The Office of the Inspector Generals Fiscal Year 2023 Annual Plan for the Defense Nuclear Facilities Safety Board, Dated November 8, 2022

ML22313A137
Person / Time
Issue date:	11/08/2022
From:	Feitel R NRC/OIG
To:	Connery J Defense Nuclear Facilities Safety Board
References
Download: ML22313A137 (1)
v • d • e

Text

Office of the Inspector General Defense Nuclear Facilities Safety Board Annual Plan Fiscal Year 2023

i FOREWORD I am pleased to present the Office of the Inspector Generals (OIG) Fiscal Year (FY) 2023 Annual Plan for the Defense Nuclear Facilities Safety Board (DNFSB).

The Annual Plan provides the audit and investigative strategies and associated summaries of the specific work planned for the coming year. In addition, it sets forth the OIGs formal strategy for identifying priority issues and managing its workload and resources for FY 2023.

Congress created the DNFSB in September 1988 as an independent Executive Branch agency to identify the nature and consequences of potential threats to public health and safety at the U.S. Department of Energys (DOE) defense nuclear facilities, elevate those issues to the highest levels of authority, and inform the public. The DNFSB strives to protect public health and safety by ensuring implementation of safety standards at the DOEs defense nuclear facilities; conducting in-depth reviews of new DOE defense facilities during design and construction to ensure the early integration of safety into the plan; and, providing oversight to prevent an accidental detonation of a nuclear weapon during the evaluation, maintenance, or dismantling process. The OIG prepared this Annual Plan to align with the OIGs Strategic Plan for FYs 2019-2023, which is based, in part, on an assessment of the strategic challenges facing the DNFSB. The Strategic Plan identifies the OIGs priorities and establishes a shared set of expectations regarding the goals we expect to achieve and the strategies we will employ over that timeframe. The OIG based this Annual Plan on the foundation of the Strategic Plan and the Inspector Generals Assessment of the Most Serious Management and Performance Challenges Facing the Defense Nuclear Facilities Safety Board in Fiscal Year 2023. In developing this Annual Plan, the OIG sought input from the DNFSB Chair, the other DNFSB Board members, DNFSB staff at headquarters and DOE sites that have defense nuclear facilities, and members of Congress. We have programmed all available resources to address the matters identified in this plan.

This approach maximizes the use of our resources. However, it is sometimes necessary to modify this plan as circumstances, priorities, or resources warrant in response to a changing environment.

Robert J. Feitel Inspector General Robert J. Feitel NRC and DNFSB Inspector General

ii TABLE OF CONTENTS MISSION AND AUTHORITY.............................................................................................. 1 PLANNING STRATEGY...................................................................................................... 2 AUDIT AND INVESTIGATION OVERVIEW..................................................................... 2 AUDIT STRATEGY.................................................................................................. 3 INVESTIGATION STRATEGY................................................................................. 4 PERFORMANCE MEASURES............................................................................................ 5 OPERATIONAL PROCESSES............................................................................................. 6 AUDITS.................................................................................................................... 6 INVESTIGATIONS................................................................................................... 8 HOTLINE............................................................................................................... 10 APPENDICES A. AUDITS PLANNED FOR FY 2023 Audit of the DNFSBs Fiscal Year 2022 Financial Statements...................... A-1 Audit of the DNFSBs FY 2023 Financial Statements and Compliance with Improper Payment Laws............................................................................... A-2 Audit of the DNFSBs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023.......................................... A-3 Audit of the DNFSBs Equal Employment Opportunity Program............... A-4 Audit of the DNFSBs Records Management Program................................ A-5 Audit of the DNFSBs Freedom of Information Act Process........................ A-7 B. INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2023 INTRODUCTION - PRIORITIES AND OBJECTIVES.................................. B-1 INITIATIVES.................................................................................................. B-2 ALLOCATION OF RESOURCES.................................................................... B-3 C. ABBREVIATIONS AND ACRONYMS............................................................. C-1

1 MISSION AND AUTHORITY Congress established the U.S. Nuclear Regulatory Commission (NRC) OIG on April 15, 1989, under the Inspector General Act amendments in Public Law 100-504. In addition, the Consolidated Appropriations Act of 2014, provided that, notwithstanding any other provision of law, the NRC Inspector General (IG) would be authorized in 2014 and subsequent years to exercise the same authorities concerning the DNFSB, as determined by the NRC IG, as the IG exercises under the Inspector General Act of 1978 (5 U.S.C. App.) for the NRC.

