Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL May 12, 2020 MEMORANDUM TO:

Chairman Svinicki FROM:

David C. Lee /RA/

Deputy Inspector General

SUBJECT:

AUDIT OF NRCS FISCAL YEAR (FY) 2019 COMPLIANCE WITH IMPROPER PAYMENT LAWS (OIG-20-A-07)

The Office of the Inspector General (OIG) conducted this audit to (1) assess the Nuclear Regulatory Commissions (NRCs) compliance with the Improper Payments Information Act of 2002 (IPIA), as amended by the Improper Payments Elimination and Recovery Act of 2010 (IPERA) and the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA), and (2) report any material weaknesses in internal control.

OIG found that NRC is generally compliant with IPIA, IPERA, and IPERIA. OIG did not identify any material weaknesses in internal control during this audit.

Audit of NRCs FY 2019 Compliance with Improper Payment Laws 1

Improper Payment Laws Enacted in 2002, the Improper Payments Information Act (IPIA) requires each agency to annually estimate its improper payments. The Improper Payments Elimination and Recovery Act (IPERA), 1 amended IPIA2 in 2010, and requires Federal agencies to periodically review all programs and activities the agency administers and identify all programs and activities that may be susceptible to significant improper payments. In addition, IPERA requires each agency to conduct recovery audits3 with respect to each program and activity of the agency that expends

$1,000,000 or more annually, if conducting such audits would be cost effective.

The Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA) was signed into law on January 10, 2013. It amended IPIA by establishing the Do Not Pay Initiative, which directs agencies to verify the eligibility of payments using databases before making payments.

Federal Improper Payment Guidance for Executive Agencies On June 26, 2018, the Office of Management and Budget (OMB) issued Memorandum M-18-20, Appendix C to OMB Circular A-123, Requirements for Payment Integrity Improvement. Appendix C4 implements IPIA requirements. Table 1 of this report lists the IPIA 1 IPERA defines an improper payment as (A) any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements, and (B) includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except for such payments where authorized by law), and any payment that does not account for credit for applicable discounts.

IPERA provides a detailed explanation of what is considered a significant improper payment (Section 2(a)(3)(A)).

2 Unless otherwise indicated, from this point forward in this report, the term IPIA will imply IPIA, as amended by IPERA and IPERIA.

3 Recovery audits are also referred to as payment recapture audits.

4 For simplicity, the term Appendix C will be used in this report to refer to OMB M-18-20, Appendix C to OMB Circular A-123, Requirements for Payment Integrity Improvement.

BACKGROUND

Audit of NRCs FY 2019 Compliance with Improper Payment Laws 2

requirements established in OMBs memorandum. OMB guidance also specifies that each agencys Inspector General should review agency improper payment reporting in the agencys annual Agency Financial Report (AFR), and accompanying materials, to determine whether the agency complied with IPIA.

New Guidance The Payment Integrity Information Act of 2019 (PIIA) was signed into law on March 2, 2020.5 PIIA incorporates provisions from IPIA, IPERA, and IPERIA, and introduces new payment integrity statutory guidance.

5 Upon implementation, PIIA will revoke IPIA, IPERA, and IPERIA. However, OMB will issue implementing guidance for PIIA, as directed in the law, and agencies were instructed to continue to follow OMB Circular A-123, Appendix C (M-18-20) until PIIA implementation guidance is published.

Audit of NRCs FY 2019 Compliance with Improper Payment Laws 3

The objectives of this audit were to assess NRCs compliance with IPIA, as amended by IPERA, and IPERIA, and report any material weaknesses in internal control. The appendix of this report contains information on the audit scope and methodology.

NRC is compliant with IPIA, as amended by IPERA, and IPERIA, and does not have any material weaknesses in internal control. NRC reported the required information and conducted the mandated risk assessment.

OIG concluded that agency reporting of improper payments is accurate and complete as noted in Table 1.

Compliance with Improper Payment Laws OIG determined that for FY 2019 the agency is in compliance with the requirements of IPIA, as demonstrated in Table 1.

