ML18276A107
ML18276A107 | |
Person / Time | |
---|---|
Issue date: | 10/03/2018 |
From: | Bell H NRC/OIG |
To: | |
References | |
Download: ML18276A107 (43) | |
Text
Office of the Inspector General U.S. Nuclear Regulatory Commission Annual Plan Fiscal Year 2019
FOREWORD I am pleased to present the Office of the Inspector General's (OIG) fiscal year (FY) 2019 Annual Plan for the U.S. Nuclear Regulatory Commission (NRC). The Annual Plan provides the audit and investigative strategies and associated summaries of the specific work planned for the coming year. It sets forth OIG's formal strategy for identifying priority issues and managing its workload and resources for FY 2019. (Effective April 1, 2014, the NRC OIG was assigned also to serve as the OIG for the U.S. Defense Nuclear Facilities Safety Board; OIG's annual plan for that agency is contained in a separate document.)
NRC's mission is to license and regulate the Nation's civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. OIG is committed to overseeing the integrity of NRC programs and operations. Developing an effective planning strategy is a critical aspect of accomplishing this commitment. Such planning ensures that audit and investigative resources are used efficiently.
This Annual Plan was prepared to align with the OIG Strategic Plan for FYs 2019-2023, which is based, in part, on an assessment of the strategic challenges facing NRC. The Strategic Plan identifies OIG's priorities and establishes a shared set of expectations regarding the goals we expect to achieve and the strategies we will employ over that timeframe. The Strategic Plan is the foundation on which our Annual Plan is based. OIG sought input from Congress, the NRC Commission, NRC Headquarters, and NRC Regions in developing this Annual Plan.
We have programmed all available resources to address the matters identified in this plan. This approach maximizes use of our resources. However, to respond to a changing environment, it is sometimes necessary to modify this plan as circumstances, priorities, or resources warrant.
/ ~~
Hubert T. Bell
- Inspector General
TABLE OF CONTENTS MISSION AND AUTHORITY ........................................................................... 1 PLANNING STRATEGY.................................................................................. 2 AUDIT AND INVESTIGATION UNIVERSE ..................................................... 2 AUDIT STRATEGY ......................................................................................... 3 INVESTIGATION STRATEGY ........................................................................ 3 PERFORMANCE MEASURES ....................................................................... 6 OPERATIONAL PROCESSES ....................................................................... 7 AUDITS .................................................................................................... 7 INVESTIGATIONS ..................................................................................... 10 HOTLINE ................................................................................................ 11 APPENDICES A. NUCLEAR SAFETY AUDITS PLANNED FOR FY 2019 Audit of NRCs Generic Issues Program ................................. A-1 Audit of NRCs License Amendment Request Review Process ................................................................................... A-2 Audit of NRCs Process for Developing and Coordinating Research Activities .................................................................................. A-3 Audit of NRCs Nuclear Power Surveillance Test Inspection Program ................................................................................. A-4 Audit of NRCs Oversight of Supplemental Inspection Corrective Actions .................................................................................... A-5 Audit of NRCs Regulatory Oversight of Radiation Safety Officers.................................................................................... A-6 Audit of NRCs Training Selection Process for Agreement State Personnel ................................................................................ A-7 Audit of NRCs Transition Process for Decommissioning Power Reactors.................................................................................. A-8
Audit of NRCs Integrated Materials Performance Evaluation Program ................................................................................. A-9 Audit of NRCs Dosimetry Program ....................................... A-10 Audit of NRCs Oversight Fuel Manufacturing Facilities Processing Low-enriched Uranium .......................................................... A-11 Audit of NRCs Use of Enforcement Discretion for Nuclear Power Licensees
.................................................................................................. A-12 Evaluation of NRCs Differing Professional Opinions Program ................................................................................ A-13 B. SECURITY AUDITS PLANNED FOR FY 2019 Audit of NRCs Oversight of Cyber Security at Nuclear Power Plants ..................................................................................... B-1 Audit of NRCs Emergency Preparedness Program................ B-2 C. CORPORATE MANAGEMENT AUDITS PLANNED FOR FY 2019 Audit of NRCs Grants Pre-Award and Award Processes ....... C-1 Audit of NRCs Fiscal Year 2018 Financial Statements .......... C-2 Audit of NRCs Grant Administration and Closeout Processes C-3 Independent Evaluation of NRCs Implementation of the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2018 .............................................................................. C-4 Audit of NRCs Compliance with Improper Payment Laws ...... C-5 Audit of NRCs Implementation of Federal Information Technology Acquisition Reform Act (FITARA) ............................................ C-6 Audit of NRCs Process for Managing Intra-Government Payment and Collection System Payments ............................ C-7 Assessment of NRCs Most Serious Management and Performance Challenges for Fiscal Year 2020 ........................ C-8 Audit of NRCs Compliance with Standards Established by the Digitial Accountability and Transparency Act of 2014 (DATA Act) ........................................................................................ C-9
Audit of NRCs Fiscal Year 2019 Financial Statements ....... C-10 Independent Evaluation of NRCs Implementation of the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2019 ............................................................................ C-11 Audit of the Information System Security Officer Function ... C-12 Audit of NRCs Knowledge Management Program .............. C-13 Audit of NRCs Process for Placing Official Agency Records in ADAMS ................................................................................ C-14 Audit Follow-up of NRCs Contract Administration Process . C-15 Audit of NRCs Replacement Reactor Program System (RRPS) .................................................................................. C-16 D. INVESTIGATIONS - PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2019 E. ISSUE AREAS AND DESIGNATED ISSUE AREA MONITORS F. ABBREVIATIONS AND ACRONYMS
MISSION AND AUTHORITY The Nuclear Regulatory Commissions (NRC) Office of the Inspector General (OIG) was established on April 15, 1989, pursuant to Inspector General Act Amendments contained in Public Law 100-504. OIGs mission is to (1) conduct and supervise independent audits and investigations of agency programs and operations; (2) promote economy, effectiveness, and efficiency within the agency; (3) prevent and detect fraud, waste, and abuse in agency programs and operations; (4) develop recommendations regarding existing and proposed regulations relating to agency programs and operations; and (5) keep the agency head and Congress fully and currently informed about problems and deficiencies relating to agency programs. The act also requires the Inspector General (IG) to prepare a semiannual report to the NRC Chairman and Congress summarizing the activities of the OIG.
In furtherance of the execution of this mission and of particular importance to OIGs annual plan development, the IG summarizes what he considers to be the most serious management and performance challenges facing NRC and assesses the agencys progress in addressing those challenges. In October 2017, the IG identified the following as the most serious management and performance challenges facing NRC.1
- 1. Regulation of nuclear reactor safety programs.
- 2. Regulation of nuclear materials and radioactive waste programs.
- 3. Management of security over internal infrastructure (personnel, physical, and cyber security) and nuclear security.
- 4. Management of information technology and information management.
- 5. Management of financial programs.
- 6. Management of administrative functions.
These management and performance challenges were revised in 2018, as noted in the list below.2
- 1. Regulation of nuclear reactor safety and security programs
- 2. Regulation of nuclear materials and radioactive waste safety and security programs.
- 3. Management of information and information technology.
- 4. Management of financial programs.
- 5. Management of corporate functions.
All audits and evaluations that were initiated in FY 2018 will be subject to the 1
The challenges are not ranked in any order of importance.
2 Ibid.
1
former management and performance challenges, while all audits and evaluations commencing in FY 2019 will be subject to the revised management and performance challenges.
Through its Issue Area Monitor (IAM) program, OIG staff monitor agency performance on these management and performance challenges. These challenges, in conjunction with OIGs strategic goals, serve as an important basis for deciding which audits and evaluations to conduct each fiscal year.
2
PLANNING STRATEGY The FY 2019 Annual Plan is linked with OIGs Strategic Plan for FYs 2019 -
2023. The Strategic Plan identifies the major challenges and critical risk areas facing the NRC so that OIG resources may be directed in these areas in an optimum fashion.
The Strategic Plan recognizes the mission and functional areas of the agency and the major challenges the agency faces in successfully implementing its regulatory program. The plan presents strategies for reviewing and evaluating NRC programs under the strategic goals that OIG established. OIGs strategic goals are to (1) strengthen NRCs efforts to protect public health and safety and the environment, (2) enhance NRCs efforts to increase security in response to an evolving threat environment, and (3) increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources. To ensure that each audit and evaluation carried out by OIG aligns with the Strategic Plan, program areas selected for audit and evaluation have been cross walked from the Annual Plan to the Strategic Plan (see planned audits in appendixes A, B, and C).
