ML26026A190

From kanterella
Jump to navigation Jump to search
The Office of the Inspector Generals Fiscal Year 2026 Annual Plan for the U.S. Nuclear Regulatory Commission, Dated January 26, 2026
ML26026A190
Person / Time
Issue date: 01/26/2026
From: Feitel R
NRC/OIG
To:
References
Download: ML26026A190 (0)
v  d  e


Text

Office of the Inspector General U.S. Nuclear Regulatory Commission Annual Plan Fiscal Year 2026

i FOREWORD I am pleased to present the Office of the Inspector Generals (OIG) fiscal year (FY) 2026 Annual Plan for our work pertaining to the U.S. Nuclear Regulatory Commission (NRC). The Annual Plan provides the audit and investigative strategies and associated summaries of the specific work planned for the current year. In addition, it sets forth the OIGs strategy for identifying priority issues and managing its workload and resources for FY 2026. Effective April 1, 2014, the NRC OIG was also assigned to serve as the OIG for the Defense Nuclear Facilities Safety Board; a separate document contains the OIGs annual plan for our work pertaining to that agency.

The NRCs mission is to protect public health and safety and advance the nations common defense and security by enabling the safe and secure use and deployment of civilian nuclear energy technologies and radioactive materials through efficient and reliable licensing, oversight, and regulation for the benefit of society and the environment. The OIG is committed to overseeing the integrity of the NRCs programs and operations, thereby helping the NRC achieve its mission. Developing an effective planning strategy is a critical aspect of accomplishing this commitment. In addition, such planning ensures that the OIG uses audit and investigative resources efficiently.

The OIG developed this Annual Plan to align with the OIG Strategic Plan for FYs 2024-2028, which is based, in part, on an assessment of the strategic challenges facing the NRC. The Strategic Plan identifies the OIGs priorities and establishes a shared set of expectations regarding the goals we expect to achieve and the strategies we will employ. The OIG based this Annual Plan on the foundation of the Strategic Plan and The Inspector Generals Assessment of the Most Serious Management and Performance Challenges Facing the Nuclear Regulatory Commission in Fiscal Year 2026. In developing this Annual Plan, the OIG sought input from the NRC Chairman, the NRC Commissioners, NRC managers and staff, and members of Congress. We have programmed all necessary resources to address the matters identified in this plan. The OIG may, however, modify this plan based on changes in available resources or the OIGs mission-related priorities, or based on other circumstances.

Robert J. Feitel Robert J. Feitel Inspector General Robert J. Feitel NRC and DNFSB Inspector General

ii TABLE OF CONTENTS MISSION AND AUTHORITY.............................................................................................. 1 PLANNING STRATEGY...................................................................................................... 2 AUDIT AND INVESTIGATION OVERVIEW..................................................................... 3 AUDIT STRATEGY.................................................................................................. 3 INVESTIGATION STRATEGY................................................................................. 3 PERFORMANCE MEASURES............................................................................................ 5 OPERATIONAL PROCESSES............................................................................................. 6 AUDITS.................................................................................................................... 6 INVESTIGATIONS................................................................................................... 9 HOTLINE............................................................................................................... 10 APPENDICES A. STATUTORILY REQUIRED AUDITS PLANNED FOR FISCAL YEAR 2026 Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2025 Compliance with the Payment Integrity Information Act of 2019................. A-1 Audit of the U.S. Nuclear Regulatory Commissions Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2026

......................................................................................................................... A-2 Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2026 Financial Statements. A-3 Defense Contract Audit Agency Audits... A-4 B. PERFORMANCE AUDITS PLANNED FOR FISCAL YEAR 2026 Audit of the U.S. Nuclear Regulatory Commissions Oversight of Aging Management for Long-Lived Reactor Structures and Components..B-1 Audit of the U.S. Nuclear Regulatory Commissions Vehicle Fleet Management.B-2 Audit of the U.S. Nuclear Regulatory Commissions Media and Records Digitization EffortsB-3 Audit of the U.S. Nuclear Regulatory Commissions Budget Formulation Process.B-4 Audit of the U.S. Nuclear Regulatory Commissions License Renewal Program.....B-5

iii Audit of the U.S. Nuclear Regulatory Commissions Recruitment, Relocation, and Retention Incentives.B-6 Audit of the U.S. Nuclear Regulatory Commissions Protection of Sensitive Information..B-7 Audit of the U.S. Nuclear Regulatory Commissions Oversight of the Medical Use of Radioisotopes...B-8 Audit of the U.S. Nuclear Regulatory Commissions Data Consolidation Efforts.....B-9 Audit of the U.S. Nuclear Regulatory Commissions Force-on-Force Inspection Program...B-10 C. INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FISCAL YEAR 2026 INTRODUCTION - PRIORITIES AND OBJECTIVES.................................. C-1 INITIATIVES.................................................................................................. C-2 ALLOCATION OF RESOURCES.................................................................... C-4 D. ABBREVIATIONS AND ACRONYMS ABBREVIATIONS AND ACRONYMS............................................................ D-1

1 MISSION AND AUTHORITY The NRC OIG was established as a statutory entity on April 15, 1989, in accordance with the 1988 amendments to the Inspector General Act, to provide oversight of NRC operations. The OIGs mission is to provide independent and objective oversight to promote integrity, economy, and efficiency in the NRCs programs and operations.

To fulfill its mission, the OIG:

  • Conducts and supervises independent audits, evaluations, and investigations of agency programs and operations;
  • Prevents and detects fraud, waste, abuse, and mismanagement in agency programs and operations;
  • Develops recommendations regarding existing and proposed regulations or policies relating to agency programs and operations; and,
  • Keeps the NRC Chairman and Congress fully and currently informed about problems and deficiencies relating to agency programs.

