Methods Modernization, Cybersecurity, and IT Management Concerns Want to Be Addressed

What GAO Found

The Department of Veterans Affairs (VA) has faced prolonged-standing difficulties in its initiatives to deploy information and facts engineering (IT) initiatives in two significant regions needing modernization: the department’s getting old health and fitness information program, acknowledged as the Veterans Wellness Data Units and Technologies Architecture (VistA) and VA’s out-of-date, non-integrated economic and acquisition administration programs requiring intricate manual function procedures that have contributed to the office reporting money management process performance as a material weak spot. Exclusively,

• GAO has noted on the problems that the section has faced with its a few earlier unsuccessful makes an attempt to modernize VistA around the previous 20 many years. In February 2021, GAO claimed that VA experienced made progress towards employing its fourth effort—a modernized digital health and fitness file process. Nevertheless, GAO stressed that the office wanted to handle all vital severity exam conclusions (that could consequence in process failure) and higher severity take a look at results (that could result in technique failure, but have acceptable workarounds) before deploying the technique at future spots.
• In March 2021, GAO noted on the department’s Fiscal Administration Small business Transformation, a software supposed to modernize monetary and acquisition techniques. GAO found that VA had usually adhered to finest methods in the regions of application governance, venture management, and screening. However, the department had not entirely satisfied best procedures for creating and handling price and agenda estimates. GAO suggested that VA stick to such procedures to assistance lower the dangers of value overruns and agenda delays.

GAO has also documented that VA has struggled to safe data systems and related knowledge put into action data protection controls and mitigate recognized security deficiencies set up crucial aspects of a cybersecurity possibility management program and detect, assess, and mitigate the pitfalls of facts and communications technology supply chains. GAO has designed many tips to VA to handle these spots. Lots of of individuals tips have been dealt with, but other people have not been totally implemented.

VA has shown mixed effects in employing critical provisions of the Federal Info Know-how Acquisition Reform Act (frequently referred to as FITARA). Particularly, VA has built substantial progress in increasing its licensing of software program, which led it to recognize $65 million in price discounts. Even further, it has manufactured some development in consolidating its info facilities and obtaining price discounts and avoidances. Even so, it has designed constrained development in addressing necessities connected to running IT expense possibility and boosting the authority of its Main Information Officer. Thoroughly implementing the act’s provisions would situation the office to produce much better services to our veterans by modern, protected technological know-how.

Why GAO Did This Review

The use of IT is very important to aiding VA successfully provide the nation’s veterans. The office per year spends billions of pounds on its information and facts methods and property. Its fiscal yr 2022 funds ask for is about $4.8 billion for its Office of Data and Technological know-how and $2.7 billion for electronic overall health file modernization.

GAO was questioned to testify on its prior IT perform at VA. Precisely, this testimony summarizes results and suggestions from GAO’s issued experiences that examined VA’s efforts in (1) modernizing VistA and its fiscal and acquisition administration methods (2) addressing cybersecurity problems and (3) utilizing FITARA. GAO reviewed its not too long ago issued studies that tackled IT and cybersecurity concerns at VA and adopted up on the department’s actions in response to recommendations.