<DOC> [109 Senate Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:25790.wais] S. Hrg. 109-498 INFORMATION AND TECHNOLOGY AT THE VA: IS IT READY FOR THE 21ST CENTURY? ======================================================================= HEARING BEFORE THE COMMITTEE ON VETERANS' AFFAIRS UNITED STATES SENATE ONE HUNDRED NINTH CONGRESS FIRST SESSION __________ OCTOBER 20, 2005 __________ Printed for the use of the Committee on Veterans' Affairs Available via the World Wide Web: http://www.access.gpo.gov/congress/ senate ______ U.S. GOVERNMENT PRINTING OFFICE 25-790 WASHINGTON : 2006 _____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512ÿ091800 Fax: (202) 512ÿ092250 Mail: Stop SSOP, Washington, DC 20402ÿ090001 COMMITTEE ON VETERANS' AFFAIRS Larry Craig, Idaho, Chairman Arlen Specter, Pennsylvania Daniel K. Akaka, Ranking Member, Kay Bailey Hutchison, Texas Hawaii Lindsey O. Graham, South Carolina John D. Rockefeller IV, West Richard Burr, North Carolina Virginia John Ensign, Nevada James M. Jeffords, (I) Vermont John Thune, South Dakota Patty Murray, Washington Johnny Isakson, Georgia Barack Obama, Illinois Ken Salazar, Colorado Lupe Wissel, Majority Staff Director D. Noelani Kalipi, Minority Staff Director C O N T E N T S ---------- DATE SENATORS Page Akaka, Hon. Daniel K., U.S. Senator from Hawaii.................. 2 Craig, Hon. Larry, Chairman, U.S. Senator from Idaho............. 1 Salazar, Hon. Ken, U.S. Senator from Colorado.................... 3 Thune, Hon. John, U.S. Senator from South Dakota................. 5 WITNESSES Mansfield, Gordon H., Deputy Secretary, Department of Veterans Affairs, accompanied by: Robert N. McFarland, Assistant Secretary for Information Technology and Chief Information Officer, Department of Veterans Affairs; Robert Lynch, M.D., VISN 16 Director, VHA; and Jack McCoy, Associate Deputy Under Secretary for Policy and Program Management, VBA............... 5 Prepared statement........................................... 8 Responses to written questions submitted by: Hon. Daniel K. Akaka..................................... 11 Hon. John D. Rockefeller IV.............................. 15 Wohlleben, Paul, Partner, Grant Thorton, LLP, on Behalf of the Information Technology Association of America.................. 29 Prepared statement........................................... 31 Koontz, Linda D., Director, Information Management Issues, United States Government Accountability Office........................ 32 Prepared statement........................................... 34 APPENDIX Articles: Improving Patient Care....................................... 47 Revamped Veterans' Health Care Now a Model................... 55 Brief Report: Quality of Ambulatory Care for Women and Men in the Veterans Affairs Health Care System.................... 58 Special Communication: Five Years After to Err is Human...... 62 Washington Monthly: The Best Care Anywhere................... 69 U.S. News & World Report: America's Best Hospitals........... 83 INFORMATION AND TECHNOLOGY AT THE VA: IS IT READY FOR THE 21ST CENTURY ---------- THURSDAY, OCTOBER 20, 2005 U.S. Senate, Committee on Veterans' Affairs, Washington, D.C. The committee met, pursuant to notice, at 10:05 a.m., in room SR-418, Russell Senate Office Building, Hon. Larry Craig (Chairman of the committee) presiding. Present: Senators Craig, Thune, Isakson, Akaka and Salazar. OPENING STATEMENT OF HON. LARRY CRAIG, CHAIRMAN, U.S. SENATOR FROM IDAHO Chairman Craig. Good morning, everyone. The Committee on Veterans' Affairs meets this morning to receive testimony on VA's effort to reorganize both the internal management structure of its information technology programs and the financing of its IT development projects. This is a critically important topic for oversight, I think, by this committee. I say in all seriousness to my colleagues that VA's ability to provide quality health care, timely and accurate benefits decisions and compassionate readjustment counseling for our veterans in the future rests largely on its ability to modernize its IT infrastructure. Tomorrow's modernization requires strong, qualified, rigorous management today. I want to stress that this is not a hearing intended to chide VA for failures in its IT program management. In fact, VA has had numerous successes in its IT programs, and I think we can be proud of those successes. For example, I do not think there is a person in the health care industry that is not overwhelmed by, and frankly, jealous of VA's electronic health records. Just recently, during the events of Hurricane Katrina, we saw firsthand how important the electronic records can be for our veterans. That success did not go unnoticed to even Time Magazine, which recently wrote in a story about medical care during Hurricane Katrina, ``Throughout the chaos of Katrina, doctors treating displaced patients in the Veterans Affairs system have had access to information that those outside the VA are dreaming of: up to 20 years of lab results and 6 years worth of x-rays, scans, doctors' notes and medication records, available for all 5.2 million active patients.'' This is truly a remarkable achievement. Still, there have been some shortcomings in the management of VA's IT projects. Most recently there was a failure for the core financial and logistics system VA attempted to implement at the Bay Pines Medical Center in Florida. In that case taxpayers spent hundreds of millions of dollars, and VA spent thousands of man hours. Still, at the end of the day, taxpayers and VA had nothing to show for it. Clearly, Congress cannot continue to fund failures, especially ones of that scale. To the end, the Senate, through the Appropriations bill for MilCon/VA, recently took action to protect taxpayers from large scale project management failures. The fiscal year 2006 MilCon/ VA Appropriations bill places VA's IT budget under one person. Further, and perhaps more importantly, the bill withholds VA IT project monies for the new Health-e-Vet project until VA reorganizes its IT management, to make certain that the project is run by a well-qualified project manager. Changes such as this one will have consequences large and small all across the Agency, and it is important that this committee understand those consequences and any tradeoffs that may come from such a move. As has been pointed out to me on more than one occasion, VA is one of the largest agencies in Government. A change in management structure that will affect over 200,000 people must be done in a thoughtful manner and implemented correctly. The question before the committee today, that I hope we have answers by our witnesses, is a very special one: How can we ensure that the Department undertakes very costly projects to both upgrade its IT programs and build newer programs so we see more successes like those in the electronic health records systems, and less very expensive failures such as the one that took place with Core FLS? To answer that question, and perhaps many others, we will hear from witnesses from VA, the Government Accountability Office and the Information Technology Association of America. Before I call upon our witnesses, I would like to turn to my Ranking Member, Senator Akaka, for any opening comments he would like to make. Danny. OPENING STATEMENT OF HON. DANIEL K. AKAKA, U.S. SENATOR FROM HAWAII Senator Akaka. Thank you very much, Mr. Chairman. I want to thank you for this hearing. A hearing on this issue is long overdue, as you state, and I am with you on your statement that you have just made, and to let our witnesses know that we are doing this to try to improve the system. I also want to welcome all of our witnesses to this hearing. In the recent past I can recall one IT hearing. I believe it was a field hearing 2 years ago, chaired by my predecessor's Ranking Member, which focused on VA's failed $300 million financial and logistics IT system. By now we all have heard the story. It is a story of unrealistic expectations and complete mismanagement of a contractor, and it is a costly story, one which wasted taxpayer dollars and caused failures in the delivery of medical care. I would remind my colleagues that VA paid the contractor a bonus after they knew that the system had failed. This was shameful. Some would argue that we may soon have at our feet another IT disaster. VA is in the midst of a major initiative to modernize its VISTA system. Fortunately, VA had the wisdom to hire an expert to evaluate the project and to identify the problems before they go too far down this expensive road. Carnegie Mellon found major problems with VA's approach. The analysts at Carnegie Mellon wrote, and I quote, ``Current plans are not realistic given the complexity and magnitude of the project and VA's ability to carry them out.'' Hopefully, VA will be able to reverse course and solve these problems. I must question if VA had bitten off more of an IT solution than it can chew, especially because the system which it was designed to replace, is still in much demand in the health care sector. The VA has had its IT successes. A much mentioned example is the world class electronic medical records system, which proved its viability and robustness in the days following Hurricane Katrina. Yet with each endeavor, we must be cognizant of the bottom line. Given VA's limited health care budget, we cannot afford to sink millions into IT solutions that may not be viable. We have to figure out how we can become smarter and better in the way we plan for and implement new or replacement IT solutions. It is extremely important for our veterans and for taxpayers that Congress ensures effective management of information technology within VA. It is all the more important because all veterans have come to rely on IT solutions every day to faultlessly deliver their benefits and services. For me, the question confronting the committee today is whether or not VA should be directed through legislation on how to solve its IT problems. Mr. Chairman, I look forward to this hearing and to eventually continuing to work with you on this problem. Thank you very much. Chairman Craig. Senator Akaka, thank you very much. We have been joined by our colleague, Senator Salazar. Ken, do you have any opening comment? OPENING STATEMENT OF HON. KEN SALAZAR, U.S. SENATOR FROM COLORADO Senator Salazar. Thank you, Chairman Craig and Senator Akaka. Today we will discuss proposals to centralize VA's information technology system. I want to use my opening statement to offer a cautionary note to all of you who will work on this very important project for the VA. I agree that a centralized IT structure has the potential to eliminate waste as much as $345 million a year, and to improve the care of veterans. This is a notable and a very important goal. However, wonder about the VA's ability to make this transformation quickly. I fear that if we push VA too hard and too fast we may set the agency up for failure and waste hundreds of millions of dollars in the process, as we have some with many agencies at both the Federal and State level as they implement new IT projects over the last decade. These Federal IT programs are expensive and we do have a record of failure with many of these projects. The IRS and the FBI are recent examples of failures. VA has also seen major IT problems with Core FLS, which was scrapped last year after $342 million was wasted. HR Links was cancelled after $300 million was spent. These are warning systems about what we had to do, or warning signs about what we had to do as we move forward to centralization. In addition, there is a deeply entrenched culture of decentralization of VA. VA's IT structure is inherently decentralized because of its history. VistA, VA's biggest IT success story, is a 30-year-old outgrowth of DHCP. This program was developed by individual VA programmers working without permission from VA Headquarters. It worked because it was developed locally and was flexible. To this day individual hospitals have excellent IT systems because of VistA. I do not suggest that this system is perfect. Individual hospitals have trouble sharing records, but transformation is especially risky because the VA may not have the capacity to make such a large change. I want to note four or five concerns that I have in terms of the transition. First, this kind of transition requires buy- in from top management. The VA's record here is not particularly encouraging. It took 5 years after the Clinger- Cohen Act before VA appointed a full-time CIO. The VA CIO has since been slow in implementing major reforms. VA's leadership is opposed to the centralized model espoused in the Gartner Report and in the House legislation as I understand it. Second, the transition cannot succeed without cooperation and input from the individualized service networks and hospitals that will use the product. In the past individual VA hospitals have been reluctant to work with VA's CIO or cede any budget authority. Third, funding. VA's CIO currently directly controls $50 million, only 3 percent of VA's total IT budget, 3 percent of the entire IT budget for VA. The CIO's office recently has had to cancel conferences because of budgetary constraints. The CIO does not currently have the capacity to spend significantly more money. Fourth, good contracting is a keystone to a successful project. One of the main reasons VA's recent IT have failed is the VA did not have the capacity to establish good contracts and to oversee them. Just last month, VA's CIO, Robert McFarland, testified candidly that contracting delays held up the Gartner study for months. Fifth, the length of service. GAO reported that it often takes as many as 5 years for a CIO at a Federal agency to make an impact, but the average tenure of a CIO is only 2 years. Mr. McFarland testified that a centralized model is best long term for VA, but he does not think he can accomplish this in his tenure. He likened this task to, ``pouring concrete with good rebar.'' I am raising these cautions now because I am pessimistic or have given up on reforming the VA on this system. The VA definitely needs to move forward towards centralization. Congress, however, must work with the VA, and we must move forward with caution. Given the VA CIO more budget authority and oversight would be a step in the right direction, in my view, if it is done right and it is done at the appropriate pace. I thank the Chair, and I look forward to the hearing. Chairman Craig. Ken, thank you very much. Now let us turn to our first panel. We have the Hon. Gordon H. Mansfield, Deputy Secretary, Department of Veterans Affairs. He is accompanied by the Hon. Robert N. McFarland, Assistant Secretary for Information Technology and Chief Information Officer, Department of Veterans' Affairs. We have two additional witnesses seated at the table: Dr. Robert Lynch, VISN 16 Director, VHA; and Jack McCoy, Associate Deputy Under Secretary for Policy and Program Management. Welcome, gentlemen. We appreciate you being with us this morning. Before I ask your thoughts, we have just had another one of our colleagues arrive. Senator Thune, do you have any opening comments prior to us going to the first panel? OPENING STATEMENT OF HON. JOHN THUNE, U.S. SENATOR FROM SOUTH DAKOTA Senator Thune. Mr. Chairman, I just want to thank you for holding this hearing. I am very interested in the subject of information technology and its application to health care, and I appreciate the good work the VA has done in leading the way and pioneering some of the technologies, and I am also pleased that they are making some of those same technologies available to nongovernment doctors and hospitals, and I am hopeful that in today's high tech world that it will become more possible to rapidly exchange information electronically, and that these exchanges will, in fact, do a lot to help the health care sector of additional patients. I want to congratulate you for holding this hearing, and am anxious to hear the testimony from our panelists today, and look forward to working with the VA to continue to improve the quality of care that they deliver to America's veterans, and hope that we can take some of the things that are happening in the area of electronic medical records that is already under way at the VA and see that more readily applied in other areas of our health care economy in this country. That is all I have, Mr. Chairman. Thank you. Chairman Craig. Senator, Thank you very much. Now we will turn to the panel, and Gordon, we will start with your testimony first. Please proceed. STATEMENT OF GORDON H. MANSFIELD, DEPUTY SECRETARY, DEPARTMENT OF VETERANS AFFAIRS, ACCOMPANIED BY: ROBERT N. McFARLAND, ASSISTANT SECRETARY FOR INFORMATION TECHNOLOGY AND CHIEF INFORMATION OFFICER, DEPARTMENT OF VETERANS AFFAIRS; ROBERT LYNCH, M.D., VISN 16 DIRECTOR, VHA; AND JACK McCOY, ASSOCIATE DEPUTY UNDER SECRETARY FOR POLICY AND PROGRAM MANAGEMENT, VBA Mr. Mansfield. Thank you, Mr. Chairman, and Mr. Akaka and Members of the committee. I am pleased to be here this morning to discuss the VA's ongoing activities in reorganization of our information technology programs. Before I start, I would just like to make the point that Dr. Lynch, who is here with me, is the head of our largest health care network, VISN 16, and this is the man who was on the scene in the efforts in Katrina and Rita, and he was the one that we were talking to from the VA Ops Center, and he was in charge of the folks on the scene down there. I have to tell you that he is a personal hero of mine for all the efforts he has done down there. Chairman Craig. He certainly deserves our congratulations. It was a job very well done. Mr. Mansfield. Sir, I request that my full statement be entered in the record, and I also request that the articles noted in the formal statement be entered into the record, with your permission. Chairman Craig. Without objection, all of your statements will be a full part of the record. Mr. Mansfield. Thank you. In starting I want to emphasize that IT is a tool to be utilized to assist us to carry out the Department's reason for existence, to deliver services and benefits to our Nation's veterans. Last year we provided health care to 5.2 million veterans out of 7.1 million that are enrolled. We provided compensation and pension benefits to more than 3.5 million veterans and dependents. We provided over 500,000 veterans and family members education benefits, and 95,000 received vocational rehabilitation. We buried 95,000 veterans in our cemeteries. These large numbers are made up of individuals who have earned the benefits we are charged with delivering. I believe we have an obligation to these millions of veterans who operate by the principle that we must first do no harm, a part of the Hippocratic oath that doctors take when they are treating patients, to do no harm. Secondly, we should deliver these services and benefits that they require in a timely and efficient manner. Our current IT system is assisting us in doing that now. We are delivering those benefits each day, each month, and throughout the year. You mentioned the history. In the past we decentralized this system, and this action gained us effectiveness. However, that effectiveness has come with a loss of some efficiencies. For example, we have situations where all three administrations, Benefits, Health Care and Cemetery, are co- located on the same campus, yet each is running a separate IT system. For example, as an illustration, I point to the Hines VA Medical Center in Chicago, where the Veterans Health Care Administration has a major computing center, and within a few hundred yards the Veterans Benefits Administration runs another major IT center. These facilities are separated by a chain link fence, but that is instrumental in the picture because their IT systems are not connected and we are not gaining efficiencies that are available. Another example is Milwaukee, where we have a Cemetery Office, a Benefits Regional Office and a hospital all on the same campus, and the same thing is true. As a result, when Mr. McFarland came to the VA in 2004, he recommended, and I agreed based on the history that has been discussed here in the introduction, that we had major issues in IT and that we needed an outside consultant to review the total IT program. The goal was to give us an ``as is'' view of the organization, and we chose Gartner Corporation as a consultant to help us do that. That consultant's report also gave us not only an ``as is'', what the existing efforts were, but some recommendation or options on a ``to be'' position. They confirmed that the VA's IT resources are currently operated and managed within a highly decentralized structure. Assistant Secretary McFarland, our CIO, oversees right now a staff, as mentioned, of about 350 individuals on a budget of roughly 40 to 50 million. While responsible for ensuring the success of all the VA's IT operations, he has no direct management control or organizational authority over the great majority of VA's IT resources. We can only provide policy guidance, budgetary review and general oversight via indirect supervision. Following a briefing on the Gartner Report, Secretary Nicholson asked me to review the options provided with the CIO and the Under Secretaries for Administration and recommend a course of action. The senior management, the Secretary, myself, the