All Reports

At the request of the Tennessee Valley Authority's (TVA) Supply Chain, we examined the cost proposal submitted by a company for coal combustion residual (CCR) program management services. Our examination objective was to determine if the company's cost proposal was fairly stated for a planned 20-year contract.In our opinion, the company's cost proposal was overstated.

The Office of the Inspector General conducted an audit to determine the effectiveness of endpoint protection on Tennessee Valley Authority’s (TVA) desktops and laptops. We found several areas of TVA’s endpoint protection program to be generally effective; however, we identified two issues that should be addressed by TVA management to further increase the effectiveness. Specifically, we found (1) TVA does not require endpoint protection for all network connections and (2) gaps in TVA policy, procedures, and internal controls. TVA management agreed with our recommendations.

As part of our annual audit plan, we audited costs billed to the Tennessee Valley Authority (TVA) by Delta Dental of Tennessee (Delta Dental) for dental plan administrative services. Our audit objective was to determine if the costs billed to TVA were in compliance with the terms of Contract No. 12179. Our audit included approximately $15.6 million in claim costs and associated administrative fees billed to TVA during calendar years 2020 and 2021.

The Office of the Inspector General conducted a review of the Communications and Public Relations (C&PR) organization to identify factors that could impact C&PR’s organizational effectiveness. During the course of our evaluation, we identified behavioral and operational risks, some of which were recurring, that stemmed from alignment issues, which could negatively affect sustainable execution within C&PR.

The Tennessee Valley Authority (TVA) operates three nuclear plants capable of generating 7,800 megawatts of electricity. Groundwater contamination can result from routine nuclear plant activities such as wet storage of spent fuel, leaks from liquid waste pipelines and tanks, and leaks of contaminated cooling water. TVA Nuclear Power Group, Standard Programs and Processes 05.15, Fleet Groundwater Protection Program, establishes a long-term groundwater-monitoring program with the purpose of minimizing the potential for inadvertent releases to the environment from plant activities.

The Office of the Inspector General audited TVA’s information technology (IT) equipment inventory to determine if TVA had controls and processes in place to maintain an accurate and complete inventory of IT equipment. Due to the inventory inaccuracies and control weaknesses, we did not test for inventory completeness. Although we found access controls to IT inventory data were effective, we found TVA’s controls and processes in place to maintain an accurate and complete inventory of IT equipment were ineffective.

The Office of the Inspector General identified several instances where time was not accurately reported in the Personnel Qualification and Scheduling program (that is used to track employees’ hours to avoid a violation of the Nuclear Fatigue Rule) and the time-reporting system. However, we were unable to determine if all Nuclear Maintenance employees’ time was accurately reported because we could not account for time that employees were not badged into the protected areas (the area encompassed by physical barriers and to which access is controlled) of the plants.

The Office of the Inspector General conducted an evaluation to determine (1) the effectiveness of the radiation protection program in limiting employee dosage and (2) if notifications were made when required. We determined the Tennessee Valley Authority’s (TVA) radiation protection program was effective in limiting employee dosage levels during calendar years 2019 and 2020. Additionally, we determined the Nuclear Regulatory Commission and TVA personnel were notified, as required, when personnel dosage met regulatory milestones.

As part of our annual audit plan, we audited costs billed to the Tennessee Valley Authority (TVA) by Williams Plant Services, LLC (Williams) under Contract No. 10728 for managed task construction and modification work at TVA's nuclear facilities. The contract provided for TVA to compensate Williams for these services on either a time and materials or fixed price basis. Our objective was to determine if costs billed to TVA were in accordance with the contract's terms.

As part of our annual audit plan, we performed an audit of Tennessee Valley Authority’s (TVA) non-power dam control system cybersecurity. Our objective was to determine if the cybersecurity controls of TVA’s non-power dam control system were operating effectively.In summary, we found (1) no clear ownership of the non-power dam control system, (2) vulnerable versions of operating systems and control system software, (3) inappropriate logical and physical access, and (4) internal information technology controls were not operating effectively or had not been designed and implemented.