Joint Hearing of the Committee on Homeland Security and Governmental Affairs of the U.S. Senate and the Committee on Veterans’ Affairs of the U.S. House of Representatives at 1:00 p.m. CDT.
Opening Statement of Hon. Ginny Brown-Waite, Ranking Republican Member, and a Representative in Congress from the State of Florida
Thank you, Mr. Chairman for yielding.
Mr. Chairman, my goal for this hearing is not just to learn where VA is relative to their current IT inventory management, but to learn where and how they are working to improve security, controls, maintenance and management of their IT equipment. The July 2007 GAO report, increased my growing concerns over VA’s control over its inventories, from reading the weekly SOC.
The GAO report selected four specific sites for their report. During this study, fewer than half of the items GAO selected for testing could be located, and most of the items were information technology (IT) equipment. GAO found that the four VA locations reported over 2,400 missing IT equipment items, valued at about $6.4 million, identified in inventories performed during fiscal years 2005 and 2006. Missing items were not always reported right away, and in some cases, not for several years. At one of the locations, 28 percent of the items surveyed during the GAO audit were missing.
Mr. Chairman, I find this lack of control over equipment completely unacceptable. Here in the House of Representatives, our acquisition offices perform annual equipment inventories in all offices. The Chief Administrative Officer’s staff comes into our offices either to tag equipment we have received, remove equipment we no longer use, or inventory the equipment under our control. By keeping a centralized acquisition and inventory process, the House is able to maintain tight control over its equipment inventory. Given the results of the GAO report, it appears the VA is unable to do likewise.
According to the GAO report, there is also a lack of user-level accountability for IT equipment, due to weak overall control of the equipment environment. The IT personnel and IT coordinators do not have possession (physical custody) of all IT equipment under their purview, therefore, they are not held accountable for IT equipment determined to be missing during physical inventories. In my opinion, Mr. Chairman, there needs to be accountability for inventories from the Chief Executive Officer clear down the line to the user who is ultimately using the product.
The weekly SOC reports consistently show missing IT related items from the VA’s inventories, whether it is listing old equipment that possibly had been disposed of after it was no longer of use to the VA, or new equipment that had been stolen. I am heartened to note that the VA is working with local and federal law enforcement to track down and retrieve newer stolen equipment, but dismayed to see the number of equipment items that were either transferred to other facilities and not tracked, or disposed of without the proper notation in the equipment inventories.
As of February 28, 2007, the GAO report found the four case study locations covered in their current audit reported over 2,400 missing IT equipment items with a combined original acquisition value of about $6.4 million as a result of inventories VA performed during fiscal years 2005 and 2006. Based on information GAO obtained through March 2, 2007, the five case study locations previously audited had identified over 8,600 missing IT equipment items with a combined original acquisition value of over $13.2 million. GAO reported that the missing IT items represent recordkeeping errors, the loss, theft or misappropriation of IT equipment. The GAO also cited that because most of the nine case study locations had not consistently performed required annual physical inventories or completed Reports of Survey promptly, which prevented the reporting of missing IT equipment in some instances for several years. I am always surprised when I see a SOC reporting the first instance of listing a missing piece of IT equipment from the mid-nineties. Operating Systems for this equipment would be totally out of date long ago, and it leaves me wondering just how long the equipment was actually missing before reported on the SOC.
Mr. Chairman, this is not the first time that GAO has reported on deficiencies in information technology equipment controls. In July 2004, GAO issues a report titled VA Medical Centers: Internal Control over Selected Operating Functions Needs Improvement. In this report, GAO indicated that the six VA medical centers they audited lacked a reliable property control database, which did not produce a complete and accurate record of current inventory and compromised effective management and security of agency assets. One of the medical centers reviewed, was also reviewed in the most recent report, and yet issues remain. I look forward to hearing from today’s witnesses, and those who are accompanying them on how the VA is going to move forward to gain tighter control over its inventory, and how they plan to follow up on GAO’s recommendations.
Thank you, and I yield back my time.