Summary

The Department of Veterans Affairs (VA) has proposed a $1.4 billion information technology program. GAO reported in 1998 that VA had not fully implemented key provisions of the Clinger-Cohen Act and related information technology reforms. This testimony discusses (1) VA's efforts to address GAO's 1998 recommendations, (2) VA's efforts to develop and implement a Master Veteran Record, (3) the Veterans Benefits Administration's actions to modernize its information systems, and (4) the Veterans Health Administration's actions to implement its Decision Support System. GAO also discusses the steps that VA has taken to improve computer security throughout the agency.

GAO noted that: (1) VA has made progress in addressing GAO's 1998 recommendations; (2) for example, compared with its fiscal year (FY) 1999 IT investment review process, VA's FY 2001 process provided decisionmakers with more detailed information on proposed projects; (3) however, the department has yet to fill the position of assistant secretary for information and technology, created in June 1998 and intended to serve as VA's chief information officer; (4) it also has not developed an overall strategy for reengineering its business processes to effectively function as "One VA," a vision VA has articulated, nor has it defined the integrated IT architecture needed to efficiently acquire and utilize information systems across VA; (5) VA likewise faces challenges in developing and implementing a MVR, the Veterans Service Network (VETSNET), and the Decision Support System (DSS); (6) its MVR has not been implemented by the Veterans Benefits Administration's (VBA) compensation and pension service line, although this project could help reduce overpayments through faster receipt of death notices; (7) VBA's VETSNET project has experienced many schedule delays, and VBA has not yet established a completion date for it; (8) the Veterans Health Administration's (VHA) DSS, while completed, is not being fully used by VHA for the purposes intended, including budget formulation and resource allocation; (9) regarding computer security, VA has begun to address weaknesses identified by GAO and by its Office of the Inspector General; and (10) it still needs to complete guidance on assessing VA's security risks and must develop appropriate policies and controls for accessing its computer systems.