CIO, the Under Secretaries, believe that the federated model presented in that report is the best answer for the VA. All IT operational service delivery personnel and the budget associated with their support to include all non-medical IT equipment, maintenance and contract support, will come under the direct supervision of a national organization that reports directly to the CIO's office. For example, all cyber security personnel and programs will be centralized to the Office of Cyber Security under the CIO. This organization will deliver all IT-related operational services to all elements of the VA based upon negotiated and formerly agreed upon set of specific standard IT services delivered according to a clearly understood and documented set of service level agreement standards. The CIO clearly maintains overall responsibility for the successful management of these resources and continues to provide budget oversight policy and program management direction for the Department in the model that we have chosen. Budget authority would be centralized to the CIO. We know that this is a concern of the Appropriations Subcommittee and we are in agreement with the approps they have taken. Most IT employees will be under the CIO's authority, running the IT operations infrastructure for the VA. The chief difference is, one, selection, and our selection is that administration IT employees will continue to do software development and software application selections that are vital to health care or benefits function. This will ensure that proper planning, design, integration and standardization requirements are followed throughout the Department as we build our next generation systems. CIO will still have budget decision authority over all development projects. Let me close by pointing out why VA believes this plan is going to work. First, we have reviewed and learned from the lessons of the past, some of the incidences that have been presented here in your introductory statements. We know that we must communicate to our workforce the backing of the entire departmental leadership from the Secretary on down, and I would make the point that while the CIO is present for maybe only 2 years, if he has the direct backing of the Secretary, then I believe that he can move forward a lot quicker and get the job done, and that is part of what we are depending on. Second, we need to take the time needed to explain this process to the whole workforce. We also need to involve workforce in the actual planning process to define changes needed and the timelines needed to make effective change. Third, we need to have a check, a recheck, and a third check to make sure that all aspects of the plan and how, in being implemented, are checked each and every step of the way. We must be prepared to make adjustments as necessary, as we learn from our implementation plan. Fourth, we need to report to outside entities as appropriate, to the Congress, to the VSO partners and to others who would be interested in this area. Fifth, we need to ensure right from the start all the way through the finish, that senior leadership from the Secretary on down, are continually following through on all planning and implementation. Sixth, as mentioned, more than IT is being reorganized. Our Procurement Office is also undergoing a change of leadership to better enable us to deal with contracts and implementation. The Secretary has recently made a decision to proceed with implementing the federated model and reorganizing VA IT, and the leadership represented here at this witness table is committed to making that happen. Thank you for inviting us here to discuss these important matters, and we look forward to answering your questions. [The prepared statement of Mr. Mansfield follows:] Prepared Statement of Gordon H. Mansfield, Deputy Secretary, Department of Veterans Affairs Thank you, Mr. Chairman. I am pleased to appear before this Committee on behalf of the Secretary and the Department to discuss with you the Department of Veterans Affairs (VA) information technology infrastructure reorganization assessment. The Department's business is the health and well-being of our nation's veterans. To ensure mission success, it is imperative that we employ all means at our disposal, including information technology, in the most effective way possible. Some history of how VA's IT infrastructure and organization have evolved may prove useful to the Committee. For at least 25 years prior to 1990, VA's IT program was centralized. In July 1990, under a belief that decentralized operations provide for better management of VA facilities, the Department decentralized resources to the Administrations and staff offices for VA's IT systems design and applications development, systems operations, and systems oversight, along with four data processing centers. The remaining IT oversight program was placed under the Chief Financial Officer (CFO). Then, in accordance with the Clinger-Cohen Act of 1996, VA formally established the position of Assistant Secretary for Information and Technology (CIO), but the IT oversight program remained aligned under the CFO and decentralization of VA's IT program continued. At his confirmation hearing in January 2001, Secretary-designee Principi stated that he was committed to ending stove piped systems in VA. Secretary Principi directed the centralization of the Department's IT program, including authority over personnel and funding, in the Office of the Assistant Secretary for Information Technology effective October 1, 2002. A team of executives from across VA was convened to design a centralized IT organization for VA. The Secretary approved a centralized reorganization plan on May 14, 2003. The result of this reorganization was a matrix organization which, over time, VA came to realize was not best suited for a large, geographically dispersed organization that is highly dependent on information technology to deliver services. Robert N. McFarland was confirmed by the Senate on January 22, 2004 as the second Assistant Secretary for Information and Technology and Chief Information Officer (CIO). Under his leadership, a rigorous IT review process, disciplined project management methodology and an IT portfolio management system have continued to evolve. We are in the final phase of rebuilding our nationwide telecommunications infrastructure, beginning the consolidation of some infrastructure assets, and implementing aggressive cyber security and privacy programs to ensure the protection of our information assets, infrastructure, and veterans' personal information. We submitted the VA Enterprise Architecture design to OMB in June 2005 and received a score of 3.0, significantly higher than the previous score of 1.25. We continue to refine it. A strong Enterprise Architecture is critical to any effort to bring down our stove piped systems and replace them with integrated systems. The score of 3.0 demonstrates progress in this information technology area and signals that we are steadfastly working to build a foundation for systems integration and standardization. In the wake of the difficulties with CoreFLS, as a new Deputy Secretary, I asked Assistant Secretary McFarland to undertake a study of our IT system and resources and to pursue outside assistance, if necessary. In December 2004, he contracted with The Gartner Group to conduct an Organizational Assessment of VA IT. This assessment was to enhance the effectiveness of VA's IT by first baselining how it operates today, then developing organizational models to increase VA's IT value (in terms of greater efficiencies, economies of scale, and added business value), and finally, charting the path VA IT can follow to deploy its new organizational model to truly deliver value. The completed assessment was delivered to the Assistant Secretary for Information and Technology and CIO in May 2005. The study proposed five different alternatives, as follows. Option 1--Status quo. Currently, VA IT resources are operated and managed within a highly decentralized management structure. The Department's CIO manages a central office staff of approximately 350 government employees and a direct budget of approximately $40 million per year. While the CIO is charged with overall responsibility for the successful management of all VA IT resources (in fiscal year 05, $1.8 billion and approximately 5400 IT FTE) the CIO has no direct management control or organizational authority over any of these resources. The CIO provides policy guidance, budgetary review and general oversight via indirect supervision (dotted line) of the Administration and staff office CIO's. Within some of the Administrations, the CIO does not directly supervise or have authority over the majority of IT resources in the field and must also provide policy guidance, budgetary review and general oversight via indirect supervision. Option 2--Regional Option. Under this option, VA would be divided into three to five geographically based subdivisions. Within each of these, a Deputy CIO would control all IT assets (Operations, Staff Functions, and Systems Development) and be responsible for all service delivery within that region. These Deputy CIO's would report directly to the VA CIO. Option 3--Administration-Centric Option. Under this option, VA would be divided by Administration and Staff Offices and a Deputy CIO for each would control all IT assets (Operations, Staff Functions, and Systems Development) and be responsible for all service delivery within that Administration or Staff Office. These Deputy CIO's would report directly to the VA CIO. Option 4--Federated Option. Under this option, VA would separate operational responsibilities and IT systems development responsibilities into separate domains. All IT operational service delivery personnel and the budget associated with their support (to include all non-medical IT equipment, maintenance, and contractor support) would come under the direct supervision of the CIO. This organization would be charged with delivering all IT-related corporate services (such as electronic mail, financial systems, telecommunications) to all elements of VA based upon a negotiated and formally agreed upon set of specific standard IT services delivered according to a clearly understood and documented set of service-level- agreement standards. Under a federated approach, IT mission/program systems development responsibility remains with the Administrations or staff office business units. The Administrations and staff offices directly manage all mission/program systems--development FTE and budget authority. The CIO clearly maintains overall responsibility for the successful management of these resources and continues to provide IT budget oversight, policy, and program management direction for the Department. Option 5--Centralized Option. Under this option, all VA IT personnel resources, assets, and budget would be under the direct supervision of the VA's CIO. This centralized IT organization would be charged with delivering all IT-related corporate operation and mission systems development services to all elements of the VA based upon a negotiated and formally agreed upon set of specific standard IT services and systems development standards delivered according to a clearly understood and documented set of service level agreement standards. Under this option the Administrations remain responsible for system and user requirements definition, service delivery standards development, and end user participation in systems development acceptance criteria development and testing. The consultant's report delivered an ``as is'' assessment that VA's IT resources are currently operated and managed within a highly decentralized structure. While the Assistant Secretary for Information and Technology, our CIO, oversees a staff of approximately 350 VA employees and a budget of over $40 million, total VA IT resources are approximately 5,400 full-time-equivalent employees with a budget of some $1.8 billion. Despite having overall responsibility for ensuring the success of VA's IT operations, the Assistant Secretary has no direct management control or organizational authority over the great majority of VA's IT resources. He can only provide policy guidance, budgetary review and general oversight via indirect supervision. We are determined to move sequentially towards a ``to be'' model under the Federated Concept. In the model we have chosen, the budget will be centralized to the CIO. Security will be centralized under the control of the CIO. Development will require the CIO's review and budget approval. This model will also include a migration of most workers to the control of the CIO, while leaving some employees under the control of the administrations. This will move us closer to greater efficiencies, centralized planning and standardization. VA will bring in the necessary expertise to plan and manage this transition. We will communicate our plans up and down the line so every employee understands what is to be done. We will train and test to ensure employees can perform the tasks at hand, and keep them motivated during the transition. We will have timelines and goals that are agreed upon throughout the organization. This is a plan that VA can execute. It is important to note that the IT operation today has evolved over time and has included the services of many talented and dedicated professionals. Their efforts are paying off. For example, in terms of cyber security, VA IT systems are certified and accredited for the first time. Additionally, external independent gateways have been reduced. We will build upon our successes. It is vital that any reorganization not adversely impact services to veterans or unnecessarily affect our employees. Keeping in mind that our department exists to serve veterans and their families, our first principle will be to ``do no harm'' to the patients in our world class health care system, or to the millions of beneficiaries that depend on checks being dispatched in a timely and accurate manner. We know there are no simple ``light-switch'' solutions to be found in any model, but we are committed to managing these changes for the good of the Department. Mr. Chairman, top-level executives of this Department have been involved in the evaluation of alternative organizational models, and understand the importance of this endeavor. There is an understanding that cultural change has to take place and buy-in must occur at the lower-worker level. We also know that it isn't just the IT reorganization that is involved. The Department is considering changes at the CFO level, in logistics, in finances, in our collections, and our efforts to comply with OMB's Circular A-123, ``Management's Responsibility for Internal Control.'' We are mindful of lessons learned and know for this change to be successful, we must collaborate. As we implement this reorganization, we remain mindful of the successes recently acknowledged--accomplishments with which our IT team had considerable involvement. For example, in just the past 6 months, no fewer than five major publications have attested to VA's leadership of private and Government health care providers across almost every measure. <bullet> A Rand report published in the Annals of Internal Medicine ranked the overall quality of VA medical care as significantly higher than any other health care system in the country. <bullet> An article in the Washington Monthly, entitled, ``The Best Care Anywhere,'' rated VA as the recognized leader in the health care industry. It pointed out that, 10 years ago, veterans' hospitals were in deep crisis--but that today, and I quote, ``VA is producing the highest quality care in the country. VA's turnaround points the way towards solving America's health care crisis.'' <bullet> An editorial in the prestigious Journal of the American Medical Association, referred to VA as `a bright star' within the health care profession for its cutting-edge dedication to patient safety. <bullet> Last month, in their review of `America's Best Hospitals,' U.S. News and World Report titled their article on VA as, `Military Might: VA Hospitals are Models of Top-Notch Care.' <bullet> And just on August 22, on the front page, the Washington Post ran a headline that read, ``Revamped Veterans' Health Care Now a Model.'' Further, on April 27, 2004 President Bush chose the VA Medical Center in Baltimore to announce his commitment to ensuring that all U.S. citizens have an electronic health record in the next 10 years. In doing so, he held out VA's fine example. The reorganization of our resources will enable VA to be the benchmark in the development and implementation of Health information technology solutions and standards as envisioned by the President's Initiative for Health IT as both an example and national leader in this arena. I would say all those assessments are right on target. We view the Veterans Health Administration as the vanguard for national standards for electronic medical records, now the rest of the nation does as well. Our health IT systems--and the quality of our employees--helped us reap these headlines. Clearly, we are delivering more services to more veterans each and every year. And, this was accomplished under our current structure. Our IT successes are also facilitating the business of claims processing and benefit delivery in the face of daunting demands: <bullet> VA provides monthly compensation and pension benefits totaling $32 billion to over 3.5 million veterans and beneficiaries. Disability claims increased by 33% from 2000 to 2004. Last year alone, VA added nearly 240,000 new beneficiaries to the compensation and pension rolls. <bullet> By the end of fiscal year 2005, over 750,000 veterans received decisions on their disability claims, with VA processing an additional 1.5 million pension, dependency, and other adjustments to beneficiaries' accounts. Even with the increased claims volumes, we have reduced by 30 percent the length of time veterans must wait for decisions on their claims over the last 3 years. <bullet> We are also providing in excess of $2.5 billion in Education benefits to over 500,000 beneficiaries, and are working to rehabilitate nearly 95,000 service-disabled veterans through our Vocational Rehabilitation and Employment Program. I would also note that in December 2004, the American Customer Satisfaction Index announced the National Cemetery Administration earned a customer satisfaction rating of 95 out of a possible 100 points--the highest score ever received by a federal agency or private organization. In the survey, both the ratings for respect shown to loved ones and maintenance of VA cemeteries as National Shrines received a score of 97. The report called this finding ``an outstanding score by any standard of ACSI measurement and for any context, public or private.'' NCA was able to achieve this milestone through the support of IT in all aspects of cemetery and memorial services, from the timely acquisition of veteran headstones with accurate inscriptions to the nationwide gravesite locator available to the public on the World Wide Web. This concludes my statement. Thank you, Mr. Chairman, for the opportunity to discuss these important matters. I am prepared to answer any questions you might have. ______ Response to Written Questions Submitted by Hon. Daniel K. Akaka to Gordon H. Mansfield Question 1. VA's IT budget will be centralized under the Chief Information Officer. Development of IT will require the CIO's review and budget approval. How will the CIO facilitate communication within VA to meet the individual IT of its health, benefits and burial administrations? Response. There are several points at which requirements for information technology (IT) on the part of the Department of Veterans Affairs (VA) administrations and staff offices are communicated to the VA Chief Information Officer (CIO). First, there is the development of the IT portfolio, which determines resource requirements, both financial and otherwise, for all of the projects, programs, and investments in IT throughout VA. Administrations and staff offices develop capital asset plans (Exhibit 300s) for major investments, and provide funding information for minor investments. These investments are deliberated by the VA Enterprise Information Board (EIB), which is comprised of representatives from each administration and major staff office. Decisions are made by this group as to whether investments should be undertaken, modified, or cancelled. The EIB will also be the entry point for a portfolio to become part of the program management milestone review process. Once the IT portfolio is created, the EIB meets regularly to monitor the progress of investments. Semi-annual program management reviews (PMRs) will be conducted, one at mid-year to determine adherence to spend plans and to check year-of-execution progress; and one at the receipt of the new fiscal year budget to ensure continued adequate resources for program execution. Emergent reviews will be performed whenever programs break management thresholds that indicate negative variance to sound program execution Finally, the federated IT approach leaves development activity centered in the most logical place--with the organization that will benefit from the results of the development. The VA CIO will control