All Reports

In this semiannual period, our audit, evaluation, and investigative activities identified more than $33.4 million in questioned costs, funds put to better use, recoveries, and waste, as well as opportunities for TVA to improve its programs and operations.

The Office of the Inspector General (OIG) performed the procedures, which were requested and agreed to by Tennessee Valley Authority (TVA) management solely to assist management in determining the validity of the Winning Performance/Executive Annual Incentive Plan (WP) Measures for fiscal year (FY) ending September 30, 2021. TVA management is responsible for the WP Measures data provided. In summary, procedures applied by the OIG found: • The FY 2021 WP goals for the Enterprise measures were properly approved.

In keeping with its responsibilities under the Inspector General Act of 1978, as amended, the OIG monitored the audit of TVA's fiscal year 2021 financial statements performed by Ernst and Young LLP (EY) to assure their work complied with Government Auditing Standards. Our review of EY's work disclosed no instance in which the firm did not comply in all material respects with Government Auditing Standards.

The Office of the Inspector General is required by the Federal Information Security Modernization Act of 2014 (FISMA) to conduct an annual independent evaluation that determines the effectiveness of the information security program (ISP) and practices of its respective agency. Our objective was to evaluate the Tennessee Valley Authority’s ISP and practices as defined by the FY 2021 IG FISMA Reporting Metrics Version 1.1.

We performed an audit of the Tennessee Valley Authority’s (TVA) Internet perimeter. Our objective was to identify cybersecurity weaknesses in TVA’s Internet perimeter through penetration testing. In summary, we identified some vulnerabilities in TVA’s internet perimeter. Specifically, we (1) downloaded files related to TVA’s disposal of coal ash that were marked as confidential, (2) accessed a Web site related to river operations that used weak authentication, and (3) found TVA’s password complexity requirements on a TVA publicly available Web site.

The Office of the Inspector General included an audit of Tennessee Valley Authority’s (TVA) corporate contributions in our annual audit plan due to the potential reputational risk associated with contributions that do not comply with TVA policies and procedures.

In response to a referral from the Office of the Inspector General (OIG), Investigations, we audited a claim for missing gas cylinders submitted to the Tennessee Valley Authority (TVA) by Airgas USA, LLC (Airgas) under Contract Nos. 5436 and 5456. Under the contracts, Airgas was to manage inventory of industrial gases for TVA, including furnishing, selling, and delivering all bulk gases and related products and services to TVA.

In response to requests from stakeholders, we scheduled an evaluation to determine if the Tennessee Valley Authority (TVA) complied with the 2016 Board Practice regarding memberships in external organizations.We found no evidence TVA was out of compliance with the TVA Memberships in External Organizations Board Practice. We did not identify any evidence of direct lobbying or litigation on behalf of TVA; however, the external organizations do not administratively segregate TVA’s funds, so we were unable to determine if the funds were used for lobbying or litigation.

The Office of the Inspector General conducted a review of the Lagoon Creek Combustion Turbine (LCCT) Plant to identify factors that could impact LCCT’s organizational effectiveness. During the course of our evaluation, we identified behaviors that had a positive impact on LCCT; however, we also identified some behavioral risks associated with team conflicts. In addition, we identified risks to operations that, if unaddressed, could hinder LCCT’s effectiveness.

The Office of the Inspector General conducted a review of the Lagoon Creek Combined Cycle (LCCC) Plant to identify factors that could impact LCCC’s organizational effectiveness. During the course of our evaluation, we identified behaviors that had a positive impact on LCCC including positive relationships between team members and most management. However, we also identified a behavioral risk related to communication with first-line management. In addition, we identified an operational risk related to training that could hinder LCCC’s effectiveness.