Federal Reports

We conducted a review of 52 TVA non-compete contracts to determine whether non-competed contracts are issued and administered in compliance with TVA policies and procedures, including assessing the justification for the non-competed contract award. We found: Two contracts could not initially be located for review and seven did not have Form17388 and/or the appropriate notification/approval required by TVA policies and procedures. Form17388 is required with the appropriate signatures and justification for the contract. Three of the contracts reviewed did not appear to have an appropriate justification as outlined in Section9(b) of the TVA Act and INSTRUCTION1, Business Practice9, Implementing Procedures. Multiple contracts not governed by BP9 are classified under a justification in PassPort that does not apply to the contract. Management generally agreed with our findings and recommendations and is taking or plans to take corrective action.

We determined: TVA's Privacy Summary Report to the OIG needed improvement in three areas.TVA's privacy policies and procedures were generally consistent with federal requirements; however, we noted (1) five areas where we believe further guidance is needed, and (2) TVA is in the process of updating its privacy policies and procedures.While TVA has made progress in implementing privacy program components, a focused effort is needed to strengthen the program by: (1) completing implementation of planned privacy assessments of all systems identified with Information in Identifiable Form (IIF), and (2) ensuring privacy activities are better integrated between TVA groups who have privacy responsibilities.TVA needs to improve its privacy practices through (1) reviews and updates of Systems of Records notices and (2) implementation of best practices on systems with IIF.At the completion of our fieldwork on March8, 2007, our review found there were no significant IIF compromises reported to the OIG for the two-year period ending December6, 2006, and no instances of criminal or civil liability relating to loss of personal information were reported by the General Counsel's office. However, an issue came to our attention subsequent to our review indicating IIF was available on temporary share drives to anyone with a TVA network account. TVA management generally agreed with our recommendations and has taken or is taking corrective action.

We determined:The PRIS backup failure was due to (1)human error and (2)the lack of proper controls which would have detected PRIS was no longer on the master backup schedule which resulted in not having backups performed for PRIS.The PRIS server failure was due to hardware failures and the impact was magnified by human error.The Performance Review & Development data was not adequately secured when regenerated in recovery efforts.TVA management agreed with the findings and has taken or is taking corrective action.

We audited $249million of costs for parts and services for Browns Ferry Nuclear Plant paid by TVA to a contractor from January1, 2000, through May31, 2006. We found the contractor overbilled TVA about $960,000 because the contractor had not always included discounts on prices it billed TVA as required by the contract. TVA management is working with the contractor to determine what impact, if any, a previous verbal agreement regarding the contract discount structure may have on the amount owed to TVA. Summary Only