing or amending a current license, the NRC authorizes the licensee to construct and operate a uranium recovery facility, expand an existing facility, or restart an existing facility at a specific site, in accordance with established laws and regulations.

Currently, the NRC regulates active uranium recovery operations in New Mexico and Nebraska. The NRC expects to receive applications for new facilities, expansions, and restarts in a variety of projected locations throughout the United States.

The Nuclear Energy Innovation and Modernization Act (NEIMA) was enacted in 2018, in part, to provide more efficient regulation of uranium recovery.

Specifically, Section 201 of the Act required the NRC to submit a report to Congress making recommendations to improve the efficiency and transparency of uranium recovery license issuance and amendment reviews. In April 2019, the NRC reported its recommendations to Congress.

OBJECTIVE: To determine if the NRC has effectively implemented the uranium recovery licensing recommendations made in its 2019 NEIMA report to Congress.

SCHEDULE: Initiate in the second quarter of FY 2023.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-12 STRATEGY 1-2: Identify risk areas associated with the NRCs oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Overseeing materials, waste, and the National Materials Program.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-13 Audit of the NRCs Web-Based Licensing System DESCRIPTION AND JUSTIFICATION: The Web-Based Licensing (WBL) system is a materials licensing system that supports the NRC and Agreement States in managing the licensing information of licensees that use radioactive materials. Deployed in August 2012, WBL is intended to provide an up-to-date, nationwide repository of licensing and inspection-related data of all licensees nationwide, a web-based license system for NRC licensees, and an avenue for Agreement States to use the same licensing and information platform as the NRC.

Designed to maintain information on materials licensees, the WBL system supports the entry of licensing information and license images that enable the NRC and Agreement States to manage the licensing lifecycle from initial application through license issuance, amendment, reporting, and termination.

The system now also contains materials inspection data and a module for decommissioning inspections.

The OIG last conducted an audit of the WBL system in 2015. The agency has made many changes to the WBL system since, and subsequent OIG material oversight audits have identified potential areas for improvement to the WBL system.

OBJECTIVE: The audit objective is to determine if the WBL system is meeting its stated mission objectives to include accuracy of data and consistency of operation.

SCHEDULE: Initiate in the third quarter of FY 2023.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-2: Identify risk areas associated with the NRCs oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Overseeing materials, waste, and the National Materials Program.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-14 Audit of the NRCs Inspection Program for Decommissioning Reactors DESCRIPTION AND JUSTIFICATION: Inspections within the Reactor Oversight Program are used for nuclear power plants that are in operation.

However, once a power plant begins the transition from operations to decommissioning, the plant then falls under Inspection Manual Chapter 2561 for decommissioning.

Region IVs Division of Nuclear Materials Safety conducted an audit in 2018 to review its reactor decommissioning inspection activities and found there were issues with (1) missed/overdue inspections, (2) missed inspection procedures, (3) inspection hours, and (4) timely issuance of inspection findings. Furthermore, in the OIGs Audit of NRCs Transition Process for Decommissioning Power Reactors (OIG-19-A-16), auditors found potential weaknesses within the decommissioning reactor inspection program.

OBJECTIVE: The audit objective is to determine if the inspection program for decommissioning reactors is efficient and effective in protecting public health and safety.

SCHEDULE: Initiate in the fourth quarter of FY 2023.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-2: Identify risk areas associated with the NRCs oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 2: Overseeing the decommissioning process and the management of decommissioning trust funds.

NUCLEAR SAFETY AND SECURITY AUDITS APPENDIX A A-15 Audit of the NRCs Oversight of Decommissioning License Transfers DESCRIPTION AND JUSTIFICATION: When the decision is made to close a nuclear power plant permanently, the facility must be decommissioned by safely removing it from service and reducing residual radioactivity to a level that permits release of the property and termination of the operating license. Nuclear power plants are initially licensed for 40 years, with the option to seek 20-year license extensions. The NRC requires a commercial nuclear power plant to be decommissioned within 60 years once a plant has been permanently retired. The license owner remains accountable to the NRC until decommissioning has been completed and the agency has terminated the license. If the licensee determines it does not want to decommission the plant, it can transfer its license to a company that will conduct the decommissioning for them, and then transfer the license back to the original licensee for termination. The license transferee must abide by the same license requirements as the original licensee.

