ML24312A311

From kanterella
Jump to navigation Jump to search
The Office of the Inspector Generals Fiscal Year 2025 Annual Plan for the U.S. Nuclear Regulatory Commission, Dated November 6, 2024
ML24312A311
Person / Time
Issue date: 11/06/2024
From: Feitel R
NRC/OIG
To:
References
Download: ML24312A311 (1)
v  d  e


Text

Office of the Inspector General U.S. Nuclear Regulatory Commission Annual Plan Fiscal Year 2025

i FOREWORD I am pleased to present the Office of the Inspector Generals (OIG) fiscal year (FY) 2025 Annual Plan for our work pertaining to the U.S. Nuclear Regulatory Commission (NRC). The Annual Plan summarizes the audit and investigative strategies for the OIGs work and previews the specific work planned for the coming year. In addition, it sets forth the OIGs formal process for identifying priority issues and managing its workload and resources for FY 2025. Effective April 1, 2014, the NRC OIG was also assigned to serve as the OIG for the Defense Nuclear Facilities Safety Board; a separate document contains the OIGs annual plan for our work pertaining to that agency.

The NRCs mission is to license and regulate the nations civilian use of radioactive materials in a manner that provides reasonable assurance of adequate protection of public health and safety, promotes the common defense and security, and protects the environment. The OIG is committed to overseeing the integrity of the NRCs programs and operations. Developing an effective planning strategy is a critical aspect of accomplishing this commitment. In addition, such planning ensures that the OIG uses audit and investigative resources efficiently.

The OIG prepared this Annual Plan to align with the OIGs Strategic Plan for FYs 2024-2028, which is based, in part, on an assessment of the strategic challenges facing the NRC. The Strategic Plan identifies the OIGs priorities and establishes a shared set of expectations regarding the goals we expect to achieve and the strategies we will employ over that timeframe. The OIG based this Annual Plan on the foundation of the Strategic Plan and The Inspector Generals Assessment of the Most Serious Management and Performance Challenges Facing the Nuclear Regulatory Commission in Fiscal Year 2025. The OIG sought input from the NRC Chair, the NRC Commissioners, NRC headquarters and regional managers, and members of Congress in developing this Annual Plan.

We have programmed all available resources to maximize their use and address the matters identified in this plan. However, it is sometimes necessary to modify this plan as circumstances, priorities, or resources warrant in response to a changing environment.

Robert J. Feitel Robert J. Feitel Inspector General Robert J. Feitel NRC and DNFSB Inspector General

ii TABLE OF CONTENTS MISSION AND AUTHORITY.............................................................................................. 1 PLANNING STRATEGY...................................................................................................... 2 AUDIT AND INVESTIGATION OVERVIEW..................................................................... 3 AUDIT STRATEGY.................................................................................................. 4 INVESTIGATION STRATEGY................................................................................. 5 PERFORMANCE MEASURES............................................................................................ 7 OPERATIONAL PROCESSES............................................................................................. 8 AUDITS.................................................................................................................... 8 INVESTIGATIONS................................................................................................. 10 HOTLINE................................................................................................................ 13 APPENDICES A. MANDATORY AUDITS & EVALUATIONS Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2024 Compliance with the Payment Integrity Information Act of 2019................. A-1 Audit of the U.S. Nuclear Regulatory Commissions Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2025

......................................................................................................................... A-2 Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2025 Financial Statements A-3 Defense Contract Audit Agency Audits... A-4 B. PLANNED AUDITS & EVALUATIONS Audit of the U.S. Nuclear Regulatory Commissions Oversight of Aging Management for Long-Lived Reactor Structures and Components............... B-1 Audit of the U.S. Nuclear Regulatory Commissions Management and Oversight of Research and Development Grants........................................... B-3 Audit of the U.S. Nuclear Regulatory Commissions Traditional Enforcement ProgramB-5 Audit of the U.S. Nuclear Regulatory Commissions Budget Formulation Process............................................................................................................ B-6 Audit of the U.S. Nuclear Regulatory Commissions Oversight of Cybersecurity Inspection Programs at Operating Nuclear Power Plants.......B-7

iii Audit of the U.S. Nuclear Regulatory Commissions Oversight of Subsequent License Renewal Commitments..................................................................... B-8 Audit of the U.S. Nuclear Regulatory Commissions Awards and Recognition Program.......................................................................................................... B-9 Audit of the U.S. Nuclear Regulatory Commissions Process for Evaluating Requests to Restart Operations at Nuclear Power Reactors in Decommissioning..........................................................................................B-10 Audit of the U.S. Nuclear Regulatory Commissions Oversight of the Medical Use of Radioisotopes..................................................................................... B-12 Audit of the U.S. Nuclear Regulatory Commissions Freedom of Information Act Process.................................................................................................... B-13 Audit of the U.S. Nuclear Regulatory Commissions Anti-Phishing Program

........................................................................................................................ B-14 Audit of the U.S. Nuclear Regulatory Commissions Incident Response Program........................................................................................................ B-15 Audit of the U.S. Nuclear Regulatory Commissions Process for Capturing and Dispositioning Public Comments Related to Environmental Reviews for Licensing Actions.......................................................................................... B-17 C. IN PROGRESS AUDITS & EVALUATIONS IN PROGRESS AUDITS & EVALUATIONS................................................... C-1 D. INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2025 INTRODUCTION - PRIORITIES AND OBJECTIVES................................. D-1 INITIATIVES.................................................................................................. D-2 ALLOCATION OF RESOURCES.................................................................... D-4 E. ABBREVIATIONS AND ACRONYMS ABBREVIATIONS AND ACRONYMS............................................................. E-1

1 MISSION AND AUTHORITY The NRC OIG was established as a statutory entity on April 15, 1989, in accordance with the 1988 amendments to the Inspector General (IG) Act, to provide independent oversight of NRC operations. To fulfill its mission, the OIG:

  • Conducts and supervises independent audits, evaluations, and investigations of agency programs and operations;
  • Promotes economy, effectiveness, and efficiency within the agency;
  • Prevents and detects fraud, waste, abuse, and mismanagement in agency programs and operations;
  • Develops recommendations regarding existing and proposed regulations relating to agency programs and operations; and,
  • Keeps the agency head and Congress fully and currently informed about problems and deficiencies relating to agency programs.

Under the IG Act, the OIG issues Semiannual Reports to Congress to provide Congress, agency leaders, and other stakeholders comprehensive accounts of our completed audit, investigative, and other oversight work. In these reports we describe significant findings, referrals, and related agency actions during the period covered by each report. We also list OIG recommendations that remain outstanding with the agencies we oversee, the results of peer reviews in which our OIG was involved, and other important information relating to the reporting period.

