Federal Reports

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

For most Tennessee Valley Authority (TVA) employees, annual compensation consists of two components: base pay (salary) and pay at risk (Winning Performance [WP]). WP is a performance management program designed to promote teamwork, encourage high performance behaviors, and motivate and reward TVA employees for achieving goals aligned with TVA’s mission and values. We included an audit of TVA’s Load Not Served (LNS) WP measure in our annual audit plan because LNS was the second highest weighted measure in the fiscal year (FY) 2022 WP scorecard. LNS, which is an estimate of the megawatt hours not delivered when an interruption to a customer connection point is greater than or equal to 1 minute, was weighted at 30 percent at the target level on the WP scorecard for FY 2022. TVA’s total payout for WP for FY 2022 was $147.8 million, based on a total payout percentage of 119 percent of target. The LNS goal was paid at the threshold level for FY 2022 (50 percent of target) and accounted for about $18.6 million of the total $147.8 million payout. Our audit objective was to determine if adequate internal controls were in place to ensure accurate calculation and reporting of the LNS WP measure. Our audit scope included the LNS totals reported for WP in FY 2022 and the calculations’ compliance with Transmission Standard Programs and Processes (TRANS-SPP) 10.001, Rev. 5, Service Interruption Database Guidelines. Our scope did not include an assessment of the reasonableness of any exclusions allowed by TRANS-SPP-10.001.We determined the significant internal controls we identified for accurate LNS calculations were operating effectively. However, there were not adequate controls in place to ensure proper management approval of LNS exclusions. Additionally, we found some user access permissions were not appropriate.

We found that the Office of Diversity, Inclusion and Civil Rights applied an incorrect legal standard and backdated final agency decisions.

U.S. Immigration and Customs Enforcement (ICE) did not fully comply with Federal and departmental guidance for monitoring and overseeing transportation contracts. Specifically, ICE did not always appoint contracting officer’s representatives (COR) according to policy.

The Federal Information Security Modernization Act of 2014 (FISMA) requires each agency’s Inspector General (IG) to conduct an annual independent evaluation to determine the effectiveness of the information security program (ISP) and practices of its respective agency. Our objective was to determine the effectiveness of the Tennessee Valley Authority’s (TVA) ISP and practices as defined by the FY [Fiscal Year] 2023 – 2024 IG FISMA Reporting Metrics. Our audit scope was limited to answering the fiscal year (FY) 2023 IG metrics, which include 20 core IG metrics to be evaluated annually and remaining supplemental IG metrics will be evaluated on a two year cycle (Appendix B). The 20 core IG metrics were chosen based on alignment with Executive Order 14028, Improving the Nation's Cybersecurity, as well as recent OMB guidance to agencies in furtherance of the modernization of federal cybersecurity. The FISMA methodology considers metrics at a level 4 (managed and measurable) or higher to be at an effective level of security. Based on our analysis of the 40 IG metrics and associated maturity models, we found 21 of 40 IG metrics were at a level 1 (ad-hoc), level 2 (defined), or level 3 (consistently implemented); therefore, TVA's information security program was not operating in an effective manner.