STATEMENT OF
BELINDA J. FINN
ASSISTANT INSPECTOR GENERAL FOR AUDITS AND EVALUATIONS
OFFICE OF INSPECTOR GENERAL
DEPARTMENT OF VETERANS AFFAIRS
BEFORE THE
COMMITTEE ON VETERANS’ AFFAIRS
UNITED STATES SENATE
HEARING ON
“VA’S IT PROGRAM–LOOKING AHEAD”
OCTOBER 6, 2010
Mr. Chairman and Members of the Committee, thank you for the opportunity to discuss the Office of Inspector General’s (OIG) findings regarding VA’s management of its information technology (IT) projects.  I am accompanied today by Mr. Mario Carbone, Director, Dallas Office of Audits and Evaluations, Office of Inspector General.

Background
The use of IT is critical to VA providing a range of benefits and services to veterans, from medical care to compensation and pensions.  If managed effectively, IT capital investments can significantly enhance operations to support the delivery of VA benefits and services.

However, when VA does not properly plan and manage its IT investments, they can become costly, risky, and counterproductive.  As we have reported, IT management at VA is a longstanding high-risk area.  Historically, VA has experienced significant challenges in managing its IT investments, including cost overruns, schedule slippages, performance problems, and in some cases, complete project failures.  Some of VA’s most costly failures have involved management of major IT system development projects awarded to contractor organizations.

My statement today focuses on the results of our audits of the Department’s management of its IT projects over recent years.  In summarizing this work, I will highlight initial insights regarding VA’s IT governance structure and process and discuss some key themes that reoccur in VA’s IT system developments.

IT Governance Challenges
In 2009, we provided an overarching view of VA’s structure and process for IT investment management [Audit of VA’s Management of Information Technology Capital Investments (Report No. 08-02679-134, May 29, 2009)].  As part of the audit, we examined VA’s realignment of its IT program from a decentralized to a centralized management structure.  The realignment was to provide greater accountability and control over VA resources by centralizing IT operations under the management of the Chief Information Officer (CIO) and standardizing operations using new processes based on industry best practices—goals that have only partially been fulfilled. 

We reported that the ad hoc manner in which the Office of Information and Technology (OI&T) managed the realignment inadvertently resulted in an environment with inconsistent management controls and inadequate oversight.  Although we conducted this audit more than two years after VA centralized its IT program, senior OI&T officials were still working to develop policies and procedures needed to effectively manage IT investments in a centralized environment.  For example, OI&T had not clearly defined the roles of IT governance boards responsible for facilitating budget oversight and IT project management.  OI&T also had not established the governance board criteria needed to select, review, and assess IT projects.  OI&T does not expect to complete key elements of these new critical processes until FY 2011.

Further, in September 2009, we reported that VA needed to better manage its major IT development projects, valued at that time at over $3.4 billion, in a more disciplined and consistent manner [Audit of VA’s System Development Life Cycle Process (Report No. 09-01239-232, September 30, 2009)].  In general, we found that VA’s System Development Life Cycle (SDLC) processes were adequate and comparable to Federal standards.  However, OI&T did not communicate, comply with, or enforce its mandatory software development requirements.  OI&T did not ensure that required independent milestone reviews of VA’s IT projects were conducted to identify and address system development and implementation issues.  Once again, we attributed these management lapses to OI&T centralizing IT operations in an ad hoc manner, leaving little assurance that VA was making appropriate investment decisions and best use of available resources.  Moreover, VA increased the risk that its IT projects would not meet cost, schedule, and performance goals, adversely affecting VA’s ability to timely and adequately provide veterans health services and benefits.

These audits demonstrated that OI&T needed to implement effective centralized management controls over VA’s IT investments.  Specifically, we recommended that OI&T develop and issue a directive that communicated the mandatory requirements of VA’s SDLC process across the Department.  We also recommended that OI&T implement controls to conduct continuous monitoring and enforce disciplined performance and quality reviews of the major programs and projects in VA’s IT investment portfolio.  Although OI&T concurred with our recommendations and provided acceptable plans of actions, OI&T’s implementation of the corrective actions is not yet complete.

