Federal Reports

The OIG audited TVA's compliance with the North American Electric Reliability Corporation's (NERC) Critical Infrastructure Protection (CIP) standards for logical and physical access for systems and locations that are considered high risk assets under NERC CIP standards. We found TVA was within the NERC CIP compliance standards for logical and physical access to high risk systems and locations with minor exceptions that were addressed during the audit. In addition, during our testing, we noted discrepancies between initial clearance dates in the hard copy and electronic records that were addressed during the audit.(Summary Only)

Transmittal of the Final Report, Opportunities Exist to Accelerate Maturation of the FTC’s Information Technology Governance Practices

Details

The Colorado Department of Health Care Policy and Financing (HCPF) had not implemented adequate information system general controls over the Colorado Medicaid eligibility determination and claims processing systems to fully comply with Federal requirements. The vulnerabilities that we identified increased the risk to the confidentiality, integrity, and availability of Colorado's Medicaid data. In evaluating HCPF's risk assessment, database security, Web site security, and universal serial bus (USB) device security for its Medicaid eligibility determination and claims processing information systems, we identified vulnerabilities related to inadequate risk assessment policies and procedures, improper administration of the Medicaid claims database, inadequate security of Medicaid databases, inadequate Web site security, and improper management of USB ports and devices.

Noridian Healthcare Solutions, LLC, a subsidiary of Noridian Mutual Insurance Company, did not claim $144,000 of allowable pension or postretirement benefit plan costs for Medicare reimbursement during fiscal years 2006 through 2008.