The OIGs mission is to provide independent, objective audit and investigative oversight of NRC and DNFSB operations to protect people and the environment.

In furtherance of the execution of this mission, and of particular importance to the OIGs annual plan development, the IG summarized what he considers to be the most serious management and performance challenges facing the DNFSB and assessed the DNFSBs progress in addressing those challenges. In its latest annual assessment (October 2022), the IG identified the following as the most serious management and performance challenges facing the DNFSB:1

1. Leading a productive organizational culture and climate;

2. Ensuring the effective acquisition and management of mission-specific infrastructure, including cyber, physical and personnel security, and data;

3. Continuing a systematic safety focus in the DNFSBs technical oversight and reviews;

4. Strengthening the DNFSBs readiness to respond to future mission-affecting disruptions; and,

5. Managing the DNFSBs efforts to elevate its visibility and influence and to assess and improve its relationship with the DOE.

Through its Issue Area Monitoring (IAM) program, OIG staff monitor the DNFSBs performance on these management and performance challenges. These challenges help inform decisions concerning which audits and evaluations the OIG will conduct each fiscal year.

1The challenges are not ranked in any order of importance.

2 PLANNING STRATEGY The FY 2023 Annual Plan is based, in part, on knowledge gained through OIG audit and investigative activities. These activities pertain to the DNFSB and its operations, work conducted under the IAM program, and management and performance challenges facing the DNFSB.

AUDIT AND INVESTIGATION OVERVIEW Congress established the DNFSB, an independent executive branch agency, in September 1988. The DNFSB is charged with providing technical safety oversight of the DOEs defense nuclear facilities and activities to provide adequate protection of the health and safety of the public and workers. Its mission is to provide independent analysis, advice, and recommendations to the Secretary of Energy to advise the Secretary, as operator and regulator of the DOEs defense nuclear facilities, about adequate protection of public health and safety at these facilities.

When fully staffed, the DNFSBs board is composed of five presidentially appointed, Senate-confirmed members who are required by law to be respected experts in the field of nuclear safety with a demonstrated competence and knowledge relevant to the DNFSBs independent investigative and oversight functions. Most of the DNFSBs approximately 100 full-time equivalent employees (FTEs) work at its Washington, DC, headquarters. The Presidents Budget includes $41,401,400 and 120 FTEs to carry out the DNFSBs mission in FY 2023. This is a 34 percent increase from the agencys FY 2022 appropriation level of $31,000,000.

The DNFSBs enabling statute assigns specific functions to the agency for accomplishing its safety oversight mission, including to:

• Review and evaluate the content and implementation of standards relating to the design, construction, operation, and decommissioning of DOE defense nuclear facilities at each facility and recommend to the Secretary of Energy specific measures needed to ensure that public health and safety are adequately protected;

• Investigate any event or practice at a DOE defense nuclear facility the DNFSB determines has adversely affected, or may adversely affect, public health and safety;

• Review the design of new DOE defense nuclear facilities before construction

3 begins and recommend modifications of the design deemed necessary to ensure public health and safety; and,

• Make recommendations to the Secretary of Energy pertaining to operation, standards, and research needs pertaining to DOE defense nuclear facilities that the DNFSB deems necessary to ensure public health and safety. In making its recommendations, the DNFSB shall consider, and specifically assess, risk and the technical and economic feasibility of implementing the recommended measures.

The OIG derives audit and investigation oversight responsibilities from the DNFSBs array of programs, functions, and support activities established to accomplish its mission.

AUDIT STRATEGY Effective audit planning requires current knowledge about the DNFSBs mission, and the programs and activities used to carry out that mission. Accordingly, the OIG continually monitors specific issue areas to strengthen its internal coordination and overall planning process. Under the offices IAM program, staff designated as issue area monitors keep abreast of major DNFSB programs and activities. The broad IAM areas address information management, nuclear safety, and corporate management.

