Federal Reports

Between January 1, 2022, and July 8, 2025, TVA spent about $47 million on tools across the fleet.  Due to the amount spent on tools at TVA, we performed an audit of TVA’s tool management controls.  Our audit objective was to determine if controls are in place to safeguard tools at selected sites.  Our audit scope was limited to controls in place at selected sites during our site visits which occurred between May 28, 2025, and June 17, 2025.

Each of the selected sites had some physical controls in place to safeguard tools; however, some sites had more controls in place than others. Specifically, all sites included in our scope used tool room attendants and physical access controls on the main tool room doors, but not all the sites used safeguards such as video surveillance or web-based tool tracking.  Additionally, we determined the only policy or procedure in place to safeguard tools across TVA was Nuclear’s Business Practice 226, Tool and Equipment Accountability, which we determined was not effectively implemented. We also determined that the limited guidance resulted in control weaknesses in tool management.

The Amtrak Office of Inspector General Semiannual Report to the United States Congress for the six months ending September 30, 2025, summarizes our independent and objective reviews and investigations related to Amtrak’s programs and operations.

NGA OIG Fall Semiannual Report to Congress, 1 April - 30 September 2025

The Federal Information Security Modernization Act of 2014 (FISMA) requires Federal agencies to develop, document, and implement an agency-wide information security program to ensure that information technology resources are adequately protected. FISMA mandates that each agency Office of Inspector General, or external auditor, as determined by the Inspector General, perform an annual independent evaluation of the agency’s information security program and practices to determine its effectiveness.

As an independent agency within the Department of Energy, the Federal Energy Regulatory Commission (FERC) is mandated to comply with FISMA. Therefore, we initiated this evaluation to determine whether FERC’s unclassified cybersecurity program adequately protected data and information systems in accordance with FISMA. The Office of Inspector General contracted with KPMG LLP to assist in the assessment of FERC’s unclassified cybersecurity program. The Office of Inspector General monitored KPMG LLP’s work to ensure it complied with applicable requirements.

Our fiscal year 2025 evaluation found that FERC had adequately protected data and information systems in accordance with FISMA. Specifically, during our review of the FISMA security metrics, we determined that FERC had implemented an effective unclassified cybersecurity program within the context of the maturity model. In addition, based on our limited testing of general information technology controls and business process application controls at FERC, we determined that all selected controls were adequately designed, implemented, and operating effectively through fiscal year end.

Based on our review of the required FISMA metrics and selected controls over financial processes, we did not identify weaknesses that required immediate corrective actions related to FERC’s cybersecurity program. As such, we did not make any recommendations.

We determined that the Forest Service did not provide financial assistance to facilities that purchase and process ecosystem restoration byproducts in accordance with IIJA requirements, resulting in $86 million in questioned costs and $94 million in unsupported costs.