Stay Informed
of New Reports
Twitter
Where To Report Waste
Fraud, Abuse, Or Retaliation
Where To Report Waste Fraud, Abuse, Or Retaliation

Evaluation of the U.S. Nuclear Regulatory Commission’s Information Technology Asset Management

Submitting OIG: 
Nuclear Regulatory Commission OIG
Report Description: 
The Office of the Inspector General (OIG) determined that U.S. Nuclear Regulatory Commission (NRC) information technology (IT) assets were not managed effectively throughout aspects of the IT lifecycle management process. The OIG substantiated four allegations, and found that some NRC assets were not returned upon employee separation from the NRC. Specifically, three employees separated from the NRC without returning four laptops. Additionally, NRC IT assets are not located in the locations that are shown in the configuration management database. The OIG found that 666 of 980 items were not in the locations assigned within the ITSM toolset. Further, new IT assets were not logged into the appropriate database for a period of 3 months. The OIG also found that NRC decommissioning procedures were not followed for IT assets. This report makes six recommendations to improve the NRC’s information technology asset management program.
Date Issued: 
Wednesday, July 3, 2024
Agency Reviewed / Investigated: 
Nuclear Regulatory Commission
Submitting OIG-Specific Report Number: 
OIG-24-E-01
Location(s): 
Agency-Wide
Type of Report: 
Inspection / Evaluation
Questioned Costs: 
$0
Funds for Better Use: 
$37,000
Number of Recommendations: 
6
Report updated under NDAA 5274: 
No
View Document: 
AttachmentSize
PDF icon ROEOIG-24-E-01Evaluation-NRCs-IT-Asset-ManagementHV7324RJF.pdf15.01 MB

Related Open Recommendations

Recommendation Number Recommendation Status Significant Recommendation Additional Details
1.1 Open Yes
Update NRC form 270, Separation Clearance, to include a step to ensure IT assets under the $2,500 threshold are returned prior to employee clearance for separation.
1.2 Open Yes
Update MD 13.1, Property Management, or develop other guidance, to clearly describe the roles and responsibilities of NRC employees and contractors as it pertains to the handling, storage, issuance, and return of IT assets under the $2,500 threshold.
2.1 Open Yes
Complete an inventory of laptops, desktops, and tablets, and update the information in the CMBD in the current ITSM toolset.
3.1 Open Yes
Update MD 13.1, Property Management, and the Hardware Asset Management Playbook, or develop other guidance, to expressly state the roles and responsibilities for acquiring assets and requesting red tags for IT assets in a timely manner.
4.1 Open Yes
Update the affected contract(s) to include a service level requirement for the sanitation of assets.
4.2 Open Yes
Update the PC Decommissioning Standard Operating Procedure and the Hardware Asset Management Playbook to reflect all the required steps in the decommissioning and disposal process.
Displaying 6 of 6 Recommendations