OBJECTIVES FINDING

Audit of NRCs FY 2019 Compliance with Improper Payment Laws 4

Table 1: NRCs FY 2019 Compliance with IPIA Program6 Name Publish an AFR Conducted a Risk Assessment Published an Improper Payment Estimate Published Corrective Action Plans Published and is Meeting Reduction Targets Reported Improper Payment Rate of <

10%

Commercial Payments Compliant Compliant N/A N/A N/A N/A Grants Compliant Compliant N/A N/A N/A N/A Employee Payments Compliant Compliant N/A N/A N/A N/A Payroll Compliant Compliant N/A N/A N/A N/A Source: OIG-generated from Appendix C requirements Per Appendix C, NRC is required to publish improper payment information in the most recent agency AFR and any accompanying materials required by OMB on the agency website. NRC complied with these requirements, as applicable, by including sufficient improper payment information in its FY 2019 AFR. Four IPIA reporting requirements were not applicable to NRC. (Refer to Table 1)

NRC Completed Required Improper Payments Risk Assessment Appendix C requires agencies to triennially review all programs and activities that meet the statutory significance threshold to determine if it is susceptible to significant improper payments. In FY 2017, NRC hired a 6 Per OMB Circular A-123, Appendix C, the term program includes activities or sets of activities recognized as programs by the public, OMB, or Congress, as well as those that entail program management or policy direction.

This definition includes, but is not limited to, all grants including competitive grant programs and block/formula grant programs, non-competitive grants such as single-source awards, regulatory activities, research and development activities, direct Federal programs, all types of procurements (including capital assets and service acquisition), and credit programs. It also includes the activities engaged in by the agency in support of its programs.

Audit of NRCs FY 2019 Compliance with Improper Payment Laws 5

contractor7 to conduct reviews in compliance with this requirement. NRCs contractors considered a universe of approximately 80,000 transactions, comprising of approximately $716 million distributed across four programs:

commercial payments, grants, employee payments, and payroll. NRCs contractors performed limited testing and qualitative analysis over each area. Based on the qualitative risk assessment and testing, NRC did not identify any programs susceptible to significant improper payments.

7 In FY 2017, NRC hired Ernst & Young (EY) Limited Liability Partnership (LLP) to perform the Appendix C requirement of conducting a risk assessment to determine program or activity susceptibility to significant improper payments. Recently, in FY 2019, NRC hired Castro & Company to perform the OMB Circular A-123 assessment. The next Improper Payment risk assessment will be performed in FY 2020.

Audit of NRCs FY 2019 Compliance with Improper Payment Laws 6

The Office of the Executive Director for Operations and the Office of the Chief Financial Officer reviewed the draft memorandum report and had no comments.

AGENCY COMMENTS

Audit of NRCs FY 2019 Compliance with Improper Payment Laws 7

Objectives The objectives of this audit were to assess NRCs compliance with IPIA, as amended by IPERA, and IPERIA, and report any material weaknesses in internal control.

Scope The audit focused on improper payment compliance for FY 2019. OIG conducted this audit from March through April 2020 at NRC headquarters in Rockville, Maryland. Internal controls related to the audit objectives were reviewed and analyzed.

Methodology To accomplish the audit objectives, OIG reviewed agency documents related to NRCs compliance with IPIA for FY 2019. OIG also reviewed applicable Federal laws, regulations, and requirements for IPIA.

Since NRC is subject to a triennial Appendix C risk assessment, OIG reviewed NRCs FY 2017 Improper Payments Risk Assessment report and documentation supporting the risk assessment report as a part of the FY 2019 audit review.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Throughout the audit, auditors considered the possibility of fraud, waste, and abuse in the program. The audit was conducted by Terri Cooper, Team Leader; Felicia Silver, Audit Manager; and Jimmy Wong, Audit Manager.

SCOPE AND METHODOLOGY

Audit of NRCs FY 2019 Compliance with Improper Payment Laws 8

Please

Contact:

Email:

Online Form Telephone:

1-800-233-3497 TDD 7-1-1, or 1-800-201-7165 Address:

U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852 If you wish to provide comments on this report, please email OIG using this link.

In addition, if you have suggestions for future OIG audits, please provide them using this link.

TO REPORT FRAUD, WASTE, OR ABUSE COMMENTS AND SUGGESTIONS