Joint Hearing of the Committee on Homeland Security and Governmental Affairs of the U.S. Senate and the Committee on Veterans’ Affairs of the U.S. House of Representatives at 1:00 p.m. CDT.
Witness Testimony of Belinda J. Finn, Office of Inspector General, U.S. Department of Veterans Affairs, Assistant Inspector General for Audits and Evaluations
Mr. Chairman and Members of the Committee, thank you for the opportunity to discuss the Office of Inspector General’s (OIG) findings regarding the Department of Veterans Affairs’ (VA) management of its information technology (IT) projects. I am accompanied today by Maureen T. Regan, Counselor to the Inspector General.
The use of IT is critical to VA providing a range of benefits and services to veterans, from medical care to compensation and pensions. If managed effectively, IT capital investments can significantly enhance operations to support the delivery of VA benefits and services.
However, when VA does not properly plan and manage its IT investments, they can become costly, risky, and counterproductive. As we have reported, IT management at VA is a longstanding high-risk area. Historically, VA has experienced significant challenges in managing its IT investments, including cost overruns, schedule slippages, performance problems, and in some cases, complete project failures. Some of VA’s most costly failures have involved management of major IT system development projects awarded to contractor organizations.
IT GOVERNANCE CHALLENGES
In 2009, we provided an overarching view of VA’s structure and process for IT investment management (Audit of VA’s Management of Information Technology Capital Investments, May 29, 2009). As part of the audit, we examined VA’s realignment of its IT program from a decentralized to a centralized management structure. The realignment was to provide greater accountability and control over VA resources by centralizing IT operations under the management of the Chief Information Officer (CIO) and standardizing operations using new processes based on industry best practices—goals that have only partially been fulfilled.
We reported that the ad hoc manner in which the Office of Information and Technology (OI&T) managed the realignment inadvertently resulted in an environment with inconsistent management controls and inadequate oversight. Although we conducted this audit more than 2 years after VA centralized its IT program, senior OI&T officials were still working to develop policies and procedures needed to effectively manage IT investments in a centralized environment. For example, OI&T had not clearly defined the roles of IT governance boards responsible for facilitating budget oversight and IT project management.
Further, in September 2009, we reported that VA needed to better manage its major IT development projects, valued at that time at over $3.4 billion, in a more disciplined and consistent manner (Audit of VA’s System Development Life Cycle Process, September 30, 2009). In general, we found that VA’s System Development Life Cycle (SDLC) processes were adequate and comparable to Federal standards. However, OI&T did not communicate, comply with, or enforce its mandatory software development requirements. OI&T did not ensure that required independent milestone reviews of VA’s IT projects were conducted to identify and address system development and implementation issues. Once again, we attributed these management lapses to OI&T centralizing IT operations in an ad hoc manner, leaving little assurance that VA was making appropriate investment decisions and best use of available resources. Moreover, VA increased the risk that its IT projects would not meet cost, schedule, and performance goals, adversely affecting VA’s ability to timely and adequately provide veterans health services and benefits.
These audits demonstrated that OI&T needed to implement effective centralized management controls over VA’s IT investments. Specifically, we recommended that OI&T develop and issue a directive that communicated the mandatory requirements of VA’s SDLC process across the Department. We also recommended that OI&T implement controls to conduct continuous monitoring and enforce disciplined performance and quality reviews of the major programs and projects in VA’s IT investment portfolio. Although OI&T concurred with recommendations and provided acceptable plans of actions, OI&T’s implementation of the corrective actions is still ongoing. For example, OI&T is reviewing for approval the draft governance board charters and plans to issue a VA directive mandating Program Management Accountability System (PMAS) compliance once version 3.0 of the guide is developed. PMAS is VA’s new IT management approach that focuses on achieving schedule objectives while the scope of functionality provided remains flexible.
PROJECT MANAGEMENT SHORTFALLS
Over the past 2 years, our audit work on several IT system development projects has identified themes as to why VA has continued to fall short in its IT project management. These issues include inadequate project and contract management, staffing shortages, lack of guidance, and poor risk management—issues that have repeatedly hindered the success of IT major development projects undertaken by OI&T.
VA’s Replacement Scheduling Application
In August 2009, we reported that the Replacement Scheduling Application (RSA) project failed because of ineffective planning and oversight (Review of the Award and Administration of Task Orders Issued by the Department of Veterans Affairs for the Replacement Scheduling Application Development Program, August 26, 2009). RSA was a multi-year project to replace the system the Veterans Health Administration used to schedule medical appointments for VA patients. Lacking defined requirements, an IT architecture, and a properly executed acquisition plan, RSA was at significant risk of failure from the start. We suggested that VA needed experienced personnel to plan and manage the development and implementation of complex IT projects effectively. A similar suggestion was made in an earlier report in June 2009, where we noted that VA needed to place greater emphasis on training VA personnel to manage IT enterprise development projects rather than continuing to rely primarily on external organizations and contractors to manage these projects. We believe this condition still exists today and until corrected, VA will struggle to overcome challenges managing its IT investments. (Review of Interagency Agreement between the Department of Veterans Affairs and Department of Navy, Space and Naval Warfare Systems Center (SPAWAR), June 4, 2009.) We also suggested that a system to monitor and identify problems affecting the progress of projects could support VA’s leadership in making effective and timely decisions to either redirect or terminate troubled projects. PMAS is currently the Department’s approach to implementing this suggestion.
Financial and Logistics Integrated Technology Enterprise
In September 2005, VA began developing the Financial and Logistics Integrated Technology Enterprise (FLITE) program to address the longstanding need for an integrated financial management system. As a successor to the failed Core Financial and Logistics System (CoreFLS), FLITE was a multi-year development effort comprised of three components: an Integrated Financial Accounting System (IFAS), Strategic Asset Management (SAM), and a Data Warehouse. However, as we reported in September 2009, program managers did not fully incorporate lessons learned from the failed CoreFLS program to increase the probability of success in FLITE development (Audit of FLITE Program Management’s Implementation of Lessons Learned, September 16, 2009). For example, critical FLITE program functions were not fully staffed, non-FLITE expenditures were improperly funded through the FLITE program, and contract awards did not comply with competition requirements. We recommended that FLITE program managers develop written procedures to manage and monitor lessons learned and expedite actions to ensure full staffing of the FLITE program.
Audit of the FLITE Strategic Asset Management