A new Government Accountability Office report found that the Department of Veterans Affairs isn’t always including its CIO in tech procurements, as required by the FITARA.
The Department of Veterans Affairs has “gaps” in its process meant to loop its chief information officer in to review tech procurements, leaving some tech contracts without CIO approval as required by the Federal Information Technology Acquisition Reform Act, or FITARA, the Government Accountability Office wrote in a new report released Thursday.
“While many IT acquisitions have been appropriately examined in the last four years according to VA’s FITARA approval process, the department falls short of demonstrating that the CIO has reviewed all IT assets and activities,” the report said.
FITARA, a 2014 law that overhauled federal IT, boosted CIO authorities in agencies and required agencies' CIOs to review and approve major IT contracts before they’re awarded.
Specifically, the VA’s discrepancy is because contracting offices might be omitting or misidentifying acquisitions that need to be reviewed by the department’s chief information officer, the report states.
GAO found 39% of 11,644 new contract actions between March 2018 and September 2021, totalling $661.4 million in obligations, didn’t have evidence of a CIO approval.
This isn’t the first time oversight bodies have taken issue with the CIO approval process in acquisitions at the VA.
The VA switched to a new tracking system in March 2018 meant to expand the CIO’s access to IT acquisitions and streamline the approval process following a January 2018 GAO report that found the department lacked a procedure to meet FITARA requirements regarding CIO involvement.
A 2020 VA inspector general report found that the CIO didn’t review about 70% of IT acquisitions in a 2017-2018 timeframe.
More recently, GAO reviewed 26 contracts from fiscal 2021 more closely and found that 14 lacked documentation of a CIO approval. Of those, 13 were managed by contracting offices not focused on IT, according to the report.
GAO recommended an automated check or approval to make sure that tech and IT-related assets and activities are identified in the FITARA process. The report states that current contract systems don’t have data checks to make sure that contracting offers are going through the FITARA approval process by reminding them of approval requirements.
“Without an automated check or control to ensure contracting officer compliance, it is likely that there will continue to be IT procurements that will not be routed for CIO review, particularly for non-IT contracting offices,” the report said.
Tanya Bradsher, chief of staff at the VA, wrote in a response that the department concurs with the recommendation and is considering proposed actions including an internal review of VA FITARA processes or adding automated controls into the VA’s purchase request system to ensure that necessary FITARA approvals get done.
“Full visibility into the procurement of VA’s IT assets and activities will help to ensure that the CIO is able to provide input on current and planned IT acquisitions,” the report said. “Without this visibility, VA may award IT contracts that are duplicative or poorly conceived.”