the flow of funds based upon the information provided through the EIB in the IT portfolio and program management monitoring processes Question 2. The Government Accountability Office recommended that the Secretary develop a plan that describes how VA intends to use data from the Rating Board Automation 2000. GAO recommended that VA conduct studies of the impairments for which data reveal inconsistencies among VA regional offices. Please tell the Committee if such a plan has been developed. VA's computer programs are tools that can be used to determine where inconsistencies exist and to develop better training methods for VA employees. Response. Veterans Benefit Administration (VBA) concurred in the Government Accountability Office's (GAO) recommendations. VBA's Compensation and Pension (C&P) Service initiated a pilot review selecting three disabilities for consideration, including cases involving knees, hearing loss, and service connection for post traumatic stress disorder (PTSD). For those decisions where service connection was granted, the evaluation assigned to the condition was also reviewed. A random sample of ratings completed on or after October 1, 2004, was selected for the study. The data source was Rating Board Automation 2000 (RBA2000). Integral to the pilot review was development of checklists to collect data to determine if there was inconsistency among raters and, if so, the cause of the variance. VBA asked members of the Veterans Health Administration (VHA's) Tennessee Valley Healthcare System Center for Health Services to assess the value of the checklists that were developed, to analyze the review process and results, and to provide recommendations for improvement. Ultimately, the process was judged too lengthy and costly to continue with other reviews. As an alternative course of action, VBA's Office of Performance Analysis and Integrity (PA&I) is working with C&P Service to gather data through RBA2000 to identify possible inconsistencies among regional offices in the award and denial of compensation benefits for specific impairments. PA&I and C&P are prioritizing body systems and/or diagnostic codes to be reviewed. Data will be extracted from the corporate database for specific diagnostic codes in the rating schedule. PA&I has also extracted data for grants/denials of service connection, and evaluations of service-connected conditions for the remaining mental disorder diagnostic codes that use the General Rating Formula for Mental Disorders. Data pulls for the most prevalent diagnostic codes for each subsequent body system occur monthly and the projected completion date is June 2006. Other data runs will be analyzed in conjunction with these body system data runs to determine possible factors that may be affecting rating variance. Variables to be analyzed include veteran characteristics, station characteristics, station performance, legal/ representational issues, rating characteristics, and staff characteristics. Question 3. The Gartner Report found that VA's IT culture was resistant to change. For example, in May 2003, the Secretary approved a plan for reorganization of VA's IT management structure. Yet, to date this reorganization has not yet been implemented fully. What steps can you take to make VA more receptive to change and allow you to fully implement pending and future IT management changes? Response. The Secretary of VA has made a decision to proceed with implementing the federated model in reorganizing VA IT and the leadership represented at the Senate Committee on Veterans' Affairs hearing on October 20, 2005, witness table is committed to making it happen. An Information and Technology Realignment Office (ITRO) has been established to lead and manage the development and implementation of a federated information and technology program. The Executive Director of the ITRO, reports to the Assistant Secretary for Information and Technology, and will work in collaboration with VA's Strategic Management Council in the developing and executing of the reorganization of IT in VA. The Strategic Management Council is chaired by the Deputy Secretary and comprised of the Deputy Under Secretaries, Assistant Secretaries, the General Council and other key senior officials. Also, internally, and in parallel, a task force, comprised of senior budget officials representing each administration and major staff office, has been working together to develop a process for developing, implementing, monitoring, and managing a single VA IT budget. Question 4. How can VA provide incentives to contractors to take on the costly and risky development work for IT programs, software, and systems? Response. VA will use the full range of contracting options open to it to provide high quality information technology solutions that benefit our administrations and staff offices and, ultimately, the Nation's veterans. VA will choose the contracting approach that makes the most sense based on a determination of technical, schedule and cost risks involved in the particular program. If the particular contract involves a well-proven commodity, VA will use a firm-fixed price vehicle. If there is increasing risk, VA may choose to accept some of that risk through use of cost incentives. If the effort is very risky, VA might use a time and materials approach. VA is not committed to a ``one-size-fits-all'' approach when it comes to contracting for IT equipment, software, and services. Each effort will be evaluated on its own merits and the appropriate determination made to deliver the intended results in a timely manner, staying within budget. Contracts would also be reviewed to ensure that the contracting solution selected enhances the ability of the program to execute by considering innovative approaches such as performance-based maintenance concepts in the upkeep of legacy software programs. Question 5. One of the significant contributing factors to the problems associated with the CoreFLS program was that the same contractor hired by VA to provide independent advice and assistance were also given responsibility to implement the program. One of the conclusions of the Carnegie Mellon report on CoreFLS was that in allowing this, VA created a conflict of interest. What is VA doing to prevent contractors hired to provide independent IT advice and assistance from then being hired to implement the work and approach they recommend? Response. VA's program management and contracting personnel are trained in Government ethics and work closely together to identify conflicts of interest and the appearance thereof. Additionally, the one VA Enterprise Program Management Office (EPMO) was formed on August 8, 2004. It is designed to improve and standardize the management of IT projects and the IT portfolio by defining VA-wide policies, procedures and best practices, and providing tools to facilitate the successful management, reporting an oversight of VA's IT projects. When fully implemented, EMPO will conduct periodic program management reviews (PMRs) of all major projects. A key component of reviews will focus on the acquisition strategy, supporting acquisition plans and implementation. This will provide a greater level of scrutiny of the contracting process and ensure that contracting strategies are sound and proper. Administrations will be encouraged to implement similar internal reviews to ensure appropriate contracting methodologies are used. Question 6. VBA has undertaken many steps to identify and reduce the significant backlog in C&P claims processing application and adjudication. It still seems that much more might be done to streamline and shorten this process, as well as to ensure that decisions are standardized across the nation. Using technology throughout to enhance this process, incorporating industry best practices has seemed to lag in VBA's efforts. Has VBA considered using a rules-based decision engine, such as is used throughout the insurance industry, to help standardize at least the bodily injury component of the claims adjudication process? Response. From 2001 to 2003, VBA worked on the Compensation and Pension Evaluation Redesign (CAPER) project, an initiative to enhance the disability evaluation process and the exam request/return process for VBA claims adjudication. CAPER explored the use of rules-based decision-making technology in evaluating medical symptoms (the bodily injury component) under the VA Schedule for Rating Disabilities (38 C.F.R., Part 4). Although VBA's Information Technology Investment Board (ITIB) determined in 2004 that IT resources should be redirected from CAPER to other higher priority IT initiatives, some of the concepts developed for CAPER were integrated into other VBA applications, such as the Compensation and Pension Records Interchange (CAPRI) and medical examination templates. Question 7. I understand a pilot program is underway at the Ft. Bragg BDD site to include the compensation program in VBA's efforts to automate some of the application, exam and adjudication process. Please explain what is involved in this effort and what role if any, Commercial-Off-The-Shelf (COTS) or other IT tools will play. Response. Virtual VA will be used to pilot the paperless processing of (Benefits Delivery at Discharge) BDD claims. Virtual VA is a web- based computer application designed to electronically maintain all the documents in a veteran's claims folder and to simulate the paper workflow process of compensation claims. While Virtual VA's interfaces are custom designed, the solution employs widely accepted imaging software, web components, and hardware. Predominantly, Virtual VA uses commercial-off-the-shelf software (COTS) including: FileNet, Macromedia, Oracle, Xerox software, Microsoft, Kodak scanners, Adobe, Sun Servers, Active PDF Conversion Services, and IBM Servers. To create the plan for a paperless BDD claims process, VBA reviewed the current BDD business process and the existing functionality of the Virtual VA application. Specific IT enhancements/interfaces to existing applications are required to support the paperless BDD business process, including: 1. Modification of existing Virtual VA workflow tracking functionality. 2. Automatic import of rating decisions created in RBA 2000 3. Data feeds from the Defense Manpower Data Center and creating a web interface inquiry so that users can retrieve verified military history reports. 4. Automatic import of Compensation and Pension medical examination reports generated by QTC (the contract provider of C&P exams at BDD sites). 5. Import of Compensation and Pension medical examination reports generated by VHA. 6. Creation of a web interface to capture imaged records from the Defense Personnel Records Imaging System. Question 8. Please provide a detailed explanation of what VBA is doing to improve the C&P application and exam process and adjudication. How are industry best practices, such as rules-based decision engines and performance management tools, being incorporated into these program enhancements? Response. Modern Award Processing--Development (MAP-D) is a nationally deployed application designed to facilitate and automate the development phase of claims processing. MAP-D provides standard development paragraphs to use in composing letters. In addition, it provides automatic and manual claims development. The automatic development is rules-based development logic that was proven in a prior beta application trial for original compensation claims. The automatic development feature allows users to answer questions and enter basic veteran information. The system determines what development needs to be initiated and generates it in the form of letters, messages, and automatic requests for service information. The goal of MAP-D was to provide an easy way for users to create and amend development letters. To facilitate fast reaction to changes in policy or procedures, the paragraphs were stored centrally. Currently, the MAP-D application is being maintained through process improvements made with regular quarterly releases. The most recent change was released on November 14, 2005. VBA is focused on improving the letter generation capability over the next year, and expects to revalidate automatic development and make modifications mandated by changes in the applicable laws and regulations that govern the claims process. Compensation and Pension Records Interchange (CAPRI) provides online access to veterans' electronic health records (EHRs) contained in the VHA system of records. It is also the IT application that VBA uses to request and print VHA C&P examinations. The VA regional offices (ROs) have used CAPRI since 2001 to electronically request C&P examinations from VA medical centers (VAMCs). Upon receiving the electronic VBA C&P examination request, VAMC personnel schedule the veteran for the required medical examinations. Once all requested C&P medical examinations and corresponding worksheets have been completed, the exams are loaded and stored electronically in CAPRI. Individual C&P examination reports become a permanent record in the veteran's EHR, where they can be viewed and/or printed by claims adjudication personnel. C&P Service has taken steps through CAPRI to standardize the VBA C&P examination request. The CAPRI exam request organizes the 57 medical examination worksheets by 14 body systems identified in the VA Schedule for Rating Disabilities. CAPRI also gives VBA users a template that contains language common to requests for increased evaluations, pension benefits claims, representation by a power of attorney, and medical opinion requests. The ``General Remarks'' portion of the CAPRI C&P exam request allows the user to customize exam requests as necessary. CAPRI also uses rules-based technology to prevent a user from requesting a duplicate C&P medical examination worksheet when a request for that particular exam is pending. VBA and VHA continue to improve the exam process through the work of the jointly funded and staffed Compensation and Pension Examination Program (CPEP) office. The CPEP office is in the process of developing templates that map to the CAPRI worksheets. The goal of the template development is to provide rules-based technology to ensure that medical examiners complete the required information and accurately reflect the information requested in the worksheet. It is hoped that use of rules- based technology in the C&P medical examination report will decrease the number of inadequate VHA medical examinations. Upon satisfactory completion of the templates, VBA will work with VHA to determine whether to make use of the template mandatory for VHA examiners. VBA has also initiated a critical review of the QTC (VA exam contractor) templates to ensure that they track VBA's examination protocols and properly solicit medical evidence. The review will ensure that VBA decision makers receive accurate and consistent medical evidence whether the examination is performed by VHA or QTC. Under the terms of its contract with VA, QTC must reprogram its templates to be consistent with VBA policy. Question 9. What thought has VA given to incorporating IT planning into new hospital construction to ensure new VA medical facilities will be ``digital hospitals''--to included ``smart'' HVAC, security, diagnostic, operating rooms, personnel information, etc. that will allow VA to take advantage of an integrated facility infrastructure prior to opening the facility to patients? Response. VA does in fact design in digital capability into our new and renovated facilities. In the development of IT systems for new VA facility construction, VA uses an integrated process with extensive coordination and communication among the design team members. These teams include representatives from the local VAMC, the Veterans Integrated Services Network (VISN) office, the Office of the Assistant Secretary for Information and Technology, and the Office of Facilities Management as well as a knowledgeable architectural and engineering consultant. IT system configuration and integration are developed by the VAMC and IT staffs. Supporting the IT systems with infrastructure systems are a range of design criteria, including design manuals and master specifications, which outline VA requirements. The systems and supporting infrastructure are coordinated and implemented by the design team for each specific project. Infrastructure elements, such as advanced heating ventilation and air conditioning, electrical and security system controls, are outlined in VA criteria. System elements are important as is privacy, control of assess to data, HIPAA requirements, redundancy, procurement regulations, and ease of use. For a new addition or renovation project at an existing VAMC, integration into existing systems and maintenance of ongoing operations are critical elements to consider. This project management approach results in IT systems that function well and meet VA operational needs. In addition, VA regularly consults with manufacturers to keep abreast of changes and improvements in all related technologies. ______ Response to Written Questions Submitted by Hon. John D. Rockefeller IV to Gordon H. Mansfield Question 1. As VA works to improve and upgrade its IT, will there be a process and consideration given to research opportunities? Will there be a sensitivity to develop electronic records in such a way that the development of registries and sharing of research data will be possible and affordable? Will an effort be made to find IT solutions to provide access to valuable research and information about many diseases facing both veterans and the general population, such as Alzheimer's and dementia? Response. VA is developing and implementing a Health Data Repository (HDR) to provide integrated views of patient data across VA sites of care. The HDR functionality will include all of the domains of clinical data as well as notifications, clinical reminders, decision support, and alerts. Additionally, VA is creating a Corporate Data Warehouse (CDW) that will allow users to aggregate information from the HDR and other sources to look at particular disease cohorts and population-based health issues. The availability of the HDR and CDW promise to greatly enhance research opportunities and facilitate the creation of data marts and special population registries for such things as Alzheimer's, dementia, diabetes, etc. Demographics and vital sign measurements are available today in the HDR/CDW. Allergies, outpatient pharmacy and hematology and chemistry laboratory tests will be available by the middle of 2006 and other clinical domains will be added as they are standardized. Restrictions on IT funding may slow down development and full deployment of the HDR and CDW. When the HDR and CDW are fully deployed, researchers will greatly benefit from the following: (1) accessibility of national data clinical data; (2) improved data base design that facilitates analyses; (3) economies of scale in data collection and processing; (4) centralized authoritative data source; and (5) standardized data and definitions. Question 2. Please explain how the new system will cover IT issues dealing with medical devices at local VAMCs and security issues. Response. In collaboration with the Office of Cyber and Information Security (OCIS), VHA mandated that all facilities create virtual local area networks (VLANs) to isolate medical devices from the rest of the facility's IT network by September 30, 2004. This was a starting point in VA's defense-in-depth approach to networked medical devices, which added a layer of protection to the medical devices across VHA. By isolating all of the networked medical devices within the IT networks, VHA has effectively reduced the exposure of critical hospital equipment and data to risk of penetration by a worm, virus, or other cyber attack. VHA will continue to work with OCIS' Health Information Security Division (HISD) to develop sound guidance and provide direct assistance to VA facilities regarding security protections for networked medical devices. Question 3. How could the Office of Health Data and Informatics use automated coding and automatic coding audits software from the commercial market to improve the coding and auditing of VA records? Will part of the IT restructuring include a process to consider such opportunities? Response. VA already evaluates and uses commercial off-the-shelf products and will continue to do so under the new IT structure. The Office of Health Data and Informatics has been involved with a number of vendors, reviewing coding products that suggest they can automatically review and code inpatient and outpatient records by using natural language processing tools. We are in discussions with several VA sites and other non-VA organizations to undertake testing of these products. The testing will help validate whether the benefits projected by the vendors can be achieved in the VA environment. Re-engineering the Computerized Patient Record System (CPRS) is a major VHA initiative. The re-engineering of CPRS will include requirements that address creating a foundation for the concept of coded data as a by-product of documentation, in order to minimize or eliminate provider involvement in the coding process. We plan to provide automated coding audit functionality within CPRS that would auto-review and code provider documentation and validate the