Text

NUREG-1415, Vol. 32, No. 2, Oig Semiannual Report to Congress - April 1, 2018 - September 30, 2018.
	ML18337A051
Person / Time
Issue date:	10/31/2018
From:	; NRC/OIG
To:	;
References
	NUREG-1415 V32 N2
	Download: ML18337A051 (106)
	v • d • e

Semiannual Report to Congress April 1, 2018 September 30, 2018 Office of the Inspector General U.S. Nuclear Regulatory Commission Defense Nuclear Facilities Safety Board

OIG VISION Advancing nuclear safety and security through audits, evaluations, and investigations.

OIG MISSION Provide independent, objective audit and investigative oversight of Nuclear Regulatory Commission and Defense Nuclear Facilities Safety Board operations to protect people and the environment.

COVER PHOTOS:

From left to right:

NRC inspector at work NRC Headquarters Operations Center Map of NRC Agreement States Image from NRC Tribal Protocol Manual

A MESSAGE FROM THE INSPECTOR GENERAL I am pleased to present this Semiannual Report to Congress on the activities and accomplishments of the Nuclear Regulatory Commission (NRC) Office of the Inspector General (OIG) from April 1, 2018, to September 30, 2018.

This year we mark the 40th anniversary of the Inspector General Act and the creation of the original 12 Offices of Inspector General. Our office was established in 1989 under the 1988 amendments to the act. Since that time we have been part of a community that has grown to include 73 statutory Inspectors General who collectively oversee the operations of nearly every aspect of the Federal government. Every 6 months we provide Congress with a report detailing our independent oversight of NRC and the Defense Nuclear Facilities Safety Board (DNFSB) during the reporting period. In the years to come, we look forward to continuing our efforts to provide independent and effective oversight of NRC and DNFSB and working with the Council of Inspectors General on Integrity and Efficiency on important issues that cut across our government.

During this reporting period, we issued reports intended to strengthen NRCs management of its programs and operations, including the Agreement State Program and National Materials Program; the staffing of its Headquarters Operations Center; and its interactions with Federal recognized Native American Tribal governments. We also issued an audit of DNFSBs implementation of its governing legislation. OIG also opened 18 investigations, and completed 25 cases. Seven of the open cases were referred to the Department of Justice, and 34 allegations were referred to NRC management for action.

NRC OIG is committed to the integrity, efficiency, and effectiveness of NRC and DNFSB programs and operations, and our audits, investigations, and other activities highlighted in this report demonstrate our ongoing commitment. I would like to acknowledge our auditors, investigators, and support staff for their commitment to the mission of this office.

Finally, our success would not be possible without the collaborative efforts between OIG staff and NRC and DNFSB staff to address OIG findings and implement corrective actions in a timely manner. I thank them for their dedication, and I look forward to continued cooperation as we work together to ensure the integrity and efficiency of agency operations.

Hubert T. Bell Inspector General April 1, 2018, to September 30, 2018 iii

NRC Headquarters complex.

iv NRC Office of the Inspector General Semiannual Report to Congress

CONTENTS Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Overview of NRC and OIG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 NRCs Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 OIG History, Mission, and Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

OIG History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

OIG Mission and Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 NRC OIG Programs and Activities . . . . . . . . . . . . . . . . . . . . . . . . 5 Audit Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Investigative Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 OIG General Counsel Regulatory Review . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Other OIG Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 NRC Management and Performance Challenges . . . . . . . . . . . . . 10 NRC Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Audit Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Audits in Progress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 NRC Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Investigative Case Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Defense Nuclear Facilities Safety Board . . . . . . . . . . . . . . . . . . . . 40 DNFSB Management and Performance Challenges . . . . . . . . . . . 41 DNFSB Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Audit Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Audits in Progress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Summary of OIG Accomplishments at NRC . . . . . . . . . . . . . . . . 45 NRC Investigative Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 NRC Audit Listings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 NRC Audit Resolution Activities . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Summary of OIG Accomplishments at DNFSB . . . . . . . . . . . . . . 52 DNFSB Investigative Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 DNFSB Audit Listings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 DNFSB Audit Resolution Activities . . . . . . . . . . . . . . . . . . . . . . . . . 55 Unimplemented Audit Recommendations . . . . . . . . . . . . . . . . . 57 NRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 DNFSB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Abbreviations and Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Reporting Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 April 1, 2018, to September 30, 2018 v

Resident Inspector at Calvert Cliffs Nuclear power plant.

vi NRC Office of the Inspector General Semiannual Report to Congress

HIGHLIGHTS The following three sections highlight selected audits and investigations completed during this reporting period. More detailed summaries appear in subsequent sections of this report.

AUDITS NUCLEAR REGULATORY COMMISSION

NRC has regulatory oversight of the security programs at two Category I fuel cycle facilities. Category I facilities are licensed to use and possess a quantity of strategic special nuclear material, which must be protected.

NRCs force-on-force inspections simulate combat between a mock adversary force and a licensees security force. The inspection is designed to evaluate and improve the effectiveness of a licensees security force to defend their facility against a design-basis threat, which is a profile of the type, composition, and capabilities of an adversary. The audit objective was to determine the effectiveness of the force-on-force program for fuel cycle facilities. This report makes two recommendations to: (1) develop and implement a procedure to ensure classified information is handled and secured properly on force-on-force inspections, and (2) update Inspection Procedure 96001 to revise how and when the target area inspection is conducted for Category I facilities.

At the request of the Office of the Inspector General (OIG), the Defense Contract Audit Agency (DCAA) audited Qi Tech, LLC, and provided OIG with two audit reports. The DCAA audit reports, dated June 4, and June 29, 2018, identified questioned costs to be addressed by Nuclear Regulatory Commission (NRC) management. NRC management was provided a copy of the reports and NRC Forms 518, Audit Report Tracking. NRC management is responsible for completing the forms, and returning them to OIG with the agency management decision on the questioned costs.

In October 1987, NRC contracted with Southwest Research Institute (SwRI) to operate a Federally Funded Research and Development Center (FFRDC),

with the principal focus to provide support for NRCs activities in licensing a deep geologic repository for high level waste and spent nuclear fuel. SwRI established the Center for Nuclear Waste Regulatory Analyses (CNWRA) to serve as an FFRDC. The current contract, awarded on March 30, 2018, is NRCs sixth renewal of the FFRDC contract. Federal Acquisition Regulation Section (FAR) 35.017-4 requires, prior to extending a contract for an FFRDC, a sponsoring agency must conduct a comprehensive review of the use and need for the facility. The evaluation objectives were to determine if NRC is (1) properly considering all FAR requirements for an FFRDC review in preparing its renewal justification, and (2) adequately fulfilling its oversight responsibilities for the FFRDC. This report makes four recommendations to improve NRCs oversight of the FFRDC contract through revising procedures and providing training.

April 1, 2018, to September 30, 2018 vii

NRC fully funds the training and associated travel costs for Agreement State staff to attend NRC-sponsored training. The funding is intended to help Agreement States enhance their programs performance and foster national consistency among Agreement State and NRC inspectors and license reviewers. When Agreement State staff attend NRC-sponsored training, NRC reimburses the staff at the Federal per diem rate for lodging and meals and incidentals. Some Agreement States have policies in place that require employees to surrender their Federal per diem travel reimbursement to the State. The State then reimburses the employee at the State per diem rate, which is typically lower than the Federal per diem rate. These States normally keep the difference between the Federal and State per diem. The audit objective was to assess the effectiveness and efficiency of NRCs process for reimbursing Agreement State staff who attend NRC-sponsored training.

This report makes one recommendation to improve the efficiency of NRCs process for reimbursing Agreement State staff who attend NRC-sponsored training.

NRCs Headquarters Operations Center (HOC) maintains direct contact with nuclear power plants and receives reports from reactor, fuel cycle, and nuclear materials licensees as required by regulations. The HOC is staffed 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months a day, 365 days a year with qualified watch standers. In serving as NRCs initial contact for all incident reports, HOC staff are responsible for maintaining awareness of NRC-licensed facilities and materials, and performing independent situational analysis of incidents to ensure that licensees are implementing appropriate protective measures and to notify appropriate NRC staff. The evaluation objective was to determine whether NRC staffing of the Headquarters Operations Center adequately supports necessary response and coordination activities. This report makes three recommendations to improve staffing of the HOC.

Technical specifications are part of an NRC license authorizing the operation of a nuclear production or utilization facility. The Standard Technical Specifications are guidance for modifying the approved nuclear power plants operating license in accordance with Section 36 of Part 50 of Title 10 of the Code of Federal Regulations, "Technical specifications" (10 CFR 50.36). The Standard Technical Specifications are published for each of the reactor types in a set of NUREG-series publications. NRC modifies the Standard Technical Specifications through a process initiated by the industry-sponsored Technical Specifications Task Force, which submits proposed changes to NRC. The audit objective was to assess the effectiveness and efficiency of NRCs process for modifying Standard Technical Specifications and communicating these modifications to staff and licensees. This report makes eight recommendations to strengthen Technical Specifications Branch knowledge management practices and enhance quality assurance measures for program data.

viii NRC Office of the Inspector General Semiannual Report to Congress

The Federal Information Security Modernization Act of 2014 (FISMA) outlines the information security management requirements for Federal agencies, which includes an annual independent evaluation of the agencys information security program and practices to determine their effectiveness.

FISMA requires the annual evaluation to be performed by the agencys OIG or by an independent auditor. OIG retained Richard S. Carson &

Associates, Inc., to perform the fiscal year 2017 FISMA evaluation, including conducting an external vulnerability assessment and penetration test. The objective of the testing was to verify the presence of network devices, identify vulnerabilities, determine risk, and aid management in countering or mitigating associated risks.

NRC may conduct special and infrequent inspections using criteria in Inspection Manual Chapter (IMC) 2515 Appendix C. These inspections are in addition to baseline inspections conducted at commercial nuclear power plants in support of the Reactor Oversight Process. NRC conducts these special and infrequent inspections in response to safety and security events at nuclear power plants, and to ensure the safety of infrequent, but major plant licensing and maintenance activities. The audit objectives were to assess NRCs processes for (1) identifying conditions that warrant special and infrequently performed inspections at commercial power reactors under IMC 2515 Appendix C, and (2) conducting these inspections in accordance with agency guidance. The report makes six recommendations to improve periodic assessments of IMC 2515 Appendix C inspection procedures and application controls in the Replacement Program System Inspections Module.

The Improper Payments Information Act of 2002 (IPIA) requires each agency to annually estimate its improper payments. IPIA was amended by the Improper Payments Elimination and Recovery Act of 2010 (IPERA) and again by the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA). Collectively, these acts require each agency to periodically review all programs and activities that may be susceptible to significant improper payments and to conduct recovery audits with respect to each program and activity of the agency that expends $1,000,000 or more annually, if conducting such audits would be cost effective. It also establishes the Do Not Pay Initiative, which directs agencies to verify the eligibility of payments before making payments. The objective of this audit was to assess NRCs compliance with IPIA, as amended by IPERA and IPERIA, and report any material weaknesses in internal control. This report makes no recommendations as OIG determined that the agency is in compliance with the IPIA.

The National Materials Program is a term that has been used for many years to describe the broad collective effort within which both the NRC and the Agreement States function in carrying out their respective regulatory programs for agreement material. The National Materials Program covers April 1, 2018, to September 30, 2018 ix

activities separately carried out by NRC and the individual Agreement State programs as well as shared program activities between NRC and Agreement States. The National Materials Program concept evolved as the number of Agreement States grew, but to this day, the Program remains a term without a formal structure. The audit objective was to determine if the National Materials Program is an effective and efficient framework for carrying out NRC and Agreement State radiation safety regulatory programs. This report makes two recommendations to improve the effectiveness of NRCs oversight of the National Materials Program through improving documentation and communication of the Program framework.

The Federal Government has a unique legal and political relationship with Native American Tribes (Tribes) that arises from the U.S. Constitution.

The Federal Government recognizes Tribes as domestic sovereign nations, and therefore, has acknowledged the inherent authority of Tribes to govern themselves. NRC conducts outreach to keep Tribes informed about the agencys actions and plans. NRC is required, by the National Historic Preservation Act of 1966, to consult with Tribes that attach religious or cultural significance to properties affected by NRC actions. The audit objective was to determine whether NRC fulfills its Tribal outreach and consultation responsibilities and requirements. This report makes five recommendations to strengthen NRCs work with Tribes including defining organizational roles and responsibilities, updating guidance, creating a qualification program, providing training, and allowing for sufficient resources to support program activities.

DEFENSE NUCLEAR FACILITIES SAFETY BOARD

In 1988 Congress created the Defense Nuclear Facilities Safety Board (DNFSB) as an independent executive branch agency to provide independent analysis, advice, and recommendations to the Secretary of Energy regarding adequate protection of public health and safety at the Department of Energy (DOE) defense nuclear facilities. There are 14 major defense nuclear facilities under DNFSBs jurisdiction. DNFBSs enabling statute allows it to establish reporting requirements for DOE. These reporting requirements are binding upon the Secretary of Energy, may accompany a report DNFSB staff have prepared on a safety issue, may request a briefing from DOE, or be a standalone request for information from a Board member. The audit objective was to review the role and structure of DNFSB to determine (1) whether the Board is operating in accordance with applicable laws and (2) whether the role and structure is effective to facilitate the agencys mission.

The report makes two recommendations that address implementing (1) agency guidance for issuing reporting requirements and (2) a plan of action to address the issues of low employee morale and Board collegiality as documented in prior surveys and reports.

x NRC Office of the Inspector General Semiannual Report to Congress

INVESTIGATIONS NUCLEAR REGULATORY COMMISSION

OIG conducted an investigation into an allegation that NRC used unfair competitive practices in connection with a solicitation for services to develop long-term competency models for select mission critical NRC positions and provide a competency modeling system assessment tool for new and existing competency models.

OIG conducted an investigation into an allegation from three special interest groups concerning the timing of NRCs license amendment that allowed a nuclear reactor licensee to postpone a December 15, 2017, deadline for implementation of NRC cyber security rule requirements until December 15, 2020. NRC approved the license amendment on the December 15, 2017, deadline day. According to the allegers, the NRC staff might have revealed predecisional information by tipping off the reactor licensee that they need not worry about the December 15, 2017, deadline because NRC would issue a last minute amendment.

OIG conducted an investigation into an allegation that NRC staff failed to perform their inspection duties and were negligent when they let a nitrogen leak inside a nuclear power plant containment area go uncorrected for 8 months.

OIG conducted an investigation into an allegation of sexual harassment and workplace harassment by an NRC senior official.

OIG conducted an investigation into several allegations concerning an NRC senior official and the NRC contractor he oversaw. It was alleged that the NRC senior official had an improper relationship with the contractors Program Manager; that after an NRC contractors work in Information Assurance was given to another NRC contractor, NRC blocked a company employee from getting another contract position at NRC; that the companys contract with the NRC violated Federal guidelines because the company was fulfilling tasks for three components of IT Security; and that a company employees allegations to OIG contributed to him losing his contract job.

OIG conducted an investigation into an allegation reported by a State Attorney Generals Office regarding a company misrepresenting its qualifications to various local, State and Federal agencies. On the companys Web site, the owner claimed that NRC accepted his product and used it to screen applicants for access to nuclear power plants. The Attorney Generals Office requested OIGs assistance in verifying the claim concerning the NRC.

OIG conducted an investigation into an allegation of inappropriate behavior in the workplace by an NRC senior official.

April 1, 2018, to September 30, 2018 xi

OIG conducted an investigation in response to a letter from U.S. Senator Kirsten Gillibrand to the NRC Chairman expressing concern over the 2016 accidental release of radioactive material into the groundwater at the Indian Point Energy Center (IPEC) in Buchanan, NY. Senator Gillibrand questioned whether additional NRC oversight was warranted for this aging plant, whether NRCs resident inspectors at IPEC were aware of the malfunctioning equipment that caused the recent leak, whether it was flagged as a potential issue prior to the leak, and why the problem was not repaired earlier.

OIG conducted an investigation into an allegation that an NRC senior official allegedly held a stock listed on the NRC Prohibited Securities List in 2017, as disclosed on his Office of Government Ethics Form 450 for that year. NRC addressed the issue requiring the senior official to divest the stock. NRC also requested OIG to review the circumstances surrounding the ownership of the prohibited stock, and whether the NRC senior official was involved in any regulatory matters which had an impact on the companys stock that he was prohibited from owning.

OIG conducted an investigation into an allegation that differences between the reactor coolant system Alloy 600 aging management programs under the renewed operating licenses at two nuclear power plants reflected violations of NRC regulations.

xii NRC Office of the Inspector General Semiannual Report to Congress

Fire equipment inspection at Calvert Cliffs nuclear power plant.

April 1, 2018, to September 30, 2018 xiii

Nuclear reactor core.

xiv NRC Office of the Inspector General Semiannual Report to Congress

OVERVIEW OF NRC AND OIG NRCs Mission NRC was formed in 1975, in accordance with the Energy Reorganization Act of 1974, to regulate the various commercial and institutional uses of nuclear materials.

The agency succeeded the Atomic Energy Commission, which previously had responsibility for both developing and regulating nuclear activities.

NRCs mission is to regulate the Nations civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. NRCs regulatory mission covers three main areas:

Reactors - Commercial reactors that generate electric power and research and test reactors used for research, testing, and training.

Materials - Uses of nuclear materials in medical, industrial, and academic settings and facilities that produce nuclear fuel.

Waste - Transportation, storage, and disposal of nuclear materials and waste, and decommissioning of nuclear facilities from service.

Under its responsibility to protect public health and safety, NRC has three principal regulatory functions: (1) establish standards and regulations, (2) issue licenses for nuclear facilities and users of nuclear materials, and (3) inspect facilities and users of nuclear materials to ensure compliance with the requirements. These regulatory functions relate both to nuclear power plants and other uses of nuclear materials

- like nuclear medicine programs at hospitals, academic activities at educational institutions, research, and such industrial applications as gauges and testing equipment.

NRC maintains a current Web site and a public document room at its headquarters in Rockville, MD; holds public hearings and public meetings in local areas and at NRC offices; and engages in discussions with individuals and organizations.

April 1, 2018, to September 30, 2018 1

OIG History, Mission, and Goals OIG History In the 1970s, Government scandals, oil shortages, and stories of corruption covered by newspapers, television, and radio stations took a toll on the American publics faith in its Government. The U.S. Congress knew it had to take action to restore the publics trust. It had to increase oversight of Federal programs and operations.

It had to create a mechanism to evaluate the effectiveness of Government programs.

And, it had to provide an independent voice for economy, efficiency, and effectiveness within the Federal Government that would earn and maintain the trust of the American people.

In response, Congress passed the landmark legislation known as the Inspector General Act (IG Act), which President Jimmy Carter signed into law in 1978. The IG Act created independent Inspectors General, who would protect the integrity of Government; improve program efficiency and effectiveness; prevent and detect fraud, waste, and abuse in Federal agencies; and keep agency heads, Congress, and the American people fully and currently informed of the findings of IG work.

