All Reports

The Federal Information Security Modernization Act of 2014 (FISMA) requires each agency’s Inspector General (IG) to conduct an annual independent evaluation to determine the effectiveness of the information security program (ISP) and practices of its respective agency. Our objective was to determine the effectiveness of the Tennessee Valley Authority’s (TVA) ISP and practices as defined by the FY 2023 – 2024 IG FISMA Reporting Metrics. Our audit scope was limited to answering the fiscal year (FY) 2024 IG metrics, which include 20 core IG metrics and 17 supplemental IG metrics.

The Office of the Inspector General performed an audit of costs billed to the Tennessee Valley Authority (TVA) by Service Electric Company (SEC) for transmission construction services provided under Contract No. 16986. The contract provided for TVA to compensate SEC on either a fixed price or cost reimbursable basis.

The Office of the Inspector General performed an audit to determine if TVA manages access to nonpublic critical and sensitive information in accordance with TVA information management policy. Our scope was limited to TVA’s SharePoint® sites as of March 19, 2024. We determined TVA’s management of access to nonpublic critical and sensitive information could be improved. In addition, we determined TVA was not providing SharePoint® site owners with appropriate training to properly manage access to TVA nonpublic critical and sensitive information.

The Office of the Inspector General determined the Cumberland Energy Solution project complied with most elements of scope management and the bid process. However, we identified certain areas under each process that need improvement to help mitigate potential Tennessee Valley Authority (TVA) risk. In summary:• TVA’s Cybersecurity, a business unit under TVA’s Technology and Innovation business unit, was not included as a stakeholder throughout the project. • TVA did not adequately mitigate risks related to the use of equipment from nondesignated countries.

As part of our annual audit plan, we performed an audit of costs billed to the Tennessee Valley Authority (TVA) by Emerson Process Management Power and Water Solutions, Inc., (Emerson) under Contract No. 14688 for distributed control systems products and services. Our audit objective was to determine if costs billed to TVA under Contract No. 14688 were in accordance with the contract's terms.

Power plants rely on operational technology (OT) to ensure the plants can run without disruption. Due to the high risks associated with threat events against OT, we performed an audit of the Tennessee Valley Authority’s (TVA) OT cybersecurity at a combined cycle plant. Our objective was to determine if logical, physical, and general security controls were (1) appropriately designed to reduce cybersecurity risk and (2) operating effectively. We determined logical, physical, and some general controls were appropriately designed and operating effectively.

The Tennessee Valley Authority (TVA) has two fixed wing aircraft (FWA) that are to be used for mission-related transportation and business travel. According to TVA Standard Programs and Processes (SPP) 32.041, Use of TVA Fixed Wing Aircraft, its FWA are to be used in support of TVA's mission and congressionally mandated programs, in alignment with TVA Board Practice the Federal Travel Regulation, and other pertinent regulatory governance.

According to a nuclear industry peer organization, ensuring the right spare and replacement items are available when they are needed to support critical plant equipment is essential to minimizing equipment unavailability and optimizing generation. Nuclear Power Group Standard Programs and Processes 09.18.8, Equipment Obsolescence Program, defines obsolete equipment as an item in plant service no longer manufactured or otherwise difficult to procure and qualify.

We performed an audit of costs billed to the Tennessee Valley Authority (TVA) by Modis, Inc. (Modis) for contract-to-hire services within TVA's Technology and Innovation organization under Contract No. 16781. Modis was to provide recruiting, staff augmentation, and hiring services to supplement TVA's standard hiring processes in preparation for increased hiring.

We audited costs billed to the Tennessee Valley Authority (TVA) by Universal Protection Service, LP dba Allied Universal Security Services (Allied) under Contract No. 16681 for nonnuclear security guard services. Our audit objective was to determine if costs billed were in compliance with the contract's terms. Our audit scope included about $8.76 million in costs billed to TVA from January 7, 2022, through October 31, 2023. In summary, we determined costs billed by Allied complied with the contract's terms.(Summary Only)