AUDIT AND INVESTIGATION UNIVERSE NRCs FY 2019 budget is $911 million. The agency's mission is to license and regulate the Nations civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. The agency also has a role in enhancing nuclear safety and security throughout the world.
NRC is headquartered in Rockville, Maryland, just outside of Washington, DC; has four regional offices located throughout the United States; and operates a technical training center located in Chattanooga, Tennessee.
The agency carries out its mission through various licensing, inspection, research, and enforcement programs. NRC responsibilities include regulating 99 commercial nuclear power reactors licensed to operate in the United States; 78 licensed and or operating Independent Spent Fuel Storage Installations; 31 licensed and operating research and test reactors; 13 fuel cycle facilities; and approximately 2,600 licenses issued for medical, academic, and industrial uses of nuclear material. In FY 2018, has 5 license renewal applications for operating power reactor sites. Additionally, NRC is overseeing the decommissioning of 20 power reactor sites and 3 research and test reactors.
3
The audit and investigation oversight responsibilities are therefore derived from the agencys wide array of programs, functions, and support activities established to accomplish NRC's mission.
AUDIT STRATEGY Effective audit planning requires current knowledge about the agencys mission and the programs and activities used to carry out that mission. Accordingly, OIG continually monitors specific issue areas to strengthen its internal coordination and overall planning process. Under the offices Issue Area Monitoring (IAM) program, staff designated as IAMs are assigned responsibility for keeping abreast of major agency programs and activities. The broad IAM areas address nuclear reactors, nuclear materials, nuclear waste, information management, security, financial and administrative programs, human resources, and international programs. Appendix E contains a listing of the IAMs and the issue areas for which they are responsible.
The audit planning process, which is informed by the OIG Strategic Plan and identified agency management and performance challenges, yields audit assignments that identify opportunities for efficiency, economy, and effectiveness in NRC programs and operations; detect and prevent fraud, waste, and mismanagement; improve program and security activities at headquarters and regional locations; and respond to emerging circumstances and priorities. The priority for conducting audits is based on (1) mandatory legislative requirements; (2) critical agency risk areas; (3) emphasis by the President, Congress, NRC Chairman, or other NRC Commissioners; (4) a programs susceptibility to fraud, manipulation, or other irregularities; (5) dollar magnitude or resources involved in the proposed audit area; (6) newness, changed conditions, or sensitivity of an organization, program, function, or activities; (7) prior audit experience, including the adequacy of internal controls; and (8) availability of audit resources.
INVESTIGATION STRATEGY OIG investigation strategies and initiatives add value to agency programs and operations by identifying and investigating allegations of fraud, waste, and abuse leading to criminal, civil, and administrative penalties and recoveries. By focusing on results, OIG has designed specific performance targets focusing on effectiveness. Because NRC's mission is to protect public health and safety, the main investigative concentration involves alleged NRC misconduct or inappropriate actions that could adversely impact health and safety-related matters. These investigations typically include allegations of Misconduct by high-ranking NRC officials and other NRC officials, such as managers and inspectors, whose positions directly impact public health and safety.
4
Failure by NRC management to ensure that health and safety matters are appropriately addressed.
Failure by the NRC to appropriately transact nuclear regulation.
Conflict of interest by NRC employees with NRC contractors and licensees.
Indications of management or supervisory retaliation or reprisal.
OIG will also implement initiatives designed to monitor specific high-risk areas within NRCs corporate management that are most vulnerable to fraud, waste, and abuse. A significant focus will be on emerging information technology and national security issues that could negatively impact the security and integrity of NRC data and operations. This will also include efforts to ensure the continued protection of personal privacy information held within agency databases and systems. OIG is committed to improving the security of the constantly changing electronic business environment by investigating unauthorized intrusions and computer-related fraud, and by conducting computer forensic examinations.
Other proactive initiatives will focus on determining instances of procurement fraud, identifying vulnerabilities in the nuclear supply chain, theft of property, insider threats, and Government travel and purchase card abuse.
As part of these proactive initiatives, OIG will meet with agency internal and external stakeholders to identify systemic issues or vulnerabilities. This approach will allow the identification of potential vulnerabilities and an opportunity to improve agency performance, as warranted.
With respect to OIGs strategic goals pertaining to safety and security, OIG routinely interacts with public interest groups, individual citizens, industry workers, and NRC staff to identify possible lapses in NRC regulatory oversight that could impact public health and safety. OIG also conducts proactive initiatives and reviews into areas of current or future regulatory safety or security interest to identify emerging issues or address ongoing concerns regarding the quality of NRCs regulatory oversight. Such areas might include new reactor licensing and relicensing of existing plants, aspects of the transportation and storage of high-level and low-level waste, as well as decommissioning activities.
Finally, OIG periodically conducts a limited number of Event Inquiries and Special Inquiries. Event Inquiry reports document OIGs examination of events or agency regulatory actions to determine if staff actions may have contributed to the occurrence of an event. Special Inquiry reports document those instances where an investigation identifies inadequacies in NRC regulatory oversight that may have resulted in a potential adverse impact on public health and safety.
5
Appendix D provides investigation objectives and initiatives for FY 2019. Specific investigations are not included in the plan because investigations are primarily responsive to reported violations of law and misconduct by NRC employees and contractors, as well as allegations of irregularities or abuse in NRC programs and operations.
6
PERFORMANCE MEASURES For FY 2019, we will use a number of key performance measures and targets for gauging the relevancy and impact of our audit and investigative work. OIG calculates these measures in relation to each of OIGs strategic goals to determine how well we are accomplishing our objectives. The performance measures are
- 1. Percentage of OIG audit products and activities that cause the agency to take corrective action to improve agency safety, security, or corporate management programs; ratify adherence to agency policies, procedures, or requirements; or identify real dollar savings or reduced regulatory burden (i.e., high impact).
- 2. Percentage of audit recommendations agreed to by the agency.
- 3. Percentage of final agency actions taken within 2 years on audit recommendations.
- 4. Percentage of OIG investigative products and activities that identify opportunities to improve agency safety, security, or corporate management programs; ratify adherence to agency policies/procedures; or confirm or disprove allegations of wrongdoing (e.g., high impact).
- 5. Percentage of agency actions taken in response to investigative reports.
- 6. Percentage of active cases completed in less than 18 months on average.
- 7. Percentage of closed investigations referred to the U.S. Department of Justice (DOJ) or other relevant authorities.
- 8. Percentage of closed investigations resulting in indictments, convictions, civil suits or settlements, judgments, administrative actions, monetary results, or IG clearance letters.
7
OPERATIONAL PROCESSES The following sections detail the approach used to carry out the audit and investigative responsibilities previously discussed.
AUDITS OIGs audit process comprises the steps taken to conduct audits and involves specific actions, ranging from annual audit planning to performing audit followup.
The underlying goal of the audit process is to maintain an open channel of communication between the auditors and NRC officials to ensure that audit findings are accurate and fairly presented in the audit report.
OIG performs the following types of audits:
Performance - Performance audits focus on NRC administrative and program operations and evaluate the effectiveness and efficiency with which managerial responsibilities are carried out, including whether the programs achieve intended results.
Financial - These audits, which include the financial statement audit required by the Chief Financial Officers Act, attest to the reasonableness of NRCs financial statements and evaluate financial programs.
Contract - Contract audits evaluate the costs of goods and services procured by NRC from commercial enterprises.
The key elements in the audit process are as follows:
Audit Planning - Each year, suggestions are solicited from Congress, the NRC Commission, agency management, external parties, and OIG staff. An annual audit plan (i.e., this document) is developed and distributed to interested parties.
It contains a listing of planned audits to be initiated during the year and the general objectives of the audits. The annual audit plan is a living document that may be revised as circumstances warrant, with a subsequent redistribution of staff resources.
Audit Notification - Formal notification is provided to the office responsible for a specific program, activity, or function, informing them of OIGs intent to begin an audit of that program, activity, or function.
Entrance Conference - A meeting is held to advise agency officials of the objective(s), and scope of the audit, and the general methodology to be followed.
8
Survey - Exploratory work is conducted before the more detailed audit work commences to gather data for refining audit objectives, as appropriate; documenting internal control systems; becoming familiar with the activities, programs, and processes to be audited; and identifying areas of concern to management. At the conclusion of the survey phase, the audit team will recommend to the Assistant Inspector General for Audits (AIGA) a Go or No Go decision regarding the verification phase. If the audit team recommends a No Go, and it is approved by the AIGA, the audit is dropped.