Today, the IG concept is a proven success. The IGs continue to deliver significant benefits to our Nation. Thanks to IG audits and investigations, billions of dollars have been returned to the Federal Government or have been better spent based on recommendations identified through those audits and investigations. IG investigations have also contributed to the prosecution of thousands of wrongdoers.

In addition, the IG concepts of good governance, accountability, and monetary recovery encourage foreign governments to seek advice from IGs, with the goal of replicating the basic IG principles in their own governments..

2 NRC Office of the Inspector General Semiannual Report to Congress

OIG Mission and Goals NRCs OIG was established as a statutory entity on April 15, 1989, in accordance with the 1988 amendment to the IG Act. NRC OIGs mission is to (1) independently and objectively conduct and supervise audits and investigations relating to NRC programs and operations; (2) prevent and detect fraud, waste, and abuse; and (3) promote economy, efficiency, and effectiveness in NRC programs and operations.

OIG is committed to ensuring the integrity of NRC programs and operations.

Developing an effective planning strategy is a critical aspect of accomplishing this commitment. Such planning ensures that audit and investigative resources are used effectively. To that end, OIG developed a Strategic Plan that includes the major challenges and critical risk areas facing NRC.

The plan identifies OIGs priorities and establishes a shared set of expectations regarding the goals OIG expects to achieve and the strategies that will be employed to do so. OIGs Strategic Plan features three goals, which generally align with NRCs mission and goals:

1. Strengthen NRCs efforts to protect public health and safety and the environment.

2. Enhance NRCs efforts to increase security in response to an evolving threat environment.

3. Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.

April 1, 2018, to September 30, 2018 3

Reactor core containment.

4 NRC Office of the Inspector General Semiannual Report to Congress

NRC OIG PROGRAMS AND ACTIVITIES Audit Program The OIG Audit Program focuses on management and financial operations; economy or efficiency with which an organization, program, or function is managed; and whether the programs achieve intended results. OIG auditors assess the degree to which an organization complies with laws, regulations, and internal policies in carrying out programs, and they test program effectiveness as well as the accuracy and reliability of financial statements. The overall objective of an audit is to identify ways to enhance agency operations and promote greater economy and efficiency. Audits comprise four phases:

Survey - An initial phase of the audit process is used to gather information on the agencys organization, programs, activities, and functions. An assessment of vulnerable areas determines whether further review is needed.

Fieldwork - Detailed information is obtained to develop findings and support conclusions and recommendations.

Reporting - The auditors present the information, findings, conclusions, and recommendations that are supported by the evidence gathered during the survey and fieldwork phases. Exit conferences are held with management officials to obtain their views on issues in the draft audit report. Comments from the exit conferences are presented in the published audit report, as appropriate. Formal written comments are included in their entirety as an appendix in the published audit report.

Resolution - Positive change results from the resolution process in which management takes action to improve operations based on the recommendations in the published audit report. Management actions are monitored until final action is taken on all recommendations. When management and OIG cannot agree on the actions needed to correct a problem identified in an audit report, the issue can be taken to the NRC Chairman for resolution.

Each October, OIG issues an Annual Plan that summarizes the audits planned for the coming fiscal year. Unanticipated high-priority issues may arise that generate audits not listed in the Annual Plan. OIG audit staff continually monitor specific issue areas to strengthen OIGs internal coordination and overall planning process. Under the OIG Issue Area Monitor (IAM) program, staff designated as IAMs are assigned responsibility for keeping abreast of major agency programs and activities. The broad IAM areas address nuclear reactors, nuclear materials, nuclear waste, international programs, security, information management, and financial management and administrative programs.

April 1, 2018, to September 30, 2018 5

Investigative Program OIGs responsibility for detecting and preventing fraud, waste, and abuse within NRC includes investigating possible violations of criminal statutes relating to NRC programs and activities, investigating misconduct by NRC employees and contractors, interfacing with the Department of Justice on OIG-related criminal and civil matters, and coordinating investigations and other OIG initiatives with Federal, State, and local investigative agencies and other OIGs. Investigations may be initiated as a result of allegations or referrals from private citizens; licensee employees; NRC employees; Congress; other Federal, State, and local law enforcement agencies; OIG audits; the OIG Hotline; and OIG initiatives directed at areas bearing a high potential for fraud, waste, and abuse.

Because NRCs mission is to protect the health and safety of the public, OIGs Investigative Program directs much of its resources and attention to investigating allegations of NRC staff conduct that could adversely impact matters related to health and safety. These investigations may address allegations of

Misconduct by high-ranking NRC officials and other NRC officials, such as managers and inspectors, whose positions directly impact public health and safety.

Failure by NRC management to ensure that health and safety matters are appropriately addressed.

Failure by NRC to appropriately transact nuclear regulation publicly and candidly and to openly seek and consider the publics input during the regulatory process.

Conflicts of interest involving NRC employees and NRC contractors and licensees, including such matters as promises of future employment for favorable or inappropriate treatment and the acceptance of gratuities.

Fraud in the NRC procurement program involving contractors violating Government contracting laws and rules.

OIG has also implemented a series of proactive initiatives designed to identify specific high-risk areas that are most vulnerable to fraud, waste, and abuse. A primary focus is electronic-related fraud in the business environment. OIG is committed to improving the security of this constantly changing electronic business environment by investigating unauthorized intrusions and computer-related fraud, and by conducting computer forensic examinations. Other proactive initiatives focus on determining instances of procurement fraud, theft of property, Government credit card abuse, and fraud in Federal programs.

6 NRC Office of the Inspector General Semiannual Report to Congress

OIG General Counsel Regulatory Review Pursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), OIG reviews existing and proposed legislation, regulations, policy, and implementing management directives (MD), and makes recommendations to the agency concerning their impact on the economy and efficiency of agency programs and operations.

Regulatory review is intended to provide assistance and guidance to the agency prior to the concurrence process so as to avoid formal implementation of potentially flawed documents. OIG does not concur or object to the agency actions reflected in the regulatory documents, but rather offers comments.

Comments provided in regulatory review reflect an objective analysis of the language of proposed agency statutes, directives, regulations, and policies resulting from OIG insights from audits, investigations, and historical data and experience with agency programs. OIG review is structured so as to identify vulnerabilities and offer additional or alternative choices.

To effectively track the agencys response to OIG regulatory review, comments include a request for written replies within 90 days, with either a substantive reply or status of issues raised by OIG.

From April 1, 2018, to September 30, 2018, OIG reviewed a variety of agency documents including Commission papers (SECYs), Staff Requirements Memoranda, and Federal Register Notices, MDs, Operating Procedures, and statutes.

Comments provided on the most significant matters addressed during this period are described below.

NRC

Draft MD and Directive Handbook (DH) 8.5, Nonreactor Operational Safety Data Review - OIG suggested inclusion of a paragraph describing the responsibilities of the Director, Office of Nuclear Reactor Regulation, to assure complete understanding of this position. OIG also suggested that the Office of Nuclear Material Safety and Safeguards program description include information on potentially applicable non-reactor operational safety issues/events that occur within the Department of Energy complex of facilities for completeness and to provide benchmark data for the conduct and possible improvement of NRCs non-reactor safety data review and oversight processes.

Draft MD and DH 10.41, Pay Administration - OIG suggested that the meaning of EX-IV be clarified to confirm that it refers to Pay Level IV on the Office of Personnel Managements Rates of Basic Pay for the Executive Schedule.

Draft MD and DH 10.49, Student Loan Repayment Program - OIG suggested clarification of the terms establishing whether an action is to be considered voluntary or involuntary for purposes of required repayment obligations.

April 1, 2018, to September 30, 2018 7

DNFSB

Directive D-321.1, Occupational Radiation Exposure Monitoring Program

- OIG commented that there appeared to be redundant responsibilities for reporting unusually high exposures to the Chairman and the General Manager. OIG also noted that in the section titled, Reviews and approves requests to remove radiation exposure information in a current or former employees file, it was not clear as to why radiation exposure information in an employees file or the file of a former employee would need to be removed. OIG suggested the paragraph describe, at least minimally, the basic criteria or circumstances supporting authorization for removal of radiation exposure information from these files, where this information would be sent, and how lifetime records of radiation exposure would be assured.

Other OIG Activities Maryann Lawrence Grodin, OIG General Counsel, addressed NRC Office of General Counsel Honor Law Graduate attorneys as part of their agency orientation briefings. Ms. Grodin provided information describing the Office of the Inspector General, its history, statutory basis, implementing regulations, and relevant case law. In addition, the role of IG Counsel, both at NRC and in the Federal community, was detailed and compared. The group discussed interaction protocols between agency attorneys and the OIG, including key interoffice connections in effecting Program Fraud Civil Remedies Act litigation and educational efforts related to Whistleblower rights under the Whistleblower Protection Enhancement Act.

Newly Appointed AIGI Rocco J. Pierri has been appointed the Assistant Inspector General for Investigations for NRC OIG. Mr. Pierri joined OIG on July 23, 2018, after nearly 20 years with the U.S. Naval Criminal Investigative Service (NCIS), where he most recently served as the Special Agent in Charge of the Office of Special Projects. Other NCIS positions include Deputy Assistant Director for Economic Crimes, and Command Counterintelligence Coordinating Authority at the U.S. Pacific Command. Before working at NCIS, Mr. Pierri was a police officer with the New York City Police Department, and before that, he served in the U.S. Army Airborne Infantry.

Mr. Pierri earned a masters level professional diploma in national security studies from the U.S. Naval War College, a masters degree in diplomacy and military studies from Hawaii Pacific University, and a bachelors degree in forensic psychology from the John Jay College of Criminal Justice. Mr. Pierri is also a certified fraud examiner.

Mr. Pierri has received numerous professional and military awards, including a Joint Meritorious Civilian Service Award from the Chairman of the Joint Chiefs of Staff; 2013 and 2014 National Counterintelligence Executive Insider Threat Awards, and both a Counterintelligence Award and a Global War on Terrorism Medal from the Department of Defense.

8 NRC Office of the Inspector General Semiannual Report to Congress

New OIG Strategic Plan Issued OIG is committed to ensuring the integrity of NRC programs and operations.

Developing an effective planning strategy is a critical aspect of accomplishing this commitment. Such planning assures that OIG audit and investigative resources are used effectively.

NRC OIGs strategic plan represents the culmination of an intensive effort in which all OIG staff draw on their collective experience and expertise to reexamine the OIG's purpose and future direction. The strategic goals presented in this plan comprise the essential elements necessary to effectively realize the OIG's principal mission. It also reflects the vision statement adopted by the OIG: "We are agents of positive change striving for continuous improvement in our agency's management and program operations and in our own office."

Significant changes to this strategic plan include the realignment of OIGs strategic goals and respective strategies for NRC to reflect OIGs categorization of work based on whether it addresses and internal or external risk to the agency.

The Inspector General has made available its Nuclear Regulatory Commission, Office of the Inspector Generals Strategic Plan for NRC and DNFSB FY 2019 -

2023 dated July 25, 2018, available on the OIG Web site.

https://www.nrc.gov/insp-gen/plandocs.html April 1, 2018, to September 30, 2018 9

NRC MANAGEMENT AND PERFORMANCE CHALLENGES Most Serious Management and Performance Challenges Facing the Nuclear Regulatory Commission*

as of October 1, 2017 (as identified by the Inspector General)

Challenge 1 Regulation of nuclear reactor safety programs.

Challenge 2 Regulation of nuclear materials and radioactive waste programs.

Challenge 3 Management of security over internal infrastructure (personnel, physical, and cyber security) and nuclear security.

Challenge 4 Management of information technology and information management.

Challenge 5 Management of financial programs.

Challenge 6 Management of administrative functions.

For more information on the challenges, see OIG-18-A-01, Inspector Generals Assessment of the Most Serious Management and Performance Challenges Facing NRC, https://www.nrc.gov/docs/ML1729/ML17291A011.pdf 10 NRC Office of the Inspector General Semiannual Report to Congress

NRC AUDITS To help the agency improve its effectiveness and efficiency during this period, OIG completed 12 financial and performance audits and evaluations, resulting in numerous recommendations to NRC management. In addition, the Defense Contract Audit Agency conducted two audits at OIG's request. Most of these audits and evaluations are summarized below.

Audit Summaries Audit of NRCs Force-on-Force Security Inspections of Fuel Cycle Facilities OIG Strategic Goal: Security NRC has regulatory oversight of the security programs at two Category I fuel cycle facilities: BWX Technologies, Inc. located in Lynchburg, VA and Nuclear Fuel Services, Inc. located in Erwin, TN. Category I facilities are licensed to use and possess a quantity of strategic special nuclear material, which must be protected.

NRCs force-on-force inspections simulate combat between a mock adversary force and a licensees security force. The inspection is designed to evaluate and improve the effectiveness of a licensees security force to defend their facility against a design-basis threat, which is a profile of the type, composition, and capabilities of an adversary.

NRC and its licensees use the design basis threat to design systems to protect against acts of radiological sabotage and to prevent the theft or diversion of special nuclear material.

The audit objective was to determine the effectiveness of the force-on-force program for fuel cycle facilities.

Audit Results:

NRCs force-on-force program for the Category I facilities is generally effective and inspections are conducted in a timely manner. However, opportunities exist to improve NRCs force-on-force program for Category I facilities by (1) improving the handling of classified information on the inspections and (2) completing NRCs 3-week force-on-force inspections more efficiently.

A 2016 NRC classification bulletin changed the classification of database information from previous inspections and procedures were not developed to implement these changes. NRC has not developed detailed procedures for ensuring that classified information is handled appropriately on force-on-force inspections for Category I facilities. As a result, the lack of procedures could lead to an unauthorized disclosure of classified material. Force-on-force inspections at Category I facilities, consisting of 3 weeks of activities, can be completed more efficiently. The applicable inspection procedure has not been recently updated; thus, NRC may not be using its resources as efficiently as possible.

April 1, 2018, to September 30, 2018 11

This reports makes two recommendations to: (1) develop and implement a procedure to ensure classified information is handled and secured properly on force-on-force inspections, and (2) update Inspection Procedure 96001 to revise how and when the target area inspection is conducted for Category I facilities. Agency management stated their general agreement with the findings and recommendations in this report.

(Addresses Management and Performance Challenge # 3)

DCAA Audit Reports: Supplement to Independent Audit Report on Qi Tech, LLCs Proposed Amounts on Unsettled Flexibly Priced Contracts for Fiscal Years 2013 and 2014, and for Fiscal Year 2015 OIG Strategic Goal: Corporate Management At the request of OIG, the Defense Contract Audit Agency (DCAA) conducted two audits of Qi Tech, LLC, and provided OIG with two audit reports. The DCAA audit reports, dated June 4, 2018, and June 29, 2018, identified questioned costs to be addressed by NRC management.

NRC management was provided a copy of both reports and NRC Forms 518, Audit Report Tracking. NRC management is responsible for completing the forms, and returning them to OIG with the agency management decisions on the questioned costs.

(Addresses Management and Performance Challenges #5 and #6)

Audit of NRCs Process for Reimbursing Agreement State Personnel Training Expenses OIG Strategic Goal: Safety NRC fully funds the training and associated travel costs for Agreement State staff to attend NRC-sponsored training. The funding is intended to help Agreement States enhance their programs performance and foster national consistency among Agreement State and NRC inspectors and license reviewers. When Agreement State staff attend NRC-sponsored training, NRC reimburses the staff at the Federal per diem rate for lodging and meals and incidentals. Some Agreement States have policies in place that require employees to surrender their Federal per diem travel reimbursement to the State. The State then reimburses the employee at the State per diem rate, which is typically lower than the Federal per diem rate. These States normally keep the difference between the Federal and State per diem.

The audit objective was to assess the effectiveness and efficiency of NRCs process for reimbursing Agreement State staff who attend NRC-sponsored training.

12 NRC Office of the Inspector General Semiannual Report to Congress

Audit Results:

OIG found that NRC has a process in place for reimbursing Agreement State staff who attend NRC-sponsored training; however, opportunities for improvement exist with regard to its efficiency. Specifically, NRC should conduct a cost-benefit analysis to evaluate alternative Agreement State reimbursement options. There is a delta between the Federal per diem rate and most State per diem rates. As a responsible regulatory agency, NRC should use its resources efficiently. Because there is no process in place for NRC to reimburse Agreement States at their State per diem rate, NRCs funds are potentially not being used as efficiently as possible. This report makes one recommendation to improve the efficiency of NRCs process for reimbursing Agreement State staff who attend NRC-sponsored training.

(Addresses Management and Performance Challenge # 1)

April 1, 2018, to September 30, 2018 13

Evaluation of NRCs Oversight of the Agencys Federally Funded Research and Development Center Contract OIG Strategic Goal: Corporate Management In October 1987, NRC contracted with Southwest Research Institute (SwRI) to operate a Federally Funded Research and Development Center (FFRDC), with the principal focus to provide support for NRCs activities in licensing a deep geologic repository for high level waste and spent nuclear fuel. SwRI established the Center for Nuclear Waste Regulatory Analyses (CNWRA) to serve as an FFRDC. The current contract, awarded on March 30, 2018, is NRCs sixth renewal of the FFRDC contract.

Federal Acquisition Regulation (FAR) Section 35.017-4 requires, prior to extending a contract for an FFRDC, a sponsoring agency must conduct a comprehensive review of the use and need for the facility.

The evaluation objectives were to determine if NRC is (1) properly considering all FAR requirements for an FFRDC review in preparing its renewal justification, and (2) adequately fulfilling its oversight responsibilities for the FFRDC.

Evaluation Results:

OIG considers all FFRDC renewal FAR requirements to be fully satisfied.

However, opportunities for improvement were identified in how NRC oversees the administration of the contract. Both the FAR and NRC policies and procedures provide guidance on contract administration including the roles, responsibilities, and authorities of contracting officers (CO) and Contracting Officer Representatives (COR). NRC also has specific guidance that addresses contract administration including requirements associated with invoice documentation and review as well as contract oversight and performance monitoring. This evaluation found the agency is not adequately fulfilling its oversight responsibilities related to FFRDC contract administration. This is occurring because agency management does not

Enforce contractor use of NRC billing instructions.

Provide sufficient training for the FFRDC CORs.

Exercise timely issuance of delegation memorandums.

Provide timely review and approval of contract modifications.

It is important for the agency, with authority over the spending of licensee and taxpayer funds, to perform a comprehensive review for the need and use of the FFRDC as a sole-source procurement. Inadequate contract administration increases the risk of the agency not being an effective steward of licensee and taxpayer money, as potential billing discrepancies may not be identified and corrected.

(Addresses Management and Performance Challenge # 6) 14 NRC Office of the Inspector General Semiannual Report to Congress

Evaluation of NRCs Headquarters Operations Center Staffing OIG Strategic Goal: Security NRCs Headquarters Operations Center (HOC) maintains direct contact with nuclear power plants and receives reports from reactor, fuel cycle, and nuclear materials licensees as required by regulations. The HOC is staffed 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months a day, 365 days a year with qualified watch standers. In serving as NRCs initial contact for all incident reports, HOC staff are responsible for maintaining awareness of NRC-licensed facilities and materials, and for performing independent situational analysis of incidents in order to ensure that licensees are implementing appropriate protective measures and to notify appropriate NRC staff.

