recommended reading

IG: VA has widespread problems with management of IT projects

The Veterans Affairs Department faces systemic problems in managing and executing complex information technology projects, according to a new report from the VA inspector general.

The report focused on the failure of one key project, a $167 million program to develop a patient scheduling system for VA hospitals, begun in 2000 and put on hold earlier this year by Roger Baker, the department's new chief information officer.

Mounting problems with the replacement scheduling application led the VA Office of Information and Technology in 2008 to ask the Navy's Space and Naval Warfare Systems Command (SPAWAR) for help on engineering and application development under a 2007 interagency agreement. But the IG concluded, "We do not believe this to be a viable solution because our review of the SPAWAR contract found that most of the work was being performed by contractors, not SPAWAR government employees."

The IG identified four 2008 task orders from Veterans Affairs to SPAWAR for work on the replacement scheduling application, but said in its report that "VA was unable to determine exactly what work was to be performed on or relating to [the replacement scheduling application] by SPAWAR, what deliverables were required under the [statements of work], or which VA personnel were monitoring or tracking the work."

When the inspector general asked the current but unnamed RSA program manager to identify the work SPAWAR was supposed to do under those contracts, he said, "I have not been able to locate anything regarding these four SOWs. The first and last were not technically assigned to RSA, but were created to support RSA and HealtheVet from other parts of the organization. I have not received a copy of them and the person who created them is now gone."

According to the IG, the department's lack of supervision over the work performed on the replacement scheduling application is consistent with findings from a June report concluding VA "relinquished oversight" of information technology work to SPAWAR.

In March, VA awarded an $11 million contract to CACI Inc. to "support all operational and technical requirements associated with the systemic analysis planning, and budgeting, and execution of IT investments," according to a letter from Sen. Richard Burr, R-N.C., the ranking member of the Senate Veterans Affairs Committee to the IG. In the letter Burr asked, "Why does VA appear not to have the capability to manage these projects internally?"

Though CACI issued a press release on the award, the IG said no one in the department's Office of Acquisition and Logistics had "knowledge of any contract meeting that description."

The VA Office of Information and Technology told the inspector general that the $11 million contract with CACI was awarded through the General Services Administration. But the report noted that evidence of the transaction was lacking. "No one in VA had a copy of the task order issued by GSA, only a statement of work, which may or may not have been the statement of work included in the contract," said the report.

The IG said a spreadsheet the Office of Information and Technology maintains showed that since 2007 GSA has awarded at least 68 contracts valued at more than $77 million for services including software licenses. But, the inspector general said, "There is essentially no visibility within VA over these procurements. VA appears to merely fund the contracts through GSA."

CIO Baker launched a program to tightly manage IT projects. "This new rigorous approach to IT proactively manages projects, provides frequent delivery milestones and enforces aggressive oversight," the department said in response to the IG report.

Ed Meagher, a former deputy CIO at VA and director of strategy for health affairs at contractor SRA International, said the inspector general's report highlighted the very difficult job that lies ahead for Baker and his team. "There are no easy or quick fixes to the issues raised by the RSA debacle," Meagher added.

Harold Gracey, a consultant with Vienna, Va.-based Topside Consulting who served as VA chief of staff from 1994 to 1998, agreed that Baker has a daunting task, but believes he is the person who can straighten out the department's IT department.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.