The Reports Consolidation Act of 2000 (Public Law 106-531) requires the OIG to annually update our assessment of the most serious management and performance challenges facing the NRC and the agencys progress in addressing those challenges. This assessment supports the execution of the OIGs mission and is an important component of the OIGs Annual Plan development. The management and performance challenges facing the NRC for FY 2025 are: 1

1. Implementing applicable provisions of the Accelerating Deployment of Versatile, Advanced Nuclear for Clean Energy Act of 2024 (ADVANCE Act);

1 This Annual Plan notes these challenges without any ranking order of importance.

2

2. Ensuring safety and security through risk-informed regulation of new nuclear technologies and well-supported decisions regarding the restart of power plants in decommissioning;
3. Overseeing the decommissioning process and the management of decommissioning trust funds;
4. Ensuring the effective protection of information technology and data;
5. Recruiting and retaining a skilled workforce;
6. Overseeing the safe and secure use of nuclear materials and storage and disposal of waste;
7. Enhancing financial efficiency and resource management;
8. Planning for and assessing the impact of artificial intelligence on nuclear safety and security programs; and,
9. Promoting ethical conduct within the agency and protecting regulatory integrity.

In conjunction with the OIGs strategic goals, these challenges inform which audits and evaluations the OIG will conduct each fiscal year. Through its Issue Area Monitoring program, and also through its audits, evaluations, and investigations, the OIGs staff monitors agency performance on these management and performance challenges.

PLANNING STRATEGY The OIG links the FY 2025 Annual Plan with the OIGs Strategic Plan for FYs 2024-2028. The Strategic Plan identifies the significant challenges and critical risk areas facing the NRC so that the IG may direct optimal resources to these areas.

The Strategic Plan recognizes the mission and functional areas of the NRC and the significant challenges it faces in successfully implementing its regulatory programs. The plan presents strategies for reviewing and evaluating NRC programs under the strategic goals that the OIG established. The OIGs three NRC-specific strategic goals are individual and distinct; together, they allow the OIG to assess its success in improving NRC programs through effective oversight.

3 The OIGs strategic goals for the NRC are:

  • SafetyStrengthen the NRCs efforts to protect public health and safety and the environment;
  • SecurityStrengthen the NRC's efforts to address evolving security threats; and,
  • Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

To ensure that each audit and evaluation carried out by the OIG aligns with the Strategic Plan, program areas selected for audit and evaluation have been cross walked from the Annual Plan to the Strategic Plan. See the planned audits in Appendices A and B and ongoing audits in Appendix C.

AUDIT AND INVESTIGATION OVERVIEW The NRC is headquartered in Rockville, Maryland, just outside of Washington, DC, and has four regional offices in Pennsylvania, Georgia, Illinois, and Texas.

It also operates a professional development center in Rockville, Maryland, and a technical training center in Chattanooga, Tennessee. The NRCs FY 2025 budget request is approximately $995 million, including 2,897.9 full-time equivalent employees, which represents the total cost of agency programs.

The NRC has a significant role in enhancing nuclear safety and security throughout the world. The agency carries out its mission through various licensing, inspection, research, and enforcement programs. The NRCs responsibilities include regulating:

  • 94 commercial nuclear power reactors operating at 54 sites in 28 states;
  • 71 licensed or operating independent spent fuel storage installations;
  • 30 licensed and operating research and test reactors;
  • 3 operational fuel cycle facilities; and,
  • Approximately 2,150 NRC material licenses.2 2 There are 39 Agreement States that regulate certain radioactive materials under agreements with the NRC. These Agreement States develop regulations consistent with the NRCs regulations and appoint officials to ensure nuclear materials are used safely and securely. Agreement States oversee approximately 15,800 materials licenses. These totals represent an estimate because the number of specific radioactive materials licenses per state may change daily.

4 The OIGs audit and investigative oversight responsibilities are, therefore, derived from the wide array of programs, functions, and support activities the NRC has established to accomplish its mission.

AUDIT STRATEGY Effective audit planning requires current knowledge about the agencys mission and the programs and activities used to carry out that mission. Accordingly, the OIG continually monitors specific issue areas to strengthen its internal coordination and overall planning processes. Under the OIGs Issue Area Monitoring program, responsibilities are assigned to staff, designated as issue area monitors, to keep abreast of significant agency programs and activities.

The broad Issue Area Monitoring areas address nuclear reactors, nuclear materials, nuclear waste, information management, security, financial and administrative programs, human resources, and international programs.

The OIG Strategic Plan and the identified agency management and performance challenges for FY 2025 inform the audit planning process. The synergies yield audit assignments that identify opportunities for efficiency, economy, and effectiveness in NRC programs and operations; detect and prevent fraud, waste, abuse, and mismanagement; improve program and security activities at headquarters and regional locations; and, respond to emerging circumstances and priorities. The OIG prioritizes audits based on:

  • Legislative requirements;
  • Critical agency risk areas;
  • Emphasis by the President, Congress, the NRC Chair, and other NRC Commissioners;
  • Susceptibility of a program to fraud, manipulation, or other irregularities;
  • Risk to federal funds or other resources involved in the proposed audit area;
  • Emerging areas of heightened risk, changed conditions, or sensitivity for an organization, program, function, or activity;
  • Prior audit experience, including experience relating to the adequacy of internal controls; and,
  • Availability of audit resources.

5 INVESTIGATION STRATEGY The OIGs responsibility for detecting and preventing fraud, waste, and abuse within the NRC includes investigating possible violations of criminal statutes relating to agency programs and activities, investigating misconduct by employees and contractors, coordinating with the U.S. Department of Justice on OIG-related criminal and civil matters, and coordinating investigations and other OIG initiatives with federal, state, and local investigative agencies, and other OIGs.

Investigations may be initiated as a result of allegations or referrals from private citizens; licensee employees; government employees; Congress; other federal, state, and local law enforcement agencies; OIG audits; the OIG Hotline; and, OIG initiatives directed at areas bearing a high potential for fraud, waste, and abuse. Because the NRCs mission is to protect the health and safety of the public, the OIGs Investigative Program directs much of its resources and attention to investigating allegations of NRC staff conduct that could adversely impact matters related to health and safety. These investigations may address allegations of:

  • Misconduct by NRC officials, such as managers and inspectors, whose positions directly impact public health and safety;
  • Failure by NRC management to ensure that health, safety, and security matters are appropriately addressed;
  • Failure by the NRC to provide appropriate oversight of licensee activities and to ensure compliance with agency regulations;
  • Conflicts of interest involving NRC employees and contractors, including such matters as promises of future employment for favorable regulatory treatment and the acceptance of gratuities; and,
  • Fraud, waste, and abuse in the NRCs programs.

The OIG will continue to monitor specific high-risk areas within the NRCs corporate support program management that are most vulnerable to fraud, waste, abuse, and mismanagement. A significant focus remains on matters that could negatively impact the security and integrity of the NRCs data and operations. This focus will also include efforts to ensure the continued protection of personal privacy information held within agency databases and

6 systems. The OIG is committed to improving the security of the constantly changing electronic business environment by investigating cyber-related fraud, waste, and mismanagement through proactive investigations and computer forensic examinations as warranted. Other actions to detect and prevent potential problems will focus on determining instances of procurement and grant fraud and identifying vulnerabilities in NRC daily operations, to include theft of property and funds, insider threats, U.S.

government travel and purchase card mismanagement, and violations under the False Claims Act.