accuracy of already coded records. This type of functionality could provide audit results that would be used to provide educational material for providers and coders, and, importantly, would provide needed leverage to challenge insurance companies on denied claims. As VA pursues automated coding, we must maintain awareness that, as yet, automated coding is not an industry standard. Again, VA is concerned that limits on IT funding will delay development and deployment of the re-engineered CPRS. Question 4. How could VA better use IT to more accurately audit inpatient and outpatient records to more effectively recover funds through third party payers under the Medical Care Cost Recovery provisions? Response. All VA medical center facilities have installed the same Encoder/claim scrubber product (Quadramed) which allows sites to ensure more consistency and accuracy in bills submitted to third party payers. All claims go through a scrubber with edits to ensure that the most accurate and complete claim is submitted to third party insurers. VA continues to enhance the capabilities of this system and to further train users to maximize system capabilities. Chairman Craig. Gordon, thank you very much for that opening statement and testimony. Now let us turn to Robert McFarland, as I have introduced him, Assistant Secretary for Information Technology, Chief Information Officer, Department of Veterans Affairs, or should we just say the person in charge? Oh, I see, you are all together. The word has gone forth. All right. With that in mind, now that I have introduced you again, Bob, do you have any comments? I mean we have shifted all the burden to you anyway. Mr. McFarland. Mr. Chairman, I have no prepared statement, but I will be happy to answer any questions that you have. I am excited to be here and talk about some of the things that we are trying to do. Chairman Craig. I think questions we do have, and thank you all for being here. Your testimony describes the federated option as put forth by the Gartner Report. Your testimony then goes on to say that VA is determined to move towards a federated concept. What is the difference, if any, between what Gartner recommended you do under a federated option and what you have outlined as the federated concept that you are moving towards? Can you bring us into context on that? Mr. Mansfield. Mr. Chairman, I was referring to the fact that we understand that whatever we do here, there is not a light switch answer. We cannot just flip a switch and it will happen. No matter what we do we have to take it by phases. We have to make sure that the planning part of it is done correctly, and as I mentioned, checked and rechecked as we go forward. The comment about moving towards is that we are going to plan, and then we are going to start implementing, and that implementation will be by phases, we believe, as we move forward, but we will go with the federated model as outlined. Chairman Craig. Was there universal agreement within the Agency to go this way? Mr. Mansfield. No, sir. Chairman Craig. Who made the final decision? Mr. Mansfield. As I mentioned, the Secretary tasked me with working with the administrations and the CIO and our management office to come up with what was the best consensus on how to move forward, and I then brought that consensus to him, and he made the decision that we would go forward with the federated model. Chairman Craig. I appreciate your broadly outlining the mechanics of the federated concept and your assurances that the goals that are agreed upon throughout the organization will be cost effective and met with success. I intend to follow up with you and hold you, and all of you, accountable for those assurance. Will you commit to providing this committee with periodic reports on your progress? What I am saying to you, to all of you, and certainly to you, Gordon, is that we are going to work through this with you. We want to know where you are and where you have moved along the way. We do not want a report a year or two from now that we spend hundreds of millions of dollars and somehow it is not working. Mr. Mansfield. Mr. Chairman, let me make the point that--to preface my answer, which is yes--that we appreciate, No. 1, the bipartisan support we have gotten from this committee in your efforts to help us along the way, and we understand that we do have an obligation when taxpayer dollars are appropriated and given to us to spend, that they be spent the way they should be spent, and the results that we should get are gained. I would make the point that we would be more than happy to provide whatever periodic reports that you requested, and as I mentioned in my oral statement, we intend to do that. Chairman Craig. As you know, the Senate version of the MilCon/VA Appropriation Bill points out the fact that no individual or office has final budget or programmatic authority to oversee the Department's IT effort, and the legislation suggests an internal reorganization. Your testimony states that VA's first goal of any reorganization is to do no harm. First, do you believe the appropriation bill's language could do no harm to your current IT programs? Mr. Mansfield. Yes, sir, I do believe that. We have had an opportunity to have extensive discussions with the staff of the committee, and we are in agreement with where they are going. We have had an opportunity to be involved in how that language is being put forth, and we also have done some preliminary planning inside to be able to affect that if and when the bill is passed. We believe that that is where we want to go, and this will help us centralize authority in the CIO and that will be an effective tool in us going forward to make the changes we want. As I said, we are going through a process right now to plan to be able to implement what would be required. Chairman Craig. Secondly, how does this language complement or compete with VA's recent internal efforts to reorganize? Mr. Mansfield. I think that it complements it in the fact that if you look at the Gartner Report, one of their findings is that there needs to be centralized control of the dollars to be able to make sure that the standardization and efficiencies that we are looking for are gained, and that is a part of the way to get there. Chairman Craig. Senator Akaka, questions? Senator Akaka. Thank you, Mr. Chairman. Secretary Mansfield, some in Congress are pursuing legislation to direct VA to consolidate IT functions under the CIO. What progress has VA made that would indicate if it can get its own IT house in order without requiring Congress to get involved and provide a legislative solution? Mr. Mansfield. Sir, as I mentioned, the VA went out and hired the Gartner Consulting Group to come in and do the study. They made presentations to myself and Mr. McFarland. We then briefed the Secretary. Following that, he directed that I go forward and come up with a consensus agreement if possible, and since then we have been looking at ways to implement one of the options that was presented, and we believe that we can start doing that very soon. The Secretary has signed off on that as a directive to move forward, to start the implementation of the federated model. Senator Akaka. The study that you mentioned, when was that study done? Mr. Mansfield. Finished in late May, sir. Senator Akaka. Of this year? Mr. Mansfield. Yes, sir. Senator Akaka. Mr. Secretary, one of the problems identified with some VA IT systems is the lack of effective and expert program management during the design and fielding of IT systems. How can VA compete with private industry to attract the best and brightest minds in the IT field to ensure that we have effective program management for current and even future IT initiatives? Mr. Mansfield. Mr. Akaka, you point out a very big problem that we have, not only in this area, but in many of the specialized areas, in getting competent people into the system, given the hiring system that exists and how we have to go through that. We have started moving forward in this area, and I think I would ask Mr. McFarland to talk about his setting up of a program management office as we anticipate moving forward. Mr. McFarland. Sir, when I came here some 20 months ago, one of the things that disturbed me was we were in a mode of educating and trying to build project managers, but we did not have what I would call something similar to DOD, which is an enterprise project management office, where you have extremely experienced project management people who have overseen large projects and understand how to find the pitfalls through the process. I came to the Secretary and the Deputy, and since I was only able to affect the 2006 budget at that particular time, I inserted some dollars and a structure in the 2006 budget to start to build such an office to oversee these large at-risk projects. The Deputy and the Secretary were very much in favor of that idea, and have since pulled that into the 2005 budget, and I have just recently been able to hire a recently retired Navy captain that will head up the enterprise project management office. He is extremely experienced in managing extremely large programs, understands the complexity of large programs, understands how to deal with risk, and to be candid with you, we are going to supplement that office with more of that kind of talent. Now, we have an advantage here that we can compete in this area with private industry. No. 1, we have the best mission in Government, and that is to serve our veterans. We can attract retiring, very experienced ex-military to this environment because of that mission, and in fact, I stole this gentleman from private industry, and we were able to steal him because of this mission. I feel very confident that we can bring in talent that can help us oversee these projects in the future. It will take some time to build that office. It will not be built overnight. We will have to deal with the most at-risk projects in the beginning, and ultimately I would like to put it through all of our projects. Senator Akaka. Thank you. Dr. Lynch, I also want to add my commendation to you for your actions during and after Hurricane Katrina. As we all know, the Department of Veterans' Affairs was lauded for what it did after the disaster, and we are delighted to have you with us today. We have been waiting for sometime to get an idea of how much it would cost to rebuild the infrastructure. Where are you in your assessment, and can you give an estimate of the related costs? Dr. Lynch. Thank you, Senator. First off, I very much appreciate the kind words everybody has given to me personally regarding our response to Katrina, but I want to say that all the VA responded to Katrina, not just VISN 16. Certainly within my network, I shall say I am very proud of the people that work for me, and I think I have the real heroes working for me, and I think they deserve all the credit. I am just the figurehead that gets to stand up in front of them, and I want to make sure they get recognized. I want to be sure I understand your question. Is the infrastructure, the physical infrastructure of the medical facilities that have been damaged, not specifically IT issues. We are working on those costs right now, and there have been a number of engineering teams, for example, in New Orleans assessing the viability of restoring that building. It looks like the timelines for doing that, to fully bring it back to pre-Katrina, will be several years, and the costs are quite significant. Of course, we are assuming we want to try to mitigate the kind of vulnerabilities that the flooding caused this time around. You have to realize that while I am not aware of any final decision on the fate of the levees in New Orleans, if there is an attempt to repair those levees to a stronger strength, it will be, I am told, many, many more years before those are up to that level. I think if you are going to restore a large health care facility in New Orleans, you should mitigate your vulnerabilities. That is going to be the approach we are recommending. The costs for that could run as high as $200 million, maybe even go above that. There is a big debate about how much it is going to cost to rebuild in the environment in a disaster areas because costs are not normal. The other options we are looking at are the possibility of partnering with other entities down there, but that is in a very preliminary stage. I wish I could say we had final answers to all of this. I am dependent on the engineers to give me reports, and I am just kind of sharing with you the best knowledge I have at this point. In Biloxi and Gulfport, I think everybody in the room is aware of the CARES recommendation the Department put forward some time ago, and it was already recommending that Gulfport ultimately be closed and the services that were at Gulfport be recapitulated on the Biloxi campus. There were projected costs associated with that. We will again have the issue of doing that in a post-disaster environment. We are exploring moving that ahead, if you will, at this point. Again, no final decision has been made. There is a great demand for good, firm, hard numbers at this point, and things change almost every day, and that is sort of where the status stands right now. I appreciate the interest though. Senator Akaka. Thank you very much. My time has expired. Chairman Craig. Senator Akaka has asked an important question. We plan on November 3rd to have the VA back--the Secretary will be here--to give a detailed report on all aspects of Katrina costs and possibilities of change and adjustment and what we do to get everything back up to where it was or what adjustments we make. At that time also, Danny, we will invite the Senators from the affected States to be with us at that hearing. We wanted to give VA plenty of time to get their arms around these figures and to assess and give us the detail that I think all of us want to have to try to understand the impact of that. Is that a tentative date or is that a real date now? It is a real date now, November 3rd. With that, let me turn to Senator Salazar. Ken. Senator Salazar. Thank you, Chairman Craig. Mr. McFarland, last month you appeared before this committee, and as I recall, the comment that you gave to this committee was that you personally believed that a centralized system would be the best option, and I am sure you discussed your position with the VA. What I would like to ask you to do is two things, first, explain to me in layman's language what the difference is between the federated system versus a centralized system in terms of IT. And then second, what is it that changed your position from where you were when you came before the committee? Mr. McFarland. Sir, I made those statements before the House committee at a hearing I believe about a month ago, when I was asked for my professional opinion on the Gartner study. I had stated then, and I will state now, my professional opinion was in line with the Gartner study, based on my prior experience and having worked in this industry for some 33 years. The issues of the differences between a centralized approach and a federated approach are clearly, in layman's terms, under a centralized approach, all development, application, selection and infrastructure is run through one organization. In the most successful environments, with that approach you wind up writing some very detailed service level agreements with your customers, you have a customer mentality, meaning the people that you provide service to, and you build around their needs, and you bring them in to the process of both development and operational control, and you deliver services based on the needs of your customers. In a federated approach what you have is a IT infrastructure, meaning the operations, the running of the tools, and the infrastructure meaning the equipment and all the aspects that go along with keeping the service running under a centralized management structure, and you leave the development and application program selection and the development of software, user-specific software, to the administration in this case or to another organization. The federated approach is a step towards centralization, but it is clearly delineated by having users continue in the administration to develop their own specific software requirements, while the operational aspects of running applications and providing IT services is managed through a central group. Senator Salazar. Are you, Mr. McFarland, now at a point in this position, comfortable that the centralized system is not something that is the best option, and that moving forward with the federated system is the best? Mr. McFarland. In my opinion, my personal opinion, the centralized option for the VA is a very big bang. This is a culture steeped in decades of decentralized environment. You do not make those kind of changes in any organization, especially one as deeply rooted as this, overnight. I still believe that in the long run, having IT centrally managed is the successful way to run it. I believe you have to take steps to get there, and the consensus with management is that the federated approach is the first step to do that, and I have agreed to support what management wants to do. Senator Salazar. Let me ask in terms of the dollars that you now will have responsibility for, your organization is going to grow very significantly in terms of the dollars that you would have responsibility for, as I understand it, from 1.4 billion that the CIO has direct control, to I guess--no, from 50 million to 1.4 billion. So your 50 million will go to 1.4 billion. Are you ready to assume that kind of responsibility for those kinds of dollars as the CIO? Mr. McFarland. I am not familiar with---- Senator Salazar. Or are you scared? [Laughter.] Mr. McFarland. No. Senator Salazar. That is a lot of money. Mr. McFarland. Sir, I come from a corporation where I managed far more than that, so I am not particularly afraid of that size number. To be candid with you, that will take setting up an infrastructure that does not exist in my office today. I am in the process right now, and have just reviewed yesterday the first draft of the IT Controllers Office, which will allow me to not only disburse the money, but be able to track it. That has not been something we have done very successfully in the past. It is my intent that I have responsibility to manage that kind of sum, I will track that kind of sum one way or the other, and I will make sure that that money will be spent on what it is designed to be spent on, and nothing other than what it is designed to be spent on. It will take some effort to do that. It will take some staff to do that, and it will take process, which is currently not in place, but it is possible and we have had some pretty good minds working it now for about 2 weeks, and I think we are getting very close to putting an organization together that could manage the money. Senator Salazar. One more question, if I may, Mr. Chairman. Is now the time to do this, or would it be best if you, in your current position, and Secretary Nicholson and Secretary Mansfield were to take another year to study and to figure out how you are moving forward on this approach, as opposed to launching into what seems to be such an expensive and difficult undertaking, given the culture that we are dealing with here of independence on each one of the systems that we deal with? I mean talk to me a little bit about the timing question. Mr. McFarland. Sir, I am not an experienced Government employee. I come from the private sector, so I do not have the benefit of history and how long it takes Government to get things done. Senator Salazar. Do you have a comment on that, Secretary Mansfield? Mr. Mansfield. Yes, sir. It has been a part of the discussion on how we arrive at the decision and how we look at how we are going to implement it. In my testimony I believe I pointed out that it is going to take us 12 to 18 months to get this done. I recognize, as Mr. McFarland has indicated, we do not have all the people that we need in house to be able to get this done. The first thing we will have to do is to look for some consultants to come in and help us arrange the plan, and then decide where along the way we may need some outside help to get it done, as we move forward. It is not something that is going to happen overnight, but I believe that it is time to say this is what we are doing. The decision has been made by the Secretary, and as I said, the senior management of the Department, working together to come up with an agreement. You cannot always get 100 percent of what you want. What you have to do is get the most you can. Mr. McFarland has bought into this. The Health Care Administration has bought into this. The Benefits Administration has bought into this. The Office of Management has bought into this, and we are prepared to move forward. It will not be, as Mr. McFarland says, with a light switch approach, it will be done gradually. We need to send the word to the organization that we are doing this. Then the next thing we need to do is--a lesson learned from the last time--we need to involve the people all the way down to the users in the planning process, so they feel that what is going on here is something that they have a part in and that the success of it is going to be something