The evaluation objective was to determine whether NRC staffing of the HOC adequately supports necessary response and coordination activities.

Evaluation Results:

The evaluation found that response and coordination activities were able to be supported by the HOC during calendar year 2017, but under sub-optimal conditions that strained available staff resources. Resource reduction, HOC staff departures, and hiring delays combined to produce a staffing shortage throughout calendar year 2017. Management underestimated the magnitude of programmatic impacts from the staff resource reduction and had not adequately planned how to maintain staffing levels. The number of available HOC staff dropped to the point of requiring that a non-qualified second person fill shifts.

Staffing conditions resulted in reducing the HOCs available capacity to support the agencys response and coordination role. Current staffing has improved through ongoing management efforts, and can be further strengthened. The report makes three recommendations to define the mission needs, workload, and skills and competencies of the Headquarters Operations Officer workforce to support achievement of program results. OIG also recommends development of guidance and procedures to support human capital management and succession in the HOC.

(Addresses Management and Performance Challenges # 1 and # 3)

April 1, 2018, to September 30, 2018 15

Audit of NRCs Process for Modifying and Communicating Standard Technical Specifications OIG Strategic Goal: Safety Technical specifications are part of an NRC license authorizing the operation of a nuclear production or utilization facility. The Standard Technical Specifications are guidance for modifying the approved nuclear power plants operating license in accordance with Section 36 of Part 50 of Title 10 of the Code of Federal Regulations, "Technical specifications" (10 CFR 50.36). The Standard Technical Specifications are published for each of the reactor types in a set of NUREG-series publications. NRC modifies the Standard Technical Specifications through a process initiated by the industry-sponsored Technical Specifications Task Force, which submits proposed changes to NRC. The submissions are referred to as Travelers.

The audit objective was to assess the effectiveness and efficiency of NRCs process for modifying Standard Technical Specifications and communicating these modifications to staff and licensees.

Audit Results:

NRC generally modifies Standard Technical Specifications in an efficient and effective manner. However, NRCs Standard Technical Specification modification process could be strengthened in the areas of knowledge management practices and quality assurance measures.

Federal agencies are required to define succession plans, capture critical knowledge from employees, and institutionalize knowledge sharing practices as part of their daily operations. However, Technical Specifications Branch management has not established a structured approach to knowledge management that fully captures critical knowledge from employees. Additionally, the Technical Specifications Branch has not fully implemented knowledge sharing practices for succession planning, training, and guidance for the Traveler modification process. A more structured approach to knowledge management has not been established because the Technical Specification Branch management considers knowledge management a lower priority relative to other mission-essential tasks. Establishing a more structured approach to knowledge management would reduce the risk of regulatory inconsistency and inefficiency.

Federal internal control guidance recommends information system controls to ensure reliability of data used to carry out agency operations. NRC guidance also has similar requirements for information quality. However, Traveler data in the Replacement Reactor Program SystemLicensing Module is unreliable, as evidenced by staff hour discrepancies and billing misallocations. Data reliability weaknesses occurred because NRC did not identify Technical Specifications Branch user needs during work planning system design and did not conduct sufficient integrated systems testing before migrating agency wide systems data. In addition, 16 NRC Office of the Inspector General Semiannual Report to Congress

the Technical Specifications Branch lacks sufficient quality assurance oversight for staff data inputs. Although NRC is taking corrective action to address the staff hour discrepancies and billing misallocations resulting from the migration, these actions are not yet complete. As a result, unreliable data may impair program monitoring and resource management, and requires additional NRC and industry resources to identify and fix errors. This report makes eight recommendations to strengthen Technical Specifications Branch knowledge management practices and enhance quality assurance measures for program data.

(Addresses Management and Performance Challenge # 1)

Audit of NRCs Special and Infrequently Performed Inspections OIG Strategic Goal: Safety NRC may conduct special and infrequent inspections using criteria in Inspection Manual Chapter (IMC) 2515 Appendix C. These inspections are in addition to baseline inspections conducted at commercial nuclear power plants in support of the Reactor Oversight Process. NRC conducts these special and infrequent inspections in response to safety and security events at nuclear power plants, and to ensure the safety of infrequent, but major plant licensing and maintenance activities.

NRC conducts IMC 2515 Appendix C inspections to evaluate emergent technical issues not related to plant licensee performance, fulfill NRCs obligations under domestic interagency memoranda of understanding such as information exchanges between NRC and States, Tribes, and local governments, and implement the requirements of Title 10 Code of Federal Regulations (10 CFR) Part 75 for treaties between the United States and the International Atomic Energy Agency. The audit objectives were to assess NRCs processes for (1) identifying conditions that warrant special and infrequently performed inspections at commercial power reactors under IMC 2515 Appendix C, and (2) conducting these inspections in accordance with agency guidance.

Audit Results:

NRC staff are required to review IMC 2515 Appendix C inspection procedures on a 4-year periodic basis. However, NRC staff do not consistently review all IMC 2515 Appendix C inspection procedures on a periodic basis as required because there is conflicting guidance and low staff awareness of procedural requirements for conducting these reviews. As a result, outdated IMC 2515 Appendix C inspection procedures could reduce the efficiency and effectiveness in the planning and performance of these inspections.

Additionally, NRC management is responsible for developing application controls to achieve validity, completeness, and accuracy of data processed in an information system. However, NRC staff incorrectly coded inspections under IMC 2515 April 1, 2018, to September 30, 2018 17

Appendix C in the agencys legacy Reactor Program System. This occurred because application controls in the Reactor Program System, operational before October 2017, were not sufficient to ensure proper coding of inspections to IMC 2515 Appendix C. Reliable data is important for effective management and oversight of NRCs inspection activities.

Inspections Performed Under IMC 2515 Appendix C 2008-2017 This report makes six recommendations regarding periodic assessments of IMC 2515 Appendix C inspection procedures and application controls in the Replacement Reactor Program System - Inspections Module.

(Addresses Management and Performance Challenge # 1) 18 NRC Office of the Inspector General Semiannual Report to Congress

NRC's OIG External Vulnerability Assessment and Penetration Test OIG Strategic Goal: Security The Federal Information Security Modernization Act of 2014 (FISMA) outlines the information security management requirements for Federal agencies, which includes an annual independent evaluation of the agencys information security program and practices to determine their effectiveness. FISMA requires the annual evaluation to be performed by the agencys Office of the Inspector General or by an independent auditor. NRC OIG retained Richard S. Carson & Associates, Inc., to perform the fiscal year 2017 FISMA evaluation, including conducting an external vulnerability assessment and penetration test. The objective of the testing was to verify the presence of network devices, identify vulnerabilities, determine risk, and aid management in countering or mitigating associated risks.

OIG conducted a vulnerability assessment and penetration testing of external Internet systems on the NRC computer network. The testing was conducted from Carson, Inc. Penetration Testing Lab in Bethesda, Maryland and the Washington, DC, metro area. As a result of the assessment and testing, OIG made one recommendation to the Executive Director for Operations that will improve NRCs information security program.

(Addresses Management and Performance Challenge # 3)

Audit of NRC's FY 2017 Compliance with Improper Payment Laws OIG Strategic Goal: Corporate Management The Improper Payments Information Act of 2002 (IPIA) requires each agency to annually estimate its improper payments. Subsequently, it was amended by the Improper Payments Elimination and Recovery Act of 2010 (IPERA), which requires Federal agencies to periodically review all programs and activities that the agency administers and identify all programs and activities that may be susceptible to significant improper payments. In addition, IPERA requires each agency to conduct recovery audits with respect to each program and activity of the agency that expends

$1,000,000 or more annually, if conducting such audits would be cost effective.

Later on, the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA) was signed into law on January 10, 2013. It amended IPIA by establishing the Do Not Pay Initiative, which directs agencies to verify the eligibility of payments using databases before making payments. On October 20, 2014, OMB issued Memorandum M-15-02, Appendix C to Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments. Appendix C April 1, 2018, to September 30, 2018 19

implements IPIA requirements. OMB guidance also specifies that each agencys Inspector General should review agency improper payment reporting in the agencys annual Performance and Accountability Report or Agency Financial Report (AFR),

and accompanying materials, to determine whether the agency complied with IPERA.

The audit objective was to assess NRCs compliance with IPIA, as amended by IPERA and IPERIA, and report any material weaknesses in internal control.

Audit Results:

Based on its review of NRCs FY 2017 AFR and other documentation provided by the agency, OIG determined that the agency is in compliance with the IPIA. NRC reported the required information and conducted the mandated risk assessment.

Although NRC had not yet taken final action on OIGs recommendation from the prior OIG audit regarding questioned costs that potentially should be included in NRCs improper payment reporting, the agency had taken steps to analyze the issue.

Thus, OIG concluded that agency reporting of improper payments is accurate and complete.

(Addresses Management and Performance Challenge # 5)

Audit of NRCs Oversight of the National Materials Program OIG Strategic Goal: Safety The National Materials Program is a term that has been used for many years to describe the broad collective effort within which both the NRC and the Agreement States function in carrying out their respective regulatory programs for agreement material. The National Materials Program covers activities separately carried out by NRC and the individual Agreement State programs as well as shared program activities between NRC and Agreement States. The National Materials Program concept evolved as the number of Agreement States grew, but to this day, the Program remains a term without a formal structure.

The audit objective was to determine if the National Materials Program is an effective and efficient framework for carrying out NRC and Agreement State radiation safety regulatory programs.

Audit Results:

OIG found that the National Materials Program provides a framework for carrying out NRC and Agreement State radiation safety regulatory programs; however, opportunities for improvement exist with regard to effectiveness. Specifically, NRC should improve its documentation and communication of the program framework.

20 NRC Office of the Inspector General Semiannual Report to Congress

National Materials Program Activities The National Materials Program framework is not well understood by stakeholders.

In order for a program to be effective at accomplishing its mission, stakeholders should share a common understanding of a program. However, the National Materials Program framework is not well documented or communicated and lacks a champion. As a result, Agreement States are not satisfied with the level of influence they have on the Program. This report makes two recommendations to improve the effectiveness of NRCs oversight of the National Materials Program through improving documentation and communication of the Program framework.

(Addresses Management and Performance Challenge # 2)

Audit of NRCs Consultation Practices with Federally Recognized Native American Tribal Governments OIG Strategic Goal: Safety The Federal Government has a unique legal and political relationship with Native American Tribes (Tribes) that arises from the U.S. Constitution. The Federal Government recognizes Tribes as domestic sovereign nations, and therefore, has acknowledged the inherent authority of Tribes to govern themselves. NRC conducts outreach to keep Tribes informed about the agencys actions and plans. NRC is required, by the National Historic Preservation Act of 1966 (NHPA), to consult with Tribes that attach religious or cultural significance to properties affected by NRC actions.

April 1, 2018, to September 30, 2018 21

The Federal, State, and Tribal Liaison Branch (FSTB) is responsible for helping to facilitate and coordinate any Tribal participation in relevant NRC activities.

The audit objective was to determine whether NRC fulfills its Tribal outreach and consultation responsibilities and requirements.

Audit Results:

NRC fulfills its Tribal outreach and consultation responsibilities and requirements; however, opportunities for improvement exist. Specifically, NRC should (1) clearly define FSTBs roles and responsibilities, (2) update internal guidance to include FSTB when conducting Tribal outreach and consultations, (3) establish qualification requirements for FSTB and training requirements for other NRC staff, and (4) include sufficient resources to allow for necessary outreach and consultation.

NRC staff do not consistently coordinate with FSTB even though the agency is to use all available resources to make its programs run more effectively and efficiently.

This occurs because NRC management does not provide sufficient attention to Tribal outreach and consultation practices. As a result, effective Tribal outreach and consultation are less likely to occur. This report makes five recommendations pertaining to defining FSTBs role and responsibilities, updating guidance, creating a qualification program, training, and ensuring sufficient resources are available to conduct outreach and consultation activities.

(Addresses Management and Performance Challenge # 2) 22 NRC Office of the Inspector General Semiannual Report to Congress

Audits in Progress Audit of Cyber Security at Nuclear Power Plants OIG Strategic Goal: Security Nuclear power facilities use digital and analog systems to monitor, operate, control, and protect their plants. Licensees are required to protect such systems and networks from cyber-attacks that would act to modify, destroy, or compromise the integrity or confidentiality of data or software; deny access to systems, services, or data; and impact the operation of systems, networks, and equipment. NRCs cyber security rule is a performance-based programmatic requirement that aims to ensure that the functions of digital computers, communication systems, and networks associated with safety, important-to-safety, security, and emergency preparedness are protected from cyber-attacks. Licensees are following a two-phased approach for implementation of the cyber security rule requirements, which include a cyber security plan.

NRC developed inspection procedures to verify that licensees are implementing their programs in accordance with the cyber security rule. Implementation and inspections of the first phase, Milestones 1-7, have been completed. The second phase, Milestone 8, relates to the full implementation of a licensees cyber security plan. Full implementation of the cyber security inspections was planned to start in July 2017, with all plants to be inspected over the next few years.

The audit objective is to determine whether the cyber security inspection program provides adequate protection of digital computers, communication systems, and networks associated with safety, important-to-safety, security, and emergency preparedness.

(Addresses Management Challenge # 3)

Audit of NRC Computer Code Sharing OIG Strategic Goal: Security NRCs Office of Nuclear Regulatory Research is responsible for NRC computer code sharing and distribution. This program involves the signing of international agreements that contemplate code sharing activities. These activities provide NRC codes to foreign counterparts in exchange for data related to NRC code application, verification, and validation.

The majority of the codes have no relevance to U.S. foreign policy; however, some codes are relevant to dealing with the production of special nuclear material (SNM) that is transferred to certain countries. In 2011, DOE revised Title 10 CFR Part April 1, 2018, to September 30, 2018 23

810 to formalize an agreed upon transparent coordination process related to NRC code sharing activities with foreign counterparts. This enhanced coordination includes exchange with certain foreign regulators, designated foreign entities and multinational entities (foreign counterparts).

DOE involvement with regard to code sharing is based on an NRC cross-check review of the sensitivity of the code and the country. Sensitive codes refer to codes that have the potential to be useful for formulating calculations that support the production of SNM and could be of interest to an adversary of the United States.

Based on the NRCs cross-check review, NRC will (1) distribute the code pursuant to an existing Umbrella Arrangement or stand-alone agreement; or (2) will notify, consult with, or request review by a DOE contact.

The audit objective is to determine whether NRCs internal and interagency procedures and processes provide adequate controls on code sharing activities.

(Addresses Management Challenge # 4)

Audit of NRCs Exercise of Its Early Out/Buyout Authority Strategic Goal: Corporate Management NRC received authority from the Office of Management and Budget to offer a limited number of early outs and/or buyouts to eligible employees in covered positions. The agency requested the early out/buyout authority to help reduce the size of and reshape the workforce consistent with its Project Aim and re-baselining efforts. Offering early outs and buyouts are part of NRCs plan to accelerate attrition and move forward with reducing the size of the workforce.

During the spring of FY 2016, NRCs Office of the Chief Human Capital Officer (OCHCO) identified a maximum of 212 early out/buyout slots available based on program office and position categories. Ninety-three requests were received and 86 slots were utilized. Again during the spring of FY 2017, OCHCO identified a maximum of 168 early out/buyout slots also based on program office and position categories. Fifty-five requests were received and 55 slots were utilized.

The audit objective is to assess NRCs early out/buyout policies, procedures, and practices to determine if workforce planning documentation, personnel staffing plans, and/or similar documents, were developed, communicated and applied as permitted by applicable criteria.

(Addresses Management Challenge # 4) 24 NRC Office of the Inspector General Semiannual Report to Congress

Audit of NRCs Fiscal Year 2018 Financial Statements Strategic Goal: Corporate Management Under the Chief Financial Officers Act and the Government Management and Reform Act, OIG is required to audit the financial statements of the NRC. The report on the audit of the agencys financial statements is due on November 15, 2018.

In addition, OIG will issue reports on NRCs

Special Purpose Financial Statements.

Condensed Financial Statements.

Compliance with the Improper Payments Elimination and Recovery Act of 2010.

The audit objectives are to

Express opinions on the agencys financial statements and internal controls,

Review compliance with applicable laws and regulations,

Review the controls in NRCs computer systems that are significant to the financial statements,

Assess the agencys compliance with OMB Circular A-123, Revised, Managements Responsibility for Enterprise Risk Management and Internal Control, and

Assess agency compliance with the Improper Payments Elimination and Recovery Act of 2010.

(Addresses Management Challenge # 5)

Audit of NRCs Generic Issues Program OIG Strategic Goal: Safety NRC is responsible for identifying issues that involve public health and safety, the common defense and security, or the environment in the assessment of plant operation. Issues that could affect multiple entities under NRC jurisdiction are characterized by NRC as generic issues. NRC documents and tracks resolution of generic issues and proposed generic issues, which can be identified by NRC staff or members of the public. Congress requires NRC to maintain this program.

In 2015, NRC revised its generic issues program guidance following an Office of the Executive Director for Operations-sponsored team review. As part of program enhancement, NRC implemented changes intended to improve timeliness and communications for the generic issues process. Additionally, NRCs generic April 1, 2018, to September 30, 2018 25

issues process was simplified by reducing the number of stages from five to three.

According to MD 6.4, Generic Issues Program, the three stage process for generic issues includes screening, assessment, and regulatory office implementation.

The resolution of generic issues may involve new or revised rules, new or revised guidance, or revised interpretation of rules or guidance that affect nuclear power plant licensees.

The audit objective is to determine whether NRC manages generic issues pertaining to commercial nuclear power reactor safety appropriately and in accordance with applicable agency guidance.

(Addresses Management Challenge # 1)

Audit of NRCs Grants Program OIG Strategic Goal: Corporate Management During FY 2017, NRC awarded 46 individual grants totaling $15 million to universities for scholarships, fellowships, and faculty development. In addition, the agency awarded grants to trade schools and community colleges. NRC intends grant funding to help support education in nuclear science, engineering, and related trades to develop a workforce capable of the design, construction, operation, and regulation of nuclear facilities and the safe handling of nuclear materials. NRCs grant program benefits the nuclear sector broadly, not primarily NRC.

The Office of Management and Budget requested that NRC develop performance metrics for the grants program and require grantees to address those metrics in 6-month performance progress reports. NRCs grant program supported over 500 students annually during that time, but directed most grant money to university faculty and university curriculum development. At the same time, NRC notes a critical workforce need in the trade and craft areas of nuclear education and observes that outreach to pre-college students is essential to enable students to make informed decisions about pursuing the study of nuclear technology.

The audit objectives are to determine if (1) NRCs policies and procedures for reviewing proposals for grants and for making awards comply with applicable Federal regulations and agency guidance, and (2) internal controls over the program are adequate.

(Addresses Management Challenge # 5) 26 NRC Office of the Inspector General Semiannual Report to Congress

Audit of NRCs License Amendment Request Review Process OIG Strategic Goal: Safety NRC has authority to amend licenses for operating and decommissioned reactors.

