We are pleased to present our report for the period April 1, 2012, through September 30, 2012. Once again our theme focuses on navigating risks faced by the Tennessee Valley Authority (TVA)—specifically, cyber security risk. Business leaders and government officials alike recognize the significant risk posed from cyber security threats that are constantly changing. As discussed in the feature article in this semiannual report, given what is at stake, it is imperative that agencies are agile enough to handle not only their identified historical threats, but any future threats as well. Click here to read this report…

As part of a series of reviews to evaluate TVA’s actions to address key risks, our office evaluated TVA’s physical assaults risk that was identified in TVA’s 2011 Enterprise Risk Management Program. Following the audit findings, TVA developed a mitigation strategy to reduce risk that included (1) creating a comprehensive physical security plan, (2) expanding employee education, (3) replacing communication infrastructure and equipment and (4) implementing a guard program. The report has been added to the Reports section of our Web site. Click here to read this report…