The audit planning process yields audit assignments that identify opportunities for increased efficiency, economy, and effectiveness in DNFSB programs and operations; detect and prevent fraud, waste, and mismanagement; improve program and security activities at headquarters and site locations; and, respond to emerging circumstances and priorities. The OIG bases priority for conducting audits on:

• Legislative requirements;

• Critical agency risk areas;

• Emphasis by the President, Congress, Board Chair, or other Board members;

• A programs susceptibility to fraud, manipulation, or other irregularities;

• Dollar magnitude for resources involved in the proposed audit area;

• Newness, changed conditions, or sensitivity of an organization, program, function, or activities;

4

• Prior audit experience, including the adequacy of internal controls; and,

• Availability of audit resources.

INVESTIGATION STRATEGY OIG investigation strategies and initiatives add value to DNFSB programs and operations by identifying and investigating allegations of fraud, waste, and abuse that may lead to criminal, civil, and administrative penalties and recoveries. The OIG has designed specific performance targets focusing on effectiveness.

Because the DNFSBs mission is to protect public health and safety, the main investigative concentration involves alleged DNFSB misconduct or inappropriate actions that could adversely impact health and safety-related matters. These investigations typically include allegations of:

• Misconduct by high-ranking DNFSB officials and other DNFSB officials, such as managers and inspectors, whose positions directly impact public health and safety;

• Failure by the DNFSBs management to ensure that health and safety matters are appropriately addressed;

• Conflict of interest and ethics violations; or,

• Indications of management or supervisory retaliation or reprisal.

The OIG will also implement initiatives designed to monitor specific high-risk areas within the DNFSBs corporate management that are most vulnerable to fraud, waste, abuse, and mismanagement. A significant focus will be on emerging information technology and national security issues that could negatively impact the security and integrity of DNFSB data and operations. The OIG is committed to improving the security of the constantly changing electronic business environment by investigating unauthorized intrusions and computer-related fraud and by conducting computer forensic examinations. Other proactive initiatives will focus on determining instances of procurement fraud, theft of property, insider threats, and government travel charge card and government purchase card misuse and abuse.

The OIG will meet with the DNFSBs internal and external stakeholders to identify systemic issues or vulnerabilities as part of these proactive initiatives.

This approach will allow the identification of potential vulnerabilities and an opportunity to improve agency performance, as warranted.

5 OIG personnel will routinely interact with public interest groups, individual citizens, industry workers, and DNFSB staff to identify possible lapses in the DNFSBs oversight that could impact public health and safety. The OIG will also conduct proactive initiatives and reviews into areas of current or future regulatory safety or security interest to identify emerging issues or address ongoing concerns regarding the quality of the DNFSBs oversight.

Appendix B provides investigation priorities, objectives, and initiatives for FY 2023. Specific investigations are not included in the plan because investigations are primarily responsive to reported violations of law and misconduct by DNFSB employees and contractors, as well as allegations of irregularities or abuse in the DNFSBs programs and operations.

PERFORMANCE MEASURES For FY 2023, the OIG will use several key performance measures and targets for gauging the relevance and impact of our audit and investigative work. The OIG calculates these measures relative to each of its strategic goals to determine how well it is accomplishing its objectives. The performance measures are:

• Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency safety, security, or corporate management programs; ratify adherence to agency policies, procedures, or requirements; or identify actual dollar savings or reduced regulatory burden (i.e., high impact);

• Percentage of audit recommendations agreed to by the agency;

• Percentage of final agency actions taken within 2 years on audit recommendations;

• Percentage of OIG investigative products and activities that identify opportunities for improvements to agency safety, security, or corporate management programs; ratify adherence to policies/procedures; or confirm or disprove allegations of wrongdoing (i.e., high impact);

• Percentage of agency actions taken in response to investigative reports; and,

• Percentage of cases completed within 18 months.

6 OPERATIONAL PROCESSES The following sections detail the approach used to carry out the audit and investigative responsibilities previously discussed.