that they are committed to, and that is going to take us a little bit of time, as Mr. McFarland mentioned, in the cultural aspects. Then the other part of it too, and one of the reasons that I believe that we should choose this model, is my ``do no harm'' comment. We are dealing with health care. We are dealing with patients. We are dealing with people in clinics or hospital beds, and medical doctors with hands-on treatment, some of it assisted with, helped with the tool of IT. In those areas we have to make sure we do no harm, and that is a part of what we have to play into here too. Senator Salazar. Thank you. I very much look forward to working with Senator Craig and Senator Akaka and this committee, and you to monitor the situation as you move forward. Mr. Mansfield. If I might follow up, sir, I just would also make the point that when you see in the report or when you hear the big bang, then you want to stop and look at what this is. That report gave us a risk versus rewards graph too that we talked about. Even if we were going to complete centralization with everything in Bob's pocket, we still would have to go through the steps to get there, and this is one of the steps to get there. Right now the only difference that I see is that the development phase, again with those clinical people involved and making sure that the treatment of patients that they do is part of the process for development and the benefits is a part of it. That is the one step that is different. Security gets centralized in IT. The budget dollars get centralized in IT. The standardization requirement gets centralized in IT. That is how we get the efficiencies out of this system and make it work better and deliver better services, and hopefully save some dollars that can then be translated into additional benefits and additional health care. Senator Salazar. Thank you. Chairman Craig. Ken, thank you. Senator Thune. Senator Thune. Thank you, Mr. Chairman. I appreciate all of your responses and answers and testimony very much, and I credit you for not resting on your laurels. I think that in order to stay on the creative cutting edge, you have to constantly be thinking of ways that you can approve and do things better, and the VA has been recognized, as you have all noted, for their many successes and improvements in the area of patient safety, and much of it related to the things that you are doing in terms of technology. I am especially interested in the technology component part of health care for a lot of reasons. One is I represent a very diverse--a very large area with a lot of real estate and not a lot of people, and health care facilities all across the State. You have a big network as well. I am also interested in it, because I think that electronic medical records has been proven to improve patient safety to save lives. It has also been proven to save money, and those are two things that are very important in terms of where we are headed in health care. I guess what I would like to ask you--and I appreciate the update on where you are headed and look forward to working with you and looking forward to working with the Chairman and this committee as we provide the oversight that is necessary for you all to deliver the very best possible health care services to America's veterans. Looking at it in a broader context, we are having a debate in this country too about how to take the model of what you have done and duplicate that and use it in other areas of health care. One of the big issues that is raised is in operability standards and how do different software packages in different health care facilities communicate with each other, thereby enabling them to have one integrated system or database whereby a patient's record can be accessed from any particular facility, whether they are somewhere in California or somewhere in South Dakota. I am curious to know what you all have done--I am told at least that you are working to provide or distribute scaled-down versions of your software to nongovernment hospitals and doctors and physicians--I am curious to know what has been the result of that effort? To what extent do hospitals have it? How many of them are using it? Is there any indication that there is an effort to use the software by doctors and hospitals that might be receiving it? Dr. Lynch. I think the release you are referring to is-- some people refer to it as VistA Lite, a basically available Federal code that is given to the private sector, but it is a partnership with Health and Human Services that was just announced in the last couple of months. I believe August is when that went out. It is really in a test phase in the community, so it would be premature to tell you how that is going, but that is the intent of the test phase. There are other Federal and private sector organizations that have used VistA in its current iteration or various iterations of it, the Indian Health Service for one. Some of the public health agencies in this town are using VistA. I think the thing that is probably most--when you realize how many physicians and other allied health professionals in training spend some time in their training in a VA medical center, you will find that almost every physician who left their residency program or medical school--nurses, what have you--in the last 6 to 10 years is very familiar with VistA in one form or another. They just have a hard time not laying hands on it at one time or another. I think probably that is the biggest push for getting health care providers to use the electronic health record, and I think you will see--what I am hoping we will see is a consumer-driven demand driven by providers, and it is generational. Within VA, I think it was 6 years ago really, we put out the current version from the providers' perspective that we have now. That was when things really blossomed, and we found that young physicians who grew up at a time when the Internet and PCs were always part of their lives had no problem adapting to it. Folks like myself, maybe a little bit more of a struggle. I think we are going to see that this is the natural trend of things. What your question really gets to is will we have the tools ready for them when the demand is there, and that is the standards that I think that VA is participating with in Health and Human Services and a lot of the President's push towards the electronic medical record, that will drive it. How that will exactly shake out, I don't know. What you are looking for is sort of what you have with the Internet. It does not matter which brand of computer, which operating system, even which attachment you put to your operating system. They all talk to each other because there are common standards that allow them to communicate. That is what we are pushing for. Senator Thune. I appreciate that. I would welcome, as this particular, I guess, new arrangement or relationship with some of the non-government hospitals, as you start getting data back about who is using it and how they are using it and what level of--what sort of results they are getting, it would be very helpful. Again, I appreciate the Chairman's interest in the subject with respect to the VA and the good work that you are doing there. I also know that in an area like my State, technology can do wonderful things, and telemedicine, things we are doing in that field as well. I also believe when it comes to efficiency, saving money, and saving lives, moving more toward electronic--and it is generational. There is no question about that. One of the things you hear most often is it is hard to get physicians and doctors who have always transcribed things the old-fashioned way to actually--and how do we provide incentives for them to be a part of the solution. I would welcome any additional insights that you have about that as we go forward. Thank you, Mr. Chairman. Chairman Craig. Senator Thune, thank you. Senator Isakson, you arrived while the panel was underway, so please proceed. Do you have any opening comments along with your questions? Senator Isakson. I was here earlier and then had to step out for a call, which I apologize for, and I came back in. No, I have no opening statement. I do have---- Chairman Craig. Please proceed. Senator Isakson. I do bring greetings from my 91-year-old father-in-law, a retired Navy Commander, who in 1999 when I was elected to the House lectured me on all the VA needed to do, particularly with regard to health care improvement, and he told me last week it was remarkable how well they had done since I got to Congress. [Laughter.] Senator Isakson. Being he is my father-in-law, I took total credit for it, but I deserve none. I thought I would pass it on to all of you because he is an absolute--Commander Davidson is an absolute critic, and he has been very happy with the medical improvement, Dr. Lynch and all the others. I did come in during the testimony, so I had to go back and read, and I just really have maybe one question and a follow- up. In the federated model, it says here in Option 4 describing it as, ``All IT operational service delivery personnel and the budget associated (to include all non-medical IT equipment, maintenance, and contractor support) would come under the direct supervision of the CIO.'' Does that mean that the medical side of IT is not under that direct supervision? Mr. McFarland. It means that all the medical devices and all of the various medical pieces of equipment will stay under the supervision of the hospital. Candidly, even--in my opinion, even in a centralized form, that would be the same. No IT organization should be making decisions on medical equipment that is needed to carry out health care. We should aid and support and try to help with security, but we should never be in the mode of making those decisions. Senator Isakson. I concur with that, and to the best of my recollection, most of the concerns about IT at VA have been non-medical IT concerns. Is that not correct? Mr. McFarland. I believe that is correct. Senator Isakson. Which brings me to my next question. On the next page, it says, ``This model will . . . include a migration of most workers to the control of the CIO, while leaving some employees under the control of the administrators.'' How many administrators are there? Mr. McFarland. The breakdown, I can't give you exact numbers, but the breakdown is somewhere around 4,500 to 1,500 approximately. Most of the employees are operational in nature, meaning they are involved in running and maintaining the infrastructure that is out there. Those that would stay under the administrations are those who are programmers and developers of the applications themselves of the software that is designed to manage and run the medical applications. Mr. Mansfield. Sir, if I may interrupt, I think you are talking about the number of administrations. We are pointing out there that the health care, the Veterans Health Administration, would maintain the development for products in their area. The Veterans Benefits Administration would maintain the same for their area of expertise, and then the Cemetery Administration. They would be aligned under those three administrations. Senator Isakson. Are any of those stovepipes integrated at any point? Mr. Mansfield. Not now, but under the federated model, the operational infrastructure would be integrated. Senator Isakson. Then therein lies me to my point, I guess, which is more of a statement. Mr. McFarland, I have great respect for Dell and what you did and what that great company does. In one of my jobs in my life, I was asked to take over the Department of Education in Georgia in a crisis, which was the Y2K crisis where they were trying to become compliant. They had 187 school systems, a State board of education. They had decided to select--the software of their preference was SAV, which is very complicated software. They had made the terrible mistake of letting all 187 systems attempt to customize the student information and the financial system, which led to a catastrophic $45 million disaster and a last-minute patch to become Y2K compliant. Anytime I read that we are going to centralize, but some of the employees are going to be under the supervision of the administrators and not the CIO, I worry that a department or an administrator working with a consultant or an outside vendor trying to customize could take what otherwise should be a baseline system and cause not only irreparable difficulty but tremendous cost. You can comment on that any way you want to. Mr. McFarland. I share your concern more than you realize. Let me say that under where I think we are headed, I will have budgetary control. I can promise you this. I will not sign off on any budgeted item, including development projects, that do not keep in concert with an enterprise architecture, and if they are looked at as being custom solutions that do not fit the environment, I simply won't fund them. We may have some battles in that area, and I welcome them. I share your concern. If you look at the big recent failure of Core FLS--you have described a little bit what happened in Georgia--lack of standardization will eat you alive in this world in IT. Without standardization and without standard practices, you cannot apply automation. It does not matter whether we would have made Bay Pines work or not. You could not have picked that system up and laid it into another hospital or another facility without customizing it again. That is because we did not have any standardization in place. Those are the areas that I think we can manage, and I intend to manage those through the budget process. Senator Isakson. I am glad to hear that, because in the end, not because people would intentionally want cost overruns, but most administrative people are closer to my age and they do not have the computers that my kids have that allow them to do all these things instinctively. They start customizing or start asking consultants to provide things which can be done but run you off into some unbelievable cost overruns and problems. Your knowledge is very satisfying to me, and if you can manage through that process in the budget, then I think this federated model will work. Thank you, Mr. Chairman. Chairman Craig. Thank you, Senator Isakson. The question is: How did you do? Senator Isakson. How did I do? Chairman Craig. In the Department of Education in Georgia. Now that you have led us down that path---- Senator Isakson. I got elected to Congress, Mr. Chairman. I don't know whether that is because they wanted to get rid of me or because it worked. [Laughter.] Senator Isakson. I will share with Mr. McFarland actually the results of that, but not on camera. [Laughter.] Chairman Craig. In other words, special expressions belie the camera. All right. A couple of last questions of this panel. You had mentioned the enterprise architecture design. I see OMB scored it at a 3 in contrast to a previous 1.25 score. Mathematically, that is a 100-percent improvement. Now, what does that exact--what does that tell us about enterprise architecture? How much better and is it good enough? Mr. McFarland. I'd love to tell you that getting a 100- percent improvement in my grade was a wonderful thing, but I would have to be honest and fair with you and tell you that when I got here, we were nowhere where we needed to be. We have made great progress. I was very lucky to attract an enterprise architect to the agency some 9 or 10 months ago, and he has done incredible work in getting us moving towards where we need to go. We are not there yet. We still have to try to reach, I believe, a 4.0, and that additional one point is a significant enterprise. I believe we will get there. Enterprise architecture is an evolving thing. You just don't get one and then put it in the drawer and everything is fine. It will continue to evolve. It will have to evolve based on the needs of the agency, and we will have to evolve it based on the needs of the Government, because the Government has, OMB has a very strict interpretation of enterprise architecture, and we have had some challenges in getting ourselves in line with that. We will get there, and that is the umbrella that fits over all of our applications and all of our environment to make sure there is commonality. We will never break up these stovepipes if we do not have a strong enterprise architecture to do it with. Chairman Craig. Okay. I thank you for that comment, Mr. McFarland, and I think all of us recognize the difficulty of change, especially inside organizations as old, with the positive reputation that VA has; at the same time, a frustration on the part of all of us of costs and cost overrun and the inability to get our arms around them and manage them. It is pretty hard sometimes to go home to the taxpayer and try to explain why a couple hundred million dollars or more just got blown away, or it is no longer operating or it is non- functional. We went through this with, you know, other agencies of Government as we try to make these changes and bring them into modern approaches. Consultants are brought in, and sometimes effectively used, sometimes not. Gordon, we talked about the Gartner study and its costs. What were its costs in reality? Mr. Mansfield. The costs were between $800,000 and $1 million, I believe. Is that right? Mr. McFarland. Yes, sir. It was somewhere, if I remember correctly, around $875,000, I believe. Chairman Craig. That is viewed as money well spent? Mr. Mansfield. Yes, sir. Mr. McFarland. Yes, sir, I believe it was. Chairman Craig. I don't ever want the record to show that that is pocket change, but it was pocket change well spent in the context of things. Thank goodness that you feel it was appropriately spent, and that is a manageable amount of money in most of our view when it comes to what we are doing here. Gentlemen, thank you very much. We will have you back again--and again, and I say that because we want to know what you are doing and how it is going on. I will only ask you to leave with this note: As I have told the Secretary, there don't deserve to be surprises in any of this. We are all in this together because we have one goal in mind, and I think, Secretary Mansfield, you expressed it well in your opening statement. The wiser we can spend the dollars, the more dollars we can get to the ground to serve veterans. We thank you all for being here this morning. Mr. Mansfield. Thank you, Mr. Chairman. Chairman Craig. Our second panel is made up of Paul Wohlleben? Mr. Wohlleben. Very good, Mr. Chairman. Chairman Craig. Did I pass the test, Paul? Mr. Wohlleben. You did. That was fantastic. Thank you. Chairman Craig. Partner, Grant Thornton, on behalf of the Information Technology Association of America; and Linda Koontz, Director of Information Management for Government Accountability Office. With that, Paul, Linda, thank you for being with us. Please proceed. Paul, we will start with you. STATEMENT OF PAUL WOHLLEBEN, PARTNER, GRANT THORNTON, LLP, ON BEHALF OF THE INFORMATION TECHNOLOGY ASSOCIATION OF AMERICA Mr. Wohlleben. Thank you, Mr. Chairman. Good morning. My name is Paul Wohlleben. I am a Partner with Grant Thornton of Chicago, Illinois, an international accounting and management consulting firm. In my role as a witness before you this morning, however, I am representing the Information Technology Association of America. ITAA provides global public policy, business networking and national leadership to promote the continued rapid growth of the information technology industry. ITAA consists of approximately 350 corporate members throughout the United States in a global network of 67 country's IT associations. ITAA members range from the smallest IT start-ups to industry leaders. Modern organizations, whether Government or commercial, use IT to help them achieve their missions. For most organizations, IT is both a major component of cost and a key resource in managing business operations and in satisfying customers. This morning I will describe how many of ITAA's member companies employ, align and operate their IT assets to best align them with the organization's missions, improve productivity and maximize the return on their investments. Additionally, this discussion will address our position on the placement and the role of the Chief Information Officer in any large enterprise. Let me begin by stating that leading companies operate using an organizational strategy drawn from their major business and mission objectives. In developing such a strategy, leading companies consider the role of all key resources in accomplishing that strategy, including information technology. It is a position of ITAA that in most cases a successful organization's CIO will be part of the senior management team that develops that overarching strategy. Such involvement by the CIO increases the probability that IT will be properly leveraged to achieve the desired outcomes. Once an organization's business and mission strategy had been defined, including the basic contributions expected from IT, the CIO needs to develop the strategies and plans that define how IT will be best deployed across the organization to make those contributions. I will refer to this as the IT strategy. The CIO must ensure that the IT strategy is aligned to the organization's business and mission strategy, meaning that each IT investment can be linked back