Federal Reports

We completed agreed-upon procedures to assist the Center for Resource Solutions (CRS) in determining TVA's compliance with the annual reporting requirements of CRS' Green Pricing Accreditation Program for the year ended December 31, 2006. The required information on TVA's renewable energy initiative, "Green Power Switch," was provided to CRS.

We evaluated the design, implementation, and effectiveness of TVA's Ethics and Compliance Program and found:TVA's current ethics program was limited to the Office of Government Ethics' standards and requirements. The Designated Agency Ethics Officer (DAEO), currently within the General Counsel's office, is responsible for making sure the appropriate employees are trained in these standards. Currently, about 20 percent of TVA employees are required to participate in annual ethics training. The audit team found that leading practice provides ethics training to all employees and addresses how ethical behavior affects and supports a company's overall mission. It has been shown that such training provides an ethical foundation for employees which, in turn, provides the basis for a company's compliance program.TVA's compliance program is comprised of "silos." Each business unit, such as TVA's nuclear and fossil power organizations, has experts in nuclear and environmental regulations who assist individual nuclear and fossil plants in complying with specific regulations. However, leading practice trends toward a more centralized corporate compliance management approach. This centralized approach provides for coordination of each business unit's compliance program and allows for better communication of issues across the organizations. Based on these findings, we recommended to the Chief Executive Officer (CEO) that TVA establish a Chief Ethics and Compliance Officer (CECO) position and move the responsibility for TVA's Ethics Program from the General Counsels' office to the CECO, who would be responsible for directing the ethics program and coordinating compliance programs across TVA. We recommended the CECO report to TVA's CEO and Board of Directors. The CEO agreed with our recommendation to establish and fill the CECO position at TVA and indicated implementation details would be addressed after the appointment.

We determined: Personally identifiable information (PII) and other sensitive information were not properly secured thus exposing the information to anyone with a TVA network ID;Temporary shares were being used to store non-business related information;TVA does not have a policy or guidance for management of temporary shares to address the proper use of the share (i.e., types of information that can be stored and the unsecured nature of the share), responsibilities of the users, and maintenance (i.e., maximum time frame for retention of files on the share); TVA Standard Programs and Processes (SPP) 12.9, Computer Security and Privacy Incident Response, which includes procedures for notifying TVA employees and their dependents, contractors, and retirees and their dependents when PII has potentially been compromised, has yet to be implemented; and Two business practice drafts (1) TVA Information Security Policy, which describes classification and protection of information, and (2) Acceptable Use of Information Resources (Rules of Behavior), which explicitly prohibits storage of non-TVA information on TVA servers, have yet to be implemented. TVA management agreed with the findings and has taken or is taking corrective action.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements

EAC OIG audited $49.7 million in funds received by the Maryland State Board of Elections under the Help America Vote Act. The objectives of the audit were to determine whether Maryland 1) expended HAVA payments in accordance with the Act and related administrative requirements and 2) complied with the HAVA requirements for replacing punch card or lever voting machines, for establishing an election fund, for appropriating a 5 percent match for requirements payments, and for maintaining state expenditures for elections at a level not less than expended in fiscal year 2000. Specifically, we audited expenditures from May1, 2003 through December 31, 2005, and reviewed controls to assess their adequacy over the expenditure of HAVA funds. We also evaluated compliance with certain HAVA requirements for the following activities: accumulating financial information reported to EAC on the Financial Status Reports (standard forms number 269); accounting for property; purchasing goods and services; accounting for salaries; charging indirect costs; and spending by counties. We also determined whether Maryland had complied with the requirements in HAVA applicable to Section 251 requirements payments for: establishing and maintaining the election fund; sustaining the State's level of expenditures for elections; and appropriating funds equal to five percent of the amount necessary for carrying out activities financed with Section 251 requirements payments.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements

We audited $23.2 million of costs billed by a TVA contractor for providing construction and modification services for TVA's generating plant switchyards, substations, electrical transmission system, and power control communication facilities. We found the costs billed by the contractor were fairly stated except for a minor overbilling of craft labor costs that occurred as a result of a clerical error. Summary Only

The attached report presents the results of the subject review that was performed at my request by the Department of Homeland Security’s (DHS) Office of Inspector General of Appalachian Regional Commission’s (ARC) Systems Security Program