Federal Reports

Under a contract monitored by the Office of Inspector General, Premier Services Group, LLC, (PSG) performed this audit to determine the Commission’s compliance with Fiscal Year (FY) 2025 reporting on improper payments. PSG concluded the Commission is in compliance and has met the requirements that are applicable to the agency for FY 2025.

We are pleased to present our report for the period October 1, 2025, to March 31, 2026.  In this semiannual period, our audit, evaluation, and investigative activities identified more than $41.7 million in questioned costs, recoveries, fees, and savings; and opportunities for Tennessee Valley Authority (TVA) to improve its programs and operations.  In our semiannual report feature, we discuss TVA’s role and challenges in Energizing the Valley’s and America’s Future. 

TVA manages one of the nation’s largest public power systems and faces a variety of strategic, operational, and compliance risks as the energy landscape rapidly evolves.  As TVA continues to build new generation and integrate new nuclear technologies to increase capacity, it must also keep at the forefront the need to maintain high reliability and keep rates as low as feasible.

The TVA OIG provides independent oversight with the vision to help make TVA better.  Through audits, evaluations, and investigations, the OIG identifies vulnerabilities, promotes efficiency, and addresses concerns involving fraud, waste, or misconduct.  By delivering objective analysis and actionable recommendations, the OIG supports TVA leadership in making informed decisions, enhancing transparency, and improving operations for the 10 million people of the Tennessee Valley.

The National Credit Union Administration (NCUA) Office of Inspector General (OIG) conducted this self-initiated audit to assess the NCUA’s Enterprise Risk Management Risk Profiles. The objective of our audit was to determine if the NCUA adequately established, maintained, and used risk profiles to address enterprise-level risks.

This report summarizes the results of our fiscal year 2025 Federal Information Security Modernization Act (FISMA) evaluation of the U.S. Small Business Administration’s (SBA) information security program.

We found SBA’s overall information security program has defined policies but the agency has not consistently implemented them, falling short of the Office of Management and Budget rating for effective security controls. SBA fell below the baseline for effective controls in 9 of the 10 domains. Domains are metrics used to assess the effectiveness of an agency’s information security program. SBA made progress in 1 of the 10 domains, incident response, which was rated as optimized, exceeding the baseline for effective security controls. SBA regressed in three other domains: information security and continuous monitoring, identity and access management, and risk and asset management.

This fiscal year there are 17 new recommendations to improve SBA’s IT security program. Additionally, the agency continues to make progress on implementing 13 open recommendations from 4 prior evaluations. SBA managers agreed and proposed corrective actions that resolved all recommendations.