Under the IG Act, the OIG issues Semiannual Reports to Congress to provide members of Congress, agency leaders, and other stakeholders comprehensive accounts of our completed audit, investigative, and other oversight work. In these reports, we describe significant findings, referrals, and related agency actions during the period covered by each report. We also list OIG recommendations that remain outstanding with the agencies we oversee, the results of peer reviews in which our OIG participated, and other important information related to the reporting period.

The Reports Consolidation Act of 2000 (Public Law 106-531) requires the OIG to annually update our assessment of the most serious management and performance challenges facing the NRC and the agencys progress in addressing those challenges.

This assessment supports the execution of the OIGs mission and is an important component of the OIGs Annual Plan development.

2 In the OIGs assessment, the most serious management and performance challenges facing the NRC for FY 2026 are:1

1. Reforming and Modernizing Nuclear Regulation while Ensuring Regulatory Integrity;
2. Advancing Policy and Regulatory Approaches for the Reauthorization of Nuclear Reactors in Decommissioning Status;
3. Ensuring an Effective Information Security Program and Planning for and Assessing the Impact of Artificial Intelligence;
4. Modernizing Regulatory Frameworks for the Safe Deployment of Advanced Reactors, Small Modular Reactors, and Microreactors; and,
5. Enhancing Financial Efficiency and Resource Management.

PLANNING STRATEGY The OIG links the FY 2026 Annual Plan with the OIGs Strategic Plan for FYs 2024-2028. The Strategic Plan identifies the significant challenges and critical risk areas facing the NRC, enabling the OIG to direct optimal resources to these areas. The Strategic Plan also presents strategies for reviewing and evaluating NRC programs under the three strategic goals that the OIG established

  • SafetyStrengthen the NRCs efforts to protect public health and safety and the environment;
  • SecurityStrengthen the NRC's efforts to address evolving security threats; and,
  • Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

To ensure that each audit, evaluation, and investigation carried out by the OIG aligns with the Strategic Plan, the program areas selected for audit have been cross walked from the Annual Plan to the Strategic Plan. See the planned audits in Appendices A and B.

1 The challenges are not ranked in any order of importance.

3 AUDIT AND INVESTIGATION OVERVIEW AUDIT STRATEGY Effective audit planning requires current knowledge of the NRCs mission and the programs and activities used to carry out that mission. Accordingly, the OIG continually monitors specific issue areas to strengthen its internal coordination and overall planning process. Under the Issue Area Monitoring program, the OIG assigns responsibilities to staff to keep abreast of major NRC programs and activities. The broad monitoring areas address nuclear reactors, nuclear materials, nuclear waste, information management, security, financial and administrative programs, human resources, and international programs.

The audit planning process yields audit assignments that identify opportunities for increased efficiency, economy, and effectiveness in the NRCs programs and operations; detect and prevent fraud, waste, abuse, and mismanagement; improve program and security activities; and, respond to emerging circumstances and priorities. The OIG prioritizes audits based on:

  • Legislative requirements;
  • Critical agency risk areas;
  • Emphasis by the President, Congress, the NRC Chairman, and other NRC Commissioners;
  • A programs susceptibility to fraud, manipulation, or other irregularities;
  • Risk to federal funds or other resources involved in the proposed audit area;
  • Emerging areas of heightened risk, changed conditions, or sensitivity of an organization, program, function, or activities;
  • Prior audit experience, including assessments of the adequacy of internal controls; and,
  • Availability of audit resources.

INVESTIGATION STRATEGY The OIGs responsibility for detecting and preventing fraud, waste, and abuse within the NRC includes investigating possible violations of criminal statutes relating to agency programs and activities, investigating misconduct by employees and contractors, coordinating with the U.S. Department of Justice (DOJ) on OIG-related criminal and civil matters, and coordinating investigations and other OIG initiatives with federal, state, and local investigative agencies, including other OIGs.

4 Investigations may be initiated as a result of allegations or referrals from private citizens; licensee employees; government employees; Congress; other federal, state, and local law enforcement agencies; OIG audits; the OIG Hotline; and, OIG initiatives directed at areas bearing a high potential for fraud, waste, and abuse. Because the NRCs mission is to protect the health and safety of the public and advance the nations common defense and security, the OIGs Investigative Program directs much of its resources and attention to investigating allegations of NRC staff conduct that could adversely impact matters related to health and safety. These investigations may address allegations of:

  • Misconduct by NRC officials, such as managers and inspectors, whose positions directly impact public health and safety;
  • Failure by NRC management to ensure that health, safety, and security matters are appropriately addressed;
  • Failure by the NRC to provide appropriate oversight of licensee activities and to ensure compliance with agency regulations;
  • Conflicts of interest involving NRC employees and contractors, including such matters as promises of future employment for favorable regulatory treatment and the acceptance of gratuities; and,
  • Fraud, waste, and abuse in the NRCs programs.

The OIG will continue to monitor specific high-risk areas within the NRCs corporate support program management that are most vulnerable to fraud, waste, abuse, and mismanagement. A significant focus remains on matters that could negatively impact the security and integrity of the NRCs data and operations. This focus will also include efforts to ensure the continued protection of personal privacy information held within agency databases and systems. The OIG is committed to improving the security of the constantly changing electronic business environment by investigating cyber-related fraud, waste, and mismanagement through proactive investigations and computer forensic examinations, as warranted. Other actions to detect and prevent potential problems will focus on determining instances of procurement and grant fraud and identifying vulnerabilities in NRC daily operations, to include theft of property and funds, insider threats, U.S. government travel and purchase card mismanagement, and violations under the False Claims Act.

The OIG will meet with the NRCs internal and external stakeholders to identify actual and potential systemic issues or vulnerabilities as part of these proactive initiatives. This

5 approach enables opportunities to improve the agencys performance. The OIG also participates in federal cyber, fraud, and other task forces to identify criminal activity targeted against the federal government.

