All Reports

The Office of the Inspector General performed an audit to determine if TVA manages access to nonpublic critical and sensitive information in accordance with TVA information management policy. Our scope was limited to TVA’s SharePoint® sites as of March 19, 2024. We determined TVA’s management of access to nonpublic critical and sensitive information could be improved. In addition, we determined TVA was not providing SharePoint® site owners with appropriate training to properly manage access to TVA nonpublic critical and sensitive information.

The Office of the Inspector General determined the Cumberland Energy Solution project complied with most elements of scope management and the bid process. However, we identified certain areas under each process that need improvement to help mitigate potential Tennessee Valley Authority (TVA) risk. In summary:• TVA’s Cybersecurity, a business unit under TVA’s Technology and Innovation business unit, was not included as a stakeholder throughout the project. • TVA did not adequately mitigate risks related to the use of equipment from nondesignated countries.

As part of our annual audit plan, we performed an audit of costs billed to the Tennessee Valley Authority (TVA) by Emerson Process Management Power and Water Solutions, Inc., (Emerson) under Contract No. 14688 for distributed control systems products and services. Our audit objective was to determine if costs billed to TVA under Contract No. 14688 were in accordance with the contract's terms.

Power plants rely on operational technology (OT) to ensure the plants can run without disruption. Due to the high risks associated with threat events against OT, we performed an audit of the Tennessee Valley Authority’s (TVA) OT cybersecurity at a combined cycle plant. Our objective was to determine if logical, physical, and general security controls were (1) appropriately designed to reduce cybersecurity risk and (2) operating effectively. We determined logical, physical, and some general controls were appropriately designed and operating effectively.

The Tennessee Valley Authority (TVA) has two fixed wing aircraft (FWA) that are to be used for mission-related transportation and business travel. According to TVA Standard Programs and Processes (SPP) 32.041, Use of TVA Fixed Wing Aircraft, its FWA are to be used in support of TVA's mission and congressionally mandated programs, in alignment with TVA Board Practice the Federal Travel Regulation, and other pertinent regulatory governance.

According to a nuclear industry peer organization, ensuring the right spare and replacement items are available when they are needed to support critical plant equipment is essential to minimizing equipment unavailability and optimizing generation. Nuclear Power Group Standard Programs and Processes 09.18.8, Equipment Obsolescence Program, defines obsolete equipment as an item in plant service no longer manufactured or otherwise difficult to procure and qualify.

We performed an audit of costs billed to the Tennessee Valley Authority (TVA) by Modis, Inc. (Modis) for contract-to-hire services within TVA's Technology and Innovation organization under Contract No. 16781. Modis was to provide recruiting, staff augmentation, and hiring services to supplement TVA's standard hiring processes in preparation for increased hiring.

We audited costs billed to the Tennessee Valley Authority (TVA) by Universal Protection Service, LP dba Allied Universal Security Services (Allied) under Contract No. 16681 for nonnuclear security guard services. Our audit objective was to determine if costs billed were in compliance with the contract's terms. Our audit scope included about $8.76 million in costs billed to TVA from January 7, 2022, through October 31, 2023. In summary, we determined costs billed by Allied complied with the contract's terms.(Summary Only)

We are pleased to present our report for the period October 1, 2023, to March 31, 2024. Serving in our oversight role, the Office of the Inspector General continues to identify risks to operations, ways to save or recover money, make recommendations to improve operations, and prevent and detect fraud, waste, and abuse.

North American Electric Reliability Corporation (NERC) Emergency Preparedness and Operations (EOP) standard 011-2, was approved by the Federal Energy Regulatory Commission on August 24, 2021, with an effective date of April 1, 2023. EOP-011-2 includes a requirement to implement and maintain a cold weather preparedness plan for generating units with 7 required elements. EOP-011-2 also includes a requirement for evidence documenting the plan was implemented and maintained as well as evidence that applicable personnel completed training on the cold weather preparedness plan.