AUDITS The OIGs audit process comprises the steps taken to conduct audits and involves specific actions, ranging from annual audit planning to audit followup activities.

The underlying goal of the audit process is to maintain an open channel of communication between the auditors and DNFSB officials to ensure that audit findings are accurate and fairly presented in audit reports.

The OIG performs the following types of audits:

• Performance audits focus on the DNFSBs administrative and program operations and evaluate the effectiveness and efficiency with which managerial responsibilities are carried out, including whether the programs achieve intended results;

• Financial audits, which include the financial statement audit, attest to the reasonableness of the DNFSBs financial statements, and evaluate financial programs; and,

• Contract audits evaluate the costs of goods and services procured by the DNFSB from commercial enterprises.

The audit process comprises the following steps:

1. Audit Planning - Each year, the OIG solicits suggestions from Congress, DNFSB management, external parties, and OIG staff. It develops this Annual Plan and distributes it to interested parties. In addition, it lists the audits planned to be initiated during the fiscal year and their general objectives, depending on the availability of resources. Thus, the annual audit plan is a living document that the office may revise as circumstances warrant, with a subsequent redistribution of staff resources;

2. Audit Notification - The OIG formally notifies the office responsible for a specific program, activity, or function of its intent to begin an audit of that program, activity, or function;

7

3. Entrance Conference - The OIG meets with DNFSB officials to advise them of the objective(s) and scope of the audit and the general audit methodology it will follow;

4. Survey - The OIG conducts exploratory work before the more detailed audit work commences to:

• Gather data for refining audit objectives, as appropriate;

• Document internal control systems;

• Become familiar with the activities, programs, and processes to be audited; and,

• Identify areas of concern to management.

After the survey phase, the audit team will recommend to the Assistant Inspector General for Audits (AIGA) a go or no go decision regarding the fieldwork phase. If the audit team recommends a no go and the AIGA approves it, the office does not continue any work on the audit;

5. Audit Fieldwork - The audit team performs a comprehensive review of selected areas of a program, activity, or function using an audit program explicitly developed to address the audit objectives;

6. End of Fieldwork Briefing with Agency - After audit fieldwork, the audit team discusses its tentative report findings and recommendations with the auditee;

7. Discussion Draft Report - The OIG provides a discussion draft copy of the report to DNFSB management in preparation for the exit conference;

8. Exit Conference - The OIG meets with the appropriate DNFSB officials to discuss the discussion draft report and provide DNFSB management the opportunity to confirm information, ask questions, and provide any necessary clarifying data;

9. Final Draft Report - If DNFSB management requests one during the exit conference, the OIG provides a final draft copy of the report that includes comments or revisions from the exit conference to obtain formal written comments;

10. Final Audit Report - The final report includes, as necessary, any revisions to the facts, conclusions, and recommendations of the draft report discussed in the exit conference or generated in writing;

8

11. Response to Report Recommendations - Offices that are responsible for the specific program or process audited provide a written response on each recommendation contained in the final report (usually within 30 days). The DNFSB management response indicates agreement or disagreement with the recommended action. For agreement, DNFSB management provides corrective actions taken or planned and actual or target dates for completion.

For disagreement, DNFSB management provides reasons for disagreement and any alternative proposals for corrective action;

12. Impasse Resolution - If the response by the responsible office to a recommendation is unsatisfactory, the OIG may determine that intervention at a higher level is required; and,

13. Audit Follow up and Closure - This process ensures that management implements OIG recommendations.

INVESTIGATIONS The OIGs investigative process typically begins with receiving an allegation of fraud, mismanagement, or misconduct. Because our office must decide to initiate an investigation within a few days of each referral, the OIG does not schedule specific investigations in its annual investigative plan.

The OIG opens investigations following investigative priorities and considering prosecutorial guidelines established by the U.S. Department of Justice (DOJ). In addition, the Council of the Inspectors General on Integrity and Efficiency Quality Standards for Investigations, the OIG Special Agent Handbook, and various guidance provided periodically by the DOJ govern the OIGs investigations.