to the organizational goal or objective that it supports. A key component of the IT strategy is the enterprise architecture. The enterprise architecture provides views into how the organization operates, its key desired outcomes, the technology infrastructure that provides computing capability, the data that is used in the organization in the application systems that support the organization. ITAA believes it is imperative for the CIO to have sufficient authority to produce, deploy and maintain the IT strategy, including the enterprise architecture. It is particularly important that the CIO be able to keep them current with a changing business and mission environment, and to ensure that they serve as the standard road map for all IT investment, planning and execution. The development of the IT strategy and the use of the strategy to guide the organization during the implementation projects designed to move the organization from the current to the target states cannot be accomplished by the CIO organization alone. The entire enterprise will be affected by the IT strategy. The entire enterprise must be represented in the process that develops and oversees the execution of the strategy. This is, in effect, a component of organizational governance. ITAA believes that the CIO must have appropriate authority, organizational placement, and peer relationships to ensure that an effective process exists for this organizational governance. I have touched on a number of key roles that must be successfully addressed to ensure that an organization's IT investments are both efficiently and effectively utilized. The CIO must have effective control over the planning, authorization, resourcing and implementation of all IT. Effective control means that the CIO can delegate the implementation of IT as long as the CIO retains oversight and sufficient management mechanisms in place to ensure compliance with CIO approved plans. We believe the CIO should not delegate enterprise level planning, authorization and resourcing responsibilities. Let me turn my attention to the organizational placement of the CIO. While ITAA recognizes the impact that attributes like culture and management style have on determining how to organize to optimize effectiveness, we believe that an organization is best able to leverage its IT if a CIO reports to the organization's most senior official. Such placement sends an important signal to the rest of the organization about the value of information technology in its management, and better enables the CIO to ensure an effective IT governance process. It better positions the CIO to develop working relationships with other key senior executives in an organization's leadership. We also believe that with such high organizational placement comes a responsibility to reach out to the organization to develop effective collaboration and governance processes. A seat at the executive table must be used to inject IT into the strategic mainstream, and not to isolate it from the rank and file. Elevating the CIO in combination with effective collaboration will help ensure that the broad needs of the organization are reflected in the IT requirements, and that efforts to standardize both IT and business processes receive appropriate representation. To summarize, IT is a critical component in helping organizations like VA realize their strategic objectives. To harness the value of IT, the CIO maps agency mission and business process objectives to an information technology strategy. An enterprise architecture translates IT strategy into an actionable blueprint for moving from the here and now to where we want to be. Although the CIO is ultimately responsible for the effective alignment of IT performance with agency mission, goals and objectives, this individual does not and must not operate in a vacuum. To be effective, the process must enjoy widespread agency support and buy-in, and must originate from the top down. I thank you for the opportunity to testify before the committee this morning. I will be pleased to answer any questions you may have. ITAA will also be glad to meet with Members of the committee and their staffs on the important issues that are raised during this hearing. Thank you. [The prepared statement of Mr. Wohlleben follows:] Prepared Statement of Paul Wohlleben, Partner, Grant Thornton, LLP, on Behalf of the Information Technology Association of America Good morning. My name is Paul Wohlleben. I am a Partner with Grant Thornton LLP of Chicago, Illinois, an international accounting and management advisory services firm. In my role as a witness before you, I am representing the Information Technology Association of America. ITAA provides global public policy, business networking, and national leadership to promote the continued rapid growth of the Information Technology (IT) industry. ITAA consists of more approximately 350 corporate members throughout the U.S. and a global network of 67 countries' IT associations. ITAA members range from the smallest IT start-ups to industry leaders in the Internet, software, IT services, ASP, digital content, systems integration, telecommunications, and enterprise solution fields. Modern organizations, whether commercial or government, use IT to help them achieve their missions. For most organizations, IT is both a major component of cost and a key resource in managing business operations and satisfying customers. This morning, I will describe how many of ITAA's member companies employ, align, and operate their IT assets to best align them with their organization's missions, improve productivity, and maximize the return from their investments. Additionally, this discussion will address our position on the placement and role of the Chief Information Officer (CIO) in any large enterprise. Let me begin by stating that leading companies operate using an organizational strategy drawn from their major business and mission objectives. In developing such a strategy, leading companies consider the role of all key resources in accomplishing that strategy, including IT. It is the position of ITAA that in most cases, a successful organization's CIO will be part of the senior management team that develops that overarching strategy. Such involvement by the CIO increases the probability that IT will be properly leveraged to achieve the desired outcomes. Once an organization's business and mission strategy has been defined, including the basic contributions expected from IT, the CIO needs to develop the strategies and plans that define how IT will be best deployed across the organization to make those contributions. I will refer to this as the IT strategy. The CIO must ensure that the IT strategy is aligned to the organization's business and mission strategy, meaning that each IT investment can be linked back to the organizational goal or objective that it supports. Ideally, the contribution of the IT investment can be measured in terms of how well it supports the relevant overarching organizational goal or objective. A key component of the IT strategy is the enterprise architecture (EA). The EA provides views into how the organization operates, its key desired outcomes, the technology infrastructure that provides computing capability, the data that is used in the organization, and the application systems that support the organization. In leading organizations, the EA consists of both a current snapshot of the organization's IT infrastructure, called the `as is' architecture, and a snapshot of the target infrastructure, called the `to be' architecture. IT modernization plans are then developed with the intent to move from the `as-is' to the `to-be' states. ITAA believes it is imperative for the CIO to have sufficient authority to produce, deploy and maintain the IT strategy, including the enterprise architecture. It is particularly important that the CIO be free to keep them current with a changing business and mission environment and to ensure that they serve as the standard roadmap for all IT investment planning and execution. The development of the IT strategy, and the use of the strategy to guide the organization during the implementation projects designed to move the organization from the current `as-is' to the target `to-be' states, cannot be accomplished by the CIO's organization alone. The entire enterprise will be affected by the IT strategy; the entire enterprise must be represented in the process that develops and oversees the execution of the strategy. This is, in effect, a component of organizational governance. ITAA believes that the CIO must have appropriate authority, organizational placement, and peer relationships to ensure that an effective process exists for organizational governance. I have touched on a number of key CIO roles that must be successfully addressed to ensure that an organization's IT investments are both efficiently and effectively utilized. The CIO must have effective control over the planning, authorization, resourcing, and implementation of all IT. Effective control means that the CIO can delegate the implementation of IT as long as the CIO retains oversight and sufficient management mechanisms in place to ensure compliance with CIO-approved plans. We believe the CIO should not delegate enterprise- level planning, authorization and resourcing responsibilities. Let me turn attention to the organizational placement of the CIO. While ITAA recognizes the impact that attributes like culture and management style have on determining how to organize to optimize effectiveness, we believe that an organization is best able to leverage its IT if a CIO reports to the organization's most senior official. Such placement sends an important signal to the rest of the organization about the value of IT and its management and better enables the CIO to ensure an effective IT governance process. It better positions the CIO to develop working relationships with other key senior executives in an organization's leadership. We also believe that with such high organizational placement comes a responsibility to reach out to the organization to develop effective collaboration and governance processes. A seat at the executive table must be used to inject IT into the strategic mainstream, not isolate it from the rank and file. Elevating the CIO will help ensure that the broad needs of the organization are reflected in IT requirements and that efforts to standardize both IT and business processes receive appropriate representation. To summarize, IT is a critical component in helping organizations like the VA realize their strategic objectives. To harness the value of IT, the CIO maps agency mission and business process objectives to an information technology strategy. An enterprise architecture translates IT strategy into an actionable blueprint for moving from the here and now to the where we want to be. Although the CIO is ultimately responsible for the effective alignment of IT performance with agency mission, goals and objectives, this individual does not and must not operate in a vacuum. To be effective, the process must enjoy widespread agency support and buy-in, and must originate from the top down. I thank you for the opportunity to testify before the Committee on Veterans' Affairs. I will be pleased to address any questions you may have. ITAA will also be glad to meet with the Members of the Committee and their staffs on the important issues raised in this hearing. Chairman Craig. Thank you very much for that testimony, and also thank you for that invite. We will continue to work with you as we go through this. Now, Linda, let us turn to you, Linda Koontz, Director of Information Management, GAO. STATEMENT OF LINDA D. KOONTZ, DIRECTOR, INFORMATION MANAGEMENT ISSUES, UNITED STATES GOVERNMENT ACCOUNTABILITY OFFICE Ms. Koontz. Thank you, Mr. Chairman. I am pleased to be here today to discuss the organization of VA's information technology program. I will be discussing our previous work on the role of Chief Information Officers in the Federal Government and in the private sector, as well as providing information on the evolution of the CIO position at VA. As you know, under the Clinger-Cohen Act the Congress has mandated that Federal CIOs play a central role in managing information technology within Federal agencies. In this way CIOs can help ensure that agencies manage their information functions in a coordinated and integrated fashion, and thus improve the efficiency and effectiveness of Government programs and operations. In 2004 we reported that Federal CIOs were responsible for most of the key management areas we identified as required by statute or critical to effective information and technology management. All the CIOs were assigned responsibility for five key areas, for example, enterprise architecture and IT investment management, although they sometimes reported that they shared responsibility for these areas with other organizational units. Our past work also identified a number of organizational characteristics that contribute to CIO success. First, successful CIOs work with supportive senior executives who embrace the central role of technology in accomplishing mission objectives, and include the CIO as a full participant in senior decision-making. Second, successful CIOs have legitimate and influential roles in leading top managers to apply IT to business problems and needs. Placement of the position at an executive management level in the organization is important, but in addition, CIOs earn credibility and produce results by establishing effective working relationships with business units. Third, successful CIOs structure their organizations in ways that reflect a clear understanding of business and mission needs. This understanding is a prerequisite to aligning the CIO's office to best serve the agency. To do this, CIOs also need knowledge of business processes, market trends, the agency's current systems and available IT skills. To be successful, Federal CIOs must overcome a number of challenges. For example, according to a little over 80 percent of the CIOs, one major challenge is implementing effective IT management practices in such areas as information security, enterprise architecture, investment management, and e- Government. In a study that we recently released, CIOs at leading private sector organizations reported responsibilities and challenges that were similar to those of their Federal counterparts. These private sector companies used both centralized and decentralized organizational structures, and several of the CIOs spoke of their efforts to achieve the right balance. In addition, most private sector companies had executive committees with authority and responsibility for governing major IT investments. In recent years the CIO position at VA and the Department's IT management, have received increased attention from VA leadership. For 2\1/2\ years after the passage of the Clinger- Cohen Act in 1996, the Department went without a CIO. For 2 years after that the CIO role was held by an executive who also had other major responsibilities. The Department then had an acting CIO for 1 year, and in August 2001 it appointed a full- time permanent CIO. Subsequently, the Department proposed further strengthening the CIO position and centralizing IT management, recognizing that aspects of the VA computing environment were particularly challenging and required substantial management attention. In particular, the Department's information services and systems were highly decentralized, and a large proportion of the Department's IT budget was controlled by the VA's administrations and staff offices. To address these challenges the Secretary issued a memo in 2002 announcing that IT functions, programs and funding would be centralized under the Department level CIO. Although we have not reviewed the current status of this proposed realignment or VA's current organizational structure, it remains our view that this realignment held promise for building a more solid foundation for investing in IT resources and improving the Department's accountability over those resources. The additional oversight afforded the CIO could have a significant impact on the Department's ability to more effectively account for and manage its approximately $2.1 billion in planned IT spending. Mr. Chairman, that completes my statement. I would be happy to answer questions. [The prepared statement of Ms. Koontz follows:] Prepared Statement of Linda D. Koontz, Director, Information Management Issues, United States Government Accountability Office Mr. Chairman and Members of the Committee: Thank you for inviting us to take part in your discussion of the information technology organization at the Department of Veterans Affairs (VA) and the role of the Chief Information Officer (CIO). In carrying out its mission of serving our nation's veterans, the department relies heavily on information technology, for which it is requesting about $2.1 billion in funding for fiscal year 2006. The CIO will play a vital role in ensuring that this money is well spent and that information technology is managed effectively. As we have previously reported, an effective CIO can make a significant difference in building the institutional capacity that is needed to improve an agency's ability to manage information and technology and thus enhance program performance. At your request, we will discuss the role of CIOs in the Federal Government, present for comparison the results of our study of private- sector CIOs, and provide a historical perspective on the roles and responsibilities of VA's CIO. In developing this testimony, we reviewed our previous work in this area. All work covered in this testimony was performed in accordance with generally accepted government auditing standards. RESULTS IN BRIEF Since the Clinger-Cohen Act established the CIO position in 1996, federal CIOs have played a central role in managing information and technology within federal agencies. According to CIOs at major departments and agencies,' they generally held wide responsibilities and reported to their agency heads or other top level managers. In general, CIOs reported that they were responsible for key information and technology management areas; for example, all the CIOs were responsible for five key areas (capital planning and investment management, information security, IT human capital, strategic planning for information technology and information resource management, and enterprise architecture). In carrying out these responsibilities, the tenure of federal CIOs was often less than the length of time that some experts consider necessary for them to be effective and implement changes: the median tenure was about 2 years, and the most common response regarding time required to be effective was 3 to 5 years. In contrast, CIOs were generally helped in carrying out their responsibilities by the background and experience they brought to the job. Although their background was varied, most had background in information technology (IT) or related fields, many having previously served as CIOs; many also had business knowledge related to their agencies, having previously worked either at the agency or in an area related to its mission. Other factors that help CIOs meet their responsibilities effectively are described in guidance that we have issued; key among these are (1) being supported by senior executives who recognize the importance to their missions of IT and an effective CIO; (2) playing an influential role in applying IT to business needs; and (3) being able to structure their organizations appropriately. At the same time, CIOs cited several challenges, of which the two most frequently mentioned were implementing effective IT management and obtaining sufficient and relevant resources. Private-sector CIOs reported responsibilities, challenges, and approaches to information and technology governance that are similar but not identical to those of their federal counterparts. Most of the private-sector CIOs we contacted had either sole or shared responsibility for the key management areas we explored, which corresponded to those that we reported on in our federal agency review. Among the areas in which most of the private-sector CIOs had or shared responsibility, 18 or more of the 20 we contacted cited five information and technology management areas (capital planning and investment management, information security, human capital for managing information resources, systems acquisition, and e-commerce); the first three of these were also responsibilities of all federal CIOs, and the last two were responsibilities of 90 percent of federal CIOs. The challenges cited by the private-sector CIOs were also similar to those cited by federal CIOs. Both private-sector and federal CIOs noted improving various IT management processes (e.g., IT investment decision making), developing IT leadership and stalls, working with enterprise architectures, and ensuring the security of systems. To manage their IT, the private-sector companies used both centralized and decentralized organizational structures: in some, authority is centralized in the CIO's office, while in others, it is decentralized in the business units, depending on other events in the company such as strategic realignments and acquisitions. Most of the private-sector companies had executive