License amendments are changes to NRC issued licenses where a licensee submits a license amendment request (LAR) to the NRC for prior approval if the licensee proposes to modify the license terms and conditions or the technical specifications, or if a proposed change meets the criteria of 10 CFR 50.90.

The NRC license amendment process is governed by NRC regulations and regulatory guidance. Section 187 of the Atomic Energy Act, "Modification of License," states that the "terms and conditions of all licensees shall be subject to amendment, revision, or modification, by reason of amendments of this Act, or by reason of rules and regulations issued in accordance with the terms of this Act."

NRC regulations (primarily, 10 CFR 50.90, 10 CFR 50.91, and 10 CFR 50.92) govern license amendment applications and issuances.

Internal guidance for development and review of license amendments is provided in the Office of Nuclear Reactor Regulations (NRR) Office Instruction LIC-101, License Amendment Review Procedures, Revision 5, effective date of January 16, 2017. LIC- 101 directs NRC staff to conduct evaluations of the LAR which considers the technical, safety, and legal basis for the NRCs disposition of the LAR. NRR management is responsible for resolving staff concerns regarding the issuance or denial of a license amendment, the scope of review, resources or schedules for a review, or other matters related to the NRC disposition of a LAR.

The audit objective is to assess NRCs processes for reviewing nuclear power plant LARs, with emphasis on preliminary acceptance/rejection procedures and other actions taken to ensure timely, consistent, and well-supported decisions.

(Addresses Management Challenge # 1)

Audit of NRCs Process for Developing and Coordinating Research Plans OIG Strategic Goal: Safety NRCs regulatory research program addresses issues in nuclear reactors, nuclear materials, and radioactive waste. The Office of Nuclear Regulatory Research is a technical support office that supplies technical tools, analytical models, analyses, experimental data, and technical guidance to support NRCs regulatory programs and decisions.

April 1, 2018, to September 30, 2018 27

Agency research projects are conducted in accordance with user needs, research assistance requests, and research plans. User needs and research assistance requests focus on fulfilling specific needs for research in support of licensing and other regulatory functions. In contrast, a research plan typically integrates and coordinates work from a variety of sources including user requests, long-term research, and support for codes and standards development. Research plans require significant resources and document multiple facets of a regulatory issue with the main purpose of gaining a sound understanding of the underlying technical bases to aid regulatory decisionmaking and promulgating regulations and guidance.

Based on recommendations from Project Aim, the agency is working to enhance its effectiveness, efficiency, and agility. The process for developing and coordinating research plans should be consistent with these objectives to further NRCs mission on broad, complex, and crosscutting technical issues and challenges that have regulatory implications.

The audit objective is to assess the effectiveness and efficiency of the development, use, and coordination of research plans.

(Addresses Management Challenge # 2)

Independent Evaluation of NRCs Implementation of the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2018 On December 18, 2014, the President signed the Federal Information Security Modernization Act of 2014 (FISMA). FISMA outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by agency Inspectors General. In addition, FISMA includes provisions such as the development of minimum standards for agency systems, aimed at further strengthening the security of the Federal Government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.

FISMA provides the framework for securing the Federal Governments information technology including both unclassified and national security systems. All agencies must implement the requirements of FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.

The evaluation objective will be to conduct an independent assessment of the NRCs FISMA implementation for FY18.

(Addresses Management Challenge # 3) 28 NRC Office of the Inspector General Semiannual Report to Congress

Cyber security agent.

April 1, 2018, to September 30, 2018 29

NRC INVESTIGATIONS During this reporting period, OIG received 108 allegations, initiated 16 investigations, and closed 23 cases. Of the 23 closed cases, 6 resulted in issued reports.

Investigative Case Summaries Alleged Violations of Federal Acquisition Regulation System Requirements by NRC Contract Staff OIG Strategic Goal: Corporate Management OIG conducted an investigation into an allegation that NRC used unfair competitive practices in connection with a solicitation for services to develop long-term competency models for select mission critical NRC positions and provide a competency modeling system assessment tool for new and existing competency models.

NRC received two proposals in response to the solicitation. After the solicitation closed, a company contacted the NRC Office of Small Business and Civil Rights and OIG and alleged unfair competitive practices concerning the solicitation.

Investigative Results:

OIG did not find any evidence to support the allegation of unfair competitive practices.

However, the perception of unfair competitive practices steered the agency to cancel the solicitation. The perception was based upon the similarities of the solicitation and the methodology and approach of a competitive company. The agency resubmitted a new requisition/solicitation and a new contract was awarded to a contractor who was not involved in the previous solicitation.

(Addresses Management and Performance Challenge # 6)

Cyber Security Milestone 8 at Pilgrim Nuclear Power Station OIG Strategic Goal: Security OIG conducted an investigation into an allegation from several special interest groups regarding the timing of NRC's license amendment that allowed Pilgrim Nuclear Power Station (Pilgrim) to postpone a December 15, 2017, deadline for completing Cyber Security Milestone 8 until December 15, 2020. The NRC approved the license amendment on the December 15, 2017, deadline day. According to the allegers, the NRC staff might have revealed pre-decisional information by tipping off the licensee that they need not worry about the December 15, 2017, deadline because NRC would issue a last minute amendment.

30 NRC Office of the Inspector General Semiannual Report to Congress

NRC's cyber security rule is a performance-based programmatic requirement that aims to ensure that the functions of digital computers, communication systems, and networks associated with safety, important-to-safety, security, and emergency preparedness functions at nuclear power plants are protected from cyberattacks.

Licensees are following a two-phased approach for implementation of the cyber security rule requirements, which includes a cyber security plan. NRC developed inspection procedures to verify that licensees are implementing their programs in accordance with the cyber security rule. Implementation and inspections of the first phase, Milestones 1-7, have been completed. The final phase, Milestone 8, relates to the full implementation of a licensee's cyber security plan which includes installation and monitoring of security controls to protect against cyber-attacks. The NRC Milestone 8 cyber security inspections began in 2017 and the staff expects to have all plants inspected within the next few years.

Investigative Results:

OIG did not find evidence that the NRG revealed predecisional information to Pilgrim during the license amendment request (LAR) process. While the approval of the LAR did occur on the exact due date of December 15, 2017, for completing Milestone 8, OIG found no indications of any inappropriate interactions between the NRC and licensee staff.

OIG learned that the NRC inspected Pilgrim's implementation of Milestones 1 through 7 and found them acceptable. On March 30, 2017, Pilgrim submitted a LAR proposing a change to the plants Cyber Security Plan Milestone 8 full implementation date as set forth in the Cyber Security Plan Implementation Schedule. The NRC accepted the LAR, and thereafter began its safety review.

Approximately 8 months later, on November 15, 2017, the cybersecurity technical staff in the Office of Nuclear Security and Incident Response (NSIR) provided its safety evaluation for the plants LAR to the Office of Nuclear Reactor Regulation (NRR) Project Manager (PM). The NRR PM then put the amendment package together and provided it to the NRC Office of the General Counsel (OGC) for a legal review on November 28, 2017. OGC had concerns and engaged the staff to resolve. Multiple meetings on November 29th, December 7th, and December 13th occurred between OGC and the staff to address OGC's questions and comments.

Over this 2-week period, NRC reviewed and approved the safety evaluation report that provided the basis for approving the license amendment request. On December 14, 2017, OGC provided its no legal objection decision to the NRR PM, and on December 15, 2017, NRC issued the amendment.

On December 14, 2017, which was the day before the deadline, Pilgrims senior engineer for regulatory assurance provided a document to the plant describing the actions the plant had taken and would take to address Milestone 8. This document was going to be the base document for a Condition Report to address the potential violation for noncompliance with its license in the event the LAR was not be approved by the NRC.

(Addresses Management and Performance Challenge # 4)

April 1, 2018, to September 30, 2018 31

Concerns Pertaining to NRC Inspection Report 2017-003 at Diablo Canyon OIG Strategic Goal: Safety OIG conducted an investigation into an allegation that NRC staff failed to perform their inspection duties and were negligent when they let a nitrogen leak inside the containment area at a nuclear power plant go uncorrected for 8 months.

On April 6, 2013, a Diablo Canyon Nuclear Power Plant (Diablo Canyon) operator entered a notification in the plant's corrective action program identifying a pinhole leak downstream of the nitrogen six pack bottle outlet header stop valve, N2-0-16.

This notification also made a statement that there had been an increase in nitrogen usage at that time. Diablo Canyon engineering evaluated this leak and determined that it was a minimal leak of no immediate concern and that action was only warranted if the leakage became worse.

Two years later, on July 5, 2015, an operator wrote a second notification identifying higher nitrogen usage on Unit 2; Operations was using two to three nitrogen bottles per week. Leakage from the pinhole leak at N2-0-16 was re-identified and presumed the cause of the excessive leakage.

On May 20, 2016, Operations staff identified that nitrogen leakage had increased and that existing leak N2-0-16 might be the cause; N2-0-16 replacement occurred within a month. On August 3, 2016, Operations noticed another nitrogen leakage and a plan was developed and implemented to identify the source of the leak but it remained a low priority.

In approximately December 2016 and early 2017, nitrogen usage at the plant began increasing. From February- June 2017, Diablo Canyon Operations worked on identifying the source of the leakage. A notification on June 14, 2017, described that the nitrogen leakage had increased to one bottle every 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . OIG learned that up until this point, Diablo Canyon believed the nitrogen leakage was outside of containment. On July 19, 2017, an informal trouble shooting plan was developed to determine if the leakage was coming from inside of containment. On July 28, 2017, prior to entry into containment for routine rounds, Operations requested a sample of containment environment for habitability due to the known nitrogen leakage. The testing determined that an Immediately Dangerous to Life and Health atmosphere was present in the Unit 2 containment.

OIG learned that on July 28, 2017, Diablo Canyon, operating at 100-percent power, declared an Alert due to low oxygen levels inside containment. The cause of this Alert notification was a nitrogen leak inside the containment from a leaking relief valve (RV-355). The Alert was terminated approximately 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months later.

32 NRC Office of the Inspector General Semiannual Report to Congress

Investigative Results:

OIG found that the NRC inspectors and their supervisor, an NRC senior official, followed the Reactor Oversight Process for inspection duties and were not negligent when Diablo Canyon experienced a nitrogen leak inside containment. OIG found that the inspectors and the NRC senior official were not directly informed by the licensee of increased nitrogen usage, and NRC did not choose to inspect the associated corrective actions since they were not designated as risksignificant in Diablo Canyon's corrective action program.

(Addresses Management and Performance Challenge # 1)

Hostile Work Environment OIG Strategic Goal: Corporate Management OIG conducted an investigation into an allegation from an NRC employee that several current and former NRC employees were subjected to sexual harassment and workplace harassment by an NRC senior official. OIG learned that the employee filed an Equal Employment Opportunity (EEO) complaint against the NRC senior official in 2012, and entered into a settlement agreement. The employee later filed an appeal with the U.S. Equal Employment Opportunity Commission (EEOC) with a claim that the employee was coerced into signing the settlement agreement because NRC threatened to remove the employee from the employees position. EEOC later denied the appeal because the employee failed to present evidence of having been coerced into signing the agreement with NRC.

Investigative Results:

OIG determined that although the alleger and NRC entered into a settlement agreement in 2012 after the employee filed an EEO complaint against the NRC senior official alleging workplace and sexual harassment, there have not been any new complaints filed against the NRC senior official since 2012, and the NRC senior official is no longer in a supervisory role at the NRC. Of the six current and former NRC employees interviewed by OIG, three perceived the NRC senior official's management approach as workplace harassment and the remaining three perceived the NRC senior official as having poor leadership skills.

(Addresses Management and Performance Challenge # 6)

April 1, 2018, to September 30, 2018 33

Conflict of Interest in the Award of Task Orders by NRC Project Manager OIG Strategic Goal: Corporate Management OIG conducted an investigation into several allegations concerning an NRC senior official and the NRC contractor he oversaw. According to the alleger, (1) the NRC senior official had an improper relationship with the contractors Program Manager (PM); (2) after an NRC contractors work in Information Assurance was given to another NRC contractor, NRC blocked a company employee from getting another contract position at NRC; (3) The companys contract with NRC violated Federal guidelines because the company was fulfilling tasks for three components of IT Security: Audit, Review, and Documentation; and (4) The allegers allegations to the NRC OIG contributed to him losing his contract job.

Investigative Results:

OIG did not find evidence to substantiate that the NRC senior official had an inappropriate relationship with the contractor PM. OIG learned that the NRC senior official did not participate in the award of contract to contractor. OIG also learned that no additional work was awarded to the contractor.

OIG did not find evidence to substantiate that NRC personnel influenced the contractors decision to not employ his contract employee after his work at the NRC ended. Since the employee was a subcontract employee under an IT contact with NRC, he was not guaranteed other work at the NRC after the IT contract expired.

While OIG found that the contractor fulfilled tasks for NRC program offices in the audit, review, and documentation of IT systems, it did not identify any prohibitions of such activity. OIG learned that the contactor had separation of duties among its staff when fulfilling different components of IT security. OIG also referred this portion of the investigation to OIG Audits for consideration during their NRC Contract Administration Process Audit.

OIG did not find evidence that the allegers allegations to OIG prevented him from receiving another positon at the company. OIG began to conduct investigative leads regarding the allegers concerns several weeks after he had left his position and the companys contract with the NRC had expired.

(Addresses Management and Performance Challenge # 6) 34 NRC Office of the Inspector General Semiannual Report to Congress

Misrepresentation of the NRC OIG Strategic Goal: Security OIG conducted an investigation based on a request for assistance from a State Attorney Generals Office regarding a company owner misrepresenting his qualifications to various local, State, and Federal agencies. The individual owns a company that allegedly provides training to public sector law enforcement, security, and intelligence personnel in the use of a law enforcement/security instrument that detects deception from stress in someones voice. The Attorney Generals Office received a complaint that the owner of the company misrepresented his professional experience in his marketing and advertising materials to obtain business from various agencies. On his companys Web site, the owner made a claim that NRC accepted his technique and used it to screen applicants for access to nuclear power plants.

The Attorney Generals Office requested OIGs assistance in verifying the claim concerning the NRC.

Investigative Results:

OIG found no information to support the claim made by the owner on his companys Web site that NRC has accepted his technique. After being interviewed by the OIG, the owner removed the information from his Web site concerning the NRC accepting his technique.

(Addresses Management and Performance Challenge # 4)

Concerns Regarding Release of Radioactive Material into the Groundwater at Indian Point Nuclear Generating Units OIG Strategic Goal: Safety OIG initiated this investigation in response to a letter from U.S. Senator Kirsten Gillibrand to the NRC Chairman expressing concern over the 2016 accidental release of radioactive material into the groundwater at the Indian Point Energy Center (IPEC) in Buchanan, NY. Senator Gillibrand characterized this as the latest incident in a troubling pattern of unplanned shutdowns, transformer problems, and releases of radioactive materials into the groundwater at these aging plants. The letter expressed concern that IPEC personnel were aware of related equipment problems as early as 2014, but failed to adequately repair or replace the equipment.

Senator Gillibrand questioned whether additional NRC oversight was warranted for this aging plant, whether NRCs resident inspectors at IPEC were aware of the malfunctioning equipment that caused the recent leak, whether it was flagged as a potential issue prior to the leak, and why the problem was not repaired in 2014.

April 1, 2018, to September 30, 2018 35

OIG sought to assess whether the accidental releases of radioactive material into the groundwater, since 2014, (1) impacted public health and safety and (2) whether appropriate actions were taken in accordance with NRCs regulatory oversight.

Since 2005, IPEC has a history of groundwater contamination from unintended releases of radioactive material, and this issue continues today. The radioactive material, or isotope, that is typically identified is tritium. Tritium is a mildly radioactive type of hydrogen found in water that is released from nuclear power plants under controlled, monitored conditions. The NRC sets mandated standards for radioactive material that protect public health and safety.

Under its long-term monitoring plan, IPEC quarterly tests water samples from approximately 60 monitoring wells located throughout the plant site to determine radioactivity levels in the ground water. If the test results exceed the standards, IPEC has a regulatory process to follow that includes informing the NRC.

OIG learned that IPEC has identified several instances of elevated levels of radioactivity in the ground water, especially during the approximate biennial outage periods, when the plant is shut down for maintenance. These instances began in 2010 and have occurred every 2 years since then. According to the NRC, to date, the ground water contamination events and elevated levels of radioactive material have been within regulatory limits. The NRC has confirmed this finding by reviewing the bounding analyses performed by the licensee to ensure there is no safety impact to the public. Bounding analysis, as described in Regulatory Guide 1.21, is a mathematical evaluation where compliance can be demonstrated using conservative assumptions.

Investigative Results:

OIG found the releases of radioactive material in the groundwater were within regulatory public health and safety limits. Additionally, OIG found that NRC has consistently provided both routine and supplemental inspection oversight, with emphasis during outages, as a result of these leaks. Even though the source of the leaks were within the Radioactive (RAD) waste system, which is not considered safety-related, NRC has issued three regulatory actions of which one pertains to future concerns with decommissioning. Specifically, the regulatory actions were: (1) a Non-Cited Violation (NCV) issued in November 2015, (2) an Unresolved Item (URI) issued in May 2016, and (3) a Notice of Violation (NOV) issued in January 2017.

In response to Senator Gillibrands concerns about leakage, between 2014 and 2016, OIG identified and reviewed six NRC integrated inspection reports issued from August 2014 through January 2017 documenting NRCs oversight of four leaks, with separate sources, that occurred within this timeframe.

The first leak was identified during a March 2014 refueling outage when IPEC noted an increase in tritium concentrations in groundwater monitoring wells near the Unit 2 spent fuel pool. The source of the leak was a blocked flow drain in the RAD 36 NRC Office of the Inspector General Semiannual Report to Congress

waste system that overflowed to the groundwater. This floor drain was receiving contaminated reactor coolant from the Unit 2 containment spray header system.

The licensee identified an inappropriate outage practice as well as began extracting groundwater at a monitoring well to lower the localized concentration of tritium.

On November 15, 2015, NRC issued a Green NCV of Title 10 of the Code of Federal Regulations (10 CFR) 20.1406(c), in that Entergy did not conduct operations to minimize the introduction of residual radioactivity into the site. IPEC identified a second leak of tritium into the groundwater based on monitoring well results obtain in February 2015. Although the source of this leak was not identified, the NRC did include this leak with the violation for the March 2014 previously discussed.

In January 2016, IPEC identified a third leak while preparing for the Unit 2 refueling outage. This leak was attributed to an inoperable RAD waste pump and a temporary drain path arrangement that was not fully evaluated to prevent potential groundwater contamination spills. Approximately 6 months later, in the June/July timeframe, and during the investigation of the source of the third leak, IPEC discovered a fourth leak. The source of this fourth leak was an obstructed RAD waste floor drain which spilled to the subfloor and contaminated the onsite groundwater. NRC enforced both the third and fourth leak by issuing IPEC an NOV of 10 CFR 20.1406 (c),

Minimization of Contamination, in accordance with their enforcement policy for IPECs failure to conduct operations to minimize the introduction of residual radioactivity into the subsurface of the site (groundwater).