Project Management Shortfalls in Recent Years
Over the past two years, our audit work on several IT system development projects has identified themes as to why VA has continued to fall short in its IT project management.  These issues include inadequate project and contract management, staffing shortages, lack of guidance, and poor risk management--issues that have repeatedly hindered the success of IT major development projects undertaken by OI&T.

VA’s Replacement Scheduling Application (RSA)
In August 2009, we reported that the RSA project failed because of ineffective planning and oversight [Review of the Award and Administration of Task Orders Issued by the Department of Veterans Affairs for the Replacement Scheduling Application Development Program (Report No. 09-01926-207, August 26, 2009)].  RSA was a multi year project to replace the system the Veterans Health Administration used to schedule medical appointments for VA patients.  Lacking defined requirements, an IT architecture, and a properly executed acquisition plan, RSA was at significant risk of failure from the start.  We suggested that VA needed experienced personnel to plan and manage the development and implementation of complex IT projects effectively.  We also suggested that a system to monitor and identify problems affecting the progress of projects could support VA’s leadership in making effective and timely decisions to either redirect or terminate troubled projects. 

Financial and Logistics Integrated Technology Enterprise (FLITE)
In September 2005, VA began developing the FLITE program to address the longstanding need for an integrated financial management system.  As a successor to the failed Core Financial and Logistics System (CoreFLS), FLITE was a multi-year development effort comprised of three components: an Integrated Financial Accounting System (IFAS), Strategic Asset Management, and a Data Warehouse.  FLITE was intended to provide timely and accurate financial, logistics, and asset management information.  FLITE was also to resolve material weaknesses cited in the annual financial statement audit by integrating multiple systems and reducing manual accounting processes.  In the past year, we issued three reports identifying project management shortcomings that hindered VA’s efforts to accomplish the FLITE program’s stated goals.

Audit of FLITE Program Management’s Implementation of Lessons Learned
Our first report on FLITE determined that program managers did not fully incorporate lessons learned from the failed CoreFLS program to increase the probability of success in FLITE development [Audit of FLITE Program Management’s Implementation of Lessons Learned, (Report No. 09-01467-216, September 16, 2009)].  We found deficiencies similar to those identified in CoreFLS reviews also occurred within FLITE because program managers had not implemented a systematic process to address lessons learned.  For example, critical FLITE program functions were not fully staffed, non-FLITE expenditures were improperly funded through the FLITE program, and contract awards did not comply with competition requirements.  We recommended that FLITE program managers develop written procedures to manage and monitor lessons learned and expedite actions to ensure full staffing of the FLITE program. 

Audit of the FLITE Strategic Asset Management (SAM) Pilot Project
Our second report on the Strategic Asset Management (SAM) pilot project disclosed that FLITE program managers did not take well-timed actions to ensure VA achieved cost, schedule, and performance goals.  Further, the contractor did not provide acceptable deliverables in a timely manner [Audit of the FLITE Strategic Asset Management Pilot Project (Report No. 09-03861-238, September 14, 2010)].  Once again, we identified instances where FLITE program managers could have avoided mistakes by paying closer attention to lessons learned from the CoreFLS effort.

Specifically, FLITE program managers:
• Awarded a task order on April 21, 2009 to General Dynamics for implementation of the SAM pilot project, even though the FLITE program suffered from a known shortage of legacy system programmers critical to integration efforts required to make FLITE a success.
• Did not clearly define FLITE program and SAM pilot project roles and responsibilities, resulting in confusion and unclear communications between VA and General Dynamics.  Contractor personnel indicated that they received directions and guidance from multiple sources.  One of their biggest obstacles was trying to overcome the lack of one clear voice for VA’s FLITE
program. 
• Did not ensure that the solicitation for the SAM pilot project clearly described VA’s requirements for SAM end-user training.  As such, VA contractually agreed to a training solution that did not meet its expectations.  General Dynamics subsequently revised its training approach to meet VA’s needs, but at a total cost of $1,090,175, which was more than a 300 percent increase from the original $244,451 training cost.
• Did not always effectively identify and manage risks associated with the SAM pilot project even though inadequate risk management had also been a problem with the failed CoreFLS.  Specifically, FLITE program managers did not take steps early on to ensure that the contractor participated in the risk management process and that the Risk Control Review Board adequately mitigated risks before closing them.