The OIG will meet with the NRCs internal and external stakeholders to identify actual and potential systemic issues or vulnerabilities as part of these proactive initiatives. This approach enables opportunities to improve the agencys performance. The OIG also participates in federal cyber, fraud, and other task forces to identify criminal activity targeted against the federal government.

With regard to the OIGs strategic goal concerning safety and security, the OIG routinely interacts with public interest groups, individual citizens, industry workers, and NRC staff to identify possible lapses in NRC regulatory oversight that could impact public health and safety. In addition, the OIG conducts proactive reviews into areas of regulatory safety or security to identify emerging issues or address ongoing concerns regarding the quality of the NRCs regulatory oversight. Such reviews might focus on new reactor licensing and license renewals for existing plants, aspects of the transportation and storage of high-level and low-level waste, and decommissioning activities.

Additionally, the OIG periodically conducts Event Inquiries and Special Inquiries. Event Inquiry reports document the OIGs examination of events or agency regulatory actions to determine if staff actions may have contributed to the occurrence of an event. Special Inquiry reports document those instances when an investigation identifies inadequacies in NRC regulatory oversight that may have resulted in a potentially adverse impact on public health and safety.

Appendix D provides investigative objectives and initiatives for FY 2025.

Specific investigations are not included in the plan because the OIGs investigations are primarily responsive to reported violations of law and misconduct by NRC employees and contractors, as well as allegations of irregularities or mismanagement in the NRCs programs and operations.

7 PERFORMANCE MEASURES For FY 2025, we will use several key performance measures and targets for gauging the relevance and impact of our audit, evaluation, and investigative work. The OIG calculates these measures relative to each of the OIGs strategic goals to determine how well we are accomplishing our objectives.

The performance measures are:

  • Percentage of OIG audit products and activities that (1) cause the agency to take corrective action to improve agency safety, security, or corporate support programs; (2) result in the agency strengthening adherence to agency policies, procedures, or requirements; (3) identify actual dollar savings and monetary benefits; or, (4) in appropriate cases, result in the agency taking action to reduce regulatory burdens (i.e., high impact3);
  • Percentage of audit recommendations agreed to by the agency;
  • Percentage of final agency actions taken within two years on audit recommendations;
  • Percentage of OIG investigative products and activities that identify opportunities to improve agency safety, security, or corporate support programs; strengthen adherence to agency policies/procedures; or, confirm or disprove allegations of wrongdoing (i.e., high impact);
  • Percentage of agency actions taken in response to investigative reports;
  • Percentage of active cases completed in 18 months or less;
  • Percentage of closed investigations referred to the DOJ or other relevant authorities; and,
  • Percentage of closed investigations resulting in specific actions, such as civil suits or settlements, judgments, administrative actions, monetary results, IG clearance letters, indictments, or convictions.

3 High impact audit, evaluation, and investigative products have immediate results with long-lasting effects. They have a broad enterprise-wide impact and highlight sensitive issues that explore health, safety, and security issues.

8 OPERATIONAL PROCESSES The following sections detail the approach used to carry out the audit and investigative responsibilities previously discussed.

AUDITS The OIGs audit process comprises the steps taken to conduct audits and involves specific actions, ranging from annual audit planning to audit follow-up activities. The underlying goal of the audit process is to maintain an open channel of communication between the auditors and NRC officials to ensure that audit findings are accurate and fairly presented in the audit report. The OIG performs the following types of audits:

  • Performance audits focus on NRC administrative and program operations and evaluate the effectiveness and efficiency with which managerial responsibilities are carried out, including whether the programs achieve intended results;
  • Financial audits, which include the annual financial statement audit required by the Chief Financial Officers Act, attest to the reasonableness of the agencys financial statements; and,
  • Contract audits evaluate the costs of goods and services procured by the NRC from commercial enterprises.

The audit process begins with the development of this Annual Plan. Each year, the OIG solicits suggestions from Congress, the Commission, agency management, external parties, and OIG staff. It develops an Annual Plan and distributes it to interested parties. The Annual Plan lists the audits the OIG plans to initiate during the year and their general objectives. The Annual Plan is a living document that may be revised as circumstances warrant, with a subsequent redistribution of staff resources. The audit process comprises the steps summarized in Figure 1.

9 Figure 1: Steps in the OIGs Audit Process Audit Step Action Audit Notification The OIG formally notifies the office responsible for a specific program, activity, or function of its intent to begin an audit.

Entrance Conference The OIG meets with agency officials to advise them of the objective(s) and scope of the audit and the general methodology it will follow.

Survey The OIG conducts exploratory work to gather data for refining audit objectives; documenting internal control systems; becoming familiar with the activities, programs, and processes to be audited; and, identifying areas of concern to management.

Audit Fieldwork Based on the results of the survey work, the audit team recommends to the Assistant Inspector General for Audits & Evaluations (AIGA) whether to proceed with the audit. If the AIGA decides to proceed with the audit, the OIG then performs a comprehensive review of selected areas of a program, activity, or function using an audit program developed specifically to address the audit objectives.

End of Fieldwork Briefing with the Agency At the conclusion of audit fieldwork, the audit team discusses the preliminary report findings and recommendations with the auditee.

Discussion Draft Report The OIG provides a discussion draft copy of the report to agency management to enable them to prepare for the exit conference.

Exit Conference The OIG meets with the appropriate agency officials to review the discussion draft report and provide agency management the opportunity to confirm information, ask questions, and clarify data.

Formal Draft Report If requested by agency management during the exit conference, the OIG provides a final draft copy of the report that includes comments or revisions from the exit conference and invites agency management to provide formal written comments.

10 Audit Step Action Final Audit Report The final report includes, as necessary, any revisions to the facts, conclusions, and recommendations in the draft report resulting from discussions during the exit conference or written comments on the draft by agency managers. Formal written comments by agency management are included as an appendix to the report, when applicable. Final audit reports will be publicly issued, except for those containing sensitive or classified information.

Response to Report Recommendations Offices responsible for the audited program or process provide a written response, usually within 30 calendar days, on each recommendation contained in the final report. If agency management agrees with the recommendation, the response describes corrective actions taken or planned, with actual or target completion dates.

However, if agency management disagrees, the response provides reasons for disagreement and may propose alternative corrective actions.

Impasse Resolution If the responsible office and the OIG reach an impasse over a recommended action, or the offices response to a recommendation is, in the OIGs view, unsatisfactory, the OIG may request the intervention of the Chair to achieve resolution.

Audit Follow-up and Closure This process ensures that recommendations made to management are implemented.

Source: OIG Audit Manual In its Semiannual Report to Congress, the OIG reports on the status of unimplemented audit recommendations and the expected timetable for agency implementation of final corrective actions.

