All Reports

Between January 1, 2022, and July 8, 2025, TVA spent about $47 million on tools across the fleet.  Due to the amount spent on tools at TVA, we performed an audit of TVA’s tool management controls.  Our audit objective was to determine if controls are in place to safeguard tools at selected sites.  Our audit scope was limited to controls in place at selected sites during our site visits which occurred between May 28, 2025, and June 17, 2025.

As part of our annual audit plan, we performed an audit of costs billed to the Tennessee Valley Authority (TVA) by Day and Zimmerman NPS, Inc. (DZNPS) for the services of qualified craft, noncraft, or staff augmented personnel to perform modification, outage, supplemental maintenance, and technical support work at TVA nuclear generating sites under Contract No. 11515.  Our audit objective was to determine if costs billed to TVA at Sequoyah Nuclear Plant were in compliance with the terms of Contract No.

We performed an audit of the Tennessee Valley Authority’s (TVA) Contract No. 13814 with Hitachi Energy USA, Inc.

The Tennessee Valley Authority (TVA) routinely engages in business meetings and external relationship events to conduct business and develop improved relationships.  TVA Standard Programs and Processes 13.063, Business Meetings & External Relationship Events, requires all employees responsible for planning a business meeting or external relationship event to ensure and document that the (1) business need is justified; (2) expense is reasonable, proper, and an efficient use of TVA resources; and (3)

During fiscal year 2024, the Tennessee Valley Authority (TVA) communicated its intent to invest approximately $7 billion over the next 20 years to ensure safe and reliable operations of its three nuclear sites.  This investment is to extend and preserve the life of its nuclear units and will be accomplished through nuclear life extension (NLE) projects. Moisture separator reheaters (MSRs) are a major plant asset that will be included in the NLE focus.  Sequoyah Nuclear Plant’s (SQN) Unit 1 includes six MSRs located at the SQN Turbine Building. These

We performed an audit of costs billed to the Tennessee Valley Authority (TVA) by TRC Environmental Corporation (TRC) for energy efficiency services provided in support of TVA’s EnergyRight® Services for Business and EnergyRight® Services for Industry under Contract No. 15361. Our audit objective was to determine if the costs billed to TVA were in accordance with the contract terms.  Our audit scope included approximately $43.56 million in costs billed to TVA from January 1, 2023, through March 31, 2025.

Due to the risk of harm to the Tennessee Valley Authority (TVA) from the loss or breach of private information held by a third party, we performed an audit of BlueCross BlueShield of Tennessee’s (BCBST) security controls.  Our audit objective was to determine if BCBST has controls in place to meet contract requirements for the protection of data held by the vendor on behalf of TVA.

Due to the importance of protecting the Tennessee Valley Authority’s (TVA) operations from external cyber events, we performed an audit of TVA’s transmission control center network cybersecurity. The audit objective was to determine if TVA has sustainable processes for identifying, implementing, and managing the network architecture to reduce the overall cybersecurity risk to TVA resources in their transmission networks.  The audit scope was limited to TVA’s transmission control center network.  We made one recommendation to TVA management. The specifics are being

Due to the importance of protecting the Tennessee Valley Authority (TVA) operations from external cyber events, we audited TVA’s protection mechanisms for a specific cyberattack.  Our objective was to determine if TVA’s protection mechanisms to prevent or protect against a specific type of cyberattack were adequately designed, properly implemented, and operating effectively.  Specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity.  We made two recommendations to TVA management. 

Due to the importance of security measures required to protect the Tennessee Valley Authority’s (TVA) information and operations from cybersecurity threats, the OIG performed a penetration test of TVA’s network, systems, and applications.  Our objective was to determine if vulnerabilities and other cybersecurity weaknesses in TVA’s network, systems, and applications were present and exploitable. Specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity. We made five recommendations to TVA management.