Because of such issues, at the time of our audit, VA was considering extending the SAM pilot project by 17 months (from 12 to 29 months), potentially more than doubling the original contract cost of $8 million.  We recommended that VA establish stronger program management controls to facilitate achieving cost, schedule, and performance goals, as well as mitigating risks related to the successful accomplishment of the SAM pilot project.

Review of Alleged Improper Program Management within the FLITE Strategic Asset Management Pilot Project
This third report, in response to a hotline allegation, disclosed that FLITE program managers needed to improve their overall management of the SAM pilot project [Review of Alleged Improper Program Management within the FLITE Strategic Asset Management Pilot Project, (Report No. 10-01374-237, September 7, 2010)].  FLITE program managers did not develop written procedures that clearly defined roles and responsibilities, provide timely guidance to program and contract staff, or foster an effective working environment within the FLITE program.  FLITE program managers also did not ensure certain elements considered necessary for a successful software development effort, such as “to be” and architectural models were included as project deliverables in the FLITE program.  In general, we recommended that VA strengthen project management controls to improve the SAM pilot, beta, and national deployment projects.

New Office of Management and Budget (OMB) guidance on financial systems IT projects, issued on June 28, 2010, also had a major impact on the FLITE Program.  OMB issued the guidance because large-scale financial system modernization efforts undertaken by Federal agencies have historically led to complex project management requirements that are difficult to manage.  Moreover, by the time the lengthy projects are finished, they are technologically obsolete.  Consequently, OMB directed all Chief Financial Officer Act agencies immediately to halt the issuance of new procurements for financial system projects until it approves new project plans developed by the agencies.  On July 12, 2010, VA’s Assistant Secretary for Information and Technology announced the termination of IFAS and Data Warehouse portions of FLITE.

GI Bill Long Term Solution (LTS)
In September 2010, we reported that OI&T’s plan for deployment of the LTS was effective in part [Audit of VA’s Implementation of the Post-9/11 GI Bill Long Term Solution, (Report No. 10-00717-261, September 30, 2010)].  LTS is a fully automated claims processing system that utilizes a rules-based engine to process Post 9/11 GI Bill Chapter 33 veterans’ education benefits.

OI&T developed and deployed both LTS Releases 1 and 2 on time.  Lacking the management discipline and processes necessary to control performance and cost in project development, OI&T has relied upon Project Management Accountability System (PMAS) to achieve project scheduling goals.  PMAS is VA’s new IT management approach that focuses on achieving schedule objectives while the scope of functionality provided remains flexible.  With this schedule-driven strategy, OI&T has been able to satisfy users and incrementally move VA forward in providing automated support for education benefits processing under the Post-9/11 GI Bill. 

However, OI&T’s achievement of the timeframes for LTS Releases 1 and 2 required that VA sacrifice much of the system functionality promised.  Specifically, due to unanticipated complexities in developing the system, OI&T deployed Release 1 as a “pilot” to approximately 16 claims examiners, with the functionality to handle only 15 percent of the Chapter 33 education claims that VBA anticipated processing.  Release 2 caught up on the functionality postponed from Release 1, while providing the capability to process 95 percent of all Chapter 33 education claims.  However, due to data structure and quality issues that still had to be overcome, users could not make use of all of the functionality provided through Release 2 and were able to process only 30 percent of all Chapter 33 education claims.  In addition to these performance issues, OI&T did not have processes in place to track actual LTS project costs.

In the absence of effective performance and cost controls, OI&T runs the risk that future LTS releases may continue to meet schedule, but at the expense of performance and cost project goals.  We recommended that OI&T improve LTS management by conducting periodic independent reviews to help identify and address system development and implementation issues as they arise.  We also recommended that OI&T adopt cost control processes and tools to ensure accountability for LTS costs in accordance with Federal IT investment management requirements.

Conclusion
VA continues to rely on IT advancements to provide better services to our nation’s veterans.  Historically, the department has struggled to manage IT developments that successfully deliver desired results within cost, schedule, and performance objectives.  OI&T recently implemented PMAS to strengthen IT project management and improve the rate of success of VA’s IT projects.  Our oversight of the department’s IT initiatives should provide valuable information to VA and Congress as the Department moves forward in managing its IT capital investments.

Mr. Chairman, this concludes my statement.  I would be pleased to answer any questions that you or other Members of the Committee may have.