Date Issued
Report Number
2007-11198
Report Type
Audit
Description
In a prior audit, 2007-10997, Review of Temporary Shares for Sensitive Information, the OIG identified numerous incidents of Personally Identifiable Information (PII) and TVA sensitive information on temporary shares available to anyone with a TVA network ID. TVA's Information Services (IS) organization subsequently reviewed other temporary shares and identified additional instances of PII available on the shares. For this audit, we (1) reviewed the risk assessment methodology used to evaluate PII identified during the reviews of temporary shares and (2) determined if IS' conclusions regarding risk exposure of PII were reasonable. In summary, we found the (1) risk assessment methodology was consistent with the National Institute of Standards and Technology's and Office of Management and Budget's guidance, and (2) conclusions reached were reasonable.
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0