Decommissioning companies generally have accelerated decommissioning models, which promise to complete decommissioning in less than half the time, and approximately a third of the cost, of traditional decommissioning.

Twenty-two power reactors are currently undergoing decommissioning, with 10 license transfers to decommissioning companies, and 4 contracting with decommissioning companies. More power reactor entities are announcing their plans to decommission for economic or other reasons. It is essential to understand the NRC actions to ensure that licensees are decommissioning their plants safely and effectively for their employees and the public.

OBJECTIVE: The audit objective is to determine if the NRC is providing adequate oversight of decommissioning license transfers and programs.

SCHEDULE: Initiate in the fourth quarter of FY 2023.

STRATEGIC GOAL 1: Safety - Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-2: Identify risk areas associated with the NRCs oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 2: Overseeing the decommissioning process and the management of decommissioning trust funds.

APPENDIX B CORPORATE MANAGEMENT AUDITS PLANNED FOR FY 2023

CORPORATE MANAGEMENT AUDITS APPENDIX B B-1 Audit of the NRCs Fiscal Year 2022 Financial Statements DESCRIPTION AND JUSTIFICATION: Under the Chief Financial Officers Act, the Government Management and Reform Act, and Office of Management and Budget (OMB)Bulletin 21-04, Audit Requirements for Federal Financial Statements, the OIG is required to audit the NRCs financial statements. The report on the audit of the agencys financial statements is due on November 15, 2022.

OBJECTIVES: The audit objectives are to:

Express opinions on the agencys financial statements and internal controls; Review compliance with applicable laws and regulations; and, Review controls in the NRCs computer systems that are significant to the financial statements.

SCHEDULE: Initiated in the second quarter of FY 2022.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program improvements.

MANAGEMENT CHALLENGE 8: Managing financial and acquisitions operations to enhance transparency and fiscal prudence.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-2 Audit of the NRCs Fiscal Year 2023 Financial Statements and Compliance with Improper Payment Laws DESCRIPTION AND JUSTIFICATION: Under the Chief Financial Officers Act, the Government Management and Reform Act, and OMB Bulletin 21-04, Audit Requirements for Federal Financial Statements, the OIG is required to audit the NRCs financial statements. The report on the audit of the agencys financial statements is due on November 15, 2023.

The Payment Integrity Information Act (PIIA) requires each agency to annually estimate its improper payments. The PIIA requires Federal agencies to periodically review all programs and activities that the agency administers and identify all programs and activities that may be susceptible to significant improper payments.

OBJECTIVES: The audit objectives are to:

Express opinions on the agencys financial statements and internal controls;

Review compliance with applicable laws and regulations;

Review controls in the NRCs computer systems that are significant to the financial statements; and,

Assess the NRCs compliance with the PIIA and report any material weaknesses in internal control.

SCHEDULE: Initiate in the second quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program improvements.

MANAGEMENT CHALLENGE 8: Managing financial and acquisitions operations to enhance transparency and fiscal prudence.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-3 Audit of the NRCs Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2023 DESCRIPTION AND JUSTIFICATION: The FISMA outlines information security management requirements for agencies, including the requirement for an annual independent assessment by agency Inspectors General. In addition, the FISMA includes provisions, such as provisions requiring the development of minimum standards for agency systems, aimed at further strengthening the security of federal government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.

The FISMA provides the framework for securing the federal governments information technology, including both unclassified and national security systems. All agencies must implement the requirements of the FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.

OBJECTIVE: The audit objective will be to conduct an independent assessment of the NRCs FISMA implementation for FY 2023.

SCHEDULE: Initiate in the second quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-2: Identify risks in maintaining a secure infrastructure (i.e.,

physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Ensuring the effective acquisition, management, and protection of information technology and data.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-4 Audit of the NRCs Information Technology Services and Support DESCRIPTION AND JUSTIFICATION: The NRC offers various information technology services and support to employees. These services are acquired under the Global Infrastructure and Development Acquisition (GLINDA) initiative/contract. GLINDA is a blanket purchase agreement (BPA) with six awardees that commenced in June 2017, with a total of 11 BPA calls issued against them for various IT services and support. The total obligated dollar value of all BPA calls under GLINDA is approximately $5,337,586.

