Identification of TVA’s Enterprise Risks

Enterprise Risk Management (ERM) provides an enterprise-wide, strategically aligned portfolio view of organizational challenges that provides improved insight about how to more effectively prioritize and manage risks. The Tennessee Valley Authority (TVA) Board of Directors established a formalized ERM program in 1999 to (1) develop a standard framework and (2) promote risk management awareness and techniques to manage risks throughout the company. Due to the importance of TVA identifying and assessing risks, we evaluated (1) the process used by TVA business units (BU) to identify risks and (2) how BU risks were used to comprise TVA's enterprise risk levels. We determined the processes used by TVA were generally effective for identifying strategic business unit (SBU)/BU risks and assessing those risks to determine enterprise level risks. However, we identified some opportunities for improvement related to documentation of the ERM process and defining and documenting TVA’s risk appetite. Additionally, we could not determine if the risks in the 2022 Enterprise Level Risk Portfolio adequately addressed the rolling blackouts that occurred on December 23 and 24, 2022.