committees with authority and responsibility for governing major IT investments. Many private-sector CIOs also told us that they were making efforts to move toward common business processes, such as by instituting cross-organizational teams to work on developing enterprise wide systems and standards. With regard to VA, both the CIO position and IT management have received increased management attention over time. After going for 2 years after the passage of the Clinger-Cohen Act without a CIO, followed by 2 years with an executive whose time was divided among CIO and other major duties, and then 1 year with an acting CIO, the department appointed a full-time permanent CIO in August 2001. Since then, the department proposed further strengthening the position and centralizing IT management, recognizing that aspects of its computing environment were particularly challenging and required substantial management attention. In particular, the department's information systems and services were highly decentralized, and a large proportion of the department's IT budget was controlled by the VA's administrations and staff offices. To address these challenges, the Secretary issued a memo in 2002 announcing that IT functions, programs, and funding would be centralized under the department-level CIO. Although we have not reviewed the current status of this proposed realignment or VA's current organizational structure, it remains our view that the proposal held promise for improving IT accountability and enabling the department to accomplish its mission. The additional oversight afforded the CIO could have a significant impact on the department's ability to more effectively account for and manage its approximately $2.1 billion in planned IT spending. VA comprises three major components: the Veterans Benefits Administration (VBA), the Veterans Health Administration (VHA), and the National Cemetery Administration (NCA). VA's mission is summed up in its mission statement, a quotation from Abraham Lincoln: ``to care for him who shall have borne the battle and for his widow and his orphan.'' VA carries out this mission by providing benefits and other services to veterans and dependents. The department's vision is to be a more customer-focused organization, functioning as ``One VA.'' This vision stemmed from the recognition that veterans think of VA as a single entity, but often encountered a confusing, bureaucratic maze of uncoordinated programs that put them through repetitive and frustrating administrative procedures and delays. The ``One VA'' vision is to create versatile new ways for veterans to obtain services and information by streamlining interactions with customers and integrating IT resources to enable VA employees to help customers more quickly and effectively. This vision will require modifying or replacing separate information systems with integrated systems using common standards to the information across VA programs and with external partner organizations, such as the Department of Defense. Accordingly, effective management of its IT programs is vital to VA's successful achievement of its vision and mission. Table 1 shows a breakdown of VA's approximately $2.1 billion IT budget request for fiscal year 2006. Of the total, VHA accounted for approximately $1.8 billion, VBA approximately $150 million, and NCA approximately $11 million. The remaining $84 million was designated for the department level. Table 1.--Breakdown of VA's Fiscal Year 2006 Information Technology Budget Request [in millions] ------------------------------------------------------------------------ Organization Request In percent ------------------------------------------------------------------------ VHA............................. $1835............. 88% VBA............................. 150............. 7% NCA............................. 11............. <1% Department...................... 84............. 4% -------------------- Total......................... $2,080............ ------------------------------------------------------------------------ Spune: GAO analysis VA data. CIO PLAYS MAJOR ROLE IN FEDERAL IT MANAGEMENT The Congress has long recognized that IT has the potential to enable federal agencies to accomplish their missions more quickly, effectively, and economically. However, fully exploiting this potential presents challenges to agencies. Despite substantial IT investments, the federal government's management of information resources has produced mixed results. One of the ways in which the Congress has addressed this issue was to establish the CIO position; an agency's CIO is to serve as the focal point for information and technology management within an agency. In 1996, the Clinger-Cohen Act established the position of agency CIO and specified responsibilities for this position. Among these responsibilities, the Act required that the CIOs in the 24 major departments and agencies have information resources management (IRM) as their ``primary duty.'' The Congress has mandated that CIOs should play a key leadership role in ensuring that agencies manage their information functions in a coordinated and integrated fashion in order to improve the efficiency and effectiveness of government programs and operations.'' CIO RESPONSIBILITIES AND REPORTING RELATIONSHIPS CIOs have responsibilities that can contribute significantly to the successful implementation of information systems and processes. In July 2004, we reported on CIO roles, responsibilities, and challenges (among other things) at 27 major agencies. For this work, we identified major areas of CIO responsibilities that were either statutory requirements or critical to effective information and technology management. Altogether, we identified the 13 areas shown in table 2. Table 2.--Major Areas of CIO Responsibility ------------------------------------------------------------------------ ------------------------------------------------------------------------ Area of responsibility.................... IT capital planning and investment management Description............................... Planning and management of IT capital investments Applicable laws........................... 44 U.S.C. 3506(h), 40 U.S.C. 11312 & 11313 Records management........................ Ensuring that agency implements and enforces records management policies and procedures under the Federal Records Act 44 U.S.C. 3506(f) Information dissemination*................ Ensuring that information dissemination activities meet policy goals such as timely and equitable public access to information 44 U.S.C. 3506(d) Information disc1osure*................... Ensuring appropriate information 44 U.S.C. 3506(g) access under the Freedom of Information Act Privacy................................... Ensuring agency compliance 44 U.S.C. 3506(g) with the Privacy Act and related laws Area of responsibility.................... Description Statistical policy and coordination....... Performing statistical policy and coordination functions, including ensuring the relevance, accuracy, and timeliness of information collected or created for statistical purposes Applicable laws........................... 44 U.S.C. 3506(e) ------------------------------------------------------------------------ Source: GAO analysis. ``Three areas of responsibility-enterprise architecture; systems acquisition, development, and integration; and government initiatives-- are not assigned to CIOs by statute; they are assigned to the agency heads by law or guidance. However, in virtually all agencies, the agency heads have delegated these areas of responsibility to their CIOs. For our later private-sector study, we combined Information dissemination and Information disclosure into a single function in order to increase these functions' relevance for private-sector CIOs. According to our report, CIOs were generally responsible for the key information and technology management areas shown in the table, although not all CIOs were completely responsible for all areas.'' For example: All the CIOs were responsible for the first five areas in the table (capital planning and investment management, enterprise architecture, information security, IT/IRM strategic planning, and IT/IRM human capital). More than half had responsibility for six additional areas (major government initiatives, systems acquisition, information collection/ paperwork reduction, records management, information dissemination, and privacy). Fewer than half were responsible for two areas (information disclosure and statistics). It was common for CIOs to share responsibility for certain functions, and in some cases responsibilities were assigned to other offices. For example, systems acquisition responsibility could be shared among the CIO and other officials, such as a procurement executive or program executive; disclosure could be assigned to general counsel and public affairs, while statistical policy could be assigned to offices that deal with the agency's data analysis. Nevertheless, even for areas of responsibility that were not assigned to CIOs, agency CIOs generally reported that they contributed to the successful execution of the agency's overall responsibilities in that area. In carrying out their responsibilities, CIOs generally reported to their agency heads. For 19 of the agencies in our review, the CIOs stated that they had this reporting relationship. In the other 8 agencies, the CIOs stated that they reported instead to another senior official, such as a deputy secretary, under secretary, or assistant secretary. In addition, 8 of the 19 CIOs who said they had a direct reporting relationship with the agency head noted that they also reported to another senior executive, usually the deputy secretary or under secretary for management, on an operational basis. According to members of our Executive Council on Information Management and Technology, what is most critical is for the CIO to report to a top level official. TENURE AND BACKGROUNDS OF CIOS Federal CIOs often remained in their positions for less than the length of time that some experts consider necessary for them to be effective and implement changes. At the departments and agencies included in our review, the median time in the position of permanent CIOs whose time in office had been completed was about 23 months. For career CIOs, the median was 32 months; the median for political appointees was 19 months. To the question of how long a CIO needed to stay in office to be effective, the most common response of the CIOs (and former agency IT executives whom we consulted) was 3 to 5 years. Between February 10, 1996, and March 1, 2004, only about 35 percent of the permanent CIOs who had completed their time in office reportedly had stayed in office for a minimum of 3 years. The gap between actual time in office and the time needed to be effective is consistent with the view of many agency CIOs that the turnover rate was high, and that this rate was influenced by the political environment, the pay differentials between the public and private sectors, and the challenges that CIOs face. In contrast, the CIOs at the 27 agencies were generally helped in carrying out their responsibilities by the background and experience they brought to the job. The background of the CIOs varied in that they had previously worked in the government, the private sector, or academia, and they had a mix of technical and management experience. However, virtually all had work experience or educational backgrounds in IT or IT-related fields; 12 agency CIOs had previously served in a CIO or deputy CIO capacity. Moreover, most of them had business knowledge related to their agencies because they had previously worked at the agency or had worked in an area related to the agency's mission. SUCCESS FACTORS AND CHALLENGES OF CIOS To allow CIOs to serve effectively in the key leadership role envisioned by the Congress, federal agencies should use the full potential of CIOs as information and technology management leaders and active participants in the development of the agency's strategic plans and policies. The CIOs, in turn, must meet the challenges of building credible organizations and developing and organizing information and technology management capabilities to meet mission needs. In February 2001, we issued guidance on the effective use of CIOs, which describes the following three factors as key contributors to CIO success: <bullet> Supportive senior executives embrace the central role of technology in accomplishing mission objectives and include the CIO as a full participant in senior executive decision making. <bullet> Effective CIOs have legitimate and influential roles in leading top managers to apply IT to business problems and needs. Placement of the position at an executive management level in the organization is important, but in addition, effective CIOs earn credibility and produce results by establishing effective working relationships with business unit heads. <bullet> Successful CIOs structure their organizations in ways that reflect a clear understanding of business and mission needs. Along with knowledge of business processes, market trends, internal legacy structures, and available IT skills, this understanding is necessary to ensure that the CIO's office is aligned to best serve agency needs. The CIO study that we reported on in July 2004 also provides information on the major challenges that federal CIOs face in fulfilling their duties. In particular, CIOs view IT governance processes, funding, and human capital as critical to their success, as indicated by two challenges that were cited by over 80 percent of the CIOs: implementing effective information technology management and obtaining sufficient and relevant resources. EFFECTIVE IT MANAGEMENT Leading organizations execute their information technology management responsibilities reliably and efficiently. A little over 80 percent of the CIOs reported that they faced one or more challenges related to implementing effective IT management practices at their agencies. This is not surprising given that, as we have previously reported, the government has not always successfully executed the IT management areas that were most frequently cited as challenges by the CIOs-information security, enterprise architecture, investment management, and e-gov. SUFFICIENT AND RELEVANT RESOURCES One key element in ensuring an agency's information and technology success is having adequate resources. Virtually all agency CIOs cited resources, both in dollars and staff, as major challenges. The funding issues cited generally concerned the development and implementation of agency IT budgets and whether certain IT projects, programs, or operations were being adequately funded. We have previously reported that the way agency initiatives are originated can create funding challenges that are not found in the private sector. For example, certain information systems may be mandated or legislated, so the agency does not have the flexibility to decide whether to pursue them. Additionally, there is a great deal of uncertainty about the funding levels that may be available from year to year. The government also faces long-standing and widely recognized challenges in maintaining a high-quality IT workforce. In 1994 and 2001, we reported on the importance that leading organizations placed on malting sure they had the right mix of skills in their IT workforce. About 70 percent of the agency CIOs reported on a number of substantial IT human capital challenges, including, in some cases, the need for additional staff. Other challenges included recruiting, retention, training and development, and succession planning. In addition, two other commonly cited challenges were communicating and collaborating (both internally and externally) and managing change. COMMUNICATING AND COLLABORATING Our prior work has shown the importance of communication and collaboration, both within an agency and with its external partners. For example, one of the critical success factors we identified in our guide focuses on the CIO's ability to establish his or her organization as a central player in the enterprise. Ten agency CIOs reported that communication and collaboration were challenges. Examples of internal communication and collaboration challenges included: (1) cultivating, nurturing, and maintaining partnerships and alliances while producing results in the best interest of the enterprise; and (2) establishing supporting governance structures that ensure two-way communication with the agency head and effective communication with the business part of the organization and component entities. Other CIOs cited activities associated with communicating and collaborating with outside entities as challenges, including sharing information with partners and influencing the Congress and OMB. MANAGING CHANGE Top leadership involvement and clear lines of accountability for making management improvements are critical to overcoming an organization's natural resistance to change, marshaling the resources needed to improve management, and building and maintaining organization-wide commitment to new ways of doing business. Some CIOs reported challenges associated with implementing both changes originating from their own initiative and changes from outside forces. Implementing major IT changes can involve not only technical risks but also non-technical risks, such as those associated with people and the organization's culture. Six CIOs cited dealing with the government's culture and bureaucracy as challenges to implementing change. Former agency IT executives also cited the need for cultural changes as a major challenge facing CIOs. Accordingly, in order to effectively implement change, it is important that CIOs build understanding, commitment, and support among those who will be affected by the change. Effectively tackling these reported challenges can improve the likelihood of a CIO's success. Until these challenges are overcome, federal agencies are unlikely to optimize their use of information and technology, which can affect an organization's ability to effectively and efficiently implement its programs and missions. The CIO Position in the Private Sector Has Similarities to the Federal CIO Position. In September 2005, we reported the results of our study of CIOs at leading private-sector organizations, in which we described the CIOs' responsibilities and major challenges, as well as private-sector approaches to information and technology governance. The set of responsibilities assigned to CIOs in the private sector were similar to those in the federal sector. In most areas, there was little difference between the private and federal sectors in the percentage of CIOs who had or shared a particular responsibility. In 4 of the 12 areas--enterprise architecture, strategic planning, information collection, and information dissemination and disclosure-- the difference between the private- and federal-sector CIOs was greater; in each case, fewer CIOs in the private sector had these responsibilities. In all, the six functions least likely to be the CIO's responsibility in the federal sector were equivalent to the five functions least likely to be his or her responsibility in the private sector. Some of the federal CIOs functions, such as information collection and statistical policy, did not map directly to the management areas in several of the private-sector organizations we contacted. Figure 1 compares federal and private-sector CIO responsibilities for the 12 areas, showing the percentage of CIOs who had or shared responsibility for each area. FIGURE 1: COMPARISON OF THE EXTENT TO WHICH PRIVATE-SECTOR AND FEDERAL CIOS ARE RESPONSIBLE FOR MANAGEMENT AREAS. Federal CIOs Private CIOs. Source: W. Among the private-sector CIOs, it was common to share responsibility with either business units or corporate functional areas; these sharing relationships accounted for almost a third of all responses. Among federal CIOs, the sharing of responsibility was not described in as many areas. CHALLENGES IDENTIFIED BY PRIVATE-SECTOR CIOS Approximately half of all the private-sector CIOs described four major challenges: <bullet> Aligning IT with business goals was cited by 11 of the CIOs. This challenge requires the CIOs to develop IT plans to support their companies' business objectives. In many cases this entails cross- organization coordination and collaboration. <bullet> Implementing new enterprise technologies (e.g., radio frequency identification, enterprise resource planning systems, and customer relationship management systems) was cited by 8 of the CIOs. This challenge requires the broad coordination of business and corporate units. <bullet> Controlling IT costs and increasing efficiencies was cited by 9 of the CIOs. Several CIOs explained that by controlling costs and providing the wane or better service at lower cost, they are able to contribute to their companies' bottom lines. A few CIOs also said that they generate resources for new investments out of the resources freed up by cost savings. <bullet> Ensuring data security and integrity was cited by 9 of the CIOs. Closely associated with this challenge was ensuring the privacy of data, which was raised by 6 CIOs. Additional management challenges commonly raised by the private- sector CIOs included: <bullet> developing IT