The NRC obtained funds from the Coronavirus Aid, Relief, and Economic Security Act, also known as the CARES Act, to use on IT services and support because of mandatory telework as a result of the COVID-19 pandemic. It is essential to monitor these funds to ensure they are being spent effectively in helping employees meet the agencys mission.

OBJECTIVE: The audit objective is to determine if the NRCs information technology services and support are efficient and effective in meeting the agencys current and future IT needs.

SCHEDULE: Initiated in the third quarter of FY 2022.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-2: Identify risks in maintaining a secure infrastructure (i.e.,

physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Ensuring the effective acquisition, management, and protection of information technology and data.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-5 Audit of the NRCs Process for Announcing Technical Staff Vacancies DESCRIPTION AND JUSTIFICATION: The NRC faces a significant hiring challenge with many employees eligible for retirement and an annual attrition rate of approximately 6 to 8 percent. During the 2022 NRC Regulatory Information Conference, an NRC Commissioner stated that the agency must hire approximately 200 employees per year to sustain its workforce, and for 2022, the NRC must hire 300 employees.

The NRCs policy is to operate an external recruitment program, operate a merit staffing program, and appoint or assign diverse employees who are well qualified to carry out the agencys mission efficiently and effectively.

The vacancies within the NRC enable employees to be hired under a bargaining or non-bargaining unit status. A bargaining unit employee is represented by a union and as such, has rights and entitlements that are spelled out in a collective bargaining agreement. A non-bargaining unit employee is not represented by a union.

The practices and policy for bargaining unit status employees are contained in the NRCs and National Treasury Employee Unions Collective Bargaining Agreement. This agreement states that a vacancy announcement must be posted for at least 10 calendar days.

The NRCs Management Directive 10.1, Recruitment, Appointments, and Merit Staffing, covers the policies and practices for non-bargaining unit employees. To ensure job applicants have an equal opportunity to compete, vacancy announcements must be open for a minimum of 5 working days.

OBJECTIVE: The audit objective is to determine if the NRC provides adequate time for job applicants to compete for technical positions, and identify opportunities for improvement in the vacancy announcement process.

SCHEDULE: Initiated in the third quarter of FY 2022.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and make recommendations, as warranted, for addressing them.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-6 MANAGEMENT CHALLENGE 6: Implementing Strategic Workforce Planning During Transformation and Industry Change.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-7 Audit of the NRCs Travel Charge Card Program DESCRIPTION AND JUSTIFICATION: The NRCs Travel Charge Card Program is part of the governmentwide Commercial Charge Card Program established to pay the official travel expenses of employees while on temporary duty or other official business travel. The programs intent is to improve convenience for the traveler and reduce the governments costs of administering travel. The OMB has issued guidance that establishes requirements (including internal controls designed to minimize the risk of travel card misuse) and suggested best practices for the government travel card programs.

The NRC spent approximately $7.2 million and $2.8 million on employee travel in Fiscal Years 2020 and 2021, respectively. The Office of the Chief Financial Officer administers the NRCs travel charge card program and controls the use of agency funds to ensure that they are expended in accordance with applicable laws, regulations, and standards.

OBJECTIVE: The audit objective is to assess whether the NRCs policies and procedures are effective in preventing and detecting travel charge card misuse and delinquencies.

SCHEDULE: Initiate in the second quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and make recommendations, as warranted, for addressing them.

MANAGEMENT CHALLENGE 8: Managing financial and acquisitions operations to enhance transparency and fiscal prudence.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-8 Audit of the NRCs Oversight of the Agencys Federally Funded Research and Development Center Contract DESCRIPTION AND JUSTIFICATION: In October 1987, the NRC entered into a 5-year contract with Southwest Research Institute (SwRI) to operate a Federally Funded Research and Development Center (FFRDC) in San Antonio, Texas. SwRI established the Center for Nuclear Waste Regulatory Analyses (the Center) to provide the agency with long-term technical assistance and research related to the NRCs High Level Waste program under the Nuclear Waste Policy Act of 1982, as amended. The current contract, which is expected to expire on March 29, 2023, has a ceiling of $52 million, and is one of the NRCs largest active contracts. The NRC must decide whether to renew the contract with SwRI.