Only four individuals in the OIG can authorize opening an investigative case: the IG, the Deputy IG, the Assistant IG for Investigations (AIGI), and the Special Agent in Charge. Every allegation received by the OIG is given a unique identification number and entered into a database. Some allegations result in investigations, while the OIG retains others as the basis for audits, refers them to DNFSB management, or, if appropriate, directs them to another law enforcement agency.

When the OIG opens an investigation, Assistant Special Agents in Charge assign it to a special agent who prepares a plan of investigation. This planning process includes reviewing relevant criminal and civil statutes, program regulations, and

9 applicable agency policies. The OIG special agent then conducts the investigation and uses a variety of investigative techniques to ensure completion.

In cases when an OIG special agent determines that someone may have committed a crime, he or she will discuss the investigation with a federal or local prosecutor to determine if the prosecutors office will pursue a prosecution.

In cases when a prosecuting attorney decides to proceed with a criminal or civil prosecution, the special agent assists the attorney in any preparation for court proceedings that may be required.

For investigations that do not result in a prosecution but are handled administratively by the agency, the special agent prepares an investigative report summarizing the facts disclosed during the investigation. The OIG distributes the investigative report to agency officials who need to know the results of the investigation. For investigative reports provided to agency officials regarding substantiated administrative misconduct, the OIG requires a response within 120 days regarding any potential action that may be taken due to the investigative findings. For all other investigative products, such as referrals of allegations and findings requiring a review of agency processes and procedures, the OIG requires a 90-day response, unless an alternative deadline is set. For certain non-criminal investigations, OIG special agents involve the OIG senior engineers from the Technical Services Office to assist in the review of allegations.

The OIG summarizes the criminal and administrative actions taken because of its investigations and includes this data in its Semiannual Report to Congress.

10 HOTLINE The OIG Hotline Program provides DNFSB employees, contract employees, and the public with a confidential means of reporting to the OIG instances of fraud, waste, and abuse relating to Board programs and operations.

Please

Contact:

E-mail:

Online Form Telephone:

1-800-233-3497 TDD:

1-800-201-7165, or 7-1-1 Address:

U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852

APPENDIX A A. AUDITS PLANNED FOR FY 2023

Audits Appendix A A-1 Audit of the DNFSBs Fiscal Year 2022 Financial Statements DESCRIPTION AND JUSTIFICATION: Under the Chief Financial Officers Act, the Government Management and Reform Act, and Office of Management and Budget (OMB) Bulletin 21-04, Audit Requirements for Federal Financial Statements, the OIG is required to audit the DNFSBs financial statements.

The report on the audit of the agencys financial statements is due on November 15, 2022.

OBJECTIVES: The audit objectives are to:

• Express opinions on the agencys financial statements and internal controls;

• Review compliance with applicable laws and regulations; and,

• Review controls in the DNFSBs computer systems that are significant to the financial statements.

SCHEDULE: Initiated in the 2nd quarter of FY 2022.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the DNFSB manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

MANAGEMENT CHALLENGE 2: Ensuring the effective acquisition and management of mission-specific infrastructure, including cyber, physical, and personnel security, and data.

Audits Appendix A A-2 Audit of the DNFSBs Fiscal Year 2023 Financial Statements and Compliance with Improper Payment Laws DESCRIPTION AND JUSTIFICATION: Under the Chief Financial Officers Act, the Government Management and Reform Act, and OMB Bulletin 21-04, Audit Requirements for Federal Financial Statements, the OIG is required to audit the DNFSBs financial statements. The report on the audit of the agencys financial statements is due on November 15, 2023.

The Payment Integrity Information Act (PIIA) requires each agency to annually estimate its improper payments. The PIIA requires federal agencies to periodically review all programs and activities that the agency administers and identify all programs and activities that may be susceptible to significant improper payments.

OBJECTIVES: The audit objectives are to:

• Express opinions on the agencys financial statements and internal controls;

• Review compliance with applicable laws and regulations;

• Review controls in the DNFSBs computer systems that are significant to the financial statements; and,

• Assess the DNFSBs compliance with the PIIA, and report any material weaknesses in internal control.

