Introduction Mr. Chairman, members of the Subcommittee, it is a pleasure to appear before you today. I am accompanied today by Mr. Stephen Dingbaum, Assistant Inspector General for Audits and Mr. George Mulley, Senior Level Assistant for Investigative Operations.
As you know, the mission of the Office of Inspector General (OIG) at the Nuclear Regulatory Commission (NRC) is to assist NRC by ensuring integrity, efficiency, and accountability in the agency=s programs that regulate the civilian use of byproduct, source, and special nuclear material in a manner that adequately protects public health and safety and the environment, while promoting the Nation=s common defense and security. Specifically, NRC=s OIG supports the agency by carrying out its mandate to (1) independently and objectively conduct and supervise audits and investigations related to NRC=s programs and operations; (2) prevent and detect fraud, waste and abuse; and (3) promote economy, efficiency, and effectiveness in NRC=s programs and operations. The OIG also keeps the NRC Chairman and members of Congress fully and currently informed about problems, recommends corrective actions, and monitors NRC=s progress in implementing those actions.
Background
To perform these activities, the OIG employs auditors, management analysts, criminal investigators, investigative analysts, legal counsel and support personnel. The OIG also uses private-sector contractors to audit NRC=s financial statements as mandated by the Chief Financial Officers (CFO) Act and for other audit, investigative and information technology technical support services.
To fulfill our audit mission, the OIG conducts performance, financial, and contract audits. Performance audits focus on NRC administrative and program operations and evaluate the effectiveness and efficiency with which managerial responsibilities are carried out and whether the programs achieve intended results. Financial audits attest to the reasonableness of NRC=s financial statements. Contract audits evaluate the cost of goods and services procured by NRC from commercial enterprises. In addition, the audit staff prepares special evaluation reports that present OIG perspectives or information on specific topics.
The OIG=s investigative program carries out its mission by performing investigations relating to the integrity of NRC=s programs and operations. Most OIG investigations focus on allegations of fraud, waste, and abuse and violations of law or misconduct by NRC employees and contractors. Additionally, allegations of irregularities or abuses in NRC programs and operations with special emphasis on those activities that could adversely impact public health and safety are investigated. Also, periodically the investigative staff conducts event inquiries, which yield investigative reports documenting the examination of events or agency regulatory actions that do not specifically involve individual misconduct. Instead, these reports identify staff actions that contributed to the occurrence of an event.
Following are examples of work performed by my audit and investigative staffs in furtherance of our mission to ensure integrity, efficiency and accountability in NRC=s programs.
Investigations
Nuclear Reactors
NRC Regulation of Davis-Besse Regarding Damage to the Reactor Vessel Head . The OIG completed an inquiry into concerns raised by the Union of Concerned Scientists (UCS) regarding a perceived lack of NRC oversight of the Davis-Besse Nuclear Power Station (DBNPS). NRC Bulletin 2001-01 sought to have licensees perform inspections, which could only be performed when the plant was shut down, by December 31, 2001, on plants identified as highly susceptible to vessel head penetration nozzle cracking. UCS alleged that the NRC allowed DBNPS to continue operating past December 31, 2001, despite indications of significant cracking to the reactor vessel head.
As a result of this inquiry, the OIG found, among other things, that NRC=s decision to allow DBNPS to continue operating beyond December 31, 2001, without performing vessel head penetration nozzle inspections was driven in large part by a desire to lessen the financial impact on the licensee that would result from an early shutdown. In addition, the OIG found that NRC staff was reluctant to take regulatory action against a licensee absent absolute proof of a violation, despite strong indications that DBNPS was not in compliance with NRC regulation and plant technical specifications and may have operated with reduced safety margins.
Steam Generator Tube Rupture at Indian Point Unit 2 Power Plant. The OIG conducted an event inquiry to address concerns raised by the public and Congress as a result of an incident at the Indian Point Unit 2 Power Plant (IP2), which occurred on February 15, 2000. In that incident, IP2, a pressurized water nuclear reactor plant, experienced a steam generator tube rupture in one of its four steam generators. The OIG=s inquiry primarily addressed the adequacy of the NRC staff=s handling of issues associated with the IP2 steam generator tube rupture, as well as the NRC=s handling of shortcomings identified in the IP2 Emergency Preparedness Plan.