The Federal Acquisition Regulation (FAR) requires that, prior to renewing a contract for a FFRDC, a sponsor must conduct a comprehensive review of the use of and need for the FFRDC. The OIG previously reviewed the nature and adequacy of the NRCs renewal justification in 1992, 1997, 2002, 2007, 2012, and 2017.

OBJECTIVES: The audit objectives are to determine if the NRC is properly considering all FAR requirements for a FFRDC review in preparing its renewal justification, and if the NRC is adequately fulfilling its oversight responsibilities for the FFRDC.

SCHEDULE: Initiated in the fourth quarter of FY 2022.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 8: Managing financial and acquisitions operations to enhance transparency and fiscal prudence.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-9 Audit of the NRCs Equal Employment Opportunity Program DESCRIPTION AND JUSTIFICATION: The NRCs Office of Small Business and Civil Rights supports the NRCs mission to protect people and the environment by enabling the agency to have a diverse and inclusive workforce, advancing Equal Employment Opportunity (EEO) for employees and applicants, providing fair and impartial processing of discrimination complaints, affording maximum practicable prime and subcontracting opportunities for small businesses, and allowing meaningful and equal access to agency-conducted and financially-assisted programs and activities.

The NRC has established an EEO Complaint Process, which is available to employees (current and former) and applicants who believe they have been subjected to discrimination, reprisal, or workplace harassment. The process to file an EEO complaint requires an individual to contact an EEO counselor within 45 calendar days of the date of the alleged discriminatory event or within 45 calendar days of the effective date of a personnel action. The EEO counselor will attempt an informal resolution of the matter or an alternative dispute resolution.

If the matter is not resolved, a final interview will be conducted, and a notice of right to file a formal complaint will be given.

During FY 2020, EEO complaint activity started trending upward, even as NRC staffing levels declined. Based on the complaint activity, reprisal, age, and gender made up 60 percent of complaints filed by bases, and the number one issue raised was harassment.

OBJECTIVE: The audit objective is to determine the efficiency and effectiveness of the NRCs EEO Program.

SCHEDULE: Initiate in the second quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program improvements.

MANAGEMENT CHALLENGE 6: Implementing strategic workforce planning during transformation and industry change.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-10 Audit of the NRCs Differing Professional Opinions Program DESCRIPTION AND JUSTIFICATION: The NRCs Differing Professional Opinion (DPO) program enables an employee or contractor to express formal disagreement with an established staff view, management decision or policy position, or agency practice involving technical, legal, or policy issues, including administrative and corporate support matters. A DPO can cover a broad range of concerns, provided the opinion is related to the NRCs mission and to the strategic goals and objectives that support the mission as addressed in the agencys Strategic Plan.

The NRCs Office of Enforcement administers the agencys DPO program and conducts periodic assessments of the program. Management Directive 10.159, NRC Differing Professional Opinion Program, is the primary DPO programmatic guidance, and was revised in 2015 to reflect input from internal assessments, the OIG Safety Culture and Climate Survey, a business process improvement review, and an agency Safety Culture Task Force report.

The NRC posts summaries of closed DPO cases, along with supporting documentation, as appropriate, on its public website. Staff who submit DPOs may request that the information not be released publicly, and sensitive information pertaining to these cases (e.g., classified, proprietary, or allegations-related) is to be processed in accordance with agency policy.

OBJECTIVE: The audit objective is to assess the effectiveness and efficiency of the NRCs DPO program.

SCHEDULE: Initiate in the first quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 6: Implementing strategic workforce planning during transformation and industry change.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-11 Audit of the NRCs Personnel Vetting Process DESCRIPTION AND JUSTIFIFCATION: Personnel vetting is a critical process to help protect the nations interests by providing a means to establish and maintain trust in the federal governments workforce. High-quality personnel vetting processes are necessary to minimize risks to the nation.

In March 2018, the Trusted Workforce (TW) 2.0 initiative was launched to fundamentally overhaul and improve the federal personnel vetting process by utilizing an ongoing vetting model known as Continuous Vetting (CV),

mandated by Executive Order (E.O.) 13467, as amended by E.O. 13741 and E.O.

13764, and with certain requirements enacted into law at 5 U.S.C. § 11001.