With regard to the OIGs strategic goal concerning safety and security, the OIG routinely interacts with public interest groups, individual citizens, industry workers, and NRC staff to identify possible lapses in NRC regulatory oversight that could impact public health and safety. In addition, the OIG conducts proactive reviews into areas of regulatory safety or security to identify emerging issues or address ongoing concerns regarding the quality of the NRCs regulatory oversight. Such reviews might focus on new reactor licensing and license renewals for existing plants, aspects of the transportation and storage of high-level and low-level waste, and decommissioning activities.

Additionally, the OIG periodically conducts Event Inquiries and Special Inquiries.

Event Inquiry reports document the OIGs examination of events or agency regulatory actions to determine if staff actions may have contributed to the occurrence of an event.

Special Inquiry reports document those instances when an investigation identifies inadequacies in NRC regulatory oversight that may have resulted in a potentially adverse impact on public health and safety.

Appendix C provides investigative objectives and initiatives for FY 2026. Specific investigations are not included in the plan because the OIGs investigations are primarily responsive to reported violations of law and misconduct by NRC employees and contractors, as well as allegations of irregularities or mismanagement in the NRCs programs and operations.

PERFORMANCE MEASURES For FY 2026, we will use several key performance measures and targets for gauging the relevance and impact of our audit, evaluation, and investigative work. The OIG calculates these measures relative to each of the OIGs strategic goals to determine how well we are accomplishing our objectives. The performance measures are:

  • Percentage of OIG audit products and activities that have a high impact, i.e.,

products and activities that (1) cause the agency to take corrective action to improve agency safety, security, or corporate support programs; (2) result in the agency strengthening adherence to agency policies, procedures, or requirements; (3) identify actual dollar savings and monetary benefits; or, (4) in appropriate cases, result in the agency taking action to reduce

6 regulatory burdens2;

  • Percentage of audit recommendations agreed to by the agency;
  • Percentage of final agency actions taken within two years on audit recommendations;
  • Percentage of OIG investigative products and activities that identify opportunities to improve agency safety, security, or corporate support programs; strengthen adherence to agency policies/procedures; or, confirm or disprove allegations of wrongdoing (i.e., high impact);
  • Percentage of agency actions taken in response to investigative reports;
  • Percentage of active cases completed in 18 months or less;
  • Percentage of closed investigations referred to the DOJ or other relevant authorities; and,
  • Percentage of closed investigations resulting in specific actions, such as civil suits or settlements, judgments, administrative actions, monetary results, IG clearance letters, indictments, or convictions.

OPERATIONAL PROCESSES The following sections detail the approach used to carry out the audit and investigative responsibilities previously discussed.

AUDITS The audit process begins with the development of this Annual Plan. The Annual Plan lists the audits planned for the year and their general objectives. The Annual Plan for Audits is a living document that may be revised as circumstances warrant, with a subsequent redistribution of staff resources.

The OIG performs the following types of audits:

  • Performance audits focus on NRC administrative and program operations and evaluate the effectiveness and efficiency with which managerial responsibilities are carried out, including whether the programs achieve intended results; 2 High impact audit, evaluation, and investigative products have immediate results with long-lasting effects. They have a broad enterprise-wide impact and highlight sensitive issues relating to health, safety, security, or corporate management.

7

  • Financial audits, including the annual financial statement audit, attest to the reasonableness of the NRCs financial statements, and evaluate financial programs; and,
  • Contract audits evaluate the costs of goods and services procured by the NRC from commercial enterprises.

The OIGs audit process involves specific steps, ranging from annual audit planning to audit follow-up activities. The underlying goal of this audit process is to maintain an open channel of communication between the auditors and NRC officials to ensure that audit findings are accurate and fairly presented in OIG reports. The audit process comprises the steps summarized in Figure 1.

Figure 1: Steps in the OIGs Audit Process Audit Step Action Audit Notification The OIG formally notifies the office responsible for a specific program, activity, or function of its intent to begin an audit.

Entrance Conference The OIG meets with agency officials to outline and discuss the audits objective(s) and scope, as well as the general methodology it will follow.

Survey The OIG conducts exploratory work to gather data for refining audit objectives; documenting internal control systems; becoming familiar with the activities, programs, and processes to be audited; and, identifying areas of concern to management.

Audit Fieldwork Based on the results of the survey work, the audit team recommends to the Assistant Inspector General for Audits & Evaluations (AIGA) whether to proceed with the audit. If the AIGA decides to proceed with the audit, the OIG then performs a comprehensive review of selected areas of a program, activity, or function using an audit program developed specifically to address the audit objectives.

End of Fieldwork Briefing with the Agency At the conclusion of audit fieldwork, the audit team discusses the preliminary report findings and recommendations with the auditee.

Discussion Draft Report The OIG provides a discussion draft copy of the report to agency management to help them prepare for the exit conference.

8 Audit Step Action Exit Conference The OIG meets with the appropriate agency officials to review the discussion draft report and provide agency management with the opportunity to confirm information, ask questions, and clarify data.

Formal Draft Report If requested by agency management during the exit conference, the OIG provides a final draft copy of the report that includes comments or revisions from the exit conference and invites agency management to provide formal written comments.

Final Audit Report The final report includes, as necessary, any revisions to the facts, conclusions, and recommendations in the draft report resulting from discussions during the exit conference or written comments on the draft by agency managers. Formal written comments by agency management are included as an appendix to the report, when applicable. Final audit reports will be publicly issued, except for those containing sensitive or classified information.

Response to Report Recommendations Offices responsible for the audited program or process provide a written response, usually within 30 calendar days, on each recommendation contained in the final report. If agency management agrees with the recommendation, the response describes corrective actions taken or planned, with actual or target completion dates.

However, if agency management disagrees, the response provides reasons for disagreement and may propose alternative corrective actions.

