Submitting OIG:
Report Description:
The Office of the Inspector General audited the controls for key Sarbanes-Oxley (SOX) spreadsheets to determine if the controls are sufficiently defined, appropriately designed, and operating effectively. The audit’s scope was information technology general controls for the SOX critical spreadsheets within TVA. We identified several issues that could provide a stronger control environment for critical spreadsheets. Specifically, we found (1) shared passwords used to modify critical spreadsheets are not appropriately managed, (2) one spreadsheet was accessible using a shared account with no known business need, (3) TVA’s SOX Control Environment group’s inventory controls over critical spreadsheets are ineffective, (4) critical spreadsheets are not documented consistently in SOX control narratives maintained by TVA’s SOX Control Environment group, (5) naming convention controls are not being enforced which limits TVA’s ability to quickly assess if critical spreadsheets are properly stored for access control and backup purposes, and (6) TVA’s SOX Control Environment group’s spreadsheet policy could be strengthened by adding controls for user training, baselining, templates, and testing. TVA management agreed with our findings and recommendations.
Date Issued:
Thursday, September 13, 2018
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
2017-15451
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
6
View Document:
Attachment | Size |
---|---|
![]() | 991.01 KB |