SCHEDULE: Initiate in the 2nd quarter of FY 2023.

STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency, and effectiveness with which the DNFSB manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

MANAGEMENT CHALLENGE 2: Ensuring the effective acquisition and management of mission-specific infrastructure, including cyber, physical, and personnel security, and data.

Audits Appendix A A-3 Audit of the DNFSBs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023 DESCRIPTION AND JUSTIFICATION: The Federal Information Security Modernization Act (FISMA) was enacted in 2014. The FISMA outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by agency Inspectors General. In addition, the FISMA includes provisions, such as those requiring the development of minimum standards for agency systems, that are aimed at further strengthening the security of federal government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.

The FISMA provides the framework for securing the federal governments information technology, including both unclassified and national security systems. All agencies must implement the requirements of the FISMA and report annually to the OMB and Congress on the effectiveness of their security programs.

OBJECTIVE: The audit objective will be to conduct an independent assessment of the DNFSBs FISMA implementation for Fiscal Year 2023.

SCHEDULE: Initiate in the 1st quarter of FY 2023.

STRATEGIC GOAL 2: Security - Strengthen the DNFSBs security efforts in response to an evolving threat environment.

STRATEGY 2-1: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security), and conduct audits and/or investigations that lead to DNFSB program and operational improvements.

MANAGEMENT CHALLENGE 2: Ensuring the effective acquisition and management of mission-specific infrastructure, including cyber, physical, and personnel security, and data.

Audits Appendix A A-4 Audit of the DNFSBs Equal Employment Opportunity Program DESCRIPTION AND JUSTIFICATION: Equal employment opportunity (EEO), diversity, and inclusion are at the heart of what makes an effective and productive workforce. It is the DNFSBs policy to provide equal opportunity in all personnel/employment programs, practices, and decisions, and to work to prevent and effectively address discrimination in all forms.

The EEO office manages and administers three major programs: Complaint Processing; Diversity, Equity, and Inclusion; and Affirmative Employment. The office develops and implements policies, procedures, programs, and initiatives under numerous mandates and Executive Orders, in accordance with Title VII of the Civil Rights Act of 1964 and Title 29 of the Code of Federal Regulations Part 1614 (29 C.F.R. Part 1614).

Further, the DNFSBs Operating Procedure on the EEO Program (OP-111.1-1) stipulates requirements for EEO counselors meeting minimum hours of EEO training.

OBJECTIVES: The audit objective is to determine the extent to which the DNFSBs Equal Employment Opportunity Program meets federal requirements and fulfills agency goals for diversity, equity, and inclusion.

SCHEDULE: Initiate in the second quarter of FY 2023.

STRATEGIC GOAL 3: Corporate management - Increase the economy, efficiency, and effectiveness with which the DNFSB manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the DNFSB and conduct audits and/or investigations that lead to DNFSB program and operational improvements.

MANAGEMENT CHALLENGE 1: Leading a healthy and sustainable organizational culture and climate.

Audits Appendix A A-5 Audit of the DNFSBs Records Management Program DESCRIPTION AND JUSTIFICATION: DNFSB Directive D-421.1, Records Management Program, establishes policy and assigns responsibilities for the DNFSB Records Management (RM) Program. The DNFSB RM Program shall demonstrate that the DNFSB operates in accordance with its enabling statute, other regulations, and guidance, and documents the organization, policies, procedures, and decisions. DNFSB records are stored, maintained, and disposed of by the Office of the General Counsel, the Office of the General Manager (OGM), and the Office of the Technical Director, in accordance with DNFSB records retention schedules.

The OGM manages the DNFSB RM Program, storing, maintaining, and disposing of records in accordance with DNFSB records schedules. The DNFSB manages permanent email records via the Capstone approach and retains electronic records to the fullest extent possible. Official DNFSB business is performed on official DNFSB information systems to ensure that any use of a non-DNFSB information system does not affect the preservation of federal records for federal records purposes, or the ability to identify and process those records, if requested, under the Freedom of Information Act (FOIA), Privacy Act, or for other official business.