Impasse Resolution If the responsible office and the OIG reach an impasse over a recommended action, or the offices response to a recommendation is, in the OIGs view unsatisfactory, the OIG may request the intervention of the Chairman to achieve resolution.

Audit Follow-up and Closure This process ensures that recommendations made to management are implemented.

Source: OIG Audit Manual

9 In its Semiannual Report to Congress, the OIG reports on the status of unimplemented audit recommendations and the expected timetable for agency implementation of final corrective actions.

INVESTIGATIONS The OIGs investigative process typically begins with the receipt of an allegation of fraud, mismanagement, or misconduct. Because the OIG must decide whether to initiate an investigation within a few days of such receipt, the office does not schedule specific investigations in its annual investigative plan.

The OIG opens an investigation following both its investigative priorities, as outlined in the OIG Strategic Plan, and the prosecutorial guidelines established by the DOJ. In addition, the Quality Standards for Investigations issued by the Council of the Inspectors General on Integrity and Efficiency, the OIGs Investigations Division Manual, and various periodic guidance provided by the DOJ, govern the OIGs investigations.

Only four individuals in the OIG can authorize the opening of an investigation: the IG, the Deputy IG, the Assistant IG for Investigations (AIGI), and the Special Agent in Charge (SAC). Every allegation received by the OIG is given a unique identification number and entered into the OIG case management system. Some allegations result in investigations, while the OIG retains others as the basis for audits, refers them to NRC management, or if appropriate, directs them to another law enforcement agency.

When the OIG opens an investigation, the SAC or the Assistant SAC assigns it to a special agent or investigator, who prepares an investigation plan. This planning process includes reviewing relevant criminal and civil statutes, program regulations, and applicable agency policies. The OIG special agent or investigator then investigates using various techniques to ensure completion.

If an OIG special agent determines that a person may have committed a crime, the agent will discuss the investigation with a federal, state, or local prosecutor to determine if prosecution will be pursued. If the prosecuting attorney decides to proceed with a criminal or civil prosecution, the special agent assists the attorney in any preparation for court proceedings that may be required.

For investigations that do not result in prosecution but are handled administratively by the agency, the special agent or investigator prepares a report summarizing the facts gathered in the investigation. The OIG distributes the report to agency officials who need to know the investigative results. For investigative reports provided to agency

10 officials regarding substantiated administrative misconduct, the OIG requires a response within 120 days addressing any potential action based on the investigative findings. For all other investigative products, such as referrals of allegations and findings requiring a review of agency processes and procedures, the OIG generally requires a 90-day response unless the agency and the OIG agree to an alternate deadline. For certain non-criminal investigations, OIG special agents involve subject matter experts from the OIGs Technical Services Section to assist in the review of the complaints.

The OIG summarizes the criminal and administrative actions taken as a result of its investigations and includes this information in its Semiannual Reports to Congress. As part of the investigation function, the OIG also periodically conducts Event Inquiries and Special Inquiries, as discussed earlier in this plan.

HOTLINE The OIG Hotline Program provides NRC employees, contract employees, and the public with a confidential means of reporting to the OIG instances of fraud, waste, and abuse relating to agency programs and operations.

Please

Contact:

E-mail:

Online Form Telephone:

1.800.233.3497 TDD:

1.800.201.7165, or 7-1-1 Address:

U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O12-A12 11555 Rockville Pike Rockville, Maryland 20852-2746

APPENDIX A STATUTORILY REQUIRED AUDITS PLANNED FOR FISCAL YEAR 2026

STATUTORILY REQUIRED AUDITS APPENDIX A A-1 Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2025 Compliance with the Payment Integrity Information Act of 2019 DESCRIPTION AND JUSTIFICATION: The Payment Integrity Information Act of 2019 (PIIA) requires federal agencies to assess and report on improper payments in their programs annually. Agencies must also conduct risk assessments to identify programs vulnerable to improper payments and establish controls to prevent and detect such payments. The PIIA also requires the OIG to review and report on the agencys compliance with the Act, including the implementation of corrective actions to reduce improper payments. To comply with this requirement, the OIG has contracted with an independent public accounting firm to conduct the review.

OBJECTIVES: The audit objectives are to:

  • Assess the NRCs compliance with the PIIA; and,
  • Report any material weaknesses in internal control.

SCHEDULE: Initiate in the second quarter of FY 2026.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3.1: Identify areas of corporate support risks within the NRC, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Enhancing financial efficiency and resource management.

STATUTORILY REQUIRED AUDITS APPENDIX A A-2 Audit of the U.S. Nuclear Regulatory Commissions Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2026 DESCRIPTION AND JUSTIFICATION: The Federal Information Security Modernization Act (FISMA) was enacted in 2014. FISMA outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by each agencys Inspector General. In addition, FISMA includes provisions, such as those pertaining to the development of minimum standards for agency systems, aimed at further strengthening the security of the federal governments information and information systems. The annual assessments provide agencies with the information needed to assess the effectiveness of security programs and to develop strategies and best practices to improve information security.

FISMA provides the framework for securing both unclassified and national security systems. All agencies must implement the FISMA requirements and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs. To evaluate the NRCs compliance with FISMA, the OIG has contracted with an independent public accounting firm.

OBJECTIVE: The audit objective is to conduct an independent assessment of the NRCs FISMA implementation for FY 2026.

SCHEDULE: Initiate in the second quarter of FY 2026.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3.2: Identify infrastructure risks, such as physical, personnel, and cybersecurity risks, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 3: Ensuring an effective information security program and planning for and assessing the impact of artificial intelligence.

STATUTORILY REQUIRED AUDITS APPENDIX A A-3 Audit of the U.S. Nuclear Regulatory Commissions Fiscal Year 2026 Financial Statements DESCRIPTION AND JUSTIFICATION: The Chief Financial Officers Act of 1990 and the Government Management Reform Act of 1994 require federal agencies to submit annual financial statements audited by the OIG. The financial statements and accompanying audit report for FY 2026 are due 45 days after the end of the fiscal year.

