All Reports

The Office of the Inspector General audited TVA’s transmission system’s Internet security. We (1) identified vulnerabilities that increase TVA’s risk of successful cyberattacks, (2) found a gap in how TVA’s cybersecurity monitoring system detects cyberattacks against the transmission system, and (3) found TVA had not configured network devices in a consistent manner. TVA management remediated or mitigated all identified vulnerabilities and agreed with our remaining findings and recommendations.

The Office of the Inspector General conducted a review of the Hydro Generation, North Eastern Region (Hydro NE) to identify operational and cultural strengths and risks that could impact Hydro NE’s organizational effectiveness. Our report identified strengths within Hydro NE related to (1) organizational alignment, (2) positive interactions within and outside of Hydro NE, (3) first-line leadership, and (4) positive ethical culture. However, we also identified risks that could impact Hydro NE’s ability to meet its responsibilities in support of Power Operations’ mission.

The Office of the Inspector General (OIG) contracted with ATC Group Services LLC (ATC), to conduct a review of groundwater monitoring activities at the Kingston Fossil Plant Peninsula Disposal Unit to determine the quality of the program and adherence to regulatory standards. ATC stated that in their opinion, monitoring activities performed at TVA Kingston Fossil Plant Peninsula Disposal Unit are in adherence with guidelines for the Environmental Protection Agency and the Tennessee Department of Environment and Conservation.

As part of our annual audit plan, we audited costs billed to the Tennessee Valley Authority (TVA) by Sargent & Lundy, L.L.C. (S&L) for engineering services under Contract Nos. 8444 and 12285. The contracts provided for TVA to compensate S&L for work on either a cost reimbursable or fixed price basis. Our audit objectives were to determine if (1) costs were billed in accordance with the terms and conditions of the contracts and (2) tasks were issued using the most cost efficient pricing methodology.

The Office of the Inspector General conducted a review of the Hydro Generation, South Western Region (Hydro SW) to identify operational and cultural strengths and risks that could impact Hydro SW’s organizational effectiveness. Our report identified strengths within Hydro SW related to (1) organizational alignment, (2) positive interactions within and outside of Hydro SW, (3) effective leadership, and (4) positive ethical culture.

The Office of the Inspector General conducted a review of TVA’s Nuclear Security organization to identify operational and cultural strengths and risks that could impact organizational effectiveness. Our report identified strengths within Nuclear Security related to (1) organizational alignment, (2) teamwork, (3) ethical culture, and (4) front-line management support. However, we identified risks that could impact the effectiveness of Nuclear Security to achieve its responsibilities in support of the Nuclear vision.

Nuclear Power Group Standard Programs and Processes 03.21, Fatigue Rule and Work Hour Limits, includes rules regarding required average minimum days off for covered individuals, as well as overtime rules for how many hours can be worked in specific time periods. Our review of sampled employee and contract employee work hours and badging records for fiscal years 2017 and 2018 identified no violations of nuclear fatigue rule (NFR) minimum days off or overtime rules.

We evaluated the process TVA uses to verify the accuracy of payments made to the Department of Labor (DOL) for workers compensation benefits. We determined TVA did not have a formal process to verify the accuracy of payments made for schedule awards. Although TVA’s Sarbanes-Oxley Act (SOX) controls verified certain aspects of the DOL billings, the SOX controls did not include steps to verify the accuracy of the elements in award of compensation letters and, as a result, some errors were not identified.

The TVA Office of the Inspector General (OIG) meets its legal requirement to report to Congress on its results twice a year through its Semiannual Report to Congress. In this semiannual period, our audit, evaluation, and investigative activities identified more than $3.3 million in funds TVA could put to better use and recoveries.

The Office of the Inspector General audited TVA’s compliance with Office of Management and Budget’s (OMB) memorandum (M) 15-13, Policy to Require Secure Connections across Federal Websites and Web Services, and Department of Homeland Security’s (DHS) binding operational directive (BOD) 18-01, Enhance E mail and Web Security, regarding Web site and e-mail security practices. We determined that TVA was not in compliance with OMB M-15-13 and DHS BOD-18-01. In addition, we found TVA’s Web site inventory was incomplete. TVA management agreed with our findings and recommendations.