The OIG found that the last steam generator inspection conducted by IP2 took place in 1997, and the results were provided to the NRC staff. However, the OIG learned that the NRC staff did not conduct a technical review of that steam generator inspection report when IP2 submitted it in 1997. The OIG concluded that, had the NRC staff or contractors with technical expertise evaluated the IP2 1997 inspection report, the NRC could have identified the flaw in steam generator number 24 that was indicated in the inspection report. This flaw was the cause of the IP2 steam generator tube rupture on February 15, 2000.
Also, the OIG found that, in 1999, the NRC granted a license amendment to IP2 to extend their steam generator inspection interval, but that the NRC staff conducted an inadequate review of the license amendment request.
During the conduct of this event inquiry, the OIG also found that IP2 was a plant that struggled with various challenges in the area of emergency preparedness. The OIG learned that recurring weaknesses, that had gone uncorrected, appeared to play a role in the poor emergency response performance of IP2 during the incident on February 15, 2000. The OIG also found that communications between off-site emergency preparedness officials and the NRC was non-existent.
Nuclear Materials
NRC=s Regulatory Oversight Over the Control of Special Nuclear Material at Millstone Unit
1. The OIG investigated the reported loss of two spent nuclear fuel rods at Millstone Nuclear Power Station Unit 1. In November 2000, the NRC license holder for Millstone discovered they could not locate two spent fuel rods which were last accounted for in 1978. The OIG investigation reviewed NRC oversight of the licensee=s special nuclear material accountability program from the late 1970s to the present.
As a result of this investigation, the OIG found that the missing fuel rods were last accounted for during a 1978 Nuclear Material Control and Accountability (MC&A) inspection at Millstone Unit 1 conducted by the NRC. In a 1982 MC&A inspection conducted by the NRC, the fuel rods were no longer present on the inventory. The OIG determined that the NRC inspector did not identify the loss of these fuel rods in the 1982 inspection because he relied on an inaccurate current inventory amount instead of beginning the inspection with the ending inventory amount reflected on the 1978 inspection. The OIG also determined that the last MC&A inspection conducted at Millstone was 1982, and that the NRC ended this inspection program for all nuclear power plants in 1985.
Unlawful Interaction Between NRC and DOE Staffs Regarding Yucca Mountain. The OIG conducted an investigation upon receipt of allegations by the Attorney General of the State of Nevada that NRC and United States Department of Energy (DOE) representatives conducted meetings that were contrary to mandates regarding Government activities concerning the Yucca Mountain nuclear waste repository site. It was alleged that NRC and DOE representatives made decisions during these meetings from which the State of Nevada representatives were unlawfully excluded.
As a result of this investigation, the OIG determined that the NRC staff did not initiate or coordinate contacts with representatives of DOE to develop policies on issues related to Yucca Mountain. OIG also learned that NRC and DOE representatives did not meet in violation of ex parte provisions. The OIG learned that pre-licensing communications between NRC and DOE representatives occurred during informal meetings which were held in accordance with the pre-licensing phase of the application process and were consistent with NRC regulatory requirements and policy mandates.
Review of NRC=s Staff Approval of the Carolina Power & Light (CP&L) Request for Expansion of High-Level Radioactive Waste Storage. The OIG completed an investigation into concerns raised by members of the public and elected state officials that (1) the NRC staff and the Atomic Safety and Licensing Board Panel (ASLBP) did not adhere to procedures during their review of the Carolina Power and Light=s (CP&L) request to amend its operating license and increase its spent fuel storage capacity at the Shearon Harris Nuclear Power Plant; (2) the NRC staff pressured the ASLBP to expedite the approval of the license amendment and staff did not sufficiently review all relevant contentions; and (3) the NRC was biased toward CP&L and stifled the public=s participation in the license amendment review process.
As a result of this investigation, the OIG did not validate claims of misconduct by the NRC staff during its review of the CP&L license amendment requests. The NRC license amendment process was followed. However, the OIG identified several staff actions that gave the appearance that during the license amendment review process the NRC was not an impartial arbiter. This perception of staff bias toward the licensee may have negatively affected the public=s confidence in its ruling.
