Summary: In March of this year, GAO testified before the House Subcommittee on Oversight and Investigations, Committee on Veterans' Affairs, about the Department of Veterans Affairs' (VA) information technology (IT) program, and the strides that the Secretary had made in improving departmental leadership and management of this critical area--including the hiring of a chief information officer. At the Subcommittee's request, GAO evaluated VA's new IT organizational structure, and provided an update on VA's progress in addressing other specific areas of IT concern and our related recommendations pertaining to enterprise architecture, information security, the Veterans Benefits Administration's replacement compensation and pension payment system and maintenance of the Benefits Delivery Network, and the government computer-based patient record initiative.
Since our March testimony, VA has made important progress in its overall management of information technology. For example, the Secretary's decision to centralize IT functions, programs, and funding under the department-level CIO holds great promise for improving the accountability and management of IT spending--currently over $1 billion per year. But in this as well as the other areas of prior weakness, the strength of VA's leadership and continued management commitment to achieving improvements will ultimately determine the department's degree of success. As for its progress in other areas includes: enterprise architecture: the Secretary recently approved the initial, "as is" version of this blueprint for evolving its information systems, focused on defining the department's current environment for selected business functions. VA still, however, needs to select a permanent chief architect and establish a program office to facilitate, manage, and advance this effort. Information security: steps have been taken that should help provide a more solid foundation for detecting, reporting, and responding to security incidents. Nonetheless, the department has not yet fully implemented a comprehensive computer security management program that includes a process for routinely monitoring and evaluating the effectiveness of security policies and controls, acting to address identified vulnerabilities. Compensation and pension payment system: while some actions have been taken, after more than 6 years, full implementation of this system is not envisioned before 2005; this means that the 3.5 million payments that VA makes each month will continue to depend on its present, aging system. Government computer-based patient record initiative: VA and the Department of Defense have reported some progress in achieving the capability to share patient health care data under this program. Since March, the agencies have formally re named the initiative the Federal Health Information Exchange and have begun implementing a more narrowly defined strategy involving a one-way information transfer from Defense to VA; a two-way exchange is planned by 2005.