As of the reporting of this investigation, IPECs NOV remains open and OIG learned that a fifth leak of ground water contamination was found in 2018.

(Addresses Management and Performance Challenge # 1)

Ownership of a Prohibited Security by NRC Employee OIG Strategic Goal: Corporate Management OIG conducted an investigation into an allegation that an NRC senior official held a stock listed on the NRC Prohibited Securities List in 2017, as disclosed on his Office of Government Ethics (OGE) Form 450 for that year. NRC addressed the issue with the employee holding a stock on the prohibited securities list by requiring him to divest the stock. OIG reviewed the circumstances surrounding the NRC senior officials ownership of the prohibited stock, and whether he was involved in any regulatory matters which had an impact on the companys stock that he was prohibited from owning.

Investigative Results:

OIG confirmed that the NRC senior official held stock on NRCs prohibited securities list in reportable year 2018, and that the stock was sold at OGCs request April 1, 2018, to September 30, 2018 37

on January 18, 2018. OIG found that the NRC senior official did not have any regulatory oversight responsibilities pertaining to the company on the NRC prohibited securities list.

(Addresses Management and Performance Challenge # 6)

NRC's Failure To Apply License Renewal Rules in a Consistent Manner OIG Strategic Goal: Safety OIG conducted an investigation into an allegation that differences between the reactor coolant system (RCS) Alloy 600 aging management programs under the renewed operating licenses at two different nuclear power plants reflected violations of NRC regulations. It was alleged that either regulation 10 CFR 50.100, Revocation, Suspension, Modification, Amendment of Licenses and Construction Permits, Emergency Operations by the Commission, or regulation 10 CFR 50.109, Backfitting, was being violated. To impose a backfit requirement necessitates a specific and documented cost-benefit review process, which the alleger believes was not done in the first plants license renewal process, in violation of NRC regulations.

The allegation further asserted that if that plants Alloy 600 aging management program was a backfit deemed necessary for adequate protection, then the other plant would be in violation of NRC 10 CFR § 50.100 regulation by not maintaining a similar program under its renewed operating license because such a program would also be necessary for adequate protection due to the similarities of the plants.

Regarding the other regulation cited by the alleger, 10 CFR § 50.100, Revocation, suspension, modification of licenses, permits, and approvals for cause, provides the basis for the NRC to revoke, suspend, or modify, in whole or in part, a license for any material false statement in the application or in the supplemental or other statement of fact required of the applicant. 10 CFR § 50.109, Backfitting, limits the ability of the NRC to impose upon licensees new requirements which may result from a new or amended provision in the Commission's regulations or the imposition of a regulatory staff position interpreting the Commission's regulations that is either new or different from a previously applicable staff position. In simplest terms, new NRC regulatory requirements that are based on changes or revisions to applicable NRC regulations, or to NRC staff regulatory guidance documents, such as Regulatory Guides (RG), some NRC NUREG publications, and other Commission or NRC staff papers, may only be imposed retroactively on licensees under certain conditions. In most instances, before imposing the new or revised requirements, a formal regulatory cost-benefit analysis must be conducted by the NRC showing that the substantial increase in protection from the new requirements justifies the added operating cost to the licensee. For example, one of NRCs internal guidance documents that is non-public and is titled, Research Office Instructions, TEC-004, Regulatory Guide Review, Development, Revision and Withdrawal Process, 38 NRC Office of the Inspector General Semiannual Report to Congress

describes the process NRC staff follow for updating RG. It states that unless the revised RG is classified as mandatory, existing licensees are not required to use the new version of the RG.

Investigative Results:

OIG did not find that the NRC was violating 10 CFR 50.100 or 10 CFR 50.109 in its implementation of the reactor operating license renewal rule. OIG did not substantiate that differences in practices at two comparative plants constitute a violation of NRC regulations. OIG found that both plants licenses were renewed under the same revision of the applicable NRC requirements; thus, the differences in the two plants Alloy 600 aging management programs were because one plant voluntarily made non-mandatory changes while the other chose not to.

OIG learned that the backfit issues are currently being resolved via a large-scale and agencywide effort that is ongoing.

(Addresses Management and Performance Challenge # 1)

April 1, 2018, to September 30, 2018 39

DEFENSE NUCLEAR FACILITIES SAFETY BOARD Congress created the Defense Nuclear Facilities Safety Board (DNFSB) as an independent agency within the executive branch to identify the nature and consequences of potential threats to public health and safety at the Department of Energys (DOE) defense nuclear facilities, to elevate such issues to the highest levels of authority, and to inform the public. Since DOE is a self-regulating entity, DNFSB constitutes the only independent technical oversight of operations at the Nations defense nuclear facilities. DNFSB is composed of experts in the field of nuclear safety with demonstrated competence and knowledge relevant to its independent investigative and oversight functions.

The Consolidated Appropriations Act, 2014, provided that notwithstanding any other provision of law, the Inspector General of the Nuclear Regulatory Commission is authorized in 2014 and subsequent years to exercise the same authorities with respect to the Defense Nuclear Facilities Safety Board, as determined by the Inspector General of the Nuclear Regulatory Commission, as the Inspector General exercises under the Inspector General Act of 1978 (5 U.S.C. App.) with respect to the Nuclear Regulatory Commission.

40 NRC Office of the Inspector General Semiannual Report to Congress

DNFSB MANAGEMENT AND PERFORMANCE CHALLENGES Most Serious Management and Performance Challenges Facing the Defense Nuclear Facilities Safety Board*

as of October 1, 2017 (as identified by the Inspector General)

Challenge 1: M anagement of a healthy and sustainable organizational culture and climate.

Challenge 2: M anagement of security over internal infrastructure (personnel, physical, and cyber security) and nuclear security.

Challenge 3: Management of administrative functions.

Challenge 4: Management of technical programs.

For more information on the challenges, see DNFSB-18-A-01, Inspector Generals Assessment of the Most Serious Management and Performance Challenges Facing the Defense Nuclear Facilities Safety Board. https://www.nrc.gov/docs/ML1729/

ML17291A571.pdf April 1, 2018, to September 30, 2018 41

DNFSB AUDITS To help the agency improve its effectiveness and efficiency during this period, OIG completed one performance audit, resulting in recommendations to DNFSB management. The audit is summarized below.

Audit Summaries Audit of the DNFSBs Implementation of its Governing Legislation In 1988 Congress created DNFSB as an independent executive branch agency to provide independent analysis, advice, and recommendations to the Secretary of Energy regarding adequate protection of public health and safety at DOE defense nuclear facilities. There are 14 major defense nuclear facilities under DNFSBs jurisdiction. As of March 31, 2018, DNFSB had 117 full time employees, including 4 Board members. DNFSB is supported by an annual budget of approximately $31 million. DNFBSs enabling statute allows it to establish reporting requirements for DOE. These reporting requirements are binding upon the Secretary of Energy, may accompany a report DNFSB staff have prepared on a safety issue, may request a briefing from DOE, or be a standalone request for information from a Board member.

The audit objective was to review the role and structure of DNFSB to determine (1) whether the Board is operating in accordance with applicable laws and (2) whether the role and structure is effective to facilitate the agencys mission.

Audit Results:

The audit did not find any evidence that DNFSB is not operating in accordance with its enabling statute, the National Defense Authorization Act, Fiscal Year (FY) 1989, and any amendments thereto. However, OIG identified improvements DNFSB should make to more effectively accomplish its mission. Specifically, OIG noted a stark disagreement among Board members on how and when reporting requirements should be issued, as illustrated by the FY 2016 and 2017 notational voting records.

The disagreement regarding issuance of reporting requirements continues because DNFSB has no internal policy that identifies the circumstances that warrant issuance of a reporting requirement.

OIG also identified low employee morale and a lack of collegiality and/or cohesion among the Board members as issues consistently identified in multiple agencywide surveys. These issues are longstanding because the Board has not taken sufficient action to adequately and directly address these concerns.

While OIG did not identify any specific instances of DNFBSs mission being impacted by these two issues, they should be of concern to the Board. Low employee morale and lack of Board collegiality are significant organizational challenges for 42 NRC Office of the Inspector General Semiannual Report to Congress

DNFSB. Moreover, the Board sets the tone at the top for DNFSBs guidance values and principles. Whatever tone the Board members set has an effect on DNFSB employees.

(Addresses Management and Performance Challenge #1)

Audits in Progress Audit of DNFSB's Issue and Commitment Tracking System (IACTS) 3.0 and Its Related Processes The Defense Nuclear Facilities Safety Boards (DNFSB) Issue and Commitment Tracking System (IACTS) 3.0 is an electronic repository that DNFSBs technical staff uses to support the management of Board member commitments.

Commitments are the follow-up actions to be completed on any potential safety items identified at defense nuclear facilities, and generally consist of internal written products owed by DNFSBs technical staff to the Board, or Department of Energy (DOE) responses to Board requests.

Staff monitor potential safety items through staffs corresponding electronic lists that are closely tied to IACTS 3.0. Because IACTS 3.0 and its corresponding lists serve as the central repository for all safety-related DOE information, these systems work closely with several other internal DNFSB processes that may involve Board safety decisions.

During the 2016 Audit of DNFSBs Oversight of Construction Projects at Defense Nuclear Facilities, OIG determined IACTS guidance did not adequately detail what information should be included in the system. As a result, DNFSBs Technical Staff inconsistently completed information in IACTS and infrequently updated the IACTS entries. However, it should be noted that, since 2016, IACTS has been through several changes and has evolved from IACTS to its current version, IACTS 3.0.

The audit objective is to determine if IACTS 3.0 and its related processes are effective in helping DNFSB accomplish its mission.

Audit of DNFSBs Fiscal Year 2018 Financial Statements Under the Chief Financial Officers Act, as updated by the Accountability of Tax Dollars Act of 2002 and OMB Bulletin 15-02, Audit Requirements for Federal Financial Statements, OIG is required to audit DNFSBs financial statements. The report on the audit of DNFSBs financial statements is due on November 15, 2018.

April 1, 2018, to September 30, 2018 43

The audit objectives are to

Express opinions on DNFSBs financial statements and internal controls.

Review compliance with applicable laws and regulations.

Review the controls in DNFSBs computer systems that are significant to the financial statements.

Assess the agencys compliance with OMB Circular A-123, (Revised),

Managements Responsibility for Enterprise Risk Management and Internal Control.

(Addresses Management and Performance Challenge # 3) 44 NRC Office of the Inspector General Semiannual Report to Congress

SUMMARY

OF OIG ACCOMPLISHMENTS AT NRC April 1, 2018 - September 30, 2018 Investigative Statistics Source of Allegations NRC Employee 29 NRC Management 10 General Public 28 OIG Proactive Initiatives 1 Anonymous 36 Contractor 3 Regulated Industry 1 Allegations resulting from the NRC OIG Hotline calls: 57 Total: 108 Disposition of Allegations Total 108 Closed Administratively 35 Referred for OIG Investigation 13 Referred to Management and Staff 34 Pending Review Action 9 Correlated to Existing Case 16 Referred to other agency 1 April 1, 2018, to September 30, 2018 45

Status of Investigations DOJ Referrals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 DOJ Declinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 DOJ Pending . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Criminal Informations/Indictments . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Criminal Convictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Criminal Penalty Fines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Civil Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 State and Local Referrals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 NRC Administrative Actions:

Counseling and Letter of Reprimand . . . . . . . . . . . . . . . . . . . . . . . . 1 Terminations and Resignations . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Suspensions and Demotions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Other (e.g., PFCRA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Summary of Investigations Classification of Opened Closed Reports Cases in Investigations Carryover Cases Cases Issued* Progress Conflict of Interest 1 0 0 0 1 Employee Misconduct 22 10 13 3 19 External Fraud 10 0 3 1 7 Internal Fraud 1 0 0 0 1 Management Misconduct 11 5 3 1 14 Miscellaneous 4 0 1 0 3 Proactive Initiatives 3 0 0 0 3 Technical Allegations 7 1 2 0 6 Theft 1 0 1 1 0

Total 60 16 23 6 54

Number of reports issued represents the number of closed cases where allegations were substantiated and the results reported outside of OIG.

46 NRC Office of the Inspector General Semiannual Report to Congress

NRC AUDIT LISTINGS Date Title Audit Number 09/26/18 Audit of NRC's Force-on-Force Security Inspections of OIG-18-A-21

Fuel Cycle Facilities 09/12/18 DCAA Audit Report, Independent Audit report on Qi OIG-18-A-20

Tech, LLCs Proposed Amounts on Unsettled Flexibly

Priced Contracts for FY 2015, dated June 29, 2018 09/12/18 DCAA Audit Report, Supplemental to Independent Audit OIG-18-A-19

Report on Qi Tech, LLCs Proposed Amounts on Unsettled

Flexibly Priced Contracts for FY 2013 and 2014, dated June 4, 2018 09/12/18 Audit of NRCs Process for Reimbursing Agreement State OIG-18-A-18

Personnel Training Expenses 07/11/18 Evaluation of NRCs Oversight of the Agencys Federally OIG-18-A-17

Funded Research and Development Center Contract 06/21/18 Evaluation of NRCs Headquarters Operations Center OIG-18-A-16

Staffing 06/18/18 Audit of NRCs Process for Modifying and Communicating OIG-18-A-15

Standard Technical Specifications 06/06/18 NRCs OIG External Vulnerability Assessment and OIG-18-A-14

Penetration Test 05/16/18 Audit of NRCs Special and Infrequently Performed OIG-18-A-13

Inspections 05/14/18 Audit of NRCs Fiscal Year (FY) 2017 Compliance with OIG-18-A-12

Improper Payment Laws 04/04/18 Audit of NRCs Oversight of the National Materials Program OIG-18-A-11 04/04/18 Audit of NRCs Consultation Practices with Federally OIG-18-A-10

Recognized Native American Tribal Governments April 1, 2018, to September 30, 2018 47

NRC Contract Audit Reports OIG Issue Date Contractor/Title/Contract Number Questioned Costs Unsupported Costs 07/05/18 QI TECH, LLC $322,910 0

Independent Audit Report on

Qi Tech, LLCs Proposed Amounts

on Unsettled Flexibly Priced

Contracts for Fiscal Year

2015

NRC-HQ-7G-14-C-0001

N00178-11-D-6657 07/05/18 QI TECH, LLC $356,009 0

Supplement to Independent Audit Report on Qi Tech, LLCs proposed Amounts on Unsettled Flexibly Priced Contracts for FYs 2013 and 2014 NRC-08-09-306 NRC-HQ-7G-14-C-0001 48 NRC Office of the Inspector General Semiannual Report to Congress

Audit Resolution Activities TABLE I OIG Reports Containing Questioned Costs1

Questioned Unsupported Number of Costs Costs Reports Reports (Dollars) (Dollars)

A. For which no management decision had been made by the commencement of the reporting period 2 $1,510,1282 0 B. Which were issued during the reporting period 2 $678,919 0 Subtotal (A + B) 4 $2,189,047 0 C. For which a management decision was made during the reporting period:

(i) dollar value of disallowed costs 0 0 0 (ii) dollar value of costs not disallowed 0 0 0 D. For which no management decision had been made by the end of the reporting period 4 $2,189,047 0 1

uestioned costs are costs that are questioned by the OIG because of an alleged violation of a provision of a law, Q

regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the audit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable.

2 Questioned costs that pertained to another agency were included in the previous semiannual report to Congress.

These questioned costs have subsequently been removed.

April 1, 2018, to September 30, 2018 49

TABLE II OIG Reports Issued with Recommendations That Funds Be Put to Better Use3 Number of Dollar Value Reports Reports of Funds A. For which no management decision 0 0 had been made by the commencement of the reporting period

B. Which were issued during the 0 0 reporting period

C. For which a management decision was made during the reporting period:

(i) dollar value of recommendations 0 0 that were agreed to by management (ii) dollar value of recommendations 0 0 that were not agreed to by management D. For which no management decision had 0 0 been made by the end of the reporting period 3

A recommendation that funds be put to better use is a recommendation by the OIG that funds could be used more efficiently if NRC management took actions to implement and complete the recommendation, including reductions in outlays; deobligation of funds from programs or operations; withdrawal of interest subsidy costs on loans or loan guarantees, insurance, or bonds; costs not incurred by implementing recommended improvements related to the operations of NRC, a contractor, or a grantee; avoidance of unnecessary expenditures noted in preaward reviews of contract or grant agreements; or any other savings which are specifically identified.

50 NRC Office of the Inspector General Semiannual Report to Congress

TABLE III NRC Significant Recommendations Described in Previous Semiannual Reports on Which Corrective Action Has Not Been Completed Date Report Title Number 5/26/2003 Audit of NRCs Regulatory Oversight of Special Nuclear Materials OIG-03-A-15

Recommendation 1: Conduct periodic inspections to verify that material licensees comply with material control and accounting (MC&A) requirements, including, but not limited to, visual inspections of licensees s pecial nuclear material (SNM) inventories and validation of reported information.

Recommendation 3: Document the basis of the approach used to risk inform NRCs oversight of MC&A activities for all types of materials licensees.

April 1, 2018, to September 30, 2018 51

SUMMARY

OF OIG ACCOMPLISHMENTS AT DNFSB April 1, 2018, through September 30, 2018 Investigative Statistics Source of Allegations DNFSB Employee 0 DNFSB Management 1 Allegations Received from NRC OIG Hotline: 1 Total: 1 Disposition of Allegations Total 1 Referred for OIG Investigation 0 Pending Review Action 0 Closed Administratively 1 Referred to Other Agency 0 52 NRC Office of the Inspector General Semiannual Report to Congress

Status of Investigations DOJ Referrals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 DOJ Declinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 DOJ Pending . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Criminal Informations/Indictments . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Criminal Convictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Criminal Penalty Fines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Civil Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 State and Local Referrals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Criminal Informations/Indictments . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Criminal Convictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Civil Penalty Fines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Civil Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 DNFSB Administrative Actions:

Counseling and Letter of Reprimand . . . . . . . . . . . . . . . . . . . . . . . . 0 Terminations and Resignations . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Suspensions and Demotions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Other (e.g., PFCRA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 Summary of Investigations Classification of Opened Closed Reports Cases in Investigations Carryover Cases Cases Issued4 Progress Employee Misconduct 1 1 0 0 1 Management Misconduct 6 1 1 0 7 Proactive Initiatives 2 0 1 0 1

Total 9 2 2 0 9 4

Number of reports issued represents the number of closed cases where allegations were substantiated and the results were reported outside of OIG.

