US Veterans Affairs department didn't check with CIO for 39% of IT projects

The US Department of Veterans Affairs (VA) signed 39 percent of its IT contracts – representing billions of dollars in spending – without the approval of the chief information officer (CIO) between 2018 and 2021.

The federal government department, which is responsible for providing lifelong healthcare services to eligible military veterans, spent around $21.7 billion over the period. For 2023, the $5.78 billion budget includes about $142 million for systems development, $4.15 billion for maintaining IT operations, and $1.49 billion for pay and associated costs.

Under the Federal Information Technology Acquisition Reform Act (FITARA), enacted in 2014, VA's CIO should be fully accountable for IT acquisition and management decisions. CIO oversight helps ensure that IT acquisitions aren't poorly planned or duplicative.

However, research from the Government Accountability Office (GAO) released late last week shows VA awarded 11,644 new contract actions categorized as IT between March 2018 and the end of fiscal 2021. VA did not provide evidence of CIO approval for 4,513 of them.

A closer inspection of 26 IT contract awards from fiscal 2021 showed that 14 did not have CIO approval. Of those, 13 were managed by offices that did not specialize in IT.

"The lack of visibility into the procurement of much of VA's IT assets and activities constrained the CIO's opportunity to provide input on current and planned IT acquisitions. This, in turn, could result in awarding duplicative or poorly conceived contracts," said Carol Harris, GAO director for information technology and cybersecurity issues, in a letter to the department.

While acknowledging that VA had taken steps to "establish a process for reviewing IT and IT-related assets and activities," the report said gaps remained that continue to "obscure the complete view of IT investments throughout the department."

• Ellison's healthcare obsession carries risks for Oracle
• Oracle, Microsoft barely compete for a quarter of their US Federal contracts
• Oracle engineering exec quits after tryst with health division
• Oracle's Larry Ellison shares fears of bankrupting Western civilization with healthcare

"As such, while many IT acquisitions have been appropriately examined in the last four years according to VA's FITARA approval process, the department falls short of demonstrating that the CIO has reviewed all IT assets and activities," the report [PDF] said.

The report said the reason for the shortfall was down to contracting offices omitting or failing to identify acquisitions that needed to comply with the department's FITARA review requirements.

"An automated check or other automated control could facilitate compliance and remind contracting officers of VA's FITARA approval requirements," the report said.

It said the Secretary of VA, currently Denis McDonough, should direct the CIO and chief acquisition officer of the department to implement such controls.

VA's trouble with IT projects extends beyond their approval. Computer errors following the go-live of a new Oracle Cerner electronic health records system harmed nearly 150 patients at the Mann-Grandstaff VA Medical Center in Spokane, Washington, a US Senate Committee on Veterans' Affairs heard last year.

It has since announced it would halt all new deployments of the software in its hospitals until June 2023. ®