In the event that personal email, or another type of personal electronic messaging account, including text messaging on a personal mobile device, must be used for sending or receiving DNFSB records, the individual creating or sending the record must copy their DNFSB email account at the time of transmission or creation, or forward that record to their DNFSB email account within 20 days.

OBJECTIVE: The audit objective is to determine whether the DNFSBs records management program complies with federal and DNFSB requirements to document agency activities effectively.

SCHEDULE: Initiate in the fourth quarter of FY 2023.

STRATEGIC GOAL 3: Corporate management - Increase the economy, efficiency, and effectiveness with which the DNFSB manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

Audits Appendix A A-6 MANAGEMENT CHALLENGE 2: Ensuring the effective acquisition and management of mission-specific infrastructure, including cyber, physical and personnel security, and data.

Audits Appendix A A-7 Audit of the DNFSBs Freedom of Information Act Program DESCRIPTION AND JUSTIFICATION: The Freedom of Information Act (FOIA), found at 5 U.S.C. § 552, grants every person the right to request access to federal agency records. Federal agencies are required to disclose records upon receiving a written request, with the exception of records that are protected from disclosure by one or more of the FOIAs nine exemptions. This right of access is enforceable in court.

The DNFSB makes many of its documents, such as agency regulations and policy statements, technical reviews, and reports to Congress, publicly available through its website. For documents that are not available through the website, people may submit FOIA requests by mail or email, or through the National FOIA Portal website.

The DNFSB is required to respond to a FOIA request within 20 business days of receiving a perfected FOIA request, and the agency may pause the 20-day response period one time to seek information from a requester. FOIA requests are subject to variable fees, which can be waived under certain circumstances.

The DNFSB can pause the 20-day response period as long as necessary to clarify fee assessments.

During FY 2021, the DNFSB received 19 FOIA requests. The agency processed 18 requests, while 1 remained pending at the end of the FY. The agency fully or partially granted 11 requests, while the remaining 7 were denied on grounds other than FOIA exemption criteria. Specifically, the DNFSB either had no records covered by the requests, or the requestors did not reasonably describe records sought. In one case, a request was withdrawn. The DNFSB allocated 0.5 FTE and approximately $50,000 to processing FOIA requests during the FY.

OBJECTIVE: To assess the consistency and timeliness of the DNFSBs FOIA request decisions, and to assess the agencys effectiveness in communicating FOIA policies to FOIA requestors.

SCHEDULE: Initiate in the fourth quarter of FY 2022.

STRATEGIC GOAL 3: Corporate management - Increase the economy, efficiency, and effectiveness with which the DNFSB manages and exercises stewardship over its resources.

Audits Appendix A A-8 STRATEGY 3-1: Identify areas of corporate management risk within the DNFSB and conduct audits and/or investigations that lead to DNFSB program improvements.

MANAGEMENT CHALLENGE 5: Managing the DNFSBs efforts to elevate its visibility, credibility, and influence and to assess and improve its relationship with the DOE and external stakeholders.

APPENDIX B B. INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2023

Investigations Appendix B B-1 INTRODUCTION The AIGI is responsible for developing and implementing an investigative program that furthers the OIGs objectives. The AIGIs primary responsibilities include investigating possible violations of criminal statutes relating to the DNFSBs programs and activities, investigating allegations of misconduct by DNFSB employees, interfacing with the DOJ on OIG-related criminal matters, and coordinating investigations and OIG initiatives with other federal, state, and local investigative agencies and other AIGIs.

Investigations cover various allegations concerning criminal wrongdoing or administrative misconduct affecting various DNFSB programs and operations.

Investigations may be initiated because of allegations or referrals from private citizens; DNFSB employees; Congress; other federal, state, and local law enforcement agencies; OIG Audits; the OIG Hotline; and, proactive efforts directed at areas bearing a high potential for fraud, waste, abuse, and mismanagement.

The OIG developed this investigative plan to focus OIG investigative priorities and to use available resources most effectively. It provides strategies and plans for investigative work for FY 2023. As identified by the OIG, the most serious management and performance challenges facing the DNFSB were also considered in the development of this plan.

