Date Issued
Report Number
2016-15381
Report Type
Audit
Description
The Tennessee Valley Authority (TVA) vendor management system is a cloud based system physically located away from TVA facilities and outsourced to a third party. The OIG audited the vendor management system to assess the (1) data processing and application controls to ensure data integrity and reliability and (2) logical security controls to ensure only authorized access to system resources and protection of sensitive information. Our scope included TVA's vendor management system and its interfaces to TVA systems. We found TVA system interfaces associated with the vendor management system had reasonable data processing and application controls to ensure data integrity and reliability. However, we found weaknesses in the logical security controls that increase the risk of unauthorized access to TVA data. TVA and the third party responsible for the vendor management system agreed with our findings and recommendations.(Summary Only)
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0