Federal Reports

We reviewed 42 loans initiated through Economic Development's (ED) four loan programs (Economic Development Loan Fund, Minority Business Development Loan Fund, Business Incubator Loan Fund, and Special Opportunity Counties Loan Fund) and found:Management had not fully implemented procedures governing the loan administrative process after closing, as agreed upon in response to Audit2004-011F.Noncompliance with ED loan guidelines in 13 of 42 loan files reviewed.Uncollectible ED loans were not written off in a timely manner as required by generally accepted accounting principles.Explanations provided by ED management for 10 of the 13 loan files where noncompliance was noted indicated the Loan Approval Committee made exceptions and approved loan applications even though they were not in compliance with program guidelines. Of these ten loans, five were identified as being in default status indicating that departure from guidelines could have potentially contributed to the loan defaults. Our review noted no other specific trends in the loan files that appeared to contribute to loan defaults. At ED's request, we reviewed ED's draft Loan Manual and identified improvement opportunities. Management generally agreed with our findings and recommendations and is taking or plans to take corrective action.

To obtain further information, please contact the OIG Office of Counsel at OIGCounsel@oig.treas.gov, (202) 927-0650, or by mail at Office of Treasury Inspector General, 1500 Pennsylvania Avenue, Washington DC 20220.

We conducted a review of 52 TVA non-compete contracts to determine whether non-competed contracts are issued and administered in compliance with TVA policies and procedures, including assessing the justification for the non-competed contract award. We found: Two contracts could not initially be located for review and seven did not have Form17388 and/or the appropriate notification/approval required by TVA policies and procedures. Form17388 is required with the appropriate signatures and justification for the contract. Three of the contracts reviewed did not appear to have an appropriate justification as outlined in Section9(b) of the TVA Act and INSTRUCTION1, Business Practice9, Implementing Procedures. Multiple contracts not governed by BP9 are classified under a justification in PassPort that does not apply to the contract. Management generally agreed with our findings and recommendations and is taking or plans to take corrective action.

We determined: TVA's Privacy Summary Report to the OIG needed improvement in three areas.TVA's privacy policies and procedures were generally consistent with federal requirements; however, we noted (1) five areas where we believe further guidance is needed, and (2) TVA is in the process of updating its privacy policies and procedures.While TVA has made progress in implementing privacy program components, a focused effort is needed to strengthen the program by: (1) completing implementation of planned privacy assessments of all systems identified with Information in Identifiable Form (IIF), and (2) ensuring privacy activities are better integrated between TVA groups who have privacy responsibilities.TVA needs to improve its privacy practices through (1) reviews and updates of Systems of Records notices and (2) implementation of best practices on systems with IIF.At the completion of our fieldwork on March8, 2007, our review found there were no significant IIF compromises reported to the OIG for the two-year period ending December6, 2006, and no instances of criminal or civil liability relating to loss of personal information were reported by the General Counsel's office. However, an issue came to our attention subsequent to our review indicating IIF was available on temporary share drives to anyone with a TVA network account. TVA management generally agreed with our recommendations and has taken or is taking corrective action.

We determined:The PRIS backup failure was due to (1)human error and (2)the lack of proper controls which would have detected PRIS was no longer on the master backup schedule which resulted in not having backups performed for PRIS.The PRIS server failure was due to hardware failures and the impact was magnified by human error.The Performance Review & Development data was not adequately secured when regenerated in recovery efforts.TVA management agreed with the findings and has taken or is taking corrective action.