Effective October 1, 2021, the NRCs cleared population was enrolled in CV, which will provide NRC adjudicators a real-time view of an individuals background and assist in the ongoing assessment of an individuals ability to meet the requirements for continued eligibility. This model of continuous vetting will reduce the number of periodic reinvestigations required to be performed and will limit the need for reinvestigations to an event-or risk-based model rather than the traditional calendar-driven model. This is tracked through the NRCs Personnel Security Adjudication Tracking System.

The NRCs Office of Administration, Division of Facilities and Security, Personnel Security Branch, is responsible for ensuring that only authorized NRC employees, consultants, and contractors, have access to NRC facilities, classified information, and sensitive NRC information.

OBJECTIVE: The audit objective is to assess the effectiveness of the NRCs personnel vetting process.

SCHEDULE: Initiate in the third quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-12 MANAGEMENT CHALLENGE 1: Ensuring safety while transforming into a modern, risk-informed regulator.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-13 Audit of the NRCs Voluntary Leave Transfer Program DESCRIPTION AND JUSTIFICATION: The Voluntary Leave Transfer Program enables employees to donate annual leave, on a confidential and voluntary basis, to employees who face financial hardship because of personal or family illness. NRC employees may donate as much as one-half of the total annual leave accrued in the current leave year. Annual leave donations may be made at any time during the year.

An employee who has been affected by a medical emergency may apply to become a leave recipient. Such application must be in writing, signed by the employee, and addressed to the Director, Office of the Chief Human Capital Officer (OCHCO). The application must include the following information:

The name, position title, and grade or pay level of the employee;

A brief description of the nature, severity, beginning date, and anticipated duration of the medical emergency affecting the employee;

In the case of employee disability, whether the applicant has applied for disability retirement; and,

Appropriate documentation (e.g., a medical report). If the agency requires additional certification from another source, this cost will be borne by the agency.

The Director, OCHCO, or designee, will normally approve, or disapprove with explanation, an applicants request within 10 calendar days (excluding Saturdays, Sundays, and legal public holidays) from the receipt of an adequately documented request.

OBJECTIVE: The audit objective is to determine the extent to which the NRC has established effective policies and procedures for managing its voluntary leave transfer program.

SCHEDULE: Initiated in the fourth quarter of FY 2022.

STRATEGIC GOAL 3: Corporate management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-14 STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 6: Implementing strategic workforce planning during transformation and industry change.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-15 Audit of the NRCs Process for Granting Discounted License Fees to Small Entities DESCRIPTION AND JUSTIFICATION: In accordance with 10 C.F.R. Part 171, the NRC charges annual license fees to its licensees. NRC licensees that have an annual income that is less than $8 million are categorized under the regulations as small entities. These licensees are allowed to apply annually, via NRC Form 526, Certification of Small Entity Status for the Purposes of Annual Fees Imposed Under 10 CFR Part 171, to receive a discounted license fee. The NRC receives these applications and needs to determine if the information submitted is accurate. Once the NRC has reviewed an application, it determines if the licensee can receive the discounted annual license fee rate.

Previous OIG work has determined that there is precedent for some licensees falsifying the information in their NRC Form 526 to receive the discounted fees.

By way of example, those prior instances led to the NRC forgoing tens of thousands of dollars in annual license fee revenues, which were later recovered using administrative remedies.

OBJECTIVE: The audit objective is to assess the effectiveness of the NRCs review of licensee certification of small entity status applications to receive discounted license fees.

SCHEDULE: Initiate in the second quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and investigations that lead to NRC program improvements.

MANAGEMENT CHALLENGE 8: Managing financial and acquisitions operations to enhance transparency and fiscal prudence.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-16 Audit of the NRCs Knowledge Management Program DESCRIPTION AND JUSTIFICATION: Knowledge management is a discipline that promotes an integrated approach to identifying, capturing, evaluating, retrieving, sharing, and effectively using an enterprises information assets. These assets may include databases, documents, policies, procedures, previously uncaptured expertise, and the experience of individual workers.

Useful knowledge collected from these assets may include explicit, tacit, and embedded knowledge. An effective knowledge management system allows knowledge capital to be properly leveraged, increasing the efficiency with which the agency may reach its objectives. However, efforts to reduce the NRCs staffing and budget have raised knowledge management concerns that could adversely affect the performance of the agency mission.