April 1, 2018, to September 30, 2018 53

DNFSB Audit Listings Date Title Audit Number 05/29/18 Audit of the DNFSBs Implementation of DNFSB 18-A-05

Its Governing Legislation 54 NRC Office of the Inspector General Semiannual Report to Congress

DNFSB AUDIT RESOLUTION ACTIVITIES TABLE I OIG Reports Containing Questioned Costs 5 Questioned Unsupported Number of Costs Costs Reports Reports (Dollars) (Dollars)

A. For which no management decision had been made by the commencement of the reporting period 0 0 0 B. Which were issued during the reporting period 0 0 0 Subtotal (A + B) 0 0 0 C. For which a management decision was made during the reporting period:

(i) dollar value of disallowed costs 0 0 0 (ii) dollar value of costs not disallowed 0 0 0 D. For which no management decision had been made by the end of the reporting period 0 0 0 5

Questioned costs are costs that are questioned by the OIG because of an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the audit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable.

April 1, 2018, to September 30, 2018 55

TABLE II OIG Reports Issued with Recommendations That Funds Be Put to Better Use 6 Number of Dollar Value Reports Reports of Funds A. For which no management decision 0 0 had been made by the commencement of the reporting period

B. Which were issued during the 0 0 reporting period

C. For which a management decision was made during the reporting period:

(i) dollar value of recommendations 0 0 that were agreed to by management (ii) dollar value of recommendations 0 0 that were not agreed to by management D. For which no management decision had 0 0 been made by the end of the reporting period 6

A recommendation that funds be put to better use is a recommendation by the OIG that funds could be used more efficiently if NRC management took actions to implement and complete the recommendation, including reductions in outlays; deobligation of funds from programs or operations; withdrawal of interest subsidy costs on loans or loan guarantees, insurance, or bonds; costs not incurred by implementing recommended improvements related to the operations of NRC, a contractor, or a grantee; avoidance of unnecessary expenditures noted in preaward reviews of contract or grant agreements; or any other savings which are specifically identified.

56 NRC Office of the Inspector General Semiannual Report to Congress

NRC UNIMPLEMENTED RECOMMENDATIONS Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2003 Audit of NRCs OIG-3-A-15 5/23/03 2 $0 NRC is responsible for developing the regulatory Regulatory framework, analytical tools, and data needed to ensure Oversight of safe and secure storage, transportation, and disposal of Special Nuclear spent nuclear fuel. For both operating and permanently Materials shut down nuclear power plants in the United States, there are a total of 93 spent fuel pools that currently store spent fuel. Recent NRC staff studies demonstrating the safety of spent fuel pools and the safety of continued storage of spent fuel at reactor sites highlight the need to ensure the safety of pool operations for longer periods than originally envisioned.

The audit objective was to determine whether NRCs oversight of spent fuel pools and the nuclear fuel they contain provides adequate protection for public health and safety, and the environment. The report made four recommendation to improve oversight of spent fuel pools. Agency management agreed with the report.

2011 Audit of NRCs OIG-11-A-15 7/27/11 2 $0 The President of the United States has directed Federal Shared S Drive agencies to promote information sharing with the public and improve the transparency of Government operations.

Nevertheless, applicable laws and Government wide policies require NRC and other Federal agencies to protect some types of information against accidental or intentional disclosure. NRC staff process on agency networks a category of sensitive unclassified information unique to NRC called Sensitive Unclassified Non-Safeguards Information (SUNSI) on agency networks. NRC defines SUNSI as:

any information of which the loss, misuse, modification, or unauthorized access can reasonably be foreseen to harm the public interest, the commercial or financial interests of the entity or individual to whom the information pertains, the conduct of NRC and Federal programs, or the personal privacy of individuals. NRC staff can process electronic documents containing SUNSI in a variety of ways including on shared network drives.

Regardless of how NRC employees exchange SUNSI on agency networks, Federal law requires that NRC maintain adequate controls over the confidentiality, integrity, and availability of this information.

The audit objective was to assess whether NRC effectively protects electronic documents containing Personally Identifiable Information and other types of SUNSI on NRCs shared network drives. The audit report made five recommendations to improve training, communication, coordination, and quality assurance controls to ensure SUNSI is appropriately managed.

Agency management agreed with the report.

April 1, 2018, to September 30, 2018 57

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2013 Audit of NRCs OIG-13-A-02 10/24/12 1 $0 The Omnibus Budget Reconciliation Act of 1990 Process for (OBRA-90), as amended, requires that NRC recover, Calculating through fees assessed to its applicants and licensees, License Fees approximately 90 percent of its budget authority

[less amounts appropriated for waste incidental to reprocessing activities and amounts appropriated for generic homeland security activities (non-fee items)].

NRC assesses two types of fees to meet the requirements of OBRA user fees and annual fees. First, user fees, presented in Title 10, Code of Federal Regulations (10 CFR),Part 170, under the authority of the Independent Offices Appropriation Act of 1952, recover NRCs costs of providing special benefits to identifiable applicants and licensees. Second, annual fees, presented in 10 CFR Part 171 under the authority of OBRA-90, as amended, recover generic regulatory costs not recovered through 10 CFR Part 170 fees. On an annual basis, NRC amends the licensing, inspection, and annual fees. Additionally, NRC publishes the annual Fee Rule in the Federal Register.

The audit objective was to determine if NRC has established and implemented management controls to ensure that the license fee calculation process produces timely and accurate fees in accordance with applicable requirements. The audit report made four recommendations to further improve the license fee calculation process. Agency management agreed with the report.

58 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2013 Audit of NRCs OIG-13-A-16 4/1/13 2 $0 NRC developed its Safeguards Information Local Area Safeguards Network and Electronic Safe (SLES) system to store Information Local and manage electronic Safeguards Information (SGI)

Area Network and documents.

Electronic Safe SLES features two distinct components: a secure wireless Local Area Network (LAN) and an electronic safe (E-Safe) for SGI documents. The SGI LAN component is a network with a secure architecture and is dedicated for use in SGI data processing. The E-Safe component is a secure electronic data repository for SGI records. E-Safe users are able to create, capture, search, and retrieve data from this repository.

The audit objective was to determine if SLES meets its operational capabilities and applicable security controls.

The audit report made seven recommendations to improve the agencys SLES system. Agency management agreed with the report.

2013 Audit of NRCs OIG-13-A-18 5/7/13 1 $0 The U.S. Government requires Federal agencies to Budget Execution establish an effective funds control process to ensure Process funds are used only for the purpose set forth by Congress and that expenditures do not exceed amounts authorized. NRCs budget process consists of strategic planning; budget formulation; submission of the agencys budget to OMB and Congress; approval of the budget by Congress; budget execution; and the reporting of budget and performance results. The budget execution phase refers generally to the time period during which the budget authority made through an appropriation remains available for obligation by NRC.

The audit objectives were to determine whether (1) NRC maintains proper financial control over appropriated and apportioned funds to ensure compliance with applicable Federal laws, policies, and regulations and (2) opportunities exist to improve the budget execution process. The audit report made eight recommendations to improve the internal controls over the management of budget execution. Agency management agreed with the report.

April 1, 2018, to September 30, 2018 59

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2014 Audit of NRCs OIG-14-A-02 10/28/13 1 $0 The Atomic Energy Act of 1954, as amended, and NRC Oversight regulations limit commercial nuclear power reactor of Active licenses to an initial 40 years. Due to this selected period, Component Aging some components may have been engineered on the basis of an expected 40-year service life. Components degraded due to aging have caused reactor shutdowns, failure of safety-related equipment, and reduction in the safety margin of operating nuclear power plants.

Therefore, effective and proactive management of aging of components is a key element for safe and reliable nuclear power plant operation.

NRC has established commercial nuclear power reactor industry requirements that exclude some components referred to as active componentsfrom a license renewal aging management review. Active components are those that perform their intended functions with moving parts or a change in state. According to NRC, active components are not subject to review as part of NRCs review of license renewal applications because of the existing regulatory process and existing licensee programs and activities.

The objective of this audit was to determine if NRC is providing effective oversight of industrys aging component programs. The audit report made two recommendations to improve the agencys oversight of aging active component activities. Agency management provided formal comments to the report.

2015 Audit of NRCs OIG-15-A-06 2/10/15 2 $0 NRC is responsible for developing the regulatory Oversight of framework, analytical tools, and data needed to ensure Spent Fuel Pools safe and secure storage, transportation, and disposal of spent nuclear fuel. For both operating and permanently shut down nuclear power plants in the United States, there are a total of 93 spent fuel pools that currently store spent fuel. Recent NRC staff studies demonstrating the safety of spent fuel pools and the safety of continued storage of spent fuel at reactor sites highlight the need to ensure the safety of pool operations for longer periods than originally envisioned.

The audit objective was to determine whether NRCs oversight of spent fuel pools and the nuclear fuel they contain provides adequate protection for public health and safety, and the environment. The report made four recommendation to improve oversight of spent fuel pools. Agency management agreed with the report.

60 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2015 Audit of NRCs OIG-15-A-12 3/19/15 2 $0 NRC is required by law to offset a substantial percent of Internal Controls its budget authority through fees billed to licensees and Over Fee Revenue license applicants.

NRC provides licensing services to agency licensees and license applicants. The agency recovers the costs to provide licensing services by invoicing licensees and applicants for staff time and contractor costs. Each fiscal year, NRC publishes a schedule of fees in CFR Part 170 for licensing services directly provided to NRC licensees and applicants, and in 10 CFR Part 171 for annual fees billed to identifiable NRC license holders for generic regulatory costs not otherwise recovered through 10 CFR Part 170 fees.

The audit objective was to determine whether NRC has established and implemented an effective system of internal controls over the recordation and reconciliation of fee revenue.

The audit report made seven recommendations to improve internal controls over the recordation of fee revenue. Agency management agreed with the report.

2015 Audit of NRCs OIG-15-A-15 6/24/15 1 $0 NRC is authorized to establish by rule, regulation, or Regulatory order, such standards and instructions to govern the Analysis Process possession and use of special nuclear, source, and byproduct material. NRC uses regulatory analyses to evaluate proposed rulemaking actions to protect public health and safety. NRC does not have a statutory mandate to conduct regulatory analyses, but voluntarily began performing them in 1976 to help ensure that its decisions to impose regulatory burdens on licensees are based on adequate information.

The audit objective was to determine the adequacy of NRCs regulatory analysis process. The audit report made four recommendations to improve the regulatory analysis process. Agency management agreed with the report.

April 1, 2018, to September 30, 2018 61

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2015 Audit of NRCs OIG-15-A-17 6/29/15 2 $0 Deployed in 2012, NRCs Web-Based Licensing System Web-Based (WBL) serves as an up-to-date repository of all NRC Licensing (WBL) materials licenses, and as a Web-based license tool for System NRC to manage the license process and information on NRC licensees. The incorporation of additional modules, such as for inspection and reciprocity tracking, ties various NRC oversight activities to the most up-to-date license information.

The audit objective was to determine whether WBL meets its required operational capabilities and provides for the security, availability, and integrity of the system data.

The audit report made four recommendations to improve NRCs use of WBL. Agency management agreed with the report.

2016 Evaluation of OIG-16-A-06 11/30/15 2 $0 The Agencywide Documents Access and Management the Agencywide System (ADAMS) is NRCs repository for Official Agency Document Access Records. It has been in place since November 1999 and Management has to meet NRCs document management needs while System (ADAMS) also complying with Federal mandates for electronic Functional and recordkeeping and public access requirements. The Operational Office of Information Services manages ADAMS staff in Capabilities headquarters and regional offices use ADAMS for their day-to-day mission activities. The public uses NRCs public site to access Web-Based ADAMS.

OIG contracted with AEGIS.net, Inc., to evaluate if ADAMS meets its required operational capabilities and adequately provides for functionality. The evaluation report made 13 recommendations addressing implementation of ADAMS Records Manager module, improving ADAMS search and retrieval functionality, and ensuring compliance with security standards and configuration management best practices. Agency management agreed with the report.

62 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2016 Independent OIG-16-A-15 6/1/16 2 $0 NRC manages numerous publicly accessible Web Evaluation of applications to share nuclear information with the Security of licensees and the public. NRCs publicly accessible Web NRCs Publicly applications consist mainly of Web sites, but also include Accessible Web Web-based login portals and administrative systems that Applications provide authorized personnel remote access to agency IT resources. NRC is a regular target of cyber-attacks because its technical and other sensitive information is highly sought after by potential adversaries.

The NRC OIG has joined other OIGs to conduct a Federal-wide review of publicly accessible Web applications and associated security controls. Each OIG will assess its own agency's Web applications program, allowing the OIG group to then develop Federal-wide recommendations and best practices to secure and manage publicly accessible Web applications. This evaluation was conducted by Richard S. Carson & Associates, Inc. (Carson Inc.) to assess NRC's publicly accessible Web applications as part of this crosscutting project.

The objective of the evaluation was to determine (i) the effectiveness of NRC's efforts to secure its publicly accessible Web applications, and (ii) whether NRC has implemented adequate security measures to reduce the risk of compromise to publicly accessible Web applications. The audit report made seven recommendations to improve the security of NRC's publicly accessible Web applications. Agency management agreed with the report.

2016 Audit of NRCs OIG-16-A-16 6/8/16 2 $0 NRC maintains strict rules governing nuclear power Decommissioning plant and material site decommissioning. These Funds Program requirements were developed to protect workers and the public during the entire decommissioning process and after the license is terminated. Federal law and NRC regulations require power reactor and material licensees to establish or obtain a financial mechanism such as a decommissioning trust fund or a guarantee to ensure there will be sufficient money to pay for the facility's decommissioning.

The audit objectives were to identify opportunities for program improvement, and determine the adequacy of NRC's processes for coordinating with licensees to address possible shortfalls. The audit report made nine recommendations to improve internal controls related to decommissioning funds reviews and strengthen the agency's decommissioning funds review process. Agency management agreed with the report.

April 1, 2018, to September 30, 2018 63

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2016 Audit of NRCs OIG-16-A-17 6/8/16 1 $0 The Reducing Over-Classification Act of 2010 mandated Implementation that the inspectors general of all Federal agencies with of Federal original classification authority perform at least two Classified evaluations over proper use of classified information.

Information Laws The act found that over-classification of information and Policies negatively affects dissemination of information within the government, increases information security costs, and needlessly limits stakeholder and public access to information. NRC OIG issued the first mandatory audit report in 2013. The reports recommendations have been implemented by NRC. This report represents the results of OIGs second mandatory review.

The audit objective was to assess whether applicable classification policies, procedures, rules, and regulations have been adopted, followed and effectively administered, and identify policies, procedures, rules, regulations, or management practices that may be contributing to persistent misclassification of material.

This report made two recommendations to complete and fully implement current agency initiatives and to develop procedures and guidance to ensure effective records management and timely disposition and declassification of classified records at NRC. Management agreed with the findings and recommendations in this report.

2016 Audit of NRCs OIG-16-A-21 9/26/16 3 $0 The NRC Significance Determination Process (SDP) is Significance used to determine the safety significance of inspection Determination findings identified within the Reactor Oversight Process Process for cornerstones of safety. NRC inspectors perform Reactor Safety inspections at nuclear reactor sites to identify licensee failures to meet a regulatory requirement or self-imposed standard that a licensee should have met. The SDP consists of several steps and activities performed by agency staff and management to determine and categorize the significance of licensee performance deficiencies identified through inspections. The SDP also requires an independent audit of inspection findings to ensure significance determination results are predictable and repeatable.

The audit objective was to assess the consistency with which NRC evaluates power reactor safety inspection findings under the SDP. The audit report made four recommendations to improve overall management of SDP workflow, clarify issue screening questions for inspection staff, and implement controls to ensure independent audits are performed and documented.

Agency management agreed with the report.

64 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Audit of NRCs OIG-17-A-08 2/16/17 1 $0 One of NRCs statutorily mandated responsibilities Oversight of under the Atomic Energy Act of 1954, as amended, is Source Material to license the import and export of nuclear materials.

Exports to Foreign Source material is often exported to be enriched and Countries used as fuel for nuclear power plants across the world.

As source material (uranium) could potentially be enriched to produce highly enriched uranium - the primary ingredient of an atomic weapon - tracking and accounting for the exports of source material are important to (1) ensure that it is used only for peaceful purposes, (2) comply with international treaty obligations, and (3) provide data to policymakers and other government officials.

The audit objective was to determine the effectiveness of NRCs oversight of the export of source material. This audit report made five recommendations to improve NRCs oversight of the export of source material through the creation of an export inspection program, clarification of specific NRC regulations related to exports, and creation of a qualification program for export licensing officers. Agency management did not entirely agree with the report and provided formal comments.

2017 Audit of NRCs OIG-17-A-09 2/22/17 2 $0 NRC has rules governing power plant decommissioning Oversight of that protects workers and the public during the Security at decommissioning process. For example, NRC regulations Decommissioning require power plant licensees to establish, maintain, and Reactors implement an insider mitigation program. In addition, NRC has regulations for the management of worker fatigue. These regulations are designed to ensure licensees effectively manage worker fatigue and provide reasonable assurance that workers are able to safely and competently perform their duties.

The audit objective was to determine whether NRCs oversight of security at decommissioning reactors provides for adequate protection of radioactive structures, systems, and components. The audit report made three recommendations to clarify which fitness-for-duty elements decommissioning licensees must implement to meet the requirements of the insider mitigation program, and to establish requirements for a fatigue management program. Agency management agreed with the findings and recommendations in this report.

April 1, 2018, to September 30, 2018 65

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Audit of NRCs OIG-17-A-13 05/11/17 1 $1,647,715 On July 22, 2010, IPERA was signed into law, Fiscal Year 2016 which amended IPIA. IPERA directed OMB to issue Compliance with implementing guidance to agencies. IPERA also requires Improper Payment Federal agencies to periodically review all programs Laws and activities that the agency administers and identify all programs and activities that may be susceptible to significant improper payments. In addition, IPERA requires each agency to conduct recovery audits with respect to each program and activity of the agency that expends $1,000,000 or more annually, if conducting such audits would be cost effective. IPERIA was signed into law on January 10, 2013. This law established the Do Not Pay Initiative, which directs agencies to verify the eligibility of payments using databases before making payments. OMB guidance specifies that each agencys Inspector General should review agency improper payment reporting in the agencys annual PAR or AFR, and accompanying materials, to determine whether the agency complied with IPERA. The audit objective was to assess NRCs compliance with IPIA, as amended by IPERA and IPERIA, and report any material weaknesses in internal control.

OIG determined that the agency is in compliance with the requirements of IPIA and concluded that agency reporting of improper payments is accurate and complete. However, this report made one recommendation regarding questioned costs that were identified during a contract audit performed by the Defense Contract Audit Agency (DCAA) on behalf of OIG. Agency management agreed with the finding and recommendation in this report.

2017 Audit of NRCs OIG-17-A-14 05/30/17 1 $0 The Government Charge Card Abuse Prevention Act of Purchase Card 2012 requires NRC to establish and maintain safeguards Program and internal controls for Government charge cards. It also requires OIG to conduct periodic risk assessments of the agency purchase card program to analyze the risks of illegal, improper, or erroneous purchases. OIG previously audited NRCs purchase card program in 2011. The resulting audit report had three findings and six recommendations that were all implemented by the agency before the start of this audit. Generally, NRCs purchase card program is adequately governed by internal controls. However, opportunities exist to improve the effectiveness of internal controls in the areas of documentation and program oversight.