PRIORITIES The OIG estimates it will initiate approximately five investigations in FY 2023.

Reactive investigations into allegations of criminal and other wrongdoing, and allegations of safety significance, will take priority with respect to the OIGs use of available resources. Because the DNFSBs mission is to protect public health and safety, the AIGIs main concentration of effort and resources involves investigations of alleged DNFSB employee misconduct that could adversely impact matters related to public health and safety.

OBJECTIVES To facilitate the most effective and efficient use of limited resources, Investigations has established specific objectives aimed at preventing and detecting fraud, waste, abuse, and mismanagement, as well as optimizing the DNFSBs effectiveness and

Investigations Appendix B B-2 efficiency. Investigations will focus its investigative efforts in areas that include possible violations of criminal statutes relating to the DNFSBs programs and operations, and allegations of misconduct by DNFSB employees and managers.

INITIATIVES

• Investigate allegations of misconduct by DNFSB employees and contractors in accordance with federal statutes, regulations, and DNFSB directives;

• Investigate alleged violations of government-wide ethics regulations and possible conflicts of interest;

• Conduct fraud awareness briefings and information presentations to provide a practical and implementable knowledge base for DNFSB employees and external stakeholders that supports anti-fraud activities;

• Conduct activities to protect DNFSBs Information Technology (IT) infrastructure against both internal and external computer intrusions by working in close coordination with DNFSB IT staff;

• Attempt to detect possible wrongdoing perpetrated against the DNFSBs procurement and contracting program. This will include periodic meetings with DNFSB management officials, contract specialists, project managers, project officers, and other identified employees;

• Proactively review government travel charge card and government purchase card programs to prevent, detect, and investigate alleged misuse and abuse; and,

• Proactively review and maintain awareness in areas of DNFSB emphasis to identify emerging issues that may require future OIG involvement.

The OIG Hotline

• Promptly process complaints received via the OIG Hotline; and,

Investigations Appendix B B-3

• Initiate investigations when warranted and properly dispose of allegations that do not warrant OIG investigation.

FOIA & Privacy Act

• The OIG is an independent component in relation to the DNFSB and responds to requests for records that are exclusively DNFSB OIG-related, such as reports of OIG inspections, audits, or investigations relating to the programs and operations of the DNFSB; and,

• The General Counsel to the IG is the principal contact point within the OIG for advice and policy guidance on matters pertaining to the administration of the FOIA. All requests are handled professionally and expeditiously.

Liaison Program

• Maintain close working relationships with the Intelligence Community and other law enforcement agencies, public interest groups, and Congress through periodic meetings with pertinent Congressional staff, public interest groups, and appropriate Intelligence Community and law enforcement organizations;

and,

• Conduct liaison visits with DNFSB staff and stakeholders at sites within the DNFSBs jurisdiction to discuss and identify potential safety-related issues and future avenues of investigative interest.

ALLOCATION OF RESOURCES Investigations undertakes both proactive initiatives and reactive investigations.

Approximately 85 percent of available investigative resources will be used for reactive investigations. The balance will be allocated to proactive investigative efforts such as reviews of DNFSB contract files, examinations of DNFSB information technology systems to identify weaknesses or misuse by agency employees, reviews of delinquent government travel and purchase card accounts, and other initiatives.

APPENDIX C C. ABBREVIATIONS AND ACRONYMS

C-1 0BABBREVIATIONS AND ACRONYMS AIGA Assistant Inspector General for Audits AIGI Assistant Inspector General for Investigations C.F.R.

Code of Federal Regulations DNFSB Defense Nuclear Facilities Safety Board DOE U.S. Department of Energy DOJ U.S. Department of Justice FISMA Federal Information Security Modernization Act FOIA Freedom of Information Act FTE Full-Time Equivalent FY Fiscal Year IAM Issue Area Monitoring IG Inspector General IT Information Technology NRC U.S. Nuclear Regulatory Commission OGC Office of the General Counsel OGM Office of the General Manager OIG Office of the Inspector General OMB Office of Management and Budget RM Records Management U.S.C.

U.S. Code