INVESTIGATIONS The OIGs investigative process typically begins with the receipt of a complaint of fraud, mismanagement, or misconduct. Because the OIG must decide whether to initiate an investigation within a few days of such receipt, the office does not schedule specific investigations in its annual investigative plan.

11 The OIG opens an investigation following both its investigative priorities as outlined in the OIG Strategic Plan and the prosecutorial guidelines established by the U.S. Department of Justice (DOJ). In addition, the Quality Standards for Investigations issued by the Council of the Inspectors General on Integrity and Efficiency, the OIGs Investigations Division Manual, and various guidance provided periodically by the DOJ, govern the OIGs investigations.

Only four individuals in the OIG can authorize the opening of an investigation:

the IG, the Deputy IG, the Assistant IG for Investigations (AIGI), and the Special Agent in Charge (SAC). Every complaint received by the OIG is given a unique identification number and entered into the OIG case management system. Some complaints result in investigations, while the OIG retains others as the basis for audits, refers them to NRC management, or if appropriate, directs them to another law enforcement agency.

When the OIG opens an investigation, the SAC or the Assistant Special Agent in Charge assigns it to a special agent or investigator, who prepares a plan of investigation. This planning process includes reviewing relevant criminal and civil statutes, program regulations, and applicable agency policies. The OIG special agent or investigator then investigates using various techniques to ensure completion.

Where an OIG special agent determines that a person may have committed a crime, the agent will discuss the investigation with a federal, state, or local prosecutor to determine if prosecution will be pursued. If the prosecuting attorney decides to proceed with a criminal or civil prosecution, the special agent assists the attorney in any preparation for court proceedings that may be required.

For investigations that do not result in prosecution but are handled administratively by the agency, the special agent or investigator prepares a report summarizing the facts gathered in the investigation. The OIG distributes the report to agency officials who need to know the investigative results. For investigative reports provided to agency officials regarding substantiated administrative misconduct, the OIG requires a response within 120 days addressing any potential action based on the investigative findings. For all other investigative products, such as referrals of allegations and findings requiring a review of agency processes and procedures, the OIG generally requires a 90-day response unless the agency and the OIG agree to an alternate deadline. For certain non-criminal investigations, OIG special agents involve subject matter

12 experts from the OIGs Technical Services Section to assist in the review of the complaints.

The OIG summarizes the criminal and administrative actions taken as a result of its investigations and includes this information in its Semiannual Reports to Congress. As part of the investigation function, the OIG also periodically conducts Event Inquiries and Special Inquiries, as discussed earlier in this plan.

13 HOTLINE The OIG Hotline Program provides NRC employees, contract employees, and the public with a confidential means of reporting to the OIG instances of fraud, waste, and abuse relating to agency programs and operations.

Please

Contact:

E-mail:

Online Form Telephone:

1.800.233.3497 TDD:

1.800.201.7165, or 7-1-1 Address:

U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O12-A12 11555 Rockville Pike Rockville, Maryland 20852-2746

APPENDIX A MANDATORY AUDITS & EVALUATIONS PLANNED FOR FY 2025

MANDATORY PROJECTS APPENDIX A A-1 Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2024 Compliance with the Payment Integrity Information Act of 2019 DESCRIPTION AND JUSTIFICATION: The Payment Integrity Information Act of 2019 (PIIA) requires federal agencies to annually assess and report on improper payments in their programs. Agencies must conduct risk assessments to identify programs vulnerable to improper payments and establish controls to prevent and detect such payments. The PIIA also requires the OIG to review and report on the agencys compliance with the Act, including the implementation of corrective actions to reduce improper payments. To comply with this requirement, the OIG has contracted with an independent public accounting firm to conduct the review.

OBJECTIVES: The audit objectives are to:

  • Assess the NRCs compliance with the PIIA; and,
  • Report any material weaknesses in internal control.

SCHEDULE: Initiate in the second quarter of FY 2025.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate support risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Enhancing financial efficiency and resource management

MANDATORY PROJECTS APPENDIX A A-2 Audit of the U.S. Nuclear Regulatory Commissions Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2025 DESCRIPTION AND JUSTIFICATION: The Federal Information Security Modernization Act (FISMA) was enacted in 2014. FISMA outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by an agencys Inspector General. In addition, FISMA includes provisions, such as those pertaining to the development of minimum standards for agency systems, aimed at further strengthening the security of the federal governments information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of security programs and to develop strategies and best practices for improving information security.

FISMA provides the framework for securing both unclassified and national security systems. All agencies must implement the requirements of FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs. To evaluate the NRCs compliance with FISMA, the OIG has contracted with an independent public accounting firm.

OBJECTIVE: The audit objective is to conduct an independent assessment of the NRCs FISMA implementation for FY 2025.

SCHEDULE: Initiate in the second quarter of FY 2025.

STRATEGIC GOAL 3: Corporate ManagementIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cybersecurity), and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 4: Ensuring the effective protection of information technology and data.

MANDATORY PROJECTS APPENDIX A A-3 Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2025 Financial Statements DESCRIPTION AND JUSTIFICATION: The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require federal agencies to submit annual financial statements audited by the OIG.

The financial statements and accompanying audit report for FY 2025 are due no later than November 17, 2025. To facilitate the NRCs compliance with this requirement, the OIG has contracted with an independent public accounting firm to conduct the audit.

OBJECTIVES: The audit objectives are to:

  • Express an opinion on whether the NRCs financial statements are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles;
  • Express an opinion on whether the NRC maintained, in all material respects, effective internal control over financial reporting; and,
  • Review compliance with certain laws, regulations, contracts, and grant agreements.

SCHEDULE: Initiate in the third quarter of FY 2025.

STRATEGIC GOAL 3: Corporate Support - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate support risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Enhancing financial efficiency and resource management.

MANDATORY PROJECTS APPENDIX A A-4 Defense Contract Audit Agency Audits DESCRIPTION AND JUSTIFICATION: The OIG and the Defense Contract Audit Agency (DCAA) have an interagency agreement whereby the DCAA provides contract audit services for the OIG. The DCAA is responsible for the audit report conclusions and for performing the audit in accordance with Generally Accepted Government Auditing Standards.

The OIG distributes the audit report to NRC management and is responsible for follow-up on agency actions initiated as a result of the audit.

OBJECTIVE: The audit objective is to assess whether the costs claimed by contractors are reasonable, allowable, and allocable in accordance with contract terms and applicable regulations.

SCHEDULE: Initiation varies based on requirements and contracts.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate support risk within the NRC and conduct audits and investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Enhancing financial efficiency and resource management.

APPENDIX B AUDITS & EVALUATIONS PLANNED FOR FISCAL YEAR 2025

PLANNED PROJECTS APPENDIX B B-1 Audit of the U.S. Nuclear Regulatory Commissions Oversight of Aging Management for Long-Lived Reactor Structures and Components DESCRIPTION AND JUSTIFICATION: The application for renewal of a nuclear power plant operating license must include an assessment of passive and long-lived structures and components subject to an aging management review.