The audit objective was to determine whether internal controls are in place and operating effectively to maintain compliance with applicable purchase card laws, regulations, and NRC policies. OIG made seven recommendations to improve communication to cardholders and approving officials and strengthen internal controls. Agency management agreed with the findings and recommendations in this report.

66 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Audit of NRCs OIG-17-A-18 07/03/17 1 $0 Many NRC offices maintain corporate support through PMDA and DRMA Program Management, Policy Development and Analysis Functions to Staff (PMDA) and Division of Resource Management and Identify Program Administration (DRMA) functions. The PMDA function Efficiencies at NRC headquarters and the DRMA function at NRC regional offices manage service delivery in support areas. NRC is presently facing significant management and performance challenges such as tight and reduced budgets and realignment of program offices. To meet these program challenges, NRC must efficiently and effectively use its resources. NRC has been proactive in identifying areas in which scarce program resources could be spent in the most economical and effective manner through external independent assessments.

In addition, NRC established a Mission Support Task Force to identify opportunities to better optimize the expenditure of agency resources allotted to these programs.

The audit objective was to determine if the activities performed by NRCs PMDA and DRMA programs produce the intended results from their operational processes in a manner that optimizes the expenditure of agency resources. The report made one recommendation to complete implementation of all Mission Support Task Force recommendations that may assist in optimizing the use of resources and result in improving standardization and centralization throughout the agency. Agency management agreed with the finding and recommendation in this report.

April 1, 2018, to September 30, 2018 67

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Evaluation of OIG-17-A-19 7/27/2017 3 $0 On November 16, 2016, at 4:45 a.m., NRCs Network NRCs Network Operations Center identified that access was lost to key Storage information technology IT services, including availability Interruption to the network, remote access, internet, email and servers (file, print, and applications). The Network outage was isolated to NRC headquarters; however NRCs regional offices were also affected by the interruption.

This resulted in NRC excusing headquarters employees for the entire workday on November 17, 2016, and for 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months on November 18, 2016. It cost NRC an estimated

$941,739 to grant employees administrative leave for this time.

OIG evaluated the network storage interruption and its effect on agency operations, and identified opportunities for improvement in how NRC manages its IT services contract. OIG found weaknesses in the following areas:

The contract modification process. Specifically, NRC inadvertently modified the ITISS contract disincentive fee.

Administration of the ITISS contract. Specifically, NRC allowed the contractor to make all decisions on the data center storage system architecture. Additionally, OIG identified multiple issues with how the ITISS contract was written and overseen. These issues relate to the number and relative weight of the Service Level Requirements, which define the level of service expected. This report made four recommendations to improve NRCs processes, procedures, and operations under the next IT services.

Agency management agreed with the findings and recommendations in this report.

68 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Audit of NRC's OIG-17-A-20 08/16/2017 2 $0 The Federal Acquisition Regulation and Nuclear Contract Regulatory Commissions (NRC) Management Directive Administration 11.1, NRC Acquisition of Supplies and Services, and Process NRCs Acquisition Regulation under 48 Code of Federal Regulations Chapter 20 provide specific requirements for NRCs contract administration process.

Contract administration involves those activities performed by agency officials after they award a contract. Contracting Officers (COs) administer NRC contracts. However, COs delegate specific contract administration responsibilities and technical supervision tasks to a Contracting Officers Representative (COR).

CORs are responsible for daily administration and technical direction of contracts during the period of performance. CORs review and reconcile invoices including verifying support for payment and collection.

The COR is expected to maintain working contract files.

The audit objective was to assess the effectiveness of NRCs contract administration process and compliance with Federal and agency regulations. Generally, NRCs contract administration processes comply with applicable regulations, and the agencys internal controls governing contract administration are adequate. However, opportunities exist to improve the effectiveness of internal controls for NRCs management of contractor invoices and supporting documentation and for contract closeout procedures followed by CORs. OIG made three recommendations to improve the effectiveness of management of contractor invoices and supporting documentation and to strengthen adherence to contract closeout procedures by CORs. Two recommendations address the effectiveness of internal controls over recordkeeping for contractor invoices and supporting documentation. The third recommendation addresses enhancement of internal controls to ensure better adherence to contract closeout procedures.

Agency management agreed with the findings and recommendations in this report.

April 1, 2018, to September 30, 2018 69

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Audit of NRC's OIG-17-A-21 08/16/2017 4 $0 NRC issues certificates of compliance to approve Oversight the design of a (1) package for transportation of for Issuing radioactive material or (2) cask for spent fuel storage.

Certificates of A transportation package includes the assembly of Compliance components necessary to ensure compliance with for Radioactive packaging requirements and the radioactive contents Material Packages as presented for transport. A storage cask is a heavily shielded container, often made of lead, concrete, or steel, used for the dry storage of radioactive material. 10 CFR Part 71 establishes the requirements for transportation of radioactive material package designs. Additionally, 10 CFR Part 72 establishes the requirements for the issuance of certificates of compliance for spent fuel storage cask designs.

The audit objective was to determine if NRCs processes for issuing certificates of compliance and reviewing 10 CFR Part 72.48 changes provide adequate protection for public health, safety, and the environment. OIG found that NRC processes for issuing certificates of compliance are adequate; however, opportunities for improvement exist within NRCs internal processes. Specifically, NRC should (1) determine and provide the basis for an appropriate term for Part 71 certificates of compliance and (2) establish sufficient controls for Part 72.48 reviews.

This report made four recommendations to improve NRCs oversight for issuing certificates of compliance for radioactive material packages. Agency management agreed with the findings and recommendations in this report.

70 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Independent OIG-17-A-22 08/17/17 1 $0 On December 18, 2014, the President signed FISMA Evaluation of 2014, reforming the Federal Information Security the Federal Management Act of 2002 (FISMA). FISMA 2014 outlines Information the information security management requirements Security for agencies, which include an annual independent Modernization evaluation of an agencys information security program Act of 2014 for and practices to determine their effectiveness.

FY 17 - Technical The NRC Technical Training Center (TTC) provides training Training Center, for the staff in various technical disciplines associated Chattanooga, with the regulation of nuclear materials and facilities Tennessee and is located in Chattanooga, TN. The TTC is part of the Office of the Chief Human Capital Officer and operates under the direction of the Associate Director for Human Resources Training and Development.

The objective was to perform an independent evaluation of NRCs implementation of FISMA 2014 for FY 2017 at the TTC and to evaluate the effectiveness of agency information security policies, procedures, and practices as implemented at this location.

The evaluation found that the TTC IT security program, including TTC IT security policies, procedures, and practices, is generally effective. However, the TTC System Hardware and Software Inventory is incomplete and agency-managed laptops and standalone desktops are not authorized to operate in accordance with NRC policies, procedures, and processes. OIG makes recommendations to address these findings. Additionally, OIG identified an issue with unclear laptop security policies and procedures that will be further evaluated during the FY 2017 FISMA evaluation. This evaluation made three recommendations to update the software and hardware inventories, managing the authorization of an SGI laptop, and updating the system boundary and performing all required system cybersecurity assessment processes and procedures. Agency management stated their general agreement with the evaluation results.

April 1, 2018, to September 30, 2018 71

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Audit of NRC's OIG-17-A-23 08/22/17 2 $0 NRC encourages members of the public to use Title 10, 10 CFR 2.206 Code of Federal Regulations, Section 2.206, Requests for Petition Review Action Under This Subpart (10 CFR 2.206) as one method Process to bring issues to the agencys attention. Any person may file a request by using 10 CFR 2.206 to institute a proceeding pursuant to 10 CFR Section 2.202 Orders, (10 CFR 2.202) to modify, suspend, or revoke a license, or for any other action as may be proper. NRC has not issued orders in response to any of the thirty-eight (38) 10 CFR 2.206 petitions filed from fiscal year (FY) 2013 through FY 2016. The lack of such actions could adversely affect the publics perspective on the effectiveness of the agencys 10 CFR 2.206 petition process.

The audit objective was to determine whether NRC staff followed agency guidance consistently in reviewing 10 CFR 2.206 petitions, and took steps to ensure appropriate information supports NRC decisions on 10 CFR 2.206 petitions. NRC committed to periodically assess the 10 CFR 2.206 petition process to enhance its effectiveness, timeliness and credibility. However, NRC did not perform periodic assessments because it has not established management controls to ensure periodic assessments of the 10 CFR 2.206 petition process are performed. As a result, NRC missed opportunities to use data to enhance the 10 CFR 2.206 petition process. In addition, NRC staff have difficulty applying 10 CFR 2.206 petition review and rejection criteria because the criteria are not clear.

As a result, some petitions might not be dispositioned consistently or properly.

This report made two recommendations to (1) develop controls to ensure formal assessments are performed and are documented for future use, and (2) clarify the criteria for reviewing and rejecting petitions.

Agency management agreed with the findings and recommendations in this report.

72 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Evaluation OIG-17-A-27 9/21/17 1 $0 In April 2016, NRC stopped leasing Government cell of NRCs phones and instead entered into a contract with AT&T Management of Mobility to purchase Android and iOS devices for up to Government Cell 350 users. The contract was expected to run through Phones November 30, 2017, and was valued at approximately

$1.8 million. NRC property custodians are assigned responsibility for managing cellphones in the Space and Property Management System (SPMS), which is the official database used to track NRC property inventory assigned to various offices throughout the agency.

The evaluation objective was to evaluate whether NRCs Government furnished cell phones are sufficiently managed to provide information security. OIG did not identify weaknesses relative to cell phone information security; however, the evaluation identified three areas for improvement in the overall management of Government cell phones: (a) guidance and training on cell phone management for property custodians, (b) Government cell phone record management, and (c) the rules of behavior associated with cell phones. The report made four recommendations to improve NRCs management of Government phones.

Agency management agreed with the finding and recommendations in this report.

2018 Evaluation of the OIG-18-A-06 12/21/17 2 $0 On July 6, 2017, OIG identified and accessed an Shared S Drive employees bank account information on a personal check that was scanned and saved to the agencys shared S drive. After finding that the sensitive information was not protected by access controls, OIG reviewed the shared S drive for PII and identified a folder dated 2011, which had 35 subfolders for several offices in the agency. Of the 35 subfolders, 17 contained PII without appropriate access controls.

The objective was to assess how NRC effectively manages and protects Personally Identifiable Information (PII) stored on the shared S drive in accordance with Federal regulations. OIG found weaknesses in the areas of inappropriate storage and management of PII on the shared S drive. This report made four recommendations to improve NRCs procedures and process for managing and protecting PII stored on the shared S drive. Management agreed with the findings and recommendations in this report.

April 1, 2018, to September 30, 2018 73

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Audit of NRCs OIG-18-A-09 02/08/18 1 $0 As part of its regulatory function, NRC issues licenses for Decommissioning nuclear materials and regulates the decommissioning of Financial material sites. Material licensees must provide financial Assurance assurance for decommissioning costs before they receive Instrument nuclear material or begin site operations. They must also Inventory maintain that funding throughout the duration of site operations. In June 2016, OIG issued an audit report on NRCs Decommissioning Funds Program. During that audit, OIG auditors were not able to examine the original financial instruments maintained by the agency because the safe containing the instruments was inaccessible. As a result, the audit had a scope limitation which informed the decision to perform this audit.

The audit objectives were to determine whether (1) the Office of Nuclear Material Safety and Safeguards Inventory List of financial instruments accurately accounts for the actual original financial instruments in the safe, and (2) the financial instruments are properly handled, safeguarded, and accurately inventoried in a timely manner. Auditors found that the original signed decommissioning financial instruments are properly safeguarded in a fire-proof safe, however, opportunities exist to improve management of the program. This report makes a recommendation to update guidance to reflect current practices. Agency management stated their general agreement with the finding and recommendation in this report.

74 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Audit of NRCs OIG-18-A-10 04/04/2018 4 $0 The United States (U.S.) Federal Government has a unique Consultation legal and political relationship with Native American practices with Tribes (Tribes) that arises from the U.S. Constitution.

Federally The Federal Government recognizes Tribes as domestic Recognized sovereign nations, and therefore, has acknowledged the Native inherent authority of Tribes to govern themselves.

American Tribal he U.S. Nuclear Regulatory Commission (NRC) conducts Governments outreach to keep Tribes informed about the agencys actions and plans. NRC is required, by the National Historic Preservation Act of 1966 (NHPA), to consult with Tribes that attach religious or cultural significance to properties affected by NRC actions.

The Federal, State, and Tribal Liaison Branch (FSTB) is responsible for helping to facilitate and coordinate any Tribal participation in relevant NRC activities.

The audit objective was to determine whether NRC fulfills its Tribal outreach and consultation responsibilities and requirements.

NRC fulfills its Tribal outreach and consultation responsibilities and requirements; however, opportunities for improvement exist. Specifically, NRC should (1) clearly define FSTBs roles and responsibilities, (2) update internal guidance to include FSTB when conducting Tribal outreach and consultations, (3) establish qualification requirements for FSTB and training requirements for other NRC staff, and (4) include sufficient resources to allow for necessary outreach and consultation.

This report makes five recommendations to (1) clearly define FSTBs role and responsibilities with regard to Tribal outreach and consultation, (2) update NRC guidance to include FSTB when conducting Tribal outreach and consultations, (3) create a qualification program for FSTB, (4) require all staff and management that my interact with Tribes to take Tribal relations training, and (5) include sufficient resources to allow for necessary outreach and consultation activities by FSTB staff.

Agency management stated their general agreement with the findings and recommendations in this report.

April 1, 2018, to September 30, 2018 75

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Audit of NRCs OIG-18-A-11 04/04/18 2 $0 The National Materials Program is a term that has been Oversight of used for many years to describe the broad collective the National effort within which both NRC and the Agreement States Materials function in carrying out their respective regulatory Program programs for agreement material.

The National Materials Program covers activities separately carried out by NRC and the individual Agreement State programs as well as shared program activities between NRC and Agreement States.

The National Materials Program concept evolved as the number of Agreement States grew, but to this day, the Program remains a term without a formal structure.

The audit objective was to determine if the National Materials Program is an effective and efficient framework for carrying out NRC and Agreement State radiation safety regulatory programs.

OIG found that the National Materials Program provides a framework for carrying out NRC and Agreement State radiation safety regulatory programs; however, opportunities for improvement exist with regard to effectiveness. Specifically, NRC should improve its documentation and communication of the program framework.

The National Materials Program framework is not well understood by stakeholders. In order for a program to be effective at accomplishing its mission, stakeholders should share a common understanding of a program.

However, the National Materials Program framework is not well documented or communicated and lacks a champion. As a result, Agreement States are not satisfied with the level of influence they have on the Program.

This report makes two recommendations to improve the effectiveness of NRCs oversight of the National Materials Program through improving documentation and communication of the Program framework.

Agency management stated their general agreement with the finding and recommendations in this report.

76 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Audit of NRCs OIG-18-A-13 05/16/18 5 $0 NRC may conduct special and infrequent inspections Special and using criteria in Inspection Manual Chapter (IMC) 2515 Infrequently Appendix C. These inspections are in addition to baseline Performed inspections conducted at commercial nuclear power Inspections plants in support of the Reactor Oversight Process. NRC conducts these special and infrequent inspections in response to safety and security events at nuclear power plants, and to ensure the safety of infrequent, but major plant licensing and maintenance activities.

NRC conducts IMC 2515 Appendix C inspections to evaluate emergent technical issues not related to plant licensee performance, fulfill NRCs obligations under domestic interagency memoranda of understanding such as information exchanges between NRC and States, Tribes, and local governments, and implement the requirements of Title 10 Code of Federal Regulations (10 CFR) Part 75 for treaties between the United States and the International Atomic Energy Agency.

The audit objectives were to assess NRCs processes for (1) identifying conditions that warrant special and infrequently performed inspections at commercial power reactors under IMC 2515 Appendix C, and (2) conducting these inspections in accordance with agency guidance.

NRC staff are required to review IMC 2515 Appendix C inspection procedures on a 4-year periodic basis.

However, NRC staff do not consistently review all IMC 2515 Appendix C inspection procedures on a periodic basis as required because there is conflicting guidance and low staff awareness of procedural requirements for conducting these reviews. As a result, outdated IMC 2515 Appendix C inspection procedures could reduce the efficiency and effectiveness in the planning and performance of these inspections.

Additionally, NRC management is responsible for developing application controls to achieve validity, completeness, and accuracy of data processed in an information system. However, NRC staff incorrectly coded inspections under IMC 2515 Appendix C in the agencys legacy Reactor Program System. This occurred because application controls in the Reactor Program System, operational before October 2017, were not sufficient to ensure proper coding of inspections to IMC 2515 Appendix C. Reliable data is important for effective management and oversight of NRCs inspection activities.

This report makes six recommendations regarding periodic assessments of IMC 2515 Appendix C inspection procedures and application controls in the Replacement Reactor Program System - Inspections Module. Agency management stated their general agreement with the finding and recommendations in this report April 1, 2018, to September 30, 2018 77

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 U.S. Nuclear OIG-18-A-14 06/06/18 1 $0 The objective was to conduct a vulnerability assessment Regulatory and penetration testing of external Internet systems on Commission the NRC computer network.

Office of the OIG found that, overall, the external NRC perimeter Inspector and its Web applications responded well to testing General External conditions and NRC implemented several good Vulnerability practices. The testing team identified 12 findings and Assessment made one recommendation. Agency management and Penetration stated their general agreement with the finding and Testing recommendations in this report.

2018 Audit of NRCs OIG-18-A-15 06/18/18 5 $0 Technical specifications are part of an NRC license Process for authorizing the operation of a nuclear production or Modifying and utilization facility. The Standard Technical Specifications Communicating are guidance for modifying the approved nuclear power Standard plants operating license in accordance with Section 36 Technical of Part 50 of Title 10 of the Code of Federal Regulations, Specifications "Technical specifications" (10 CFR 50.36).

The Standard Technical Specifications are published for each of the reactor types in a set of NUREG-series publications. NRC modifies the Standard Technical Specifications through a process initiated by the industry-sponsored Technical Specifications Task Force, which submits proposed changes to NRC. The submissions are referred to as Travelers.

The audit objective was to assess the effectiveness and efficiency of NRCs process for modifying Standard Technical Specifications and communicating these modifications to staff and licensees.

NRC generally modifies Standard Technical Specifications in an efficient and effective manner. However, NRCs Standard Technical Specification modification process could be strengthened in the areas of knowledge management and quality assurance. This report makes eight recommendations to strengthen Technical Specifications Branch knowledge management practices and enhance quality assurance measures for program data. Agency management stated their general agreement with the finding and recommendations in this report.

78 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Evaluation OIG-18-A-16 6/21/18 3 $0 NRCs Headquarters Operations Center (HOC) maintains of NRCs direct contact with nuclear power plants and receives Headquarters reports from reactor, fuel cycle, and nuclear materials Operations Center licensees as required by regulations.

Staffing The HOC is staffed 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months a day, 365 days a year with qualified watch standers. In serving as NRCs initial contact for all incident reports, HOC staff are responsible for maintaining awareness of NRC-licensed facilities and materials, and for performing independent situational analysis of incidents in order to ensure that licensees are implementing appropriate protective measures and to notify appropriate NRC staff.