OBJECTIVE: The audit objective is to assess the effectiveness of the NRCs knowledge management program in helping the agency capture and transfer knowledge for the purposes of meeting its mission.

SCHEDULE: Initiate in the third quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Ensuring safety while transforming into a modern, risk-informed regulator.

CORPORATE MANAGEMENT AUDITS APPENDIX B B-17 Defense Contract Audit Agency Audits DESCRIPTION AND JUSTIFICATION: The OIG and the Defense Contract Audit Agency (DCAA) have an interagency agreement whereby the DCAA provides contract audit services for OIG. The DCAA is responsible for the audit methodologies used to reach an audits conclusions, monitoring their staff qualifications, and ensuring compliance with Generally Accepted Government Auditing Standards. The OIGs responsibility is to distribute a completed audit report to NRC management and follow up on agency actions initiated as a result of the audit.

OBJECTIVE: The audit objective is to determine if the NRC contract costs are reasonable, allowable, and allocable.

SCHEDULE: Initiate in the first quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and investigations that lead to NRC program improvements.

MANAGEMENT CHALLENGE 8: Managing financial and acquisitions operations to enhance transparency and fiscal prudence.

INVESTIGATIONS APPENDIX C APPENDIX C INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2023

INVESTIGATIONS APPENDIX C C-1 INTRODUCTION The Assistant Inspector General for Investigations (AIGI) is responsible for developing and implementing an investigative program that furthers the OIGs objectives. The AIGIs primary responsibilities include investigating possible violations of criminal statutes relating to NRC programs and activities, investigating allegations of misconduct by NRC employees, coordinating with the DOJ on OIG-related criminal matters, and working jointly on investigations and OIG initiatives with other federal, state, and local investigative agencies, and other AIGIs.

The AIGI may initiate investigations that cover a broad range of allegations. For example, investigations may concern criminal wrongdoing or administrative misconduct affecting various NRC programs and operations. In addition, the OIG initiates investigations due to allegations or referrals from private citizens, licensee employees, NRC employees, Congress, and other federal, state, and local law enforcement agencies. Investigations may also originate from OIG audits, the OIG Hotline, and proactive efforts to identify the potential for fraud, waste, abuse, and mismanagement.

The OIG developed this investigative plan to focus investigative priorities and use available resources most effectively. It provides strategies and plans investigative work for the fiscal year in conjunction with the OIG Strategic Plan. OIG Investigations also considers the most serious management and performance challenges facing the NRC, as identified by the IG, in developing its investigative plan.

PRIORITIES The OIG will complete approximately 30 investigations, including Event/Special Inquiries, in FY 2023. As in the past, reactive investigations into allegations of criminal and other wrongdoing, and allegations of safety and security significance, will continue to take priority when the OIG is deciding on the use of available resources. Because the NRCs mission is to protect public health and safety and the environment, Investigations main concentration of effort and resources involves investigations of alleged NRC employee misconduct that could adversely impact public health and safety-related matters.

INVESTIGATIONS APPENDIX C C-2 OBJECTIVES To facilitate the most effective and efficient use of limited resources, Investigations has established specific objectives to prevent and detect fraud, waste, abuse, and mismanagement. These objectives seek to optimize the NRCs effectiveness and efficiency and address possible violations of criminal statutes, administrative violations relating to NRC programs and operations, and allegations of misconduct by NRC employees and managers.

INITIATIVES Safety and Security

Investigate allegations that NRC employees improperly disclosed allegers (mainly licensee employees) identities and allegations, NRC employees improperly handled alleger concerns, and the NRC failed to adequately address retaliation issues involving NRC management officials or NRC licensee employees who raised public health and safety or security concerns regarding NRC activities;

Investigate allegations that the NRC has not maintained an appropriate arms length distance from licensees and contractors;

Investigate allegations that NRC employees released predecisional, proprietary, or official-use-only information;

Investigate allegations that NRC employees had improper personal relationships with NRC licensees and that NRC employees violated government-wide ethics regulations concerning the solicitation of employment with NRC licensees;