Passive and long-lived structures and components include the reactor vessel, pressure retaining boundaries, containment, seismic structures, electrical cables, and other components not subject to replacement based on a qualified life or time. The application must also demonstrate that the effects of aging on such structures and components will be adequately managed so their intended functions will be maintained for the period of extended operation. These structures and components may be safety-related items, or they may be non-safety-related items that, if they fail, could diminish safety functions.

The NRC inspects each licensees aging management review and program implementation both during the license renewal process and after license approval. Once a nuclear power plant has been in a period of extended operation for 5 to 10 years, the NRC will verify that implementation of a licensees aging management program ensures structures and components are able to perform their intended functions. In addition, baseline inspection procedures for maintenance effectiveness and design-basis assurance include assessment of aging management programs for plants in the period of extended operation.

The NRC has issued license renewals for 94 nuclear power plants currently in operation. 58 plants have entered a period of extended operations, but 8 have since ceased operations. The NRC and industry are focusing on subsequent license renewals, which authorize plants to operate beyond the 60 years of the initial license and the first renewal. Subsequent license renewals are in 20-year increments. The NRC has developed guidance for staff and licensees for the subsequent renewal period.

OBJECTIVE: To determine whether the NRC provides adequate oversight of licensee aging management programs for passive and long-lived reactor structures and components.

SCHEDULE: Initiate in the first quarter of FY 2025.

STRATEGIC GOAL 1: SafetyStrengthen the NRCs efforts to protect public health and safety, and the environment.

PLANNED PROJECTS APPENDIX B B-2 STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of operating and new nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 2: Ensuring safety and security through risk-informed regulation of new nuclear technologies and well-supported decisions regarding the restart of power plants in decommissioning.

PLANNED PROJECTS APPENDIX B B-3 Audit of the U.S. Nuclear Regulatory Commissions Management and Oversight of Research and Development Grants DESCRIPTION AND JUSTIFICATION: The NRCs Office of Nuclear Regulatory Research (RES) Financial Assistance Program provides grants for research in support of nuclear materials safety, radioactive waste safety, fire safety and testing, digital instrumentation and controls, advanced very high temperature gas-cooled reactors, probabilistic risk assessment, high temperature gas reactor thermal hydraulics, and reactor physics. RES shows a high regard for institutions and organizations that propose to conduct independent experiments and analyses, develop technical bases for supporting realistic safety decisions, and evaluate safety issues involving current and new designs and technologies.

The RES Financial Assistance Program is a 3-year program with no extensions.

Research and development grants may be requested for up to $500,000 for a project period. All NRC awards are subject to the administrative requirements in 2 C.F.R. Part 200 and other considerations described in The Nuclear Regulatory Commissions Standard Terms and Conditions for U.S. Non-Governmental Recipients. The NRC uses Automated Standard Application for Payments (ASAP) for recipient reimbursements. ASAP is a recipient-initiated payment and information system, designed to provide a single point of contact for the request and delivery of federal funds.

Principal Investigators receiving funding under the Financial Assistance Program must submit performance reports to the NRC semi-annually, for the periods ending March 31 and September 30. The performance (technical) report should include a concise summary describing a recipients technical research progress, details on project status, outcomes, and any changes that have occurred during the grant reporting period. A Final Performance Progress Report and a Federal Financial Report (SF-425) are required within 90 days after the awards expiration or termination. Effective oversight is needed to ensure that the NRC receives the required grant deliverables and ensures that organizations that have failed to provide deliverables are prevented from obtaining future awards.

OBJECTIVE: To determine if the NRC is effectively managing and monitoring selected Research and Development Grants in accordance with applicable federal requirements, agency policies and guidance, and award terms and conditions.

SCHEDULE: Initiate in the first quarter of FY 2025.

PLANNED PROJECTS APPENDIX B B-4 STRATEGIC GOAL 3: Corporate Management - Increase the economy, efficiency and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY: Identify risk areas within grant distribution and management process.

MANAGEMENT CHALLENGE 7: Enhancing financial efficiency and resource management.

PLANNED PROJECTS APPENDIX B B-5 Audit of the U.S. Nuclear Regulatory Commissions Traditional Enforcement Program DESCRIPTION AND JUSTIFICATION: The Traditional Enforcement Program refers to the standard enforcement process the NRC uses to address violations of its regulations. Under traditional enforcement, the NRC assigns violations a severity level ranging from Level I (most significant) to Level IV (minor concerns), with the primary enforcement tools being Notices of Violation (NOVs) and civil penalties.

Enforcement actions serve as a deterrent to violations of NRC requirements because they emphasize the importance of complying with those requirements and encourage licensees to promptly identify and comprehensively correct violations. The NRC Enforcement Policy establishes the general principles governing the NRCs Enforcement Program and specifies a process for implementing its enforcement authority in response to violations of agency requirements. The policy applies to all NRC licensees, to various categories of non-licensees, and to individual employees of licensed and non-licensed entities involved in NRC-regulated activities.

OBJECTIVE: To determine if the NRCs Traditional Enforcement Program consistently dispositions enforcement actions in accordance with established policies and procedures.

SCHEDULE: Initiate in the first quarter of FY 2025.

STRATEGIC GOAL 1: SafetyStrengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-2: Identify risk areas associated with the NRCs oversight of nuclear materials and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 6: Overseeing the safe and secure use of nuclear materials and the storage and disposal of waste.

PLANNED PROJECTS APPENDIX B B-6 Audit of the U.S. Nuclear Regulatory Commissions Budget Formulation Process DESCRIPTION AND JUSTIFICATION: The NRC submits an annual budget justification to Congress with estimates and information that support the agencys request for resources to accomplish mission critical activities. Developing the budget is a multi-step process that includes significant coordination to ensure alignment with operational goals and resource availability. Although the NRC receives funding from Congressional appropriations, the agency is required to recover approximately 100 percent of its annual budget, less certain amounts excluded from this fee recovery requirement, through service and annual license fees.

OBJECTIVE: To evaluate the effectiveness and efficiency of the NRC budget formulation process, ensuring that it aligns with operational goals, complies with relevant regulations and policies, and incorporates accurate and reliable data for decision-making.

SCHEDULE: Initiate in the second quarter of FY 2025.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate support risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Enhancing financial efficiency and resource management.

PLANNED PROJECTS APPENDIX B B-7 Audit of the U.S. NRCs Oversight of Cybersecurity Inspection Programs at Operating Nuclear Power Plants DESCRIPTION AND JUSTIFICATION: Under title 10 Code of Federal Regulations (C.F.R.) section 73.54, NRC-licensed nuclear power plants must protect digital components and systems associated with safety, important-to-safety, security, and emergency preparedness, from cyberattacks. The NRCs cybersecurity inspection process aims to provide reasonable assurance that the licensees digital computer and communication systems and networks associated with safety, important-to-safety, security, and emergency preparedness functions are adequately protected against cyberattacks.