To facilitate the NRCs compliance with this requirement, the OIG has contracted with an independent public accounting firm to conduct the audit.

OBJECTIVES: The audit objectives are to:

  • Express an opinion on whether the NRCs financial statements are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles;
  • Express an opinion on whether the NRC maintained, in all material respects, effective internal control over financial reporting; and,
  • Review compliance with certain laws, regulations, contracts, and grant agreements.

SCHEDULE: Initiate in the third quarter of FY 2026.

STRATEGIC GOAL 3: Corporate Support - Increase the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3.1: Identify areas of corporate support risks within the NRC, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Enhancing financial efficiency and resource management.

STATUTORILY REQUIRED AUDITS APPENDIX A A-4 Defense Contract Audit Agency Audits DESCRIPTION AND JUSTIFICATION: The OIG and the Defense Contract Audit Agency (DCAA) have an interagency agreement whereby the DCAA provides contract audit services for the OIG. The DCAA is responsible for the audit report conclusions and for performing the audit in accordance with Generally Accepted Government Auditing Standards. The OIG distributes the audit report to NRC management and is responsible for follow-up on agency actions initiated in response to the audit results.

OBJECTIVE: The audit objective is to assess whether the costs claimed by contractors are reasonable, allowable, and allocable in accordance with contract terms and applicable regulations.

SCHEDULE: Initiation varies based on requirements and contracts.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3.1: Identify areas of corporate support risks within the NRC, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Enhancing financial efficiency and resource management.

APPENDIX B PERFORMANCE AUDITS PLANNED FOR FISCAL YEAR 2026

PLANNED PERFORMANCE AUDITS APPENDIX B B-1 Audit of the U.S. Nuclear Regulatory Commissions Oversight of Aging Management for Long-Lived Reactor Structures and Components DESCRIPTION AND JUSTIFICATION: The application to renew a nuclear power plant operating license must include an assessment of passive, long-lived structures and components subject to aging management review. These include the reactor vessel, pressure-retaining boundaries, containment, seismic structures, and other components not subject to replacement based on qualified life or time. The application must demonstrate that aging effects will be adequately managed to ensure these structures and components maintain their intended function during extended operation.

The NRC inspects each licensees aging management review and program implementation both during the license renewal process and after license approval.

Once a nuclear power plant has been in extended operation for 5 to 10 years, the NRC will verify that the licensees aging management program is implemented and that its components can perform their intended functions. In addition, the NRCs baseline inspection procedures for maintenance effectiveness and design basis assurance include assessing aging management programs for plants during extended operation.

The NRC has issued license renewals for 94 nuclear power plants currently in operation, with 58 plants having entered a period of extended operation. The NRC and industry are currently focusing on "subsequent license renewals," which authorize plants to operate beyond the 60 years of the initial license and the first renewal. Subsequent license renewals are in 20-year increments.

OBJECTIVE: To determine whether the NRC provides adequate oversight of licensee aging management programs for long-lived passive reactor structures and components.

SCHEDULE: Initiate in the fourth quarter of FY 2026.

STRATEGIC GOAL 1: SafetyStrengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1.1: Identify risk areas associated with the NRCs oversight of nuclear facilities, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Reforming and modernizing nuclear regulation while ensuring regulatory integrity.

PLANNED PERFORMANCE AUDITS APPENDIX B B-2 Audit of the U.S. Nuclear Regulatory Commissions Vehicle Fleet Management DESCRIPTION AND JUSTIFICATION: Title 41 of the Code of Federal Regulations, Part 102-34, Motor Vehicle Management, governs the management and control of motor vehicles that the government owns, leases commercially, or leases through the General Service Administration (GSA) Fleet. GSA regulations require maximum fuel efficiency and limits the car size. By 2026, all newly acquired GSA-leased vehicles and all preexisting leased vehicles must have telematics capabilities to improve operational efficiency.3 NRC Management Directive 13.4, Transportation Management, provides the agencys policy for the use of its GSA-leased vehicles, stating that users must comply with applicable federal regulations and policies, and that vehicle managers and users are responsible for ensuring resources are used efficiently in accordance with agency business needs.

OBJECTIVE: To determine the effectiveness of the NRCs fleet management and identify opportunities for improvement.

SCHEDULE: Initiate during the second quarter of FY 2026.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3.1: Identify areas of corporate support risks within the NRC, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Enhancing financial efficiency and resource management.

3 Telematics is technology that can track the operational data on a vehicle, such as driver behavior and fuel use.

PLANNED PERFORMANCE AUDITS APPENDIX B B-3 Audit of the U.S. Nuclear Regulatory Commissions Media and Records Digitization Efforts DESCRIPTION AND JUSTIFICATION: A record is documentation that provides information regarding, or evidence of, the agency's functions, policies, and decision-making processes. A permanent record is one that has been determined to have sufficient value to warrant preservation in the National Archives, even while the record remains in agency custody. In accordance with 36 C.F.R, Part 1236 Subpart E, the National Archives and Records Administration mandates that agencies digitize permanent federal records, ensuring that the resulting digital versions are complete, accurate, and usable for the same purposes as the original records. Guidance from the Office of Management and Budget also required that, no later than June 30, 2024, all permanent records in federal agencies must be managed electronically to the fullest extent possible for eventual transfer and accessioning by the National Archives and Records Administration. The NRCs records come in a variety of formats and date back to its predecessor, the Atomic Energy Commission, which was established in 1954.

The Office of the Chief Information Officer oversees the NRCs Document Processing Center and manages the agency-wide records program. The office is in the process of digitizing permanent records missing from the Agencywide Documents Access and Management System Legacy Library. While the agency has succeeded in converting a small percentage of these files, challenges with the NRCs only microfiche scanner have hindered further progress. Currently, the Office of the Chief Information Officer is using a contractor to digitize classified and unclassified media tapes to a usable format for future transcription services. The contracts period of performance ultimately ends in September 2026.

