Systems modernization, cybersecurity and IT management issues need to be addressed

What GAO found

The Department of Veterans Affairs (VA) has faced long-standing challenges in its efforts to deploy information technology (IT) initiatives in two critical areas in need of modernization: Vue); and the outdated and unintegrated VA financial management and procurement systems requiring complex manual work processes which contributed to the department flagging the functionality of the financial management system as a significant weakness. Specifically,

  • GAO reported on the challenges the department has faced in its three previous failed attempts to modernize VistA over the past 20 years. In February 2021, GAO reported that VA had made progress in implementing its fourth effort, a modernized electronic health records system. However, GAO stressed that the department needs to process all critical severity test results (which may lead to system failure) and high severity test results (which may lead to system failure, but have acceptable workarounds. ) before deploying the system to future locations.
  • In March 2021, GAO reported on the Ministry’s Financial Management Business Transformation, a program to modernize financial and procurement systems. GAO found that VA generally adhered to best practices in the areas of program governance, project management, and testing. However, the department had not fully followed best practices for developing and managing cost and schedule estimates. The GAO recommended that VA follow such practices to help minimize the risk of cost overruns and schedule delays.

GAO also reported that VA has struggled to secure information systems and associated data; implement information security controls and mitigate known security gaps; establish the key elements of a cybersecurity risk management program; and identify, assess and mitigate risks in information and communications technology supply chains. GAO has made numerous recommendations to VA to address these areas. Many of these recommendations have been taken into account, but others have not been fully implemented.

VA has had mixed results in implementing key provisions of the Federal Information Technology Acquisition Reform Act (commonly referred to as FITARA). Specifically, VA has made substantial progress in improving its software licensing, leading it to identify $ 65 million in cost savings. In addition, it has made progress in consolidating its data centers and in achieving savings and cost avoidance. However, it has made limited progress in meeting the demands of managing IT investment risk and strengthening the authority of its CIO. Full implementation of the provisions of the act would allow the department to provide better service to our veterans through modern and secure technology.

Why GAO did this study

The use of computers is crucial in helping VA to effectively serve the country’s veterans. The department spends billions of dollars each year on its information systems and assets. Its budget request for fiscal year 2022 is approximately $ 4.8 billion for its information and technology office and $ 2.7 billion for electronic health records modernization.

GAO was invited to testify about their previous IT work at VA. Specifically, this testimony summarizes the findings and recommendations of reports published by GAO that examined VA’s efforts in (1) modernizing VistA and its financial management and procurement systems; (2) resolve cybersecurity issues; and (3) the implementation of FITARA. GAO reviewed its recently released reports that addressed IT and cybersecurity issues at VA and followed up on the department’s actions in response to the recommendations.

Comments are closed.