Nearly one year has passed since the NRC implemented its new cybersecurity inspection program, which involves biennial inspections to ensure compliance with the NRCs regulations. The NRC also continues to engage in activities to address lessons learned and identify further improvements regarding cybersecurity. Additionally, challenges remain with agency resources, evolving technology, and engagement with stakeholders.

OBJECTIVE: To determine if the NRCs cybersecurity inspection program is robust and adaptive to evolving cyber threats.

SCHEDULE: Initiate in the second quarter of FY 2025.

STRAGETIC GOAL 1: Safety Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of operating and new nuclear facilities and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 4: Ensuring the effective protection of information technology and data.

PLANNED PROJECTS APPENDIX B B-8 Audit of the U.S. Nuclear Regulatory Commissions Oversight of Subsequent License Renewal Commitments DESCRIPTION AND JUSTIFICATION: During the subsequent license renewal application process, the NRC identifies issues, in its Safety Evaluation Report, that are required to be resolved prior to the beginning of the 20-year subsequent license period. Since these issues have not yet been addressed by the applicant, the NRC conditions license renewal upon the licensee making commitments to address them. The Commission issues a license amendment with these commitments listed in an applicants final safety evaluation report (FSAR), usually in an Appendix. Since the FSAR is part of the licensing basis of a plant, the licensee is responsible for documenting and maintaining records of actions that address the commitments therein. The licensee informs the NRC in a sworn statement once the commitments have been satisfied.

The licensees records are subject to NRC inspection in accordance with Inspection Procedure (IP) 71003, Post-Approval Site Inspection for License Renewal. In accordance with IP 71003, the appropriate NRC regional office will schedule an inspection in accordance with its inspection plans. During the inspection, the NRCs inspectors are required to verify completion of a sample of the licensees commitments and document the results in a publicly available inspection report.

OBJECTIVE: To determine the adequacy of the NRCs oversight of subsequent license renewal commitments.

SCHEDULE: Initiate in the second quarter of FY 2025.

STRATEGIC GOAL 1: SafetyStrengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of operating and new nuclear facilities and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 2: Ensuring safety and security through risk-informed regulation of new nuclear technologies and well-supported decisions regarding the restart of power plants in decommissioning.

PLANNED PROJECTS APPENDIX B B-9 Audit of the U.S. Nuclear Regulatory Commissions Awards and Recognition Program DESCRIPTION AND JUSTIFICATION: Federal regulations provide agencies flexibility in designing their awards programs. Agencies may grant various types of awards to federal employees including cash, honorary recognition, informal recognition, or time off without charge to leave or loss of pay. The NRCs Awards and Recognition Program encourages supervisors at all levels to use the program to motivate employees to fully utilize their talents, skills, and ideas to enhance operational efficiency and effectiveness.

OBJECTIVE: To assess the NRCs administration of the Awards and Recognition Program and its effectiveness in acknowledging and rewarding of employee performance and contributions.

SCHEDULE: Initiate in the second quarter of FY 2025.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate support risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 7: Enhancing financial efficiency and resource management.

PLANNED PROJECTS APPENDIX B B-10 Audit of the U.S. Nuclear Regulatory Commissions Process for Evaluating Requests to Restart Operations at Nuclear Power Reactors in Decommissioning DESCRIPTION AND JUSTIFICATION: In the United States, there are 94 nuclear power reactors in operation and 21 power reactors that have permanently ceased operations and are undergoing decommissioning. In 2022, Entergy Nuclear Palisades (ENP) certified that all fuel had been removed from the Palisades Nuclear Plant (PNP) reactor and transferred its license to Holtec Decommissioning International (HDI) for the purpose of decommissioning.

In March 2023, HDI submitted to the NRC a regulatory path for the reauthorization of power operations at the PNP under the current regulatory framework. HDI plans to be ready to restart operations in March 2025. The NRCs regulations do not prescribe a specific regulatory path for reinstating operational authority once a licensee has certified that all fuel has been removed from a reactor. However, the NRC asserts its existing regulatory framework namely, its process for reviewing and approving exemption and license amendment requestsprovides adequate flexibility to accommodate reauthorization of operations.

NRC staff will review the regulatory and licensing documents for the plant, inspect new and restored components necessary to operate safely, and continue ongoing oversight to ensure sufficiency of all plant systems and programs. While this will be a first-of-a-kind review, the NRC has stated that it understands HDIs current timeline to restart the plant and will perform its licensing and oversight duties in a timely manner.

OBJECTIVE: To determine the adequacy of the NRC using its license amendment request and exemption process to evaluate requests to approve the restart of power reactors in decommissioning.

SCHEDULE: Initiate in the second quarter of FY 2025.

STRATEGIC GOAL 1: Safety-Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of operating and new reactor facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.

PLANNED PROJECTS APPENDIX B B-11 MANAGEMENT CHALLENGE 2: Ensuring safety and security through risk-informed regulation of new nuclear technologies and well-supported decisions regarding the restart of power plants in decommissioning.

PLANNED PROJECTS APPENDIX B B-12 Audit of the U.S. Nuclear Regulatory Commissions Oversight of the Medical Use of Radioisotopes DESCRIPTION AND JUSTIFICATION: Regulatory authority over the medical use of ionizing radiation is shared among several federal, state, and local government agencies. The NRC (or the responsible Agreement State) has regulatory authority over the possession and use of byproduct, source, or special nuclear material in medicine. The NRC regulates such material through its licensing, inspection, and enforcement programs. The types of medical uses regulated by the NRC include diagnostic, therapeutic, and research. The NRC issues medical use licenses to medical facilities, develops guidance and regulations for use by licensees, and maintains a committee of medical experts to obtain advice about the use of byproduct materials in medicine.

The Advisory Committee on the Medical Uses of Isotopes (ACMUI) is an independent committee established by the NRC for the express purpose of advising NRC staff. The ACMUI provides NRC staff with advice, technical assistance, and consultation on key issues. Additionally, the NRC has a Memorandum of Understanding with the Food and Drug Administration (FDA) that coordinates existing NRC and FDA regulatory programs for medical devices, drugs, and biological products utilizing byproduct, source, or special nuclear material.

OBJECTIVE: The audit objective is to determine whether the NRCs oversight of medical uses of radioactive isotopes adequately protects public health and safety.

SCHEDULE: Initiate in the third quarter of FY 2025.

STRATEGIC GOAL 1: SafetyStrengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-4: Identify risk areas facing the NRCs oversight of nuclear materials used for medical purposes that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 6: Overseeing the safe and secure use of nuclear materials and the storage and disposal of waste.

PLANNED PROJECTS APPENDIX B B-13 Audit of the U.S. Nuclear Regulatory Commissions Freedom of Information Act Process DESCRIPTION AND JUSTIFICATION: The Freedom of Information Act (FOIA), found at 5 U.S.C. § 552, grants every person the right to request access to federal agency records. Federal agencies are required to disclose records upon receiving a written request, with the exception of records, or portions thereof, that are protected from disclosure by one or more of the FOIAs nine exemptions.