OBJECTIVE: To determine the effectiveness of the NRCs digitization efforts across media types and other permanent records, and to identify opportunities for improved efficiency and compliance.

SCHEDULE: Initiate during the second quarter of FY 2026.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3.1: Identify areas of corporate support risks within the NRC, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Enhancing financial efficiency and resource management.

PLANNED PERFORMANCE AUDITS APPENDIX B B-4 Audit of the U.S. Nuclear Regulatory Commissions Budget Formulation Process DESCRIPTION AND JUSTIFICATION: The NRC submits an annual budget justification to Congress with estimates and information that support the agencys request for resources to accomplish mission-critical activities. Developing the budget is a multi-step process that includes significant coordination to ensure alignment with operational goals and resource availability. Although the NRC receives funding from Congressional appropriations, the agency is required to recover its annual budget through fees to the maximum extent practicable, less certain amounts excluded from this fee recovery requirement, through service and annual license fees.

OBJECTIVE: To evaluate the NRCs budget formulation process, ensuring that it aligns with operational goals, complies with relevant regulations and policies, and incorporates accurate and reliable data for decision making.

SCHEDULE: Initiate in the second quarter of FY 2026.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3.1: Identify areas of corporate support risks within the NRC, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Enhancing financial efficiency and resource management.

PLANNED PERFORMANCE AUDITS APPENDIX B B-5 Audit of the U.S. Nuclear Regulatory Commissions License Renewal Program DESCRIPTION AND JUSTIFICATION: The NRCs regulations limit the initial operating license for a nuclear reactor to 40 years. However, regulations also permit license renewal for an additional 20 years, provided that the initial license term was based on economic and antitrust considerations rather than technical limitations.

Through extensive technical research, the NRC has determined that many aging-related issues can be effectively managed; therefore, they do not preclude license renewal.

The license renewal process follows two parallel tracks: one addressing safety issues under 10 C.F.R. Part 54, and the other focusing on environmental issues under Part 51.

Applicants are required to assess the technical effects of plant aging and explain how these effects will be managed during the extended operating period. Additionally, they must evaluate the potential environmental impacts of continued operation for an additional 20 years. The NRC is expected to review each application thoroughly and verify the applicants evaluations through inspections. A license will be renewed only if the NRC determines that the plant can maintain the required safety standards throughout the extended operating period.

The NRC is currently reviewing two initial license renewal applications (Diablo Canyon and Clinton) and seven subsequent license renewal applications. Between fiscal years 2025 and 2034, the NRC anticipates receiving an additional 20 license renewal applications.

OBJECTIVE: To assess whether the NRC effectively administers its license renewal processes for operating nuclear power reactors in accordance with applicable regulations, and whether it ensures that nuclear power reactor licensees maintain applicable safety standards during extended periods of operation.

SCHEDULE: Initiate in the fourth quarter of FY 2026.

STRATEGIC GOAL 1: SafetyStrengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1.1: Identify risk areas associated with the NRCs oversight of nuclear facilities, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Reforming and modernizing nuclear regulation while ensuring regulatory integrity.

PLANNED PERFORMANCE AUDITS APPENDIX B B-6 Audit of the U.S. Nuclear Regulatory Commissions Recruitment, Relocation, and Retention Incentives DESCRIPTION AND JUSTIFICATION: Recruitment, relocation, and retention incentives are financial tools used by the NRC to recruit and retain qualified employees in critical positions. Recruitment incentives are offered to encourage applicants to accept positions that would otherwise be difficult to fill, while relocation incentives help offset relocation costs that could deter qualified candidates from accepting a position.

Retention incentives are used to retain highly or uniquely qualified employees whose departure could impact an essential agency activity or function. To receive these incentives, employees typically sign a written service agreement committing to a specified period of employment.

OBJECTIVE: To assess the NRCs administration of recruitment, relocation, and retention incentives, and to determine whether service obligations are effectively tracked and fulfilled.

SCHEDULE: Initiate in the second quarter of FY 2026.

STRATEGIC GOAL 3: Corporate SupportIncrease the economy, efficiency, and effectiveness with which the NRC manages and exercises stewardship over its resources.

STRATEGY 3.1: Identify areas of corporate support risks within the NRC, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 5: Enhancing financial efficiency and resource management.

PLANNED PERFORMANCE AUDITS APPENDIX B B-7 Audit of the U.S. Nuclear Regulatory Commissions Protection of Sensitive Information DESCRIPTION AND JUSTIFICATION: The NRC protects certain sensitive information to prevent it from being used to harm individuals or the public interest.

This includes information that, if disclosed, could be useful to terrorists or other malicious actors. The NRC's information security program balances the need to protect security with the public's right to know.

For the NRC, sensitive information includes Safeguards Information and Sensitive Unclassified Non-Safeguards Information. Safeguards Information is a special category of sensitive unclassified information concerning the physical protection of operating power reactors, spent fuel shipments, strategic special nuclear material, or other radioactive material. Sensitive Unclassified Non-Safeguards Information is information that is generally not publicly available and encompasses a wide variety of categories, such as personally identifiable information, attorney-client communications, confidential source information, trade secrets, and confidential commercial or financial information. Protecting sensitive information is critical to the NRCs efforts to ensure the safety and security of nuclear facilities, materials, and stakeholders.

OBJECTIVE: To assess the effectiveness of the NRCs protection of sensitive information.

SCHEDULE: Initiate in the fourth quarter of FY 2026.

STRATEGIC GOAL 2: SecurityStrengthen the NRC's efforts to address evolving security threats.

