Federal Reports

The Tennessee Valley Authority (TVA) vendor management system is a cloud based system physically located away from TVA facilities and outsourced to a third party. The OIG audited the vendor management system to assess the (1) data processing and application controls to ensure data integrity and reliability and (2) logical security controls to ensure only authorized access to system resources and protection of sensitive information. Our scope included TVA's vendor management system and its interfaces to TVA systems. We found TVA system interfaces associated with the vendor management system had reasonable data processing and application controls to ensure data integrity and reliability. However, we found weaknesses in the logical security controls that increase the risk of unauthorized access to TVA data. TVA and the third party responsible for the vendor management system agreed with our findings and recommendations.(Summary Only)

The North Mississippi Medical Center (the Hospital) (operating in Tupelo, Mississippi) complied with Medicare billing requirements for 158 of the 237 inpatient and outpatient claims we reviewed. However, the Hospital did not fully comply with Medicare billing requirements for the remaining 79 claims, resulting in overpayments of $41,000 for the audit period. Specifically, 4 inpatient claims had billing errors, resulting in overpayments of $12,000, and 75 outpatient claims had billing errors, resulting in overpayments of $29,000. These errors occurred primarily because the Hospital did not have adequate controls to prevent the incorrect billing of Medicare claims within the selected risk areas that contained errors. On the basis of our sample results, we estimated that the Hospital received overpayments of at least $119,000 for the audit period.