This right of access is enforceable in court.

The NRC makes many of its documents, such as agency regulations and policy statements, technical reviews, and reports to Congress, publicly available through its website. For documents that are not available through the website, people may submit FOIA requests by mail or email, or through the National FOIA Portal website. The NRC is required to respond to a FOIA request within 20 business days of receiving a perfected FOIA request (i.e. a request that adequately describes the records sought, for which the NRC is in possession of the records, and for which there is no remaining question about the payment of applicable fees). The agency may pause the 20-day response period one time to seek information from a requester. FOIA requests are subject to variable fees, which can be waived under certain circumstances. A pause in the response period to clarify fee assessments can be as long as needed.

OBJECTIVE: The audit objective is to assess the efficiency and effectiveness of the NRCs FOIA program.

SCHEDULE: Initiate in the fourth quarter of FY 2025.

STRATEGIC GOAL 3: Corporate ManagementIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-1: Identify areas of corporate management risk within the NRC and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 9: Promoting ethical conduct within the agency and protecting regulatory integrity.

PLANNED PROJECTS APPENDIX B B-14 Audit of the U.S. Nuclear Regulatory Commissions Anti-Phishing Program DESCRIPTION AND JUSTIFICATION: Phishing is a form of social engineering in which a cyber threat actor poses as a trustworthy colleague, acquaintance, or organization to lure a victim into providing sensitive information or network access. The lures can come in the form of an email (phishing), text message (smishing), or even a phone call (vishing). If successful, this technique could enable threat actors to gain initial access to a network and affect the targeted organization and related third parties. The result can be a data breach, data or service loss, identity fraud, malware infection, or ransomware.

The NRC performs phishing exercises quarterly, sending out emails to all agency employees. The results of the exercises are compiled, showing how many emails were sent and clicked on, broken down by scenario, office, and user. The NRC assigns users who clicked on the phishing scenarios to phishing-awareness training with a due date for completion. Completion of the training signifies awareness of employee responsibility, and no further action is needed.

OBJECTIVE: To determine whether the NRC has implemented effective controls to protect its sensitive data from phishing attacks.

SCHEDULE: Initiate in the fourth quarter of FY 2025.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3-2: Identify infrastructure risks (i.e., physical, personnel, and cybersecurity), and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 4: Ensuring the effective protection of information technology and data.

PLANNED PROJECTS APPENDIX B B-15 Audit of the U.S. Nuclear Regulatory Commissions Incident Response Program DESCRIPTION AND JUSTIFICATION: Emergencies at nuclear power reactors or materials sites can result from external factors such as extreme weather or terrorism, along with internal engineering failures within the plant.

The NRC maintains a Headquarters Operations Center (HOC) to coordinate among the agencys regional offices, licensees, and state, tribal, and federal agencies in the event of an emergency involving nuclear reactors or materials.

The HOC is staffed 24/7, 365 days per year by a Headquarters Operations Officer (HOO), who receives reports and determines appropriate actions, and a Headquarters Emergency Response Officer (HERO), who provides procedural and administrative support. The OIG released an audit report in June 2018 detailing a decline in staffing at the HOC; however, the agency has since taken steps to improve staffing, including hiring more qualified staff and developing a workforce improvement plan.

The Office of Nuclear Security and Incident Response (NSIR) requires licensees to conduct biannual emergency response exercises. The NRC typically participates in only four of these exercises per year. According to the NRC Biennial Elevated Exercise Schedule, 75 percent of the exercises in Calendar Year 2024 will only involve the licensees and the state governments, not the NRC. In June 2020, the OIG audited the NRCs Emergency Preparedness Program, which found the NRC has addressed adverse weather conditions in its emergency preparedness and incident response program. However, the OIG did not audit the agencys ability and readiness to respond to significant events that could cause radiological leaks.

Considering the infrequency of general emergencies, which is the highest-level classification the NRC assigns to major events at power reactors, and the fact that lessons learned cannot always be conveyed due to a lack of actual events, it is important the agency remains vigilant and participates in as many exercises as possible. Because the last OIG audit only involved severe weather events, not engineering failures at plants, and because the NRC does not participate in the majority of licensee exercises, another audit to ensure the agency is ready to respond to any event is prudent.

OBJECTIVE: To assess whether the NRC is adequately prepared to respond to a significant engineering failure at a nuclear power reactor.

PLANNED PROJECTS APPENDIX B B-16 SCHEDULE: Initiate in the fourth quarter of FY 2025.

STRATEGIC GOAL 2: SecurityStrengthen the NRCs efforts to address evolving security threats.

STRATEGY 2-2: Identify risks in emergency preparedness and incident response, and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 6: Overseeing the safe and secure use of nuclear materials and the storage and disposal of waste.

PLANNED PROJECTS APPENDIX B B-17 Audit of the U.S. Nuclear Regulatory Commissions Process for Capturing and Dispositioning Public Comments Related to Environmental Reviews for Licensing Actions DESCRIPTION AND JUSTIFICATION: The NRC has a long-standing goal of conducting its regulatory responsibilities in an open manner, and keeping the public informed of the agencys regulatory, licensing, and oversight activities.

For that reason, the NRC has committed to informing the public about its licensing activities and providing opportunities for the public to participate in the agencys decision-making process.

For its environmental reviews, the NRC solicits public input under the National Environmental Policy Act (NEPA) and through the agencys regulations in 10 C.F.R. Part 51. As part of this process, the NRC seeks the publics views on what should be covered in its environmental impact statements and environmental assessments (called the scoping process). The NRC also seeks public comments on draft environmental impact statements and, at times, other NEPA-related documents.

The Fiscal Responsibility Act of 2023 amended NEPA to place limits on the time to prepare final environmental impact statements and environmental assessments. Therefore, the NRC must balance capturing and dispositioning public comments with ensuring licensing actions are processed efficiently and effectively.

OBJECTIVE: To determine whether the NRC is using the most effective means to process public comments to ensure timely completion of environmental reviews.

SCHEDULE: Initiate in the fourth quarter of FY 2025.

STRATEGIC GOAL 1: Safety-Strengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1-1: Identify risk areas associated with the NRCs oversight of operating and new nuclear facilities and conduct audits and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 9: Promoting ethical conduct within the agency and protecting regulatory integrity.