STRATEGY 3.2: Identify infrastructure risks, such as physical, personnel, and cybersecurity risks, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 3: Ensuring an effective information security program and planning for and assessing the impact of artificial intelligence.

PLANNED PERFORMANCE AUDITS APPENDIX B B-8 Audit of the U.S. Nuclear Regulatory Commissions Oversight of the Medical Use of Radioisotopes DESCRIPTION AND JUSTIFICATION: Regulatory authority over the medical use of ionizing radiation is shared among several federal, state, and local government agencies. The NRC or the responsible Agreement State4 has regulatory authority over the possession and use of byproduct, source, or special nuclear material in medicine.

The NRC regulates such material through its licensing, inspection, and enforcement programs. The types of medical uses regulated by the NRC include diagnostic, therapeutic, and research. The NRC issues medical use licenses to medical facilities, develops guidance and regulations for use by licensees, and maintains a committee of medical experts to obtain advice about the use of byproduct materials in medicine.

The Advisory Committee on the Medical Uses of Isotopes (ACMUI) is an independent committee established by the NRC for the express purpose of advising NRC staff. The ACMUI provides NRC staff with advice, technical assistance, and consultation on key issues. Additionally, the NRC has a Memorandum of Understanding with the U.S. Food and Drug Administration that coordinates the existing NRC and Food and Drug Administration regulatory programs for medical devices, drugs, and biological products that utilize byproduct, source, or special nuclear material. The NRC has expressed concern as to whether it is effectively implementing relevant regulations and interfacing effectively with the Food and Drug Administration.

OBJECTIVE: To assess whether the NRC effectively oversees the medical uses of radioactive isotopes through its licensing, inspection, and enforcement programs, and whether its coordination with Agreement States, the ACMUI, and the Food and Drug Administration is adequate to ensure compliance with regulations and protect public health and safety.

SCHEDULE: Initiate in the third quarter of FY 2026.

STRATEGIC GOAL 1: SafetyStrengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1.4: Identify risk areas facing the NRCs oversight of nuclear materials used for medical purposes that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Reforming and modernizing nuclear regulation while ensuring regulatory integrity.

4 An Agreement State is a state that has signed an agreement with the NRC authorizing the State to regulate certain uses of radioactive materials within the State.

PLANNED PERFORMANCE AUDITS APPENDIX B B-9 Audit of the U.S. Nuclear Regulatory Commissions Data Consolidation Efforts DESCRIPTION AND JUSTIFICATION: In carrying out its duties, the NRC captures, creates, manages, and uses data from a variety of sources, and in various forms, to inform its operational and regulatory decision-making and comply with federal reporting requirements.

The NRC is in the process of consolidating its data from multiple systems and sources into a single repository called the NRC Data Warehouse. The goal of the centralized repository is to make data more accessible to staff and enable them to query information from a single, high-quality dataset. The agency is implementing tools to leverage and extract as much data from its existing documents. Eventually, the optimized dataset should allow the agency to utilize artificial intelligence effectively.

OBJECTIVE: To determine if the NRCs data consolidation efforts are effective in capturing its data to advance the agencys mission.

SCHEDULE: Initiate in the fourth quarter of FY 2026.

STRATEGIC GOAL 2: SecurityStrengthen the NRC's efforts to address evolving security threats.

STRATEGY 3.2: Identify infrastructure risks, such as physical, personnel, and cybersecurity risks, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 3: Ensuring an effective information security program and planning for and assessing the impact of artificial intelligence.

PLANNED PERFORMANCE AUDITS APPENDIX B B-10 Audit of the U.S. Nuclear Regulatory Commissions Force-on-Force Inspection Program DESCRIPTION AND JUSTIFICATION: A force-on-force inspection is a two-phased, performance-based inspection that is designed to assess a nuclear plants physical protection measures for defending against adversaries who pose certain types of threats. In the first phase of a force-on-force inspection, NRC security and operations specialists conduct tabletop drills on a mock-up of the facility, and they discuss the roles of state, local, and federal law enforcement and emergency planning officials. During this phase, they also evaluate the effectiveness of licensee security plans against a series of attack scenarios. In the second phase, a mock adversary force carries out these mock attack scenarios, which are aimed at reaching and destroying enough safety equipment to set in motion an event that would damage the reactor's core or spent fuel pool and potentially cause a release of radiation into the environment. The power reactor's security force seeks to interdict the adversary force and prevent it from reaching the safety equipment.

During force-on-force inspections, the licensee maintains both its normal security force and a second security force that participates in the exercise. The purpose of these exercises is to identify any significant deficiencies in the licensee's protective strategy outlined in its security plan. These exercises provide the most realistic evaluation of the proficiency of the licensee's security force, short of an actual terrorist attack.

OBJECTIVE: To determine whether the NRCs Force-on-Force Inspection Program is designed and implemented in a manner that is comprehensive, applied consistently across sites, and fully aligned with NRC standards and requirements.

SCHEDULE: Initiate in the fourth quarter of FY 2026.

STRATEGIC GOAL 1: SafetyStrengthen the NRCs efforts to protect public health and safety, and the environment.

STRATEGY 1.1: Identify risk areas associated with the NRCs oversight of nuclear facilities, and conduct audits, evaluations, and/or investigations that lead to NRC program and operational improvements.

MANAGEMENT CHALLENGE 1: Reforming and modernizing nuclear regulation while ensuring regulatory integrity.

APPENDIX C INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FISCAL YEAR 2026

INVESTIGATIONS APPENDIX C C-1 INTRODUCTION The AIGI is responsible for developing and implementing an investigative program that furthers the OIGs objectives. The AIGIs primary responsibilities include investigating possible violations of criminal statutes relating to NRC programs and activities, investigating allegations of misconduct by NRC employees, coordinating with the DOJ on OIG-related criminal matters, and working jointly on investigations and OIG initiatives with other federal, state, and local investigative agencies, and other AIGIs.