leadership and skills (7), <bullet> managing vendors, including outsourcing (7), <bullet> improving internal customer satisfaction (5). Additional technical challenges commonly raised by the private- sector CIOs included: <bullet> implementing customer service/customer relationship management (CRM) systems (7), <bullet> identifying opportunities to leverage new technology (6), <bullet> integrating and enhancing systems and processes (5), and <bullet> rationalizing IT architecture (5). The challenges mentioned by the private-sector CIOs overlapped with those mentioned by Federal CIOs in our previous study. Improving various IT management processes was mentioned by several private-sector CIOs (e.g., IT investment decision making) as well as by federal CIOs, as was developing IT leadership and skills. In technology-related areas, both private-sector and federal CIOs mentioned working with enterprise architectures and ensuring the security of systems as challenges. Although the challenges mentioned by private-sector CIOs resembled those mentioned by federal CIOs, there were a few differences. Private-sector CIOs mentioned challenges related to increasing IT's contribution to the bottom line--such as controlling costs, increasing efficiencies, and using technology to improve business processes--while federal CIOs tended to mention overcoming organizational barriers and obtaining sufficient resources. IT GOVERNANCE IN THE PRIVATE SECTOR When asked to describe how the governance of information management and technology is carried out in their companies, 16 of the 20 private- sector companies told us that they had an executive committee with the authority and responsibility for governing major IT investments. As part of the governance of IT assets in their companies, nine of the CIOs said that they shared responsibility for IT investment management and that their involvement ranged from providing strong leadership to reviewing plans to ensure that they complied with corporate standards. Many of the private-sector CIOs were actively working to increase coordination among business units to enhance their governance process. Seven of the CIOs described efforts under way to implement enterprise- wide financial and supply chain systems, which will move the companies to common business processes. Six CIOs also described using cross- organizational teams (sometimes called centers of excellence), which drive these broad collaborative efforts and others, such as the establishment of standards and common practices. With regard to the governance of the development of new systems, many of the private-sector CIOs described a process in which they collaborated closely with business units and corporate functional units in planning and developing systems to meet specific needs. The extent of the CIOs' involvement ranged from providing strong leadership and carrying out most activities to reviewing the other components' plans to ensure that they complied with corporate standards. With regard to sharing authority for decisions on the management of IT assets, several CIOs spoke of balancing between centralization and decentralization of authority and described their efforts to move between the two extremes to find the right balance. The appropriate balance depended on other events occurring in the companies, such as major strategic realignments or acquisitions. For example, one CIO described his current evolution from a relatively decentralized structure--an artifact of a major effort to enable growth in the corporation--to a more centralized structure in order to reduce costs and drive profits. ROLES AND RESPONSIBILITIES OF THE CIO POSITION AT VA HAVE EVOLVED OVER TIME Since enactment of the Clinger-Cohen Act in 1996, the roles and responsibilities of VA's Chief Information Officer have evolved. From lacking a CIO entirely, the department has taken steps to address the challenges posed by its multiple widespread components and its decentralized information technology and services. In June 1998, VA assigned CIO responsibility to a top manager. However, we reported in July 1998 that the person holding the CIO position at VA had multiple additional major responsibilities, as this person also served as Assistant Secretary for Management, Chief Financial Officer, and Deputy Assistant Secretary for Budget. According to the Act, the CIO's primary responsibility should be information and technology management. Noting that VA's structure was decentralized, its IT budget was large, and its CIO faced serious information and technology management issues, we recommended that the Secretary appoint a CIO with full-time responsibilities for IRM. Concurring with the recommendation, VA established the position of Assistant Secretary for Information and Technology to serve as its CIO. As of May 2000, however, the position of Assistant Secretary for Information and Technology was vacant, and as we reported at the time, it had been unfilled since its creation in 1998. The Secretary then created and filled the position of Principal Deputy Assistant Secretary for Information and Technology, designating that person as VA's acting CIO until an Assistant Secretary could be appointed. The Secretary also realigned IRM functions within VA under this position, which reported directly to the Secretary. As we reported, the Principal Deputy Assistant Secretary was involved in IT planning issues across the department. In addition to advising the Secretary on IT issues, he served as chair of the department's CIO Council and as a member of the department's Capital Investment Board, and he worked with the CIOs in VBA and VHA (at the time, NCA had no CIO). According to this official, one of his priorities was to ensure that IT activities in VBA and VHA were in concert with VA's department-wide efforts. In August 2001, VA filled the CIO position. In March 2002, we testified that this hiring was one of the important strides that the Secretary of Veterans Affairs had made to improve the department's IT leadership and management, along with malting a commitment to reform the department's use of IT. On June 29, 2003, the CIO retired after a tenure of almost 2 years (about the median length of tenure for federal CIOs, as discussed above); the current CIO was confirmed in January 2004. Figure 1 is a time line showing the history of the CIO position at VA since the passage of the Clinger-Cohen Act. [GRAPHIC] [TIFF OMITTED] T5790.042 VA PROPOSED TO REALIGN ITS IT ORGANIZATION IN RESPONSE TO IT MANAGEMENT CHALLENGES Our prior work highlighted some of the challenges that the CIO faced as a result of the way the department was organized to carry out its IT mission. Among these challenges was that information systems and services were highly decentralized, and the VA administrations and staff offices controlled a majority of the department's IT budget. For example, in VA's information technology budget for fiscal year 2002 of approximately $1.25 billion, YHA controlled about $1.02 billion (over 80 percent), whereas the department level controlled about $60.2 million (less than 5 percent). In addition, we noted that there was neither direct nor indirect reporting to VA's cyber security officer--the department's senior security official--thus raising questions about this person's ability to enforce compliance with security policies and procedures and ensure accountability for actions taken throughout the department. The more than 600 information security officers in VA's three administrations and its many medical facilities throughout the country were responsible for ensuring the department's information security, although they reported only to their facility's director or to the chief information officer of their administration. Given the large annual funding base and decentralized management structure, we testified that it was crucial for the departmental CIO to ensure that well-established and integrated processes for leading, managing, and controlling investments are commonplace and followed throughout the department. This is consistent with the finding in our CIO review that implementation of IT management practices was a challenge; over half of federal CIOs identified IT investment management specifically. Recognizing weaknesses in accountability for the department's IT resources and the need to reorganize IT management and financing, the Secretary announced a realignment of the department's IT operations in a memorandum dated August 2002. According to the memorandum, the realignment would centralize IT functions, programs, workforce personnel, and funding into the office of the department-level CIO. In particular, several significant changes were described: <bullet> The CIOs in each of the three administrations-VHA, VBA, and NCA--were to be designated deputy CIOs and were to report directly to the department-level CIO. Previously, these officials served as component-level CIOs who reported only to their respective administrations under secretaries. <bullet> All administration-level cyber security functions were to be consolidated under the department's cyber security office, and all monies earmarked by VA for these functions were to be placed under the authority of the cyber security officer. Information security officers previously assigned to VHA's 21 veterans integrated service network would report directly to the cyber security officer, thus extending the responsibilities of the cyber security office to the field. Beginning in fiscal year 2003, the department level CIO would assume executive authority over VA's IT funding. In September 2002, we testified that in pursuing these reforms, the Secretary demonstrated the significance of establishing an effective management structure for building credibility in the way IT is used, and took a significant step toward achieving a ``One VA'' vision. The Secretary's initiative was also a bold and innovative step by the department--one that has been undertaken by few other federal agencies. For example, of 17 agencies contacted in 2002, 8 reported having component level CIOs, none of which reported to the department level CIO. Only one agency with component-level CIOs reported that its department-level CIO had authority over all IT funding. We also noted that the CIO's success in managing IT operations under the realignment would hinge on effective collaboration with business counterparts to guide IT solutions that meet mission needs, and we pointed out the importance of the three key contributors to CIO success described in our 2001 guidance (discussed earlier). Although we have not reviewed the current status of this proposed realignment or VA's current organizational structure, it remains our view that the proposed realignment held promise for building a more solid foundation for investing in and improving the department's accountability over IT resources. Specifically, under the realignment the CIO would assume budget authority over all IT funding, including authority to veto proposals submitted from sub-department levels. This could have a significant effect on VA's accountability for how components are spending money. To sum up, the CIO plays a vital role in ensuring that VA's funds are well spent and in managing information technology to serve our nation's veterans. In our view, the realignment of VA's IT organization proposed in 2002 held promise for improving accountability and enabling the department to accomplish its mission. The additional oversight afforded the CIO could have a significant impact on the department's ability to more effectively account for and manage its proposed $2.1 billion in planned IT spending. Mr. Chairman, this concludes my statement. I would be pleased to respond to any questions that you or other Members of this Committee may have at this time. Chairman Craig. Thank you very much, Linda. Paul, you stated in your testimony that the CIO should not delegate enterprise level planning, authorization or resourcing responsibilities, and that the CIO should report to the organization's most senior officer. Can you cite an example of another government entity with whom ITAA organizations have contracted, that from your vantage point, have achieved this organizational structure, and how has that led to a successful IT strategy? Mr. Wohlleben. Mr. Chairman, I do not believe that I can cite a single large department that has achieved all aspects of that. There are some small independent agencies that I think have moved in the direction where the CIO is charged, responsible, and executes against all of those. By the same token, I have not pursued a study of all of those organizations. I am sort of speaking from an ad hoc basis. Chairman Craig. All right. Also in your testimony you stated that the IT business process must originate from the top down. VA, however, believes that much of the credit for its success in electronic health records is directly due to some very decentralized initiatives. Do you believe that there is an appropriate balance to be struck between planning, authorization, resourcing and implementation of a macro-program level, and less centralization at a micro-project level? In short, should VA vest total control in its CIO? Mr. Wohlleben. My experience with Government organizations in general--and I would prefer not to speak to VA specifically because I do not claim to be an expert on their internal culture--but in general, our position at ITAA is that the planning that involves the vision and the strategy needs to be centrally controlled and that should be a duty of the CIO. That involves the control of the strategy and the budgeting and resourcing of that strategy in terms of execution plans. Depending on the nature of an organization and its mission, the execution of that plan could be accomplished centrally or could be accomplished in a more decentralized approach where those responsibilities are delegated. If I could further explain that, where you have an organization that has, across the enterprise their mission is either the same or has attributes of a common mission, the centralized model is one that can be executed. Where you have missions that differ, where people at the local level who are executing that mission understand how you carry out that mission much better, it is imperative that those people be involved in the design of the systems that are going to support them. If they are not, our finding, and I believe the finding in both commercial and in Government sectors over time, has been that those systems are not able to be developed to meet those requirements of the people who are actually executing the work and carrying out the mission. Chairman Craig. Linda, your testimony has indicated that the average tenure of Federal CIOs is less than the length of time that any consider necessary to implement the policies that a CIO is expected to implement. VA is certainly no exception. With that said, should the Government expect CIOs to do less, or do we believe that there are any strategies the Government can implement to encourage CIOs to remain in their positions longer? Ms. Koontz. When we did our study on Federal CIOs that we issued in 2004, I think that we said the average tenure was around 23 months, which was about 2 years. CIOs at the same time said that staying in a position for about 3 to 5 years was really the amount of time that was needed in order to show any kind of results or to make an impact. Some of the major things that were cited in terms of the turnover by CIOs were the differences in salary between the private sector and the public sector, and also the scope of responsibilities that are involved in being a public sector CIO. We actually have some ongoing work looking at various governance models, and we are continuing to study the appropriate responsibilities for a CIO in a public setting. Chairman Craig. Most private sector companies authorize and govern major IT investments by executive committees, we are told, and I think you reference that also, Paul. The Federal Government is not a private sector corporation. Still, do you believe the Government should consider management of large IT investments through the use of an executive committee, and do you think this could help our continuity efforts, given that different committee members may stay with Government employment for longer tenures than the average CIO? I mean in examining this, has that been a part of your consideration? Ms. Koontz. Yes, that has clearly been part of our consideration. When we talk about an executive committee responsible for overseeing IT investments, I think what we are talking about is having some kind of IT investment process. What we have noted from our studies is that, just as my colleague here mentioned in his testimony, that developing systems is a collaborative process, and both the CIOs and the business units need to be involved. Bringing together the executives who all have a stake in this, including the CIO, to make decisions about investments, is very, very important. If you have a strong investment process in place, I think it actually transcends changes in individual personnel or even maybe changes in administrations that take place because you have a strong process for bringing the right people to the table. One feature that we think is critical though in an investment management process is that the CIO have veto power over proposed investments, and the reason is, is that in that way the CIO can ensure that any proposed projects that are brought to him by the administrations or that are centrally proposed, fit with the enterprise architecture and they meet the various network and other standards that are in place, and that they meet security requirements. He uses an enterprise architecture in order to ensure that there is an enterprise approach, and that systems are not duplicative, but they are integrated. So, yes, that is a feature that is important in both the private and the public sectors, and can help any organization do more effective IT management. Chairman Craig. Paul, any comments on that question? Mr. Wohlleben. I would agree, Mr. Chairman. The way I would describe the introduction of the enterprise architecture into an organization and the utility, the enterprise architecture, if agreed to by the senior leadership team as capturing the intended business processes and the use of technology that the organization is moving towards, it gives the CIO and whatever governance committee is being used to look at IT investments, something to compare the investments, and gives them a very, very strong tool to enforce compliance to a blueprint to move to the future, or to veto investments that are not in compliance, and it is a tool that is just now coming onto the scene in the Federal Government, but maturing to the point where it is useful. Chairman Craig. We have a unique challenge here in transitioning government into the 21st century, gaining the efficiencies that we see in the private sector in these areas, and still sustaining core missions as attended. Even with executive committees, the reality of the politics involved when you have an executive committee of 575 Members of the United States Congress---- [Laughter.] Chairman Craig. Yet, I would suggest in all of that frustration the absolute need for continuance, continuity and all of that for the sake of those who these agencies serve, but also the efficiency of the resources that are employed in these agencies. We appreciate your testimony, and we will more than likely be back, ask you to revisit this along the way, as we stay in tune with what the VA is doing. We are not going to say ``attempting to do,'' but ``will be doing'' to get the kind of changes necessary, and the evolution of the culture to where it is most efficient. Thank you all very much for being with us today, and the committee will stand adjourned. [Whereupon, at 11:40 a.m., the committee was adjourned.] A P P E N D I X ---------- [GRAPHIC] [TIFF OMITTED] T5790.001 [GRAPHIC] [TIFF OMITTED] T5790.002 [GRAPHIC] [TIFF OMITTED] T5790.003 [GRAPHIC] [TIFF OMITTED] T5790.004 [GRAPHIC] [TIFF OMITTED] T5790.005 [GRAPHIC] [TIFF OMITTED] T5790.006 [GRAPHIC] [TIFF OMITTED] T5790.007 [GRAPHIC] [TIFF OMITTED] T5790.008 [GRAPHIC] [TIFF OMITTED] T5790.009 [GRAPHIC] [TIFF OMITTED] T5790.010 [GRAPHIC] [TIFF OMITTED] T5790.011 [GRAPHIC] [TIFF OMITTED] T5790.012 [GRAPHIC] [TIFF OMITTED] T5790.013 [GRAPHIC] [TIFF OMITTED] T5790.014 [GRAPHIC] [TIFF OMITTED] T5790.015 [GRAPHIC] [TIFF OMITTED] T5790.016 [GRAPHIC] [TIFF OMITTED] T5790.017 [GRAPHIC] [TIFF OMITTED] T5790.018 [GRAPHIC] [TIFF OMITTED] T5790.019 [GRAPHIC] [TIFF OMITTED] T5790.020 [GRAPHIC] [TIFF OMITTED] T5790.021 [GRAPHIC] [TIFF OMITTED] T5790.022 [GRAPHIC] [TIFF OMITTED] T5790.023 [GRAPHIC] [TIFF OMITTED] T5790.024 [GRAPHIC] [TIFF OMITTED] T5790.025 [GRAPHIC] [TIFF OMITTED] T5790.026 [GRAPHIC] [TIFF OMITTED] T5790.027 [GRAPHIC] [TIFF OMITTED] T5790.028 [GRAPHIC] [TIFF OMITTED] T5790.029 [GRAPHIC] [TIFF OMITTED] T5790.030 [GRAPHIC] [TIFF OMITTED] T5790.031 [GRAPHIC] [TIFF OMITTED] T5790.032 [GRAPHIC] [TIFF OMITTED] T5790.033 [GRAPHIC] [TIFF OMITTED] T5790.034 [GRAPHIC] [TIFF OMITTED] T5790.035 [GRAPHIC] [TIFF OMITTED] T5790.036 [GRAPHIC] [TIFF OMITTED] T5790.037 [GRAPHIC] [TIFF OMITTED] T5790.038 [GRAPHIC] [TIFF OMITTED] T5790.039 [GRAPHIC] [TIFF OMITTED] T5790.040 [GRAPHIC] [TIFF OMITTED] T5790.041 <all>