APPENDIX C IN PROGRESS AUDITS & EVALUATIONS

C-1 IN PROGRESS AUDITS & EVALUATIONS

  • Audit of the U.S. Nuclear Regulatory Commissions Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024 Region III: Lisle, Illinois
  • Audit of the U.S. Nuclear Regulatory Commissions Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024 Region IV: Arlington, Texas
  • Audit of the U.S. Nuclear Regulatory Commissions Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024 Technical Training Center: Chattanooga, Tennessee
  • Audit of the U.S. Nuclear Regulatory Commissions Web-Based Licensing System
  • Audit of the U.S. Nuclear Regulatory Commissions Technical Qualifications Programs
  • Audit of the U.S. Nuclear Regulatory Commissions Recruiting and Retention Activities
  • Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2024 Financial Statements
  • Evaluation of the U.S. Nuclear Regulatory Commissions Telework Program

APPENDIX D INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2025

INVESTIGATIONS APPENDIX D D-1 INTRODUCTION The Assistant Inspector General for Investigations (AIGI) is responsible for developing and implementing an investigative program that furthers the OIGs objectives. The AIGIs primary responsibilities include investigating possible violations of criminal statutes relating to NRC programs and activities, investigating allegations of misconduct by NRC employees, coordinating with the U.S. Department of Justice on OIG-related criminal matters, and working jointly on investigations and OIG initiatives with other federal, state, and local investigative agencies, and other AIGIs.

The AIGI may initiate investigations that cover a broad range of allegations.

For example, investigations may concern criminal wrongdoing or administrative misconduct affecting various NRC programs and operations. In addition, the OIG initiates investigations due to allegations or referrals from private citizens, licensee employees, NRC employees, Congress, and other federal, state, and local law enforcement agencies. Investigations may also originate from OIG audits, the OIG Hotline, and proactive efforts to identify the potential for fraud, waste, abuse, and mismanagement.

The OIG developed this investigative plan to focus investigative priorities and use available resources most effectively. The OIG provides strategies and plans investigative work for the fiscal year in conjunction with the OIG Strategic Plan.

The OIGs Investigations Division also considers the most serious management and performance challenges facing the NRC, as identified by the IG, in developing its investigative plan.

PRIORITIES The OIG will complete approximately 30 investigations, including Event/Special Inquiries, in FY 2025. As in the past, reactive investigations into allegations of criminal and other wrongdoing, and allegations of safety and security significance, will continue to take priority when the OIG is deciding on the use of available resources. Because the NRCs mission is to protect public health and safety and the environment, the Investigations Divisions main concentration of effort and resources involves alleged NRC employee misconduct that could adversely impact public health and safety-related matters.

OBJECTIVE To facilitate the most effective and efficient use of limited resources, the

INVESTIGATIONS APPENDIX D D-2 Investigations Division has established specific initiatives to prevent and detect fraud, waste, abuse, and mismanagement. These initiatives seek to optimize the NRCs effectiveness and efficiency and address possible violations of criminal statutes, administrative violations relating to NRC programs and operations, and allegations of misconduct by NRC employees and managers.

INITIATIVES Safety and Security

  • Investigate allegations that NRC employees (1) improperly disclosed allegers (mainly licensee employees) identities and allegations, (2) improperly handled alleger concerns, and (3) failed to adequately address retaliation issues involving NRC management officials or NRC licensee employees who raised public health and safety or security concerns regarding NRC activities;
  • Investigate allegations that the NRC has not maintained an appropriate arms length distance from licensees and contractors;
  • Investigate allegations that NRC employees released pre-decisional, proprietary, or official-use-only information;
  • Interact with public interest groups, individual allegers, and industry workers to identify indications of lapses or departures in NRC regulatory oversight that could create safety and security problems;
  • Maintain close working relationships with members of the intelligence community to identify and address vulnerabilities and threats to the NRC;
  • Conduct Event and Special Inquiries into specific events that indicate an apparent shortcoming in the NRCs regulatory oversight of the nuclear industrys safety and security programs to determine if appropriate rules, regulations, and/or procedures were followed in the NRC staffs actions to protect public health and safety;
  • Proactively review and become knowledgeable in areas of NRC staff regulatory emphasis to identify emerging issues that may require future OIG involvement;
  • Provide real-time OIG assessments of the NRC staffs handling of regulatory activities related to nuclear safety and security matters;
  • Coordinate with NRC staff to protect the NRCs infrastructure against both internal and external computer intrusions; and,

INVESTIGATIONS APPENDIX D D-3

  • Investigate allegations of misconduct by NRC employees and contractors, as appropriate.

Corporate Management

  • Attempt to detect possible wrongdoing perpetrated against the NRCs procurement, contracting, and grant programs by maintaining a close working relationship with the Office of Administration, Acquisition Management Division, and cognizant NRC Program Offices;
  • Conduct investigations appropriate for Program Fraud Civil Remedies Act action, including investigations of potentially false claims made to the NRC; and,
  • As appropriate, investigate allegations of misconduct by NRC employees and contractors.

OIG Hotline

  • Promptly process complaints received through the OIG Hotline. Initiate investigations when warranted and properly dispose of allegations that do not warrant OIG investigation.

Freedom of Information Act (FOIA) and Privacy Act

  • The OIG is an independent component within the Nuclear Regulatory Commission and responds to requests for records that are exclusively NRC OIG-related, such as requests for reports of OIG inspections, audits, or investigations relating to the programs and operations of the NRC.
  • The General Counsel to the IG is the principal contact point within the OIG for advice and policy guidance on matters pertaining to administration of FOIA. All requests are handled professionally and expeditiously.

NRC Support

  • Participate as observers on Incident Investigation Teams and Accident Investigation Teams as determined by the IG.

INVESTIGATIONS APPENDIX D D-4 Liaison Program

  • Coordinate with OIG Audit Issue Area Monitoring, as appropriate, to identify areas or programs with indicators of possible fraud, waste, abuse, and mismanagement; and,
  • Conduct fraud awareness and informational presentations for NRC employees and external stakeholders regarding the role of the NRC OIG.

ALLOCATION OF RESOURCES The Investigations Division undertakes both proactive initiatives and reactive investigations. Approximately 75 percent of available investigative resources will be used for reactive investigations. The balance will be allocated to proactive investigative efforts such as reviews of NRC contract files, examinations of NRC information technology systems to identify weaknesses or misuse by agency employees, participation in interagency task forces and working groups, reviews of delinquent government travel and purchase card accounts, and other initiatives.

APPENDIX E ABBREVIATIONS AND ACRONYMS

ABBREVIATIONS AND ACRONYMS APPENDIX E E-1 ABBREVIATIONS AND ACRONYMS ACMUI AIGA Advisory Committee on the Medical Uses of Isotopes Assistant Inspector General for Audits & Evaluations AIGI Assistant Inspector General for Investigations ASAP Automated Standard Application for Payments DCAA Defense Contract Audit Agency FDA Food and Drug Administration FISMA Federal Information Security Modernization Act FOIA Freedom of Information Act FY Fiscal Year HERO HOC HOO IG Headquarters Emergency Response Officer Headquarters Operations Center Headquarters Operations Officer Inspector General IP Inspection Procedure NEPA National Environmental Policy Act NRC U.S. Nuclear Regulatory Commission NSIR OIG Office of Nuclear Security and Incident Response Office of the Inspector General PIIA Payment Integrity Information Act RES Office of Nuclear Regulatory Research SAC Special Agent in Charge

Retrieved from "https://kanterella.com/w/index.php?title=ML24312A311&oldid=3747992"