Date Issued
Report Number
2007-11348-01
Report Type
Audit
Description
While IT Security has made strides in establishing the technology infrastructure, we found (1) IT Security lacks a business-level mechanism to provide cross-agency oversight, a strategic TVA-wide approach, and grounding in risk management; (2) coordination and communication with business units were not well defined and could be more effective with increased training, communication, and business unit involvement in security planning; (3) procedures were outdated and did not address issues for all business segments; and (4) performance management was substantially undefined. Management agreed with the recommendations and is taking corrective action. Summary Only
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0