Federal Reports

On January 21, 2026, we issued the financial statements audit report (Report 26-03) performed by the independent certified public accounting firm KPMG LLP. The auditors issued a disclaimer of opinion on the consolidated balance sheet as of September 30, 2025. During that audit, KPMG identified and reported on four material weaknesses and one significant deficiency.

When conducting an audit of an agency’s financial statements, auditors may identify certain other matters involving internal controls that do not rise to the level of a material weakness or significant deficiency and are not required to be reported in the independent auditors’ report. Instead, those matters are communicated in a management letter.

This memorandum has been prepared to transmit a management letter prepared by KPMG, dated February 20, 2026, to report internal control issues identified during the 2025 financial statement audit, that were not included in the final financial statement audit report. The attached management letter entitled Controls Related to the Reporting of Outstanding Guaranty Loans details the following issues identified by KPMG:

• Management did not properly categorize the 1 month reporting lag of the guaranty loan balances as a non-generally accepted accounting principles policy.
• Management did not perform a timely review of the non-generally accepted accounting principles policy related to the untimely reporting of the guaranty loan balances and determine its impact on the financial statements and related notes.

The auditors made two recommendations based on these findings that management agreed to implement to improve internal controls. We consider the recommendations issued in this letter as open audit recommendations. In accordance with our audit follow-up process, we will monitor management’s implementation of the corrective actions.

We found USPP officers did not violate DOI or USPP use of force policies in an attempted arrest and fatal shooting in Washington, DC.

The Office of the Inspector General performed an audit to determine if the backup and recovery process for operational technology cyber assets at Tennessee Valley Authority (TVA) natural gas plants were (1) designed in accordance with federal guidance and (2) operating as defined by TVA policy.  We determined TVA Generation’s backup and recovery procedure was designed in accordance with federal guidance for most areas.  However, the (1) procedure did not align with federal guidance for encryption and (2) process was not operating as defined by TVA Generation’s procedure.  Specifically, the National Institute of Standards and Technology recommends cryptographic mechanisms be implemented to prevent unauthorized disclosure and modification of data; however, encryption was not addressed in TVA Generation’s procedure.  Additionally, none of the plants selected for testing had a documented backup and recovery plan as required by procedure.

This report communicates the results of the Fiscal Year 2025 Federal Trade Commission Office of Inspector General review of the FTC’s compliance with the Payment Integrity Information Act of 2019 (PIIA) (Public Law 116-117).