The evaluation objective was to determine whether NRC staffing of the Headquarters Operations Center adequately supports necessary response and coordination activities. The Office of the Inspector General (OIG) found that response and coordination activities were able to be supported by the HOC during calendar year 2017, but under sub-optimal conditions that strained available staff resources.

Resource reduction, HOC staff departures, and hiring delays combined to produce a staffing shortage throughout calendar year 2017. Management underestimated the magnitude of programmatic impacts from the staff resource reduction and had not adequately planned how to maintain staffing levels. The number of available HOC staff dropped to the point of requiring that a non-qualified second person fill shifts.

Staffing conditions resulted in reducing the HOCs available capacity to support the agencys response and coordination role. Current staffing has improved through ongoing management efforts, and can be further strengthened.

The report makes two recommendations to define the mission needs, workload, and skills and competencies of the Headquarters Operations Officer workforce and to develop guidance and procedures to support human capital management and succession in the HOC. Agency management stated their general agreement with the finding and recommendations in this report.

April 1, 2018, to September 30, 2018 79

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Evaluation of OIG-18-A-17 7/11/18 2 $0 In October 1987, NRC contracted with Southwest NRCs Oversight Research Institute (SwRI) to operate an FFRDC, with the of the Agencys principal focus to provide support for NRCs activities in Federally Funded licensing a deep geologic repository for high level waste Research and (HLW) and spent nuclear fuel (SNF). SwRI established the Development Center for Nuclear Waste Regulatory Analyses (CNWRA)

Center Contract to serve as an FFRDC. The current contract, awarded on (FFRDC) March 30, 2018, is NRCs sixth renewal of the FFRDC contract.

FAR Section 35.017-4 requires, prior to extending a contract for an FFRDC, a sponsoring agency must conduct a comprehensive review of the use and need for the facility.

The evaluation objectives were to determine if NRC is (1) properly considering all FAR requirements for an FFRDC review in preparing its renewal justification, and (2) adequately fulfilling its oversight responsibilities for the FFRDC.

The agency is not adequately fulfilling its oversight responsibilities related to FFRDC contract administration.

Specifically, agency management does not enforce contractor use of NRC billing instructions, provide sufficient training for the FFRDC CORs, exercise timely issuance of delegation memorandums, or provide timely review and approval of contract modifications.

As a result, the agency is at an increased risk of not being an effective steward of licensee and taxpayer money, because potential billing discrepancies may not be identified and corrected.

This report makes four recommendations related to improving NRCs oversight of the FFRDC contract through revising procedures and providing training. Agency management stated their general agreement with the finding and recommendations in this report.

80 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Audit of NRCs OIG 18-A-18 9/13/2018 1 $0 NRC fully funds the training and associated travel costs Process for for Agreement State staff to attend NRC-sponsored Reimbursing training. The funding is intended to help Agreement Agreement State States enhance their programs performance and foster Personnel Training national consistency among Agreement State and NRC Expenses inspectors and license reviewers.

When Agreement State staff attend NRC-sponsored training, NRC reimburses the staff at the Federal per diem rate for lodging and meals and incidentals.

Some Agreement States have policies in place that require employees to surrender their Federal per diem travel reimbursement to the State. The State then reimburses the employee at the State per diem rate, which is typically lower than the Federal per diem rate.

These States normally keep the difference between the Federal and State per diem.

The audit objective was to assess the effectiveness and efficiency of NRCs process for reimbursing Agreement State staff who attend NRC-sponsored training. OIG found that NRC has a process in place for reimbursing Agreement State staff who attend NRC-sponsored training; however, opportunities for improvement exist with regard to its efficiency. Specifically, NRC should conduct a cost-benefit analysis to evaluate alternative Agreement State reimbursement options.

There is a delta between the Federal per diem rate and most State per diem rates. As a responsible regulatory agency, NRC should use its resources efficiently. Because there is no process in place for NRC to reimburse Agreement States at their State per diem rate, NRCs funds are potentially not being used as efficiently as possible.

This report makes one recommendation to improve the efficiency of NRCs process for reimbursing Agreement State staff who attend NRC-sponsored training.

Agency management does not entirely agree with the recommendation and provided formal comments for inclusion in the report.

Total unimplemented recommendations: 74 April 1, 2018, to September 30, 2018 81

DNFSB Unimplemented Recommendations Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Audit of DNFSBs DNFSB- 6/5/17 1 $0 The Cybersecurity Act of 2015 was enacted on December Resident 17-A-05 18, 2015, and was designed to improve cybersecurity Inspector Program in the United States. Division N, Section 406, of the act requires that Inspectors General report on the policies, procedures, and controls to access covered systems. Covered systems are defined as a national security system, or a Federal computer system that provides access to personally identifiable information.

DNFSB relies on the servicing organizations to properly protect the records, but must review the privacy impact assessment to determine they are using proper controls.

However, DNFSB does not review the privacy impact assessment for external organizations.

The audit objective was to evaluate DNFSBs information technology security policies, procedures, practices, and capabilities as defined in the Cybersecurity Act of 2015 for national security systems and systems that provide access to personally identifiable information operated by or on behalf of DNFSB. The audit report made two recommendations to bring DNFSB into compliance with the Privacy Act of 1974 and E-Government Act of 2002. DNFSB management stated their agreement with recommendations in this report.

2017 Audit of NRCs OIG-17-A-18 07/03/17 1 $0 DNFSBs enabling legislation authorizes it to assign PMDA and DRMA staff to be stationed at any DOE defense nuclear facility Functions to to carry out the functions of the agency. DNFSB has Identify Program used this authority to implement a Resident Inspector Efficiencies Program that serves a vital function in the agencys safety oversight of DOEs defense nuclear facilities.

Employees in the program relocate to a DOE site with defense nuclear facilities and perform direct oversight of the safety of operations. The audit objective was to determine whether the Resident Inspector Program provides for the necessary onsite oversight of DOE defense nuclear facilities to adequately fulfill DNFSBs mission.

The audit report made two recommendations to improve DNFSBs ability to develop and prepare candidates for the resident inspector position and increase agency transparency when determining which defense nuclear sites will have resident inspectors, along with the staffing of those sites. DNFSB management stated their agreement with recommendations in this report.

82 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2017 Audit of DNFSBs DNFSB- 7/10/17 3 $0 The Telework Enhancement Act of 2010, enacted as Telework Program 17-A-06 Public Law 111-292, requires the head of each executive agency to establish and implement a policy under which employees shall be authorized to telework. The law defines telework as a work flexibility arrangement under which an employee performs the duties and responsibilities of his or her position, and other authorized activities, from an approved worksite other than the location from which the employee would otherwise work.

Employees are required to enter into written agreements with their agencies before participating in telework. The agreement outlines the telework arrangement decided upon by the employee and supervisor. DNFSBs directive and operating procedure contain general organizational guidance on the requirements, responsibilities, and procedures concerning the agencys telework program.

The audit objectives were to determine (1) if DNFSBs telework program complies with applicable laws and regulations, and (2) the adequacy of internal controls over the program.

This report made three recommendations to improve DNFSBs telework policies to ensure continued compliance with Federal requirements, and consistency in the application of the policies and recordkeeping practices. DNFSB management stated their agreement with recommendations in this report.

2018 Independent DNFSB 10/30/17 1 $0 The Federal Information Security Modernization Act of Evaluation 2014 (FISMA 2014) outlines the information security of DNFSBs 18-A-02 management requirements for agencies, which include Implementation an annual independent evaluation of an agencys of FISMA 2014 for information security program and practices to determine FY 2017 their effectiveness. This evaluation must include testing the effectiveness of information security policies, procedures, and practices for a representative subset of the agencys information systems. The evaluation also must include an assessment of the effectiveness of the information security policies, procedures, and practices of the agency.

FISMA 2014 requires the annual evaluation to be performed by the agencys Office of the Inspector General or by an independent external auditor. OMB requires OIGs to report their responses to OMBs annual FISMA reporting questions for OIGs via an automated collection tool.

The evaluation objective was to perform an independent evaluation of the DNFSBs implementation of FISMA 2014 for Fiscal Year 2017.

DNFSB has continued to make improvements in its information security program, and has completed implementing the recommendations from previous FISMA evaluations. However, the independent evaluation identified security program weaknesses in the areas of information security program documentation and information security contingency planning. This report made two recommendations to improve DNFSBs implementation of FISMA. DNFSB management stated their agreement with the findings and recommendations in this report.

April 1, 2018, to September 30, 2018 83

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Audit of DNFSBs DNFSB- 11/8/2017 7 $0 Congress enacted the Digital Accountability and Compliance with 18-A-03 Transparency Act of 2014 (DATA Act) on May 9, 2014.

the DATA Act The act allows taxpayers and policymakers direct access to Federal agency spending data, and reporting by Federal agencies of financial and award information in accordance with Government wide data definition standards issued by OMB and the Department of the Treasury (Treasury). Spending data are displayed on the USAspending.gov Web site.

A core requirement of the DATA Act is ensuring that posted spending data are reliable and consistent. Agency Senior Accountable Officials (SAOs) are required to provide assurance over the quality of the data submitted and begin reporting fiscal year 2017 second quarter data for public display by May 2017. The DATA Act also requires Office of the Inspector General (OIG) to submit this audit report to Congress and the public.

The audit objective was to assess the (1) completeness, timeliness, quality, and accuracy of fiscal year 2017, second quarter financial and award data submitted for publication on USAspending.gov, and (2) DNFSBs implementation and use of the Government-wide financial data standards established by OMB and Treasury.

There were no differences between the Defense Nuclear Facility Safety Boards (DNFSB) definitions of DATA Act standards and those of Treasury and OMB. However, DNFSBs implementation and use of those standards did not comply with applicable Treasury and OMB guidance.

This report makes a recommendation to improve DNFSBs documentation of policies and procedures for the SAO statement of assurance, and to improve DNFSBs internal policies and procedures governing submissions under the DATA Act. DNFSB management stated their agreement with the finding and recommendation in this report.

84 NRC Office of the Inspector General Semiannual Report to Congress

Fiscal Report Title Report Report Number of Aggregate Summary Year Number Date Unimplemented Potential Recommendations Cost Savings 2018 Audit of DNFSBs DNFSB 05/29/18 2 $0 In 1988 Congress created DNFSB as an independent Implementation 18-A-05 executive branch agency to provide independent of Its Governing analysis, advice, and recommendations to the Secretary Legislation of Energy regarding adequate protection of public health and safety at the Department of Energy (DOE) defense nuclear facilities.

There are 14 major defense nuclear facilities under DNFSBs jurisdiction. As of March 31, 2018, DNFSB had 117 full time employees, including 4 Board members. DNFSB is supported by an annual budget of approximately $31 million.

DNFBSs enabling statute allows it to establish reporting requirements for DOE. These reporting requirements are binding upon the Secretary of Energy, may accompany a report DNFSB staff have prepared on safety issue, may request a briefing from DOE, or be a standalone request for information from a Board member. The audit objective was to review the role and structure of DNFSB to determine whether the Board is (1) operating in accordance with applicable laws and (2) whether the role and structure is effective to facilitate the agencys mission.

OIG did not find any evidence that DNFSB is not operating in accordance with its enabling statute, the National Defense Authorization Act, Fiscal Year 1989, and any amendments thereto. However, OIG identified improvements DNFSB should make in order to more effectively accomplish its mission. Specifically, OIG noted a stark disagreement among Board members, on how and when reporting requirements should be issued, as illustrated by the FY 2016 and 2017 notational voting records.

Additionally, OIG identified that multiple agency-wide surveys consistently illustrate low employee morale and a lack of collegiality and/or cohesion among the Board members.

This report made two recommendations to improve agency policy for issuing reporting requirements and developing and implementing a plan of action to address the issues of (1) low employee morale and (2) Board collegiality as documented in the Federal Employee Viewpoint Surveys, Logistics Management Institute report, and Towers Watson report. Agency management provided formal comments to this report.

Total unimplemented recommendations: 16 April 1, 2018, to September 30, 2018 85

ABBREVIATIONS AND ACRONYMS ADAMS Agencywide Document Access Management System AEA Atomic Energy Act AFR Annual Financial Report AIGA Assistant Inspector General for Audits CNWRA Center for Nuclear Waste Regulatory Analyses CFR Code of Federal Regulations COR Contracting Officers Representative DCAA Defense Contract Audit Agency DNFSB Defense Nuclear Facilities Safety Board DOE Department of Energy DOJ Department of Justice DRMA Division of Resource Management and Administration EEO Equal Employment Opportunity EEOC Equal Employment Opportunity Commission FAR Federal Acquisition Regulation FFRDC Federally Funded Research and Development Centers FISMA Federal Information Security Modernization Act of 2014 FMFIA Federal Managers Financial Integrity Act FOF Force on Force FSTB Federal State and Tribal Liaison Branch FY Fiscal Year GAO Government Accountability Office HLW High-Level Waste HOC Headquarters Operations Center IACTS Issue and Commitment Tracking System IAM Issue Area Monitoring IG Inspector General IMC Inspection Manual Chapter IPEC Indian Point Energy Center IPERA Improper Payments Elimination and Recovery Act IPERIA Improper Payments Elimination and Recovery Improvement Act IPIA Improper Payments Information Act IT Information Technology ITISS Information Technology Infrastructure Support Services LAN Local Area Network LAR License Amendment Request MD Management Directive NCIS Naval Criminal Investigative Service NCV Non-Cited Violation NHPA National Historic Preservation Act NMP Nuclear Materials Program NMSS Office of Nuclear Material Safety and Safeguards NOV Notice of Violation NRC Nuclear Regulatory Commission NRR Office of Nuclear Reactor Regulation NSIR Office of Nuclear Security and Incident Response 86 NRC Office of the Inspector General Semiannual Report to Congress

OGC Office of the General Counsel OGE Office of Government Ethics OIG Office of the Inspector General OIP Office of International Programs OMB Office of Management and Budget PII Personally Identifiable Information PMDA Program Management, Policy Development and Analysis RAD Radioactive RCS Reactor Coolant System SAO Senior Accountable Official SDP Significance Determination Process SGI Safeguards Information SLES Safeguards Information Local Area Network and Electronic Safe SNM Special Nuclear Material SUNSI Sensitive, Unclassified Non-Safeguards Information SwRi Southwest Research Institute Treasury Department of the Treasury URI Unresolved Item WBL Web-based Licensing April 1, 2018, to September 30, 2018 87

REPORTING REQUIREMENTS The Inspector General Act of 1978, as amended (1988), specifies reporting requirements for semiannual reports. This index cross-references those requirements to the applicable pages where they are fulfilled in this report.

Citation Reporting Requirements Page Section 4(a)(2) Review of legislation and regulations 7-8 Section 5(a)(1) S ignificant problems, abuses, and deficiencies 11-22, 42-43 Section 5(a)(2) Recommendations for corrective action 11-22, 42-43 Section 5(a)(3) Prior significant recommendations not yet completed 51 Section 5(a)(4) Matters referred to prosecutive authorities 46, 53 Section 5(a)(5) Listing of audit reports 47-48, 54 Section 5(a)(6) L isting of audit reports with 48 questioned costs or funds put to better use Section 5(a)(7) Summary of significant reports 11-22, 30-39, 42-43 Section 5(a)(8) Audit reports questioned costs 49, 55 Section 5(a)(9) Audit reports Funds put to better use 50, 56 Section 5(a)(10) A udit reports issued before commencement of the 57-85 reporting period (a) for which no management decision has been made, (b) which received no management comment within 60 days, and (c) with outstanding, unimplemented recommendations, including aggregate potential costs savings Section 5(a)(11) Significant revised management decisions none Section 5(a)(12) Significant management decisions with which OIG disagreed none Section 5(a)(13) FFMIA section 804(b) information none Section 5(a)(14)(15)(16) Peer review information 90 Section 5(a)(17) Investigations statistical tables 45-46, 52-53 Section 5(a)(18) Description of metrics 46, 53 Section 5(a)(19) I nvestigations of senior Government officials none where misconduct was substantiated

Section 5(a)(20) Whistleblower retaliation none Section 5(a)(21) Interference with IG independence none Section 5(a)(22) Audits not made public none Section 5(a)(22)(b) I nvestigations involving Senior 33, 34, 37-38 Government officials where misconduct was not substantiated and report was not made public 88 NRC Office of the Inspector General Semiannual Report to Congress

APPENDIX Peer Review Information Audits The NRC OIG Audit Program was peer reviewed by the Federal Communications Commission Office of Inspector General on September 4, 2018, in accordance with CIGIE requirements. NRC OIG received a peer review rating of Pass. This is the highest rating possible based on the available options of Pass, Pass with deficiencies, and Fail.

Investigations The NRC OIG investigative program was peer reviewed most recently by the Tennessee Valley Authority Office of Inspector General. The peer review final report, dated October 5, 2016, reflected that NRC OIG is in full compliance with the quality standards established by the Council of Inspectors General on Integrity and Efficiency and the Attorney General Guidelines for OIGs with Statutory Law Enforcement Authority. These safeguards and procedures provide reasonable assurance of confirming with professional standards in the planning, execution, and reporting of investigations.

April 1, 2018, to September 30, 2018 89

OIG STRATEGIC GOALS

1. S

afety: Strengthen NRCs efforts to protect public health and safety and the environment.

2. S

ecurity: Enhance NRCs efforts to increase security in response to an evolving threat environment.

3. C

orporate Management: Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.

April 1, 2018, to September 30, 2018 91

The NRC OIG Hotline The Hotline Program provides NRC and DNFSB employees, other Government employees, licensee/utility employees, contractors, and the public with a confidential means of reporting suspicious activity concerning fraud, waste, abuse, and employee or management misconduct.

Mismanagement of agency programs or danger to public health and safety may also be reported. We do not attempt to identify persons contacting the Hotline.

What should be reported:

Contract and Procurement Irregularities

Abuse of Authority

Conflicts of Interest

Misuse of Government Credit Card

Theft and Misuse of Property

Time and Attendance Abuse

Travel Fraud

Misuse of Information Technology Resources

Misconduct

Program Mismanagement Ways To Contact the OIG Call:

OIG Hotline 1-800-233-3497 TTY/TDD: 7-1-1, or 1-800-201-7165 7:00 a.m. - 4:00 p.m. (EST)

After hours, please leave a message.

Submit:

Online Form www.nrc.gov Click on Inspector General Click on OIG Hotline Write:

U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program, MS O5 E13 11555 Rockville Pike Rockville, MD 20852-2738 NUREG-1415, Vol. 32, No. 2 October 2018

NUREG-1415 Volume 32, No. 2, Oig Semiannual Report to Congress - April 1, 2018 - September 30, 2018.

Text

SUMMARY

SUMMARY

Navigation menu

NUREG-1415 Volume 32, No. 2, Oig Semiannual Report to Congress - April 1, 2018 - September 30, 2018.

Text

SUMMARY

SUMMARY

Navigation menu

Search