The AIGI may initiate investigations that cover a broad range of allegations. For example, investigations may concern criminal wrongdoing or administrative misconduct affecting various NRC programs and operations. In addition, the OIG initiates investigations due to allegations or referrals from private citizens, licensee employees, NRC employees, Congress, and other federal, state, and local law enforcement agencies.

Investigations may also originate from OIG audits, the OIG Hotline, and proactive efforts to identify the potential for fraud, waste, abuse, and mismanagement.

The OIG developed this investigative plan to focus investigative priorities and use available resources most effectively. The OIG provides strategies and plans for investigative work for the fiscal year in conjunction with the OIG Strategic Plan. The OIGs Investigations Division also considers the most serious management and performance challenges facing the NRC, as identified by the IG, in developing its investigative plan.

PRIORITIES The OIG will complete approximately 30 investigations, including Event/Special Inquiries, in FY 2026. As in the past, reactive investigations into allegations of criminal and other wrongdoing, and allegations of safety and security significance, will continue to take priority when the OIG is deciding on the use of available resources. Because the NRCs mission is to protect public health and safety and advance the nations common defense and security, the Investigations Divisions main concentration of effort and resources involves alleged NRC employee misconduct that could adversely impact public health and safety-related matters.

OBJECTIVE To facilitate the most effective and efficient use of limited resources, the Investigations Division has established specific initiatives to prevent and detect fraud, waste, abuse, and mismanagement. These initiatives seek to optimize the NRCs effectiveness and efficiency, and address possible violations of criminal statutes, administrative violations relating to NRC programs and operations, and allegations of misconduct by NRC employees and managers.

INVESTIGATIONS APPENDIX C C-2 INITIATIVES Safety and Security

  • Investigate allegations that NRC employees (1) improperly disclosed allegers (mainly licensee employees) identities and allegations, (2) improperly handled alleger concerns, or (3) failed to adequately address retaliation issues involving NRC management officials or NRC licensee employees who raised health and safety or security concerns regarding NRC activities;
  • Investigate allegations that the NRC has not maintained an appropriate arms length distance from licensees and contractors;
  • Investigate allegations that NRC employees released predecisional, proprietary, or official-use-only information;
  • Interact with public interest groups, individual allegers, and industry workers to identify indications of lapses or departures in NRC regulatory oversight that could create safety and security problems;
  • Maintain close working relationships with members of the intelligence community to identify and address vulnerabilities and threats to the NRC;
  • Conduct Event and Special Inquiries into specific events that indicate an apparent shortcoming in the NRCs regulatory oversight to determine if appropriate rules, regulations, and/or procedures were followed in the NRC staffs actions to protect public health and safety;
  • Proactively review and become knowledgeable in areas of NRC staff regulatory emphasis to identify emerging issues that may require future OIG involvement;
  • Provide real-time OIG assessments of the NRC staffs handling of regulatory activities related to nuclear safety and security matters;
  • Coordinate with NRC staff to protect the NRCs infrastructure against both internal and external computer intrusions; and,
  • Investigate allegations of misconduct by NRC employees and contractors, as appropriate.

INVESTIGATIONS APPENDIX C C-3 Corporate Support

  • Attempt to detect possible wrongdoing perpetrated against the NRCs procurement, contracting, and grant programs by maintaining a close working relationship with the Office of Administration, Acquisition Management Division, and cognizant NRC Program Offices;
  • Conduct investigations of potentially false claims to the NRC that are covered by the Administrative False Claims Act of 2023 and the NRCs implementing regulations at 10 C.F.R. Part 13; and,
  • As appropriate, investigate allegations of misconduct by NRC employees and contractors.

OIG Hotline

  • Promptly process complaints received through the OIG Hotline. Initiate investigations when warranted and properly dispose of allegations that do not warrant OIG investigation.

Freedom of Information Act (FOIA) and Privacy Act

  • The OIG is an independent component within the Nuclear Regulatory Commission and directly responds to requests for records that are exclusively OIG-related, such as requests for reports of OIG inspections, audits, or investigations relating to the programs and operations of the NRC. All FOIA requests are handled professionally and expeditiously.
  • The General Counsel to the Inspector General is the principal contact point within the OIG for advice on matters pertaining to administration of FOIA.

NRC Support

  • Participate as observers on Incident Investigation Teams and Accident Investigation Teams as determined by the Inspector General.

Liaison Program

  • Coordinate with OIG Audit Issue Area Monitoring, as appropriate, to identify areas or programs with indicators of possible fraud, waste, abuse, or mismanagement; and,
  • Conduct fraud awareness and informational presentations for NRC employees and external stakeholders regarding the OIGs role.

INVESTIGATIONS APPENDIX C C-4 ALLOCATION OF RESOURCES The Investigations Division undertakes both proactive initiatives and reactive investigations. Approximately 75 percent of available investigative resources will be used for reactive investigations. The balance will be allocated to proactive investigative efforts such as reviews of NRC contract files, examinations of NRC information technology systems to identify weaknesses or misuse by agency employees, participation in interagency task forces and working groups, reviews of delinquent government travel and purchase card accounts, and other initiatives.

APPENDIX D ABBREVIATIONS AND ACRONYMS

ABBREVIATIONS AND ACRONYMS APPENDIX D D-1 ABBREVIATIONS AND ACRONYMS AIGA Assistant Inspector General for Audits & Evaluations AIGI Assistant Inspector General for Investigations DCAA Defense Contract Audit Agency DOJ U.S. Department of Justice FISMA Federal Information Security Modernization Act FOIA Freedom of Information Act FY Fiscal Year IG Inspector General NRC U.S. Nuclear Regulatory Commission OIG Office of the Inspector General PIIA Payment Integrity Information Act SAC Special Agent in Charge

Retrieved from "https://kanterella.com/w/index.php?title=ML26026A190&oldid=5556610"