Audit Fieldwork - A comprehensive review is performed of selected areas of a program, activity, or function using an audit program developed specifically to address the audit objectives.
End of Fieldwork Briefing With Agency - At the conclusion of audit fieldwork, the audit team discusses the tentative report findings and recommendations with the auditee.
Discussion Draft Report - A discussion draft copy of the report is provided to agency management to allow them the opportunity to prepare for the exit conference.
Exit Conference - A meeting is held with the appropriate agency officials to discuss the discussion draft report. This meeting provides agency management the opportunity to confirm information, ask questions, and provide any necessary clarifying data.
Final Draft Report - If requested by agency management during the exit conference, a final draft copy of the report that includes comments or revisions from the exit conference is provided to the agency to obtain formal written comments.
Final Audit Report - The final report includes, as necessary, any revisions to the facts, conclusions, and recommendations of the draft report discussed in the exit conference or generated in written comments supplied by agency managers.
Written comments are included as an appendix to the report. Some audits are sensitive and/or classified. In these cases, final audit reports are not made available to the public.
Response to Report Recommendations - Offices responsible for the specific program or process audited provide a written response on each recommendation (usually within 30 days) contained in the final report. Agency management responses include a decision for each recommendation indicating agreement or disagreement with the recommended action. For agreement, agency management provides corrective actions taken or planned and actual or target 9
dates for completion. For disagreement, agency management provides their reasons for disagreement and any alternative proposals for corrective action.
Impasse Resolution - If the response by the action office to a recommendation is unsatisfactory, OIG may determine that intervention at a higher level is required. The Executive Director for Operations is NRCs audit followup official, but issues can be taken to the Chairman for resolution, if warranted.
Audit Followup and Closure - This process ensures that recommendations made to management are implemented.
10
INVESTIGATIONS OIGs investigative process normally begins with the receipt of an allegation of fraud, mismanagement, or misconduct. Because a decision to initiate an investigation must be made within a few days of each referral, OIG does not schedule specific investigations in its annual investigative plan.
Investigations are opened in accordance with OIG priorities as set forth in the OIG Strategic Plan and in consideration of prosecutorial guidelines established by the local U.S. attorneys for the DOJ. OIG investigations are governed by the Council of the Inspectors General on Integrity and Efficiency Quality Standards for Investigations, the OIG Special Agent Handbook, and various guidance provided periodically by DOJ.
Only four individuals in the OIG can authorize the opening of an investigative case: the IG, the Deputy IG, Assistant Inspector General for Investigations (AIGI), and the Senior Assistant for Investigative Operations. Every allegation received by OIG is given a unique identification number and entered into a database. Some allegations result in investigations, while others are retained as the basis for audits, referred to NRC management, or, if appropriate, referred to another law enforcement agency.
When an investigation is opened, it is assigned to a special agent who prepares a plan of investigation. This planning process includes a review of the criminal and civil statutes, program regulations, and agency policies that may be involved.
The special agent then conducts the investigation, and uses a variety of investigative techniques to ensure completion.
In cases where the special agent determines that a crime may have been committed, he or she will discuss the investigation with a Federal and/or local prosecutor to determine if prosecution will be pursued. In cases where a prosecuting attorney decides to proceed with a criminal or civil prosecution, the special agent assists the attorney in any preparation for court proceedings that may be required.
For investigations that do not result in prosecution but are handled administratively by the agency, the special agent prepares an investigative report summarizing the facts disclosed during the investigation. The investigative report is distributed to agency officials who have a need to know the results of the investigation. For investigative reports provided to agency officials, OIG requires a response within 120 days regarding action taken as a result of the investigative findings. OIG monitors corrective or disciplinary actions that are taken.
11
OIG collects data summarizing the criminal and administrative action taken as a result of its investigations and includes this data in its semiannual reports to Congress.
As a complement to the investigation function, OIG also periodically conducts a limited number of Event Inquiries and Special Inquiries. Event Inquiry reports document OIGs examination of events or agency regulatory actions to determine if staff actions may have contributed to the occurrence of an event. Special Inquiry reports document those instances where an investigation identifies inadequacies in NRC regulatory oversight that may have resulted in a potential adverse impact on public health and safety.
HOTLINE The OIG Hotline Program provides NRC employees, contract employees, and the public with a confidential means of reporting to the OIG instances of fraud, waste, and abuse relating to agency programs and operations.
Please Contact:
E-mail: Online Form Telephone: 1-800-233-3497 TDD 1-800-201-7165, or 7-1-1 Address: U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852 12
APPENDIX A NUCLEAR SAFETY AUDITS PLANNED FOR FY 2019
Nuclear Safety Audits Appendix A Audit of NRCs Generic Issues Program DESCRIPTION AND JUSTIFICATION:
NRC is responsible for identifying issues that involve public health and safety, the common defense and security, or the environment in the assessment of plant operation. Issues that could affect multiple entities under NRC jurisdiction are characterized by NRC as generic issues. NRC documents and tracks resolution of generic issues and proposed generic issues, which can be identified by NRC staff or members of the public. Congress requires NRC to maintain this program.
In 2015, NRC revised its generic issues program guidance following an Office of the Executive Director for Operations-sponsored team review. As part of program enhancement, NRC implemented changes intended to improve timeliness and communications for the generic issues process. Additionally, NRCs generic issues process was simplified by reducing the number of stages from five to three. According to Management Directive 6.4, Generic Issues Program, the three stage process for generic issues include screening, assessment, and regulatory office implementation. The resolution of generic issues may involve new or revised rules, new or revised guidance, or revised interpretation of rules or guidance that affect nuclear power plant licensees.
OBJECTIVE:
The audit objective is to determine whether NRC manages generic issues pertaining to commercial nuclear power reactor safety appropriately and in accordance with applicable agency guidance.
SCHEDULE:
Initiated in the 3rd quarter of FY 2018.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-1: Identify risk areas associated with NRC's oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 1:
Regulation of nuclear reactor safety programs.
A-1
Nuclear Safety Audits Appendix A Audit of NRCs License Amendment Request Review Process DESCRIPTION AND JUSTIFICATION:
NRC has authority to amend licenses for operating and decommissioned reactors. License amendments are changes to NRC issued licenses where a licensee submits a license amendment request (LAR) to the NRC for prior approval if the licensee proposes to modify the license terms and conditions or the technical specifications, or if a proposed change meets the criteria of 10 CFR 50.90.
The NRC license amendment process is governed by NRC regulations and regulatory guidance. Section 187 of the Atomic Energy Act, "Modification of License," states that the "terms and conditions of all licensees shall be subject to amendment, revision, or modification, by reason of amendments of this Act, or by reason of rules and regulations issued in accordance with the terms of this Act." NRC regulations (primarily, 10 CFR 50.90, 10 CFR 50.91, and 10 CFR 50.92) govern license amendment applications and issuances.
Internal guidance for development and review of license amendments is provided in the Office of Nuclear Reactor Regulations (NRR) Office Instruction LIC-101, License Amendment Review Procedures, Revision 5, effective date of January 16, 2017. LIC-101 directs NRC staff to conduct evaluations of the LAR which considers the technical, safety, and legal basis for the NRCs disposition of the LAR. NRR management is responsible for resolving staff concerns regarding the issuance or denial of a license amendment, the scope of review, resources or schedules for a review, or other matters related to the NRC disposition of a LAR.
OBJECTIVE:
The audit objective is to assess NRCs processes for reviewing nuclear power plant LARs, with emphasis on preliminary acceptance/rejection procedures and other actions taken to ensure timely, consistent, and well-supported decisions.
SCHEDULE:
Initiated in the 3rd quarter of FY 2018.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-1: Identify risk areas associated with NRC's oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 1:
Regulation of nuclear reactor safety programs.
A-2
Nuclear Safety Audits Appendix A Audit of NRCs Process for Developing and Coordinating Research Activities DESCRIPTION AND JUSTIFICATION:
NRCs regulatory research program addresses issues in nuclear reactors, nuclear materials, and radioactive waste. The Office of Nuclear Regulatory Research (RES) is a technical support office that supplies technical tools, analytical models, analyses, experimental data, and technical guidance to support NRCs regulatory programs and decisions.
Agency research projects are conducted in accordance with user needs, research assistance requests, and research plans. User needs and research assistance requests focus on fulfilling specific needs for research in support of licensing and other regulatory functions. In contrast, a research plan typically integrates and coordinates work from a variety of sources including user requests, long-term research, and support for codes and standards development. Research plans require significant resources and document multiple facets of a regulatory issue with the main purpose of gaining a sound understanding of the underlying technical bases to aid regulatory decisionmaking and promulgating regulations and guidance.
Based on recommendations from Project Aim, the agency is working to enhance its effectiveness, efficiency, and agility. The process for developing and coordinating research plans should be consistent with these objectives to further NRCs mission on broad, complex, and crosscutting technical issues and challenges that have regulatory implications.
OBJECTIVE:
The audit objective is to assess the effectiveness and efficiency of the development, use, and coordination of research activities.
SCHEDULE:
Initiated in the 3rd quarter of FY 2018.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-2: Identify risk areas facing NRC's oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 2:
Regulation of nuclear materials and radioactive waste programs.
A-3
Nuclear Safety Audits Appendix A Audit of NRCs Nuclear Power Surveillance Test Inspection Program DESCRIPTION AND JUSTIFICATION:
NRC inspects surveillance testing of safety structures, systems, and components at commercial nuclear power plants. The purpose of these inspections is to evaluate licensees surveillance testing activities and their effectiveness in demonstrating that plant systems are capable of performing intended safety functions consistent with their design and licensing bases. Failure to identify and resolve performance degradation of structures, systems, and components could result in long periods of unknown equipment unavailability.
Surveillance test inspections are performed in accordance with Inspection Procedure (IP) 71111.22, which requires inspectors to evaluate 14-22 samples annually per unit at each site.
Inspectors are to select risk- or safety-significant surveillance activities based on risk information. Verification of activities under this procedure should focus on performance-based field observations of complete surveillance test evolutions, followed by verification of the bases and of the proper demonstration of performance that supports operability determinations.
Additionally, once or twice a year, inspectors should consider conducting a vertical slice review of work activities on safety-significant systems to assess whether different aspects of the licensees processes work effectively together (e.g., Maintenance, Operations, Risk Management, Scheduling, etc.).
OBJECTIVE:
The audit objective is to assess NRCs conduct of surveillance test inspection activities relative to IP 71111.22 requirements.
SCHEDULE:
Initiate in the 1st quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-1: Identify risk areas associated with NRC's oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 1:
Regulation of nuclear reactor safety programs.
A-4
Nuclear Safety Audits Appendix A Audit of NRCs Oversight of Supplemental Inspection Corrective Actions DESCRIPTION AND JUSTIFICATION:
NRCs supplemental inspection program is designed to support the NRCs goals of maintaining safety, enhancing openness, improving the effectiveness, efficiency and realism of the regulatory process, and reducing unnecessary regulatory burden. While the baseline inspection program and plant performance indicators are expected to provide assurance that nuclear power plant licensees are operating safely without undue risk, NRC generally requires supplemental inspections at plants where risk significant performance issues have been identified. These performance issues may be identified either by inspection findings evaluated as greater-than-green using the significance determination process, or when green performance indicator thresholds are exceeded.
Inspection Procedures 95001, 95002, and 95003 provide NRC staff guidance for conducting supplemental inspections. Although these procedures vary with respect to inspection scope and depth, all require NRC to assess the adequacy of licensees corrective actions to ensure they effectively address causes of performance problems. The outcomes of supplemental inspections may also impact a licensees status on the Reactor Oversight Process Action Matrix, which determines the level of oversight NRC applies to each licensee based on plant performance.
OBJECTIVE:
The audit objective is to assess how NRC verifies licensee corrective actions required to close supplemental inspection findings and documents supplemental inspection results.
SCHEDULE:
Initiate in the 1st quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-1: Identify risk areas associated with NRC's oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 1:
Regulation of nuclear reactor safety programs.
A-5
Nuclear Safety Audits Appendix A Audit of NRCs Regulatory Oversight of Radiation Safety Officers DESCRIPTION AND JUSTIFICATION:
Radiation Safety Officers (RSOs) are responsible for radiological safety in conjunction with the use, handling, and storage of radioactive materials in programs licensed by the Nuclear Regulatory Commission (NRC). NRC requires that most of its licensees employ RSOs to ensure that all licensed activities are carried out in compliance with the requirements of their NRC materials license, as well as with applicable regulations.
RSOs must have adequate training to understand the hazards associated with radioactive material and be familiar with all applicable regulatory requirements. RSOs must have the knowledge, skill, and resources to ensure that a licensees activities involving radiation and radioactive materials are conducted safely. RSOs should also have independent authority to stop operations they consider unsafe. Additionally, they should have sufficient time and commitment from management to fulfill their duties and responsibilities to ensure that radiation safety procedures are being implemented and that the required records of licensed activities are maintained.
Because RSOs work for licensees involved with several different areas of nuclear material, RSOs play a vital role in radiation protection programs as they are ultimately responsible for overseeing and ensuring safe operations within those programs.
OBJECTIVE:
To determine if NRCs regulatory oversight of Radiation Safety Officers provides adequate protection for public health, safety, security, and the environment.
SCHEDULE:
Initiate in the 1st quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-2: Identify risk areas facing NRC's oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements MANAGEMENT CHALLENGE 2:
Regulation of nuclear materials and radioactive waste programs.
A-6
Nuclear Safety Audits Appendix A Audit of NRCs Training Selection Process for Agreement State Personnel DESCRIPTION AND JUSTIFICATION:
NRC fully funds the training and associated travel costs for State staff to attend NRC-sponsored training. The Commissions funding for the program is intended to help Agreement States enhance their programs performance and foster national consistency among Agreement State and NRC inspectors and license reviewers. Over the last several years, the training program conducted by the NRC for State personnel has gone through an evolution in which the training developed and conducted for States has been merged with the training program for NRC staff.
NRC-sponsored courses provide training that is recommended for State personnel to become and remain qualified to perform and implement a materials licensing and inspection program.
NRC has established qualification criteria to guide the training selection process for Agreement State personnel for both on-line and classroom training.
OBJECTIVE:
The audit objective is to determine the effectiveness and efficiency of NRCs process for selecting Agreement State personnel for NRC-sponsored training courses.
SCHEDULE:
Initiate in the 1st quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-2: Identify risk areas facing NRC's oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 2:
Regulation of nuclear materials and radioactive waste programs.
A-7
Nuclear Safety Audits Appendix A Audit of NRCs Transition Process for Decommissioning Power Reactors DESCRIPTION AND JUSTIFICATION:
When a power company decides to permanently close a nuclear power plant, the facility must be decommissioned by safely removing it from service and reducing residual radioactivity to a level that permits release of the property and termination of the operating license. The decommissioning of nuclear power plants continues to be a challenge for many licensees. The largest amount of licensing activity is expected to occur during the transition from operation to decommissioning. During this period a number of modifications both technical and organizational are needed for the plant to meet new objectives and requirements as stated in several NRC regulations. The NRC's transition period typically concludes with the transfer of regulatory responsibility from the Office of Nuclear Reactor Regulation to the Office of Nuclear Material Safety and Safeguards.
The number of nuclear power reactors being decommissioned may increase in the coming years as more reactors reach the end of their original or extended licensed life, and as some plants face challenging financial conditions.
OBJECTIVE:
This audit objective is to determine if the process NRC uses to transfer responsibility for oversight of commercial reactors transitioning from operating to decommissioning status ensures licensees meet applicable requirements and protects public health,safety, and security.
SCHEDULE:
Initiate in the 1st quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-2: Identify risk areas facing NRC's oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 2:
Regulation of nuclear materials and radioactive waste programs.
A-8
Nuclear Safety Audits Appendix A Audit of NRCs Integrated Materials Performance Evaluation Program DESCRIPTION AND JUSTIFICATION:
The Integrated Materials Performance Evaluation Program (IMPEP) ensures that public health and safety are adequately protected from the potential hazards associated with the use of radioactive materials, and that Agreement State programs are compatible with the NRC's program.
Management Directive (MD) 5.6, Integrated Materials Performance Evaluation Program (IMPEP), establishes the process by which the Office of Nuclear Material Safety and Safeguards conducts its periodic assessments. IMPEPs review approximately 8-10 Agreement State and NRC Regional radioactive materials licensing and inspection programs per year. The IMPEP review teams consist of a combination of NRC and Agreement State staff.
IMPEP reviews are critical to ensuring public health and safety across the Nation.
OBJECTIVE:
The audit objective is to determine if IMPEP ensures public health and safety are adequately protected and that Agreement State programs are also compatible with NRC's program.
SCHEDULE:
Initiate in the 2nd quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-3: Identify risk areas facing NRC's oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 2:
Regulation of nuclear materials and radioactive waste programs.
A-9
Nuclear Safety Audits Appendix A Audit of NRCs Dosimetry Program DESCRIPTION AND JUSTIFICATION:
Dosimetry is the study, measurement, method of measurement, or instrument of measurement of radiation dose. Dosimetry often refers to the status of wearing a personnel badge that measures and monitors dose. It may also refer to dose history and the records where dose history is maintained.
NRC has procedures and standards for protecting NRC employees from ionizing radiation hazards associated with the activities conducted by NRC. The overarching guidance requires various NRC offices to appoint a Radiation Safety Officer (RSO) to establish a radiation safety program.
RSOs are expected to ensure the radiation safety program implements MD 10.131 by authorizing the issuance of dosimeters, reviewing radiation exposure information, ensuring information is accurately recorded, auditing the program biennially, and providing NRC employees with their exposure data. As appropriate, NRC employees are expected to get a dosimeter from their RSO or the licensee. NRCs official records for employees occupational doses are in the Employee Exposure Dosimetry System.
OBJECTIVE:
The audit objective is to determine if NRC has the appropriate internal controls for (1) processes for measuring and recording employees radiation exposures and (2) the Employee Exposure Dosimetry System.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-2: Identify risk areas facing NRC's oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 2:
Regulation of nuclear materials and radioactive waste programs.
A-10
Nuclear Safety Audits Appendix A Audit of NRCs Oversight Fuel Manufacturing Facilities Processing Low-enriched Uranium DESCRIPTION AND JUSTIFICATION:
There are three NRC-licensed fuel fabrication plants currently processing low-enriched uranium in the United States. In May 2016, one of the facilities was found to have a significant violation of requirements associated with control of uranium in its ventilation system when a large amount of uranium oxide was discovered to have collected in a ventilation plenum area. This event posed potential risk to criticality controls that could have resulted in an accident.
This audit will look at NRCs longer term response to this event by assessing the agencys oversight processes for nuclear fuel manufacturing facilities, with a focus on the lessons learned and any changes made to improve NRCs regulatory oversight of these facilities.
OBJECTIVE:
The audit objective is to determine if NRCs oversight of nuclear fuel manufacturing facilities effectively provides for public health, safety, and security.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-3: Identify risk areas facing NRC's oversight of nuclear materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 2:
Regulation of nuclear materials and radioactive waste programs.
A-11
Nuclear Safety Audits Appendix A Audit of NRCs Use of Enforcement Discretion for Nuclear Power Licensees DESCRIPTION AND JUSTIFICATION:
In accordance with NRCs enforcement policy, power reactor licensees may be authorized in limited circumstances to deviate temporarily from plant technical specifications or other license conditions. NRC may exercise enforcement discretion in situations where compliance with these regulatory requirements would require a plant transient or performance testing, inspection, or other system change that increases safety risk relative to current specific plant conditions. NRC may also exercise enforcement discretion in cases involving severe weather or other natural phenomena if the agency determines that exercising this discretion will not compromise plant safety.
Inspection Manual Chapter 0410 provides NRC staff with guidance for exercising enforcement discretion and communicating the agencys position through Notices of Enforcement Discretion (NOED). In all cases, NRC considers the impact of enforcement discretion on public health and safety and the common defense and security. If NRC determines that operation outside of technical specifications or license conditions would unacceptably affect safety or security, NRC will not grant a NOED. Continued operation of a plant during the period of enforcement discretion should not cause risk to exceed the level determined acceptable during normal work controls. Consequently, there should be no net increase in radiological risk to the public.
OBJECTIVE:
The audit objective is to assess NRCs use of enforcement discretion, with emphasis on decision bases, documentation, and conditions licensees must meet to achieve regulatory compliance.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-1: Identify risk areas associated with NRC's oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 1:
Regulation of nuclear reactor safety programs.
A-12
Nuclear Safety Audits Appendix A Evaluation of NRCs Differing Professional Opinions Program DESCRIPTION AND JUSTIFICATION:
NRCs Differing Professional Opinion (DPO) program enables an employee or contractor can express formal disagreement with an established staff view, management decision or policy position, or agency practices involving technical, legal, or policy issues (including administrative or corporate support issues). A DPO can cover a broad range of concerns, provided the opinion is related to NRCs mission and to the strategic goals and objectives that support the mission as addressed in the agencys Strategic Plan.
NRCs Office of Enforcement administers the agencys DPO program, and conducts periodic assessments of the program. Management Directive 10.159 (NRC Differing Professional Opinion Program) is the primary DPO programmatic guidance and was revised in 2015 to reflect input from internal assessments, the OIG Safety Culture and Climate Survey, a business process improvement review, and an agency Safety Culture Task Force report.
NRC posts summaries of closed DPO cases, along with supporting documentation, as appropriate, on its public website. Staff who submit DPOs may request that the information not be released publicly, and sensitive information pertaining to these cases (e.g., classified, proprietary, allegations-related) is to be processed in accordance with agency policy.
OBJECTIVE:
The evaluation objective is to assess whether NRC employees suffer retaliation or other harm by expressing their professional opinions through NRCs Differing Professional Opinions program.
SCHEDULE:
Initiate in the 4th quarter of FY 2019.
STRATEGIC GOAL 1:
Strengthen NRCs efforts to protect public health and safety and the environment.
Strategy 1-1: Identify risk areas associated with NRC's oversight of nuclear facilities, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 1:
Regulation of nuclear reactor safety programs.
A-13
APPENDIX B SECURITY AUDITS PLANNED FOR FY 2019
Security Audits Appendix B Audit of NRCs Cyber Security Inspections at Nuclear Power Plants DESCRIPTION AND JUSTIFICATION:
Nuclear power facilities use digital and analog systems to monitor, operate, control, and protect their plants. Licensees are required to protect such systems and networks from cyber-attacks that would act to modify, destroy, or compromise the integrity or confidentiality of data or software; deny access to systems, services, or data; and impact the operation of systems, networks, and equipment.
NRCs cyber security rule is a performance-based programmatic requirement that aims to ensure the functions of digital computers, communication systems, and networks associated with safety, important-to-safety, security, and emergency preparedness are protected from cyber-attacks.
NRC developed inspection procedures to verify that licensees are implementing their programs in accordance with the cyber security rule. The first phase of implementation has been inspected. The second phase, Milestone 8, relates to the full cyber security implementation of a licensees cyber security plan. The inspections of full implementation began in 2017. All nuclear power plant licensees will be inspected over the next few years.
OBJECTIVE:
The audit objective is to determine whether the cyber security inspection program provides adequate protection of digital computers, communication systems, and networks associated with safety, important-to-safety, security, and emergency preparedness.
SCHEDULE:
Initiated in the 4th quarter of FY 2018.
STRATEGIC GOAL 2:
Strengthen NRC's security efforts in response to an evolving threat environment.
Strategy 2-1: Identify risks involved in securing nuclear reactors, fuel cycle facilities, and materials, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 3:
Management of security over internal infrastructure (personnel, physical, and cyber security) and nuclear security.
B-1
Security Audits Appendix B Audit of NRCs Emergency Preparedness Program DESCRIPTION AND JUSTIFICATION:
NRC engages in rulemaking to address areas where nuclear power plant emergency preparedness (EP) can be enhanced. Through rulemaking, NRC develops regulations to strengthen onsite EP, improve offsite response, and provide for better coordination in the event of an emergency.
The 2011 EP final rule (76 Federal Register 72560) added a conforming provision in the regulations that govern licenses, certifications, and approvals for new nuclear power plants. The final rule codified certain voluntary protective measures contained in NRC Bulletin 2005-02, "Emergency Preparedness and Response Actions for Security-Based Events," and generically applicable requirements similar to those previously imposed by Commission orders.
The final rule also amended other licensee emergency plan requirements based on a comprehensive review of the NRC's EP regulations and guidance. The requirements enhance the licensees preparation to take certain EP and protective measures in the event of a radiological emergency; address, in part, security issues identified after the September 11, 2001, terrorist events; clarify regulations for consistent emergency plan implementation; and modify EP requirements for added efficiency and effectiveness.
OBJECTIVE:
The audit objective is to determine whether NRCs oversight of licensee emergency preparedness requirements is effective and to identify any opportunities for program improvements.
SCHEDULE:
Initiate in the 4th quarter of FY 2019.
STRATEGIC GOAL 2:
Strengthen NRC's security efforts in response to an evolving threat environment.
Strategy 2-2: Identify risks in emergency preparedness and incident response, and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 3:
Management of security programs over internal infrastructure (personnel, physical, and cyber security) and nuclear security.
B-2
APPENDIX C CORPORATE MANAGEMENT AUDITS PLANNED FOR FY 2019
Corporate Management Audits Appendix C Audit of NRCs Grants Pre-Award and Award Processes DESCRIPTION AND JUSTIFICATION:
In Fiscal Year 2018 (FY18), NRC awarded 51 individual grants totaling $15 million to universities for scholarships, fellowships, and faculty development grants. In addition, the Agency made grants to trade schools and community colleges. NRCs intends grant funding to help support education in nuclear science, engineering, and related trades to develop a workforce capable of the design, construction, operation, and regulation of nuclear facilities and the safe handling of nuclear materials.
The Office of Management and Budget requested NRC develop performance metrics for the grants program and require grantees to address those metrics in 6-month performance progress reports.
While NRCs grant program supports over 500 students annually, it directs most grant money to university faculty and curriculum development. NRC also notes a critical workforce need in the trade and craft areas of nuclear education and observes that outreach to pre-college students is essential to enable students to make informed decisions about pursuing the study of nuclear technology.
OBJECTIVES:
The audit objectives are to determine if (1) NRCs policies and procedures for reviewing grants proposals and making awards comply with applicable federal regulations, and (2) internal controls over the pre-award and award process are adequate.
SCHEDULE:
Initiated in the 2nd quarter of FY 2018.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 6:
Management of administrative functions.
C-1
Corporate Management Audits Appendix C Audit of NRCs Fiscal Year 2018 Financial Statements DESCRIPTION AND JUSTIFICATION:
Under the Chief Financial Officers Act, the Government Management and Reform Act, and OMB Bulletin 17-03, Audit Requirements for Federal Financial Statements, OIG is required to audit NRCs financial statements. The report on the audit of the agencys financial statements is due on November 15, 2018. In addition, OIG will issue a report on NRCs closing package financial statements.
OBJECTIVES:
The audit objectives are to Express opinions on the agencys financial statements and internal controls, Review compliance with applicable laws and regulations, Review controls in NRCs computer systems that are significant to the financial statements, Assess the agencys compliance with Office of Management and Budget (OMB) Circular A-123, Revised, Managements Responsibility for Enterprise Risk Management and Internal Control.
SCHEDULE:
Initiated in the 3rd quarter of FY 2018.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 5:
Management of financial programs.
C-2
Corporate Management Audits Appendix C Audit of NRCs Grants Administration and Closeout Processes DESCRIPTION AND JUSTIFICATION:
During FY 2018, NRC managed 112 grants totaling $15.6 million. These grants include awards to multiple entities ranging from individual companies to universities and colleges. It is NRCs responsibility, along with the awardees, to ensure that grant award money is spent according to the grant provisions and Federal laws and regulations. NRC has assigned specialists responsible for monitoring agency grants and ensuring proper disbursement and usage of grant monies. In addition, once a grantee has accomplished the task under the provisions of the grant, agency management must ensure timely and proper closeout of the grant action. This allows NRC to recover unexpended funds and potentially use these funds for other agency activities.
OBJECTIVES:
To determine whether NRCs (1) grants administration program complies with Federal regulations and agency guidance, employs sufficient internal control, and provides accountability over Federal funds through its policies and procedures, and (2) grants closeout program has employed policies and procedures to close out grants in a proper and timely manner.
SCHEDULE:
Initiated in the 4th quarter of FY 2018.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 6:
Management of administrative functions.
C-3
Corporate Management Audits Appendix C Independent Evaluation of NRCs Implementation of the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2018 DESCRIPTION AND JUSTIFICATION:
The Federal Information Security Modernization Act was enacted in 2014. FISMA outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by agency Inspectors General. In addition, FISMA includes provisions such as the development of minimum standards for agency systems, aimed at further strengthening the security of the Federal Government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.
FISMA provides the framework for securing the Federal Governments information technology including both unclassified and national security systems. All agencies must implement the requirements of FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.
OBJECTIVE:
The evaluation objective will be to conduct an independent assessment of the NRCs FISMA implementation for FY 2018.
SCHEDULE:
Initiate in the 4th quarter of FY 2018.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 4:
Management of information technology and information management.
C-4
Corporate Management Audits Appendix C Audit of NRCs Compliance with Improper Payment Laws DESCRIPTION AND JUSTIFICATION:
An improper payment is (a) any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements, and (b) includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except for such payments where authorized by law),
and any payment that does not account for credit for applicable discounts.
The Improper Payments Information Act of 2002 (IPIA), as amended by the Improper Payments Elimination and Recovery Act of 2010 (IPERA), requires each agency to annually estimate its improper payments. IPERA requires Federal agencies to periodically review all programs and activities that the agency administers and identify all programs and activities that may be susceptible to significant improper payments. In addition, IPERA requires each agency to conduct recovery audits with respect to each program and activity of the agency that expends $1,000,000 or more annually, if conducting such audits would be cost effective. Lastly, the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA) amended IPIA by establishing the Do Not Pay Initiative, which directs agencies to verify the eligibility of payments using databases before making payments.
OBJECTIVES:
The objectives of this audit are to
- 1. Assess NRCs compliance with IPIA, as amended by IPERA and IPERIA, and report any material weaknesses in internal control.
- 2. Determine whether NRC is identifying and reducing instances of improper payments by implementing effective financial internal controls.
SCHEDULE:
Initiate in the 2nd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 5:
Management of financial programs.
C-5
Corporate Management Audits Appendix C Audit of NRCs Implementation of Federal Information Technology Acquisition Reform Act (FITARA)
DESCRIPTION AND JUSTIFICATION:
In December 2014, Congress enacted the Federal Information Technology Acquisition Reform Act (FITARA) to promote Federal information technology (IT) modernization and strengthen the Federal IT workforce. Beginning in 2015, the Office of Management and Budget (OMB) issued guidance to assist agencies in establishing management practices that align IT resources with agency missions, goals, programmatic priorities, and statutory requirements. The Government Accountability Office (GAO) has issued periodic scorecards to assess agencies progress toward IT modernization goals in several key areas, assigning grades of A to F.
NRC has implemented changes in and made a number of improvements to IT management processes. However, NRCs overall grade on the GAO scorecard has never exceeded a C, and most recently dropped to a D-. NRCs IT acquisitions program may not meet statutory requirements or promote efficient operations if the rating further declines.
OBJECTIVE:
The audit objective is to determine whether NRCs IT acquisition program implementation meets all statutory requirements and achieves the goals of FITARA.
SCHEDULE:
Initiate in the 2nd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 4:
Management of information technology and information management.
C-6
Corporate Management Audits Appendix C Audit of NRCs Process for Managing Intra-Governmental Payment and Collection System Payments DESCRIPTION AND JUSTIFICATION:
Federal agencies frequently provide services to other agencies. These services require an exchange of money when the agencies enter into an agreement and services are performed.
Federal agencies use the Department of Treasurys Intra-Governmental Payment and Collection (IPAC) system to transfer funds from one agency to another with standardized descriptive data.
While the Department of Treasury administers the IPAC system, NRC must ensure transactions in the system are accurate and paid in a timely manner. NRC processes approximately $80 million annually through the IPAC system.
The agencys Office of the Chief Financial Officer receives the IPAC payment or reimbursement request and then forwards the IPAC to the corresponding NRC Contracting Officers Representative (COR) for review and approval. In recent years, there have been concerns about IPAC payment requests being sent to incorrect NRC CORs, payments not being submitted in a timely manner, and insufficient data to review IPAC transactions.
OBJECTIVE:
The audit objective is to assess whether NRC has established and implemented an effective process to ensure that IPAC payments are processed in a timely and accurate manner.
SCHEDULE:
Initiate in the 2nd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 5:
Management of financial programs.
C-7
Corporate Management Audits Appendix C Assessment of NRCs Most Serious Management and Performance Challenges for Fiscal Year 2020 DESCRIPTION AND JUSTIFICATION:
In January 2000, Congress enacted the Reports Consolidation Act of 2000, which requires Federal agencies to provide an annual report that would consolidate financial and performance management information in a more meaningful and useful format for Congress, the President, and the public. Included in the act is a requirement that, on an annual basis, IGs summarize the most serious management and performance challenges facing their agencies. Additionally, the act requires that IGs assess their respective agencys efforts to address the challenges.
OBJECTIVES:
The audit objectives are to Identify the most serious management and performance challenges facing NRC.
Assess the agencys efforts to address the management and performance challenges.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOALS AND STRATEGIES:
Addresses all OIG strategic goals and strategies.
MANAGEMENT CHALLENGES 1 THROUGH 6:
Addresses all of the management and performance challenges.
C-8
Corporate Management Audits Appendix C Audit of NRCs Compliance with Standards Established by the Digital Accountability and Transparency Act of 2014 (DATA Act)
DESCRIPTION AND JUSTIFICATION:
The Digital Accountability and Transparency Act of 2014 (DATA Act) was enacted May 9, 2014, and requires Federal agencies report financial and payment data in accordance with data standards established by the Department of Treasury and the Office of Management and Budget. The data reported will be displayed on a Web site available to taxpayers and policy makers. In addition, the DATA Act requires Inspectors General (IGs) to review the data submitted by the agency under the act and report to Congress on the completeness, timeliness, quality and accuracy of this information. In accordance with the act, the IG issued an audit in November 2017, and plans to issue the next audits in 2019, and 2021. This audit pertains to the review of data sampled for FY 2019.
OBJECTIVES:
The audit objectives are to review the 1st and 2nd quarter data submitted by NRC under the DATA Act and (1) determine the completeness, timeliness, accuracy and quality of the data sampled and (2) assess the implementation of the governing standards by the agency.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 5:
Management of financial programs.
C-9
Corporate Management Audits Appendix C Audit of NRCs Fiscal Year 2019 Financial Statements DESCRIPTION AND JUSTIFICATION:
Under the Chief Financial Officers Act, the Government Management and Reform Act, and OMB Bulletin 17-03, Audit Requirements for Federal Financial Statements, OIG is required to audit NRCs financial statements. The report on the audit of the agencys financial statements is due on November 15, 2019. In addition, OIG will issue a report on NRCs closing package financial statements.
OBJECTIVES:
The audit objectives are to Express opinions on the agencys financial statements and internal controls, Review compliance with applicable laws and regulations, Review controls in NRCs computer systems that are significant to the financial statements, Assess the agencys compliance with Office of Management and Budget (OMB) Circular A-123, Revised, Managements Responsibility for Enterprise Risk Management and Internal Control.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 5:
Management of financial programs.
C-10
Corporate Management Audits Appendix C Independent Evaluation of NRCs Implementation of the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2019 DESCRIPTION AND JUSTIFICATION:
The Federal Information Security Modernization Act (FISMA) was enacted in 2014. FISMA outlines the information security management requirements for agencies, including the requirement for an annual independent assessment by agencies Inspectors General. In addition, FISMA includes provisions such as the development of minimum standards for agency systems aimed at further strengthening the security of the Federal Government information and information systems. The annual assessments provide agencies with the information needed to determine the effectiveness of overall security programs and to develop strategies and best practices for improving information security.
FISMA provides the framework for securing the Federal Governments information technology including both unclassified and national security systems. All agencies must implement the requirements of FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.
OBJECTIVE:
The evaluation objective will be to conduct an independent assessment of the NRCs implementation of FISMA for Fiscal Year 2019.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 4:
Management of information technology and information management.
C-11
Corporate Management Audits Appendix C Audit of the Information System Security Officer Function DESCRIPTION AND JUSTIFICATION:
NRC relies heavily on its IT infrastructure and systems to carry out the agencys mission to license and regulate the Nations civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. As a result, risks to these systems have a direct impact on the agencys ability to carry out its mission. As the number and sophistication of cyberattacks grows, so does the likelihood that NRC systems and assets will be susceptible to such attacks.
The Information System Security Officers (ISSOs) have direct responsibility for protecting a system and its data, and are responsible for ensuring that the system is properly secured in accordance with NRC and Federal policies and procedures. ISSOs play a critical role in addressing and offsetting risks to NRC systems. The ISSO is at the center of all information system security activities in all stages of a systems life cycle. The ISSO serves as the principle point of contact for questions about all aspects of a systems security.
OBJECTIVES:
The audit objectives are (1) to assess whether the ISSOs have the necessary skills needed to perform the work, and (2) determine the effectiveness of the ISSO function within the agency.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 3:
Management of security over internal infrastructure (personnel, physical and cyber security) and nuclear security.
C-12
Corporate Management Audits Appendix C Audit of NRCs Knowledge Management Program DESCRIPTION AND JUSTIFICATION:
Knowledge management is a discipline that promotes an integrated approach to identifying, capturing, evaluating, retrieving, and sharing an enterprise's information assets. These assets may include databases, documents, policies, procedures, and previously un-captured expertise and experience in individual workers. However, efforts to reduce NRCs staffing and budget has raised knowledge management concerns affecting the performance of the agency. Additionally, OIGs fiscal year 2018 management challenges report noted a key NRC corporate support function challenge includes recruiting, training, and effectively transferring knowledge to NRC new hires.
OBJECTIVE:
The audit objective is to assess the effectiveness of NRCs knowledge management program in helping the agency capture and transfer knowledge for the purposes of meeting its mission.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 6:
Management of administrative functions.
C-13
Corporate Management Audits Appendix C Audit of NRCs Process for Placing Official Agency Records in ADAMS DESCRIPTION AND JUSTIFICATION:
NRC is required to have an electronic system for maintenance of official agency records that provide accurate information and evidence of the agency's functions, policies, and decision-making processes. NRC uses the Agencywide Document Access and Management System (ADAMS) as its electronic repository. In addition to complying with Federal mandates for electronic recordkeeping and public access, ADAMS has to meet NRCs document management needs.
Effective use of ADAMS entails proper identification of official agency records and management of non-records to meet all statutory requirements. Working files may contain both record and non-record materials. Staff must determine which should be maintained and which should be deleted.
Further, when records are placed in ADAMS, they should be properly profiled to facilitate records management, search and retrieval, and management oversight. Staff responsible for placing records in ADAMS use procedures and templates designed to ensure consistency.
If official agency records are not consistently identified and profiled, ADAMS will be less effective as an electronic repository.
OBJECTIVE:
The audit objective is to determine whether NRCs process ensures official agency records are properly identified and correctly profiled within ADAMS.
SCHEDULE:
Initiate in the 3rd quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 4:
Management of information technology and information management.
Corporate Management Audits Appendix C Audit Follow-up of NRCs Contract Administration Process DESCRIPTION AND JUSTIFICATION:
NRC obligated over $215.6 million through contracts for products and services. As of July 9, 2018, this accounts for almost 57 percent of the agencys discretionary spending and that NRC is reliant on contractors to execute its mission. Because contract spending consumes a large portion of the agencys discretionary budget, contract obligations pose significant risks if effective contract oversight is not in place. As a result, OIG has taken steps to increase its oversight of the contracting practices.
During FY 2017, OIG completed the Audit of NRCs Contract Administration Process and found that, while internal controls governing NRCs contract administration practices are adequate, opportunities exist to improve the effectiveness of internal controls for management of contractor invoices and supporting documentation. In addition, the contract closeout procedures followed by agency Contracting Officers Representatives need improvement.
Based on the results of work for the FY 2017 contract administration audit, OIG plans to perform follow-up audits or evaluations of NRCs contract administration functions, processes, and procedures.
OBJECTIVE:
The objective of this follow-up audit is to identify any additional areas for improvement of NRCs contract administration processes.
SCHEDULE:
Initiate in the 4th quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-1: Identify areas of corporate management risk within NRC and conduct audits and investigations that lead to NRC program improvements.
MANAGEMENT CHALLENGE 6:
Management of administrative functions.
C-15
Corporate Management Audits Appendix C Audit of NRCs Replacement Reactor Program System (RRPS)
DESCRIPTION AND JUSTIFICATION:
The Reactor Program System (RPS) served many years as a centralized platform for staff and managers for inspection and licensing activities. This function made it a critical part of the overarching framework that the Agency uses to support its oversight and licensing programs. On October 2, 2017, NRC announced the migration to an upgraded Replacement RPS (RRPS) in conjunction with the broader Master Data Management program.
A key objective of the Master Data Management program has been to ensure NRC mission critical systems have timely access to data collected, stored, and processed across the enterprise.
System interfaces and data exchanges play a critical role in determining information reliability.
However, information obtained during OIGs audit work on Special and Infrequently Performed Inspections indicates that legacy RPS data is not sufficiently reliable.
OBJECTIVE:
The audit objective is to determine if the Replacement RPS meets its required operational capabilities and has adequate controls to ensure access to reliable information.
SCHEDULE:
Initiate in the 4th quarter of FY 2019.
STRATEGIC GOAL 3:
Increase the economy, efficiency, and effectiveness with which NRC manages and exercises stewardship over its resources.
Strategy 3-2: Identify risks in maintaining a secure infrastructure (i.e., physical, personnel, and cyber security), and conduct audits and/or investigations that lead to NRC program and operational improvements.
MANAGEMENT CHALLENGE 4:
Management of information technology and information management.
C-16
APPENDIX D INVESTIGATIONS -
PRIORITIES, OBJECTIVES, AND INITIATIVES FOR FY 2019
Investigations Appendix D INTRODUCTION The Assistant Inspector General for Investigations (AIGI) has responsibility for developing and implementing an investigative program that furthers OIGs objectives. The AIGIs primary responsibilities include investigating possible violations of criminal statutes relating to NRC programs and activities, investigating allegations of misconduct by NRC employees, interfacing with DOJ on OIG-related criminal matters, and coordinating investigations and OIG initiatives with other Federal, State, and local investigative agencies and other AIGIs.
Investigations covering a broad range of allegations concerning criminal wrongdoing or administrative misconduct affecting various NRC programs and operations may be initiated as a result of allegations or referrals from private citizens; licensee employees; NRC employees; Congress; other Federal, State, and local law enforcement agencies; OIG audits; the OIG Hotline; and proactive efforts directed at areas bearing a high potential for fraud, waste, and abuse.
This investigative plan was developed to focus OIG investigative priorities and use available resources most effectively. It provides strategies and planned investigative work for FY 2019 in conjunction with the OIG Strategic Plan. The most serious management and performance challenges facing the NRC, as identified by the IG, were also considered in the development of this plan.
PRIORITIES The OIG will initiate approximately 50 investigations and a limited number of Event/Special Inquiries in FY 2019. As in the past, reactive investigations into allegations of criminal and other wrongdoing will continue to claim priority on OIGs use of available resources. Because NRCs mission is to protect public health and safety and the environment, Investigations main concentration of effort and resources will involve investigations of alleged NRC employee misconduct that could adversely impact public health and safety related matters.
OBJECTIVES To facilitate the most effective and efficient use of limited resources, Investigations has established specific objectives aimed at preventing and detecting fraud, waste, and abuse as well as optimizing NRC effectiveness and efficiency. Investigations will focus its investigative efforts in several broad-based areas, as follows, which include possible violations of criminal statutes relating to NRC programs and operations and allegations of misconduct by NRC employees.
D-1
Investigations Appendix D INITIATIVES Safety and Security Investigate allegations that NRC employees improperly disclosed allegers (mainly licensee employees) identities and allegations; NRC employees improperly handled alleger concerns; and NRC failed to properly address retaliation issues involving NRC management officials and/or NRC licensee employees who raised public health and safety or security concerns regarding NRC activities.
Examine allegations that NRC has not maintained an appropriate arms length distance from licensees, and contractors.
Investigate allegations that NRC employees released predecisional, proprietary, or official-use-only information.
Investigate allegations that NRC employees had improper personal relationships with NRC licensees and where NRC employees violated government-wide ethics regulations concerning the solicitation of employment with NRC licensees.
Interact with public interest groups, individual allegers, and industry workers to identify indications of lapses or departure in NRC regulatory oversight that could create safety and security problems.
Maintain close working relationships with members of the intelligence community to identify and address vulnerabilities and threats to NRC employees and resources, including instances of economic espionage.
Conduct a limited number of Event and Special Inquiries into specific events that indicate an apparent shortcoming in NRCs regulatory oversight of the nuclear industrys safety and security programs to determine the appropriateness of the staffs actions to protect public health and safety.
Proactively review and become knowledgeable in areas of NRC staff regulatory emphasis to identify emerging issues that may require future OIG involvement such as decommissioning activities. Also provide real time OIG assessments of the appropriateness of NRC staffs handling of contentious regulatory activities related to nuclear safety and security matters.
Identify risks associated with the proliferation of nuclear material and nuclear technology.
Take an aggressive stand to protect NRCs infrastructure against both internal and external computer intrusions by working in close coordination with staff D-2
Investigations Appendix D within the Office of Information Services and NRC systems administrators.
This will include developing and disseminating intelligence to assist in protecting NRC computer systems and aggressively pursuing suspected computer intrusion incidents.
Investigate allegations of misconduct by NRC employees and contractors, as appropriate.
Corporate Management Attempt to detect possible wrongdoing perpetrated against NRCs procurement and contracting and grant program by maintaining a close working relationship with the Office of Administration, Division of Contracts and cognizant NRC Program Offices.
Aggressively pursue investigations appropriate for Program Fraud Civil Remedies Act action, including abuses involving false reimbursement claims by employees and contractors.
As appropriate, coordinate with OIG Audit IAMs in an effort to identify areas or programs with indicators of possible fraud, waste, and abuse.
Conduct fraud awareness and information presentations for NRC employees and external stakeholders regarding the role of NRC OIG.
As appropriate, investigate allegations of misconduct by NRC employees and contractors.
OIG Hotline Promptly process complaints received via the OIG Hotline. Initiate investigations when warranted and properly dispose of allegations that do not warrant OIG investigation.
Freedom of Information Act (FOIA) & Privacy Act Promptly process all requests for information received under FOIA. Coordinate as appropriate with the General Counsel to the IG and FOIA/Privacy Section.
D-3
Investigations Appendix D NRC Support Participate as observers on Incident Investigation Teams and Accident Investigation Teams as determined by the IG.
Liaison Program Maintain close working relationships with other law enforcement agencies, public interest groups, and the Congress. This will be accomplished through periodic meetings with AIGIs, pertinent congressional staff, public interest groups, and appropriate law enforcement organizations.
Maintain a viable regional liaison program to foster a closer working relationship with NRC regional offices.
Establish and maintain NRC OIG active participation in OIG community fraud working groups, multiagency fraud task forces, and multiagency undercover operations where a nexus to NRC programs and operations has clearly been established.
ALLOCATION OF RESOURCES Investigations undertakes both proactive initiatives and reactive investigations.
Approximately 85 percent of available investigative resources will be used for reactive investigations. The balance will be allocated to proactive investigative efforts such as reviews of NRC contract files, examinations of NRC information technology systems to identify weaknesses or misuse by agency employees, participation in interagency task forces and working groups, reviews of delinquent Government travel and purchase card accounts, and other initiatives.
D-4
Issue Area Monitors Appendix E ISSUE AREAS AND DESIGNATED ISSUE AREA MONITORS
Issue Area Monitor Appendix E ISSUE AREAS AND DESIGNATED ISSUE AREA MONITORS NUCLEAR MATERIALS (SAFETY AND SECURITY)
Michael Blair Ziad Buhaissi George Gusack Roxana Hartsock Connor McCune Sherri Miotla Regina Revinzon John Thorp Janelle Wiggs NUCLEAR REACTORS (SAFETY AND SECURITY)
Curtis Browne Ebaide Esoimeme Vicki Foster Avinash Jaigobind Paul Rades Chanel Stridiron John Thorp Tim Wilson INFORMATION TECHNOLOGY AND INFORMATION MANAGEMENT Magdala Boyer Jenny Cheung Deyanara Lainez Gonzalez Amy Hardin Kristen Lipuma Jimmy Wong NRC INTERNAL CORPORATE FUNCTIONS Gail Butler William Chung Terri Cooper Tim Nelson Eric Rivera Felicia Silver Tincy Thomas de Cólon E-1
APPENDIX F ABBREVIATIONS AND ACRONYMS
ABBREVIATIONS AND ACRONYMS ADAMS Agencywide Document Access Management System AIGA Assistant Inspector General for Audits AIGI Assistant Inspector General for Investigations CFR Code of Federal Regulations COR Contracting Officers Representative DATA Digitial Accountability and Transparency Act DOJ U.S. Department of Justice DPO Differing Professional Opinion EP Emergency Preparedness FISMA Federal Information Security Modernization Act FITARA Federal Inforamtion Technology Acquisition Reform Act FY Fiscal Year GAO Government Accountability Office IAM Issue Area Monitor IG Inspector General IMPEP Integrated Materials Performance Evaluation Program IP Inspection Procedure IPAC Intra-Government Payment and Collection IPERA Improper Payments Elimination and Recovery Act of 2010 IPERIA Improper Payments Elimination and Recovery Improvement Act of 2012 IPIA Improper Payments Information Act of 2002 ISSO Information System Security Officers IT Information Technology LAR License Amendment Request NOED Notices of Enforcement Discretion NRC U.S. Nuclear Regulatory Commission OIG Office of the Inspector General OMB Office of Management and Budget RES Office of Research RSO Radiation Safety Officers RPS Reactor Program System RRPS Replacement Reactor Program System