Federal Reports

Due to the importance of monitoring the performance of the Tennessee Valley Authority’s (TVA) Safety Program, the TVA Office of Inspector General (OIG) performed an evaluation of TVA’s health and safety committees (HSC). The objective of this evaluation was to determine if HSCs were effectively monitoring the remediation of identified safety concerns. The TVA OIG determined TVA HSCs are generally effective at monitoring the remediation of identified safety concerns. However, there were limited instances when safety concerns were not monitored or remediation plans were not established. In addition, we found some HSCs were not following requirements to meet at least quarterly and maintain meeting minutes.

Amtrak (the company) contracted with the independent certified public accounting firm of Ernst & Young LLP to audit its consolidated financial statements as of September 30, 2023, and for the year then ended, and to provide a report on internal control over financial reporting and on compliance and other matters. Because the company receives federal assistance, it must obtain an audit performed in accordance with generally accepted government auditing standards.As required by the Inspector General Act of 1978, as amended, we monitored the audit activities of Ernst & Young to help ensure audit quality and compliance with auditing standards. Our monitoring focused on two Ernst & Young reports and disclosed no instances in which Ernst & Young did not comply, in all material respects, with generally accepted government auditing standards. We reached this conclusion by monitoring Ernst & Young’s audit activities, which included reviewing its reports, auditor independence and qualifications, audit plans, detailed testing results, summary work papers, and quality controls. We also attended key meetings.Our review disclosed no instances in which Ernst & Young did not comply, in all material respects, with generally accepted government auditing standards.

We determined whether the Natural Resources Conservation Service (NRCS) ensured that Conservation Stewardship Program (CSP) participants maintained control of land enrolled in CSP contracts.

This audit report determined that the Commission’s FY 2023 information security program was not in compliance with FISMA legislation, OMB guidance, and applicable NIST special publications. Five of the nine domains Kearney evaluated warrant additional management attention to address identified deficiencies - Risk Management, Supply Chain Risk Management, Configuration Management, Identity and Access Management, and Information Security Continuous Monitoring. Specifically, the FISMA evaluation report includes seven findings and offers 25 recommendations to improve the effectiveness of the FCC’s information security program controls. FCC continues to work towards an effective overall maturity level for its information security program.

Using a risk-based, tiered approach in developing this work plan to best focus our resources, AIE will initiate work in nine focus areas in 2024, including oversight of IIJA, IRA and other supplemental funding provided to the DOI.

This audit report determined that the Commission’s FY 2023 information security program was not in compliance with FISMA legislation, OMB guidance, and applicable NIST special publications. Five of the nine domains Kearney evaluated warrant additional management attention to address identified deficiencies - Risk Management, Supply Chain Risk Management, Configuration Management, Identity and Access Management, and Information Security Continuous Monitoring. Specifically, the FISMA evaluation report includes seven findings and offers 25 recommendations to improve the effectiveness of the FCC’s information security program controls. FCC continues to work towards an effective overall maturity level for its information security program.