Interact with public interest groups, individual allegers, and industry workers to identify indications of lapses or departures in NRC regulatory oversight that could create safety and security problems;

Maintain close working relationships with members of the intelligence community to identify and address vulnerabilities and threats to the NRC;

Conduct Event and Special Inquiries into specific events that indicate an apparent shortcoming in the NRCs regulatory oversight of the nuclear industrys safety and security programs to determine if appropriate rules, regulations, and/or procedures were followed in the staffs actions to protect public health and safety;

Proactively review and become knowledgeable in areas of NRC staff regulatory emphasis to identify emerging issues that may require future OIG involvement, such as decommissioning activities;

INVESTIGATIONS APPENDIX C C-3

Provide real-time OIG assessments of the NRC staffs handling of contentious regulatory activities related to nuclear safety and security matters;

Coordinate with NRC staff to protect the NRCs infrastructure against both internal and external computer intrusions; and,

Investigate allegations of misconduct by NRC employees and contractors, as appropriate.

Corporate Management

Attempt to detect possible wrongdoing perpetrated against the NRCs procurement, contracting, and grant programs by maintaining a close working relationship with the Office of Administration, Acquisition Management Division, and cognizant NRC Program Offices;

Conduct investigations appropriate for Program Fraud Civil Remedies Act action, including abuses involving false reimbursement claims by employees and contractors; and,

As appropriate, investigate allegations of misconduct by NRC employees and contractors.

OIG Hotline

Promptly process complaints received through the OIG Hotline. Initiate investigations when warranted and properly dispose of allegations that do not warrant OIG investigation.

Freedom of Information Act (FOIA) and Privacy Act

The OIG is an independent component within the Nuclear Regulatory Commission and responds to requests for records that are exclusively NRC OIG-related, such as reports of OIG inspections, audits, or investigations relating to the programs and operations of the NRC; and,

The General Counsel to the IG is the principal contact point within the OIG for advice and policy guidance on matters pertaining to administration of the FOIA. All requests are handled professionally and expeditiously.

NRC Support

Participate as observers on Incident Investigation Teams and Accident Investigation Teams as determined by the IG.

INVESTIGATIONS APPENDIX C C-4 Liaison Program

Coordinate with OIG Audit Issue Area Monitoring, as appropriate, to identify areas or programs with indicators of possible fraud, waste, abuse, and mismanagement; and,

Conduct fraud awareness and informational presentations for NRC employees and external stakeholders regarding the role of the NRC OIG.

ALLOCATION OF RESOURCES Investigations undertakes both proactive initiatives and reactive investigations. Approximately 75 percent of available investigative resources will be used for reactive investigations. The balance will be allocated to proactive investigative efforts such as reviews of NRC contract files, examinations of NRC information technology systems to identify weaknesses or misuse by agency employees, participation in interagency task forces and working groups, reviews of delinquent government travel and purchase card accounts, and other initiatives.

APPENDIX D ABBREVIATIONS AND ACRONYMS

ABBREVIATIONS AND ACRONYMS APPENDIX D D-1 ABBREVIATIONS AND ACRONYMS AIGA Assistant Inspector General for Audits AIGI Assistant Inspector General for Investigations BPA Blanket Purchase Agreement CARES C.F.R.

Coronavirus Aid, Relief, and Economic Security Act Code of Federal Regulations CV Continuous Vetting DCAA Defense Contract Audit Agency DOJ U.S. Department of Justice DPO Differing Professional Opinion EEO Equal Employment Opportunity E.O.

Executive Order FAR Federal Acquisition Regulation FFRDC Federally Funded Research and Development Center FISMA Federal Information Security Modernization Act FY Fiscal Year GLINDA Global Infrastructure and Development Acquisition IG Inspector General IT Information Technology IT/IM Information Technology/Information Management LTP License Termination Plan NEIMA Nuclear Energy Innovation and Modernization Act NRC U.S. Nuclear Regulatory Commission OCHCO Office of the Chief Human Capital Officer OIG Office of the Inspector General OMB Office of Management and Budget PIIA Payment Integrity Information Act RO Reactor Operator SRO Senior Reactor Operator SwRI Southwest Research Institute TOC Table of Contents TW Trusted Workforce WBL Web-Based Licensing

ML22313A074

Text

Contact:

Navigation menu

Search