The Federal Information Security Modernization Act of 2014 (FISMA) requires each agency’s Inspector General (IG) to conduct an annual independent evaluation to determine the effectiveness of the information security program (ISP) and practices of its respective agency. Our objective was to evaluate the Tennessee Valley Authority’s ISP and agency practices for ensuring compliance with FISMA and applicable standards, including guidelines issued by Office of Management and Budget and National Institute of Standards and Technology. Our audit scope was limited to answering the FY 2019 IG FISMA metrics developed as a collaborative effort by the Office of Management and Budget, Department of Homeland Security, and Council of Inspector Generals on Integrity and Efficiency in consultation with the Federal Chief Information Officer Council. The FY 2019 IG FISMA metrics recommend a majority of the functions be at a maturity level 4 (managed and measurable) or higher to be considered effective. Based on our analysis of the metrics and associated maturity levels defined with the IG FISMA metrics, we found three of the five functions fell below the targeted level 4; therefore, TVA’s ISP was not operating in an effective manner. We made eight specific recommendations to TVA management to make improvements in the ISP.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Tennessee Valley Authority | 2019 Federal Information Security Modernization Act | Audit | Agency-Wide | View Report | |
| Department of Health & Human Services | Georgia's Monitoring of Childcare Providers Ensured Provider Compliance With State Criminal Background Check Requirements | Audit | Agency-Wide | View Report | |
| Environmental Protection Agency | The Chemical Safety Board’s Information Security Program Is Defined, but Improvements Needed in Risk Management, Identity and Access Management, and Incident Response | Audit | Agency-Wide | View Report | |
| National Archives and Records Administration | Compendium of Open OIG Recommendations to NARA as of September 30, 2019 | Other | Agency-Wide | View Report | |
| Department of Agriculture | FAV—Healthy Hunger Free Kids Act of 2010—Controls over Food Service Account Revenue | Other | Agency-Wide | View Report | |
| U.S. Agency for International Development | Independent Audit Report on Direct Costs Incurred and Billed by Tetra Tech DPK, aka DPK Consulting (Tt DPK) [ARD, Inc.], USAID/Iraq Contract 267-C-00-10-00006-00, April 1, 2013, to September 30, 2015 | Other |
|
View Report | |
| U.S. Agency for International Development | Closeout Audit of the Fund Accountability Statement of Hope Flowers School, Peace Building Via Civil Society Cooperation for People with Disabilities in West Bank and Gaza, Cooperative Agreement 294-A-16-00009, January 1, 2018 to January 31, 2019 | Other |
|
View Report | |
| U.S. Agency for International Development | Financial Audit of USAID Resources Managed by Kenya Medical Supplies Authority Under Contract AID-615-C-15-00003, July 1, 2017, to June 30, 2018 | Other |
|
View Report | |
| U.S. Agency for International Development | Examination of Costs Claimed for Kimetrica, LLC for the Fiscal Years Ended December 31, 2014 and 2015 | Other |
|
View Report | |
| U.S. Agency for International Development | Operation Pacific Eagle-Philippines Lead Inspector General Quarterly Report to the United States Congress, October 1, 2019 to December 31, 2019 | Other | Agency-Wide | View Report | |
