Why GAO Did This Study
“The use of IT is crucial to helping VA effectively serve the nation’s veterans. The department annually spends billions of dollars on its information systems and assets. Its fiscal year 2022 budget request is about $4.8 billion for its Office of Information and Technology and $2.7 billion for electronic health record modernization.”
“GAO was asked to testify on its prior IT work at VA. Specifically, this testimony summarizes results and recommendations from GAO’s issued reports that examined VA’s efforts in (1) modernizing VistA and its financial and acquisition management systems; (2) addressing cybersecurity issues; and (3) implementing FITARA. GAO reviewed its recently issued reports that addressed IT and cybersecurity issues at VA and followed up on the department’s actions in response to recommendations.”
What GAO Found
“The Department of Veterans Affairs (VA) has faced long-standing challenges in its efforts to deploy information technology (IT) initiatives in two critical areas needing modernization: the department’s aging health information system, known as the Veterans Health Information Systems and Technology Architecture (VistA); and VA’s outdated, non-integrated financial and acquisition management systems requiring complex manual work processes that have contributed to the department reporting financial management system functionality as a material weakness. Specifically,
- GAO has reported on the challenges that the department has faced with its three previous unsuccessful attempts to modernize VistA over the past 20 years. In February 2021, GAO reported that VA had made progress toward implementing its fourth effort—a modernized electronic health record system. However, GAO stressed that the department needed to address all critical severity test findings (that could result in system failure) and high severity test findings (that could result in system failure, but have acceptable workarounds) before deploying the system at future locations.
- In March 2021, GAO reported on the department’s Financial Management Business Transformation, a program intended to modernize financial and acquisition systems. GAO found that VA had generally adhered to best practices in the areas of program governance, project management, and testing. However, the department had not fully met best practices for developing and managing cost and schedule estimates. GAO recommended that VA follow such practices to help minimize the risks of cost overruns and schedule delays.”
“GAO has also reported that VA has struggled to secure information systems and associated data; implement information security controls and mitigate known security deficiencies; establish key elements of a cybersecurity risk management program; and identify, assess, and mitigate the risks of information and communications technology supply chains…”
Recommendations
“GAO has made numerous recommendations in recent years aimed at improving VA’s IT system modernization efforts, cybersecurity program, and implementation of key FITARA provisions. While VA has generally agreed with these, it still needs to implement many of the recommendations.”
Access the full 31-page report here.
Source: Veterans Affairs: Systems Modernization, Cybersecurity, and IT Management Issues Need to Be Addressed – July 1, 2021. GAO.
