Information Technology Organization Effectiveness - Enterprise Information Security and Policy

The OIG performed this audit to determine Enterprise Information Security and Policy (EISP) organization's (1) current effectiveness, (2) actions completed in the implementation of management action plans in response to a previous audit and TVA IT's 1,000 Days to Success initiative (IT1K); and (3) the design of management action plans and the IT1K program and identify gaps related to any outcomes not met. EISP has improved operations through the expansion of internal processes. While EISP has improved operations, some process improvements may not be not sustainable, had inconsistent engagement in some areas and small gaps in staff experience and skills. In addition, TVA's defined values were not always reflected in EISP's work and communications. Concurrent with this audit the new EISP Director, who started his position in November 2014, was engaged in meeting with EISP staff and identified many of the same issues as noted in the report findings. In response, the Director of EISP began taking actions to address these issues. Summary Only