Audits
Nuclear Reactors
Review of NRC=s License Amendment/Safety Evaluation Process. Commercial nuclear power plant licensees submit approximately 1,500 applications each year to request that the NRC amend their operating licenses. Safety evaluations provide the regulatory bases for the staff=s decisions regarding licensing actions and the technical, safety, and legal basis for the agency=s disposition of a license amendment request.
In June 1999, the NRC approved an Indian Point 2 Nuclear Power Plant license amendment request to extend the previously established steam generator inspection interval. In February 2000, a steam generator tube failed. Congressional interest in this event caused the OIG to initiate an audit of the safety evaluation process to (1) evaluate its efficiency and effectiveness and (2) determine whether refinements are needed.
The OIG audit revealed that the agency has a detailed process for responding to license amendment requests that is well thought out and thorough. The process includes the development of safety evaluations and all the necessary steps when followed would ensure that the staff performs the technical reviews that are required for the agency to approve or disapprove license amendment requests. However, the OIG did find that the process did not provide adequate controls to demonstrate that all steps are completed and supported by sufficient documentation.
The NRC has taken steps to strengthen the license amendment/safety evaluation process.
Review of NRC=s Significant Determination Process (SDP). The NRC regulates the Nation=s 104 operating commercial nuclear plants through its reactor oversight program. The SDP is a series of analytical steps that the NRC staff use to evaluate inspection findings. The process uses four colors C Green, White, Yellow, and Red C to indicate the significance of inspection findings. While SDP is viewed by the NRC staff, licensees, and stakeholders as an improved method for establishing the significance of inspection findings, the process still needs significant improvement. Specifically, the OIG found that NRC should correct phase 2 analysis weaknesses because it provides conservative results that are subsequently changed, is used infrequently, and adds cost and time to the process. In addition, the NRC should take steps to improve SDP timeliness.
NRC Safety Culture and Climate
2002 Survey of NRC=s Safety Culture and Climate. The OIG engaged an independent contractor to conduct a survey of NRC's workforce to: (1) measure NRC's safety culture and climate, (2) compare the results against NRC's 1998 Safety Culture and Climate Survey, and (3) compare the results to government and national benchmarks.
The survey generally concluded that the NRC safety culture and climate appears to be improving. Specifically, the workforce views itself as effective and dedicated to the NRC safety mission. Comparison with the 1998 survey results also indicates improvement in virtually every category or topical area. Further, the survey found that most scores exceed established national benchmarks for government research and technical composites.
However, the survey did reflect that two program support offices will require substantial effort to improve organizational culture and climate.
In addition, the survey also found that Continuous Improvement Commitment, that is employees' views on commitment to public safety, and whether employees are encouraged to communicate ideas to improve safety, regulations and operations, is below norm and a matter of concern. Empowerment, Communication, Quality Focus, Management Leadership, and Organizational Commitment were determined to be areas requiring additional management focus.
As a counterpoint, dramatic improvement was demonstrated in the category, Future of the NRC, that focuses on items that evaluate employee=s views on how the NRC=s regulation of its licensees have changed in the past year and will change in the future. That is the way people are managed day to day, communication, the quality of work produced, productivity, the public image of the agency, and the NRC as a whole. The survey concluded that improvement in these topics can positively impact issues gauged in the category Continuous Improvement Commitment.
Security Audits
Government Information Security Reform Act (GISRA). The OIG used an independent contractor to perform the second annual evaluation of NRC=s Information Security Program. The FY 2002 evaluation found that NRC made substantial progress in improving its information security program to include implementing the recommendations from the FY 2001 GISRA assessment. However, the NRC security program is not well integrated and not consistently implemented across the agency. In addition, NRC officials have not clearly defined the responsibility and accountability for all aspects of the information security program within its organizational structure.
NRC senior managers recently increased attention to the information security area. NRC management plans to continue this needed focus to enhance program effectiveness and to ensure its consistent implementation throughout the agency.
Sensitive Unclassified Information. The OIG received a Congressional request to review the adequacy of the NRC programs for handling and releasing sensitive documents after a preliminary draft of the Yucca Mountain Review Plan was inadvertently released to the public in September 2000. The plan, a predecisional document, was an Official Use Only document and should have been treated as sensitive unclassified information protected from public disclosure until Commission approval was granted.
The OIG found that the NRC has program guidance to prevent the release of sensitive unclassified information. However, the guidance does not adequately protect Official Use Only documents from inadvertent public disclosure. Additionally, training on handling, marking and protecting sensitive unclassified information is not provided to all NRC employees and contractors on a regular basis. Consequently, many of the staff are not knowledgeable about NRC=s requirements and guidance in this area. NRC employees are not consistently implementing the requirement to report incidents of inadvertent release of sensitive unclassified information to the Office of the Executive Director for Operations.
NRC Headquarter=s Security. The OIG conducted an audit, Review of Security at NRC Headquarters, that revealed after security reviews in 1995 and 1999, the NRC increased its protection of Headquarters buildings against unauthorized access. Following the September 11, 2001 attacks, the NRC further tightened its Headquarters security and identified a remaining vulnerability. The agency is working with the General Services Administration regarding a solution for this vulnerability. Additionally, OIG auditors found that NRC has increasingly hardened its controls to protect against unauthorized access to its Headquarters complex, but still needs to do more.
Financial Management
Audit of NRC=s Financial Statements. Since 1994 to the present, the NRC has received an unqualified opinion on their financial statements. During this timeframe, the annual audits identified a number of internal control issues, which did not affect the opinion, the majority of which were resolved. However, one internal control issue has lingered since the FY 1998 audit: implementation of managerial cost accounting in accordance with federal standards. Although the agency implemented its cost accounting system in FY 2002, the system failed to meet federal accounting standards and systems requirements. Cost accounting is a vital component of the agency=s ability to correlate its programs with its costs as mandated by the Government Performance and Results Act and Federal accounting standards. The agency continues to work on resolving this issue during FY 2003.
Accountability and Control Over NRC=s Noncapitalized IT Equipment. OIG conducted an audit of the agency=s accountability and control over noncapitalized (initial cost of less than $50,000 per item) information technology (IT) equipment. The audit found that the agency=s property and supply system (PASS), the official database for agency property transactions, is responsible for tracking more than 27,000 pieces of noncapitalized equipment valued at approximately $75 million. Of these totals, IT equipment comprises approximately 16,000 pieces, with an acquisition cost of approximately $51 million.
This OIG audit revealed that the NRC=s property management policies for this equipment adhere to applicable laws and regulations, such as the Federal Property Management Regulations. However, the management controls to implement these policies are inadequate or lacking. Also, PASS contains inaccurate information; in fact, OIG statistical projections indicated that the system did not accurately reflect the locations of as many as 3,571 of the agency=s 16,000 pieces of noncapitalized IT equipment costing approximately $8.38 million. The agency has taken steps to reconcile its property inventory and increase property controls.
Software Accountability. The OIG audited NRC=s compliance with Executive Order 13103, Computer Software Piracy, which requires all executive agencies to adopt policies and procedures to promote legal software use and proper software management. The review determined that the NRC is not in compliance with the Executive Order because its policies (management directives) and its procedures (management controls) do not address the full scope of the Executive Order=s requirements. The NRC has not conducted an initial assessment of its software, established a baseline for its software inventory, or determined whether all software on agency computers is authorized. As a result, the NRC needs to incorporate Executive Order requirements into its Management Directives System and implement measures to carry out the Executive Order. The agency generally agreed with the report=s findings and recommendations and is in the process of taking corrective action.
Summary
A key goal of the OIG is to add value to NRC=s regulatory and administrative programs by identifying opportunities for improvement in agency operations and by conducting activities to prevent and detect fraud, waste and abuse. The OIG is encouraged by the agency=s actions to address OIG findings and to implement many of the recommendations made by my office. There are many examples of collaborative work between my staff and agency managers in an effort to refine the effectiveness and efficiency of agency programs.
While some challenges remain, the OIG supports the agency=s commitment to ensure the effective regulation of the Nation=s civilian use of nuclear power and to the integrity of its programs that ultimately protect the health and safety of the public. OIG will continue to remain steadfast in its resolve to assist the NRC in fulfilling this important mission.
Mr. Chairman, and members of the subcommittee, this concludes my report to you on the activities of my office during the recent past. I would be pleased to answer any questions at this time.
