Skip to main content
Report File
Date Issued
Submitting OIG
Tennessee Valley Authority OIG
Other Participating OIGs
Tennessee Valley Authority OIG
Agencies Reviewed/Investigated
Tennessee Valley Authority
Report Number
2024-17492
Report Description

The Office of the Inspector General performed an audit to determine if TVA manages access to nonpublic critical and sensitive information in accordance with TVA information management policy. Our scope was limited to TVA’s SharePoint® sites as of March 19, 2024. We determined TVA’s management of access to nonpublic critical and sensitive information could be improved. In addition, we determined TVA was not providing SharePoint® site owners with appropriate training to properly manage access to TVA nonpublic critical and sensitive information. This report, specifically identifies Microsoft, a nongovernmental organization/business entity. Pursuant to the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, Pub. L. No. 117-263 §5274, any such organization may submit a written response to the report within 30 days, clarifying or providing additional context for each instance within the report in which the organization is specifically identified. Any response provided for that purpose will be appended to the final, published report. If you have any questions about this process, please contact Jeffrey McKenzie at (865) 633-7374 or jtmckenzie@tvaoig.gov within 30 days of publication.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
3
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 3 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 No $0 $0

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, perform a risk assessment of SharePoint® access management to identify additional controls to mitigate inappropriate access to nonpublic critical and sensitive information.

2 No $0 $0

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, update TVA’s SharePoint® training to provide site owners with the knowledge they need to properly protect TVA nonpublic critical and sensitive information.

3 No $0 $0

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, create a process to identify SharePoint® site owners and require them to complete initial and periodic refresher training.

Tennessee Valley Authority OIG