Reports - NRC

The OIG identified areas where the NRC should refine its travel charge card procedures and enhance its prevention and detection measures. The OIG found travel charge card accounts that remained open after employee separations, as well as accounts with credit limits exceeding policy-defined limits or operational needs. The OIG also found that the NRC does not provide charge card refresher training. Further, certain premium class travel authorizations did not have the required supporting documentation or were not properly authorized or justified, resulting in $47,791 of questioned costs.

The Reports Consolidation Act of 2000 (Public Law 106-531) requires the OIG to annually summarize what it considers to be the most serious management and performance challenges facing the U.S. Nuclear Regulatory Commission. The Act also requires the OIG to briefly assess the agency’s progress in addressing those challenges.

The Office of the Inspector General (OIG) contracted with Sikich to conduct an audit of the United States Nuclear Regulatory Commission’s (NRC) Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024. The objective was to assess the effectiveness of the information security policies, procedures, and practices of the NRC. The findings and conclusions presented in this report are the responsibility of Sikich.

The Nuclear Regulatory Commission’s (NRC) oversight of the reactor operator licensing examination process is effective, efficient, and reliable. However, the agency could benefit from providing additional guidance and clarity in the current version of NUREG-1021, “Operator Licensing Examination Standards for Power Reactors” (Rev. 12). Specifically, NUREG-1021 contains process gaps and lacks clarity in policy interpretation. This occurred because when the agency updated NUREG-1021, it did not identify certain process gaps.

The Office of the Inspector General (OIG) found that the U.S. Nuclear Regulatory Commission (NRC) headquarters occupant emergency plan includes adequate procedures to facilitate the emergency evacuation of disabled personnel and other personnel needing assistance. However, the agency must remedy problems with two-way communication systems, area of refuge signage, and fire door accessibility to align with safety codes and better support personnel needing assistance during emergency evacuations.

The OIG found that the NRC’s NDAs involving federal employees do not comply with the requirements of 5 U.S.C. section 2302(b)(13). Specifically, NRC employees hired before the Whistleblower Protection Enhancement Act were not informed of their whistleblower rights, as the law required. In addition, the NRC has NDAs with other federal agencies that lack required anti-gag language. Further, the OIG found that anti-gag language is not included in NRC Form 176A, Security Acknowledgement. The OIG makes three recommendations to address the issues identified during the evaluation.

2024 Peer Review Results of the Office of the Inspector General for the U.S. Nuclear Regulatory Commission and Defense Nuclear Facilities Safety Board, Audits & Evaluations Division

The NRC could improve its IT services and support through more consistent management with an emphasis on service level agreements (SLAs) and the closeout of IT-related contracts. Consistent with federal regulations and prudent business practices, contract requirements should be clearly defined, and the appropriate performance standards should be developed so the contractors’ performance can be measured. However, the NRC does not consistently use SLAs when awarding IT contracts because the agency has no specific guidance on how or when to use SLAs.

The Office of the Inspector General (OIG) determined that U.S. Nuclear Regulatory Commission (NRC) information technology (IT) assets were not managed effectively throughout aspects of the IT lifecycle management process. The OIG substantiated four allegations, and found that some NRC assets were not returned upon employee separation from the NRC. Specifically, three employees separated from the NRC without returning four laptops. Additionally, NRC IT assets are not located in the locations that are shown in the configuration management database.

The U.S. Nuclear Regulatory Commission (NRC) Office of the Inspector General (OIG) contracted with Crowe LLP under contract/order number 31310023A0002 to conduct an identification and assessment of risks related to the oversight performed by the NRC on the decommissioning trust funds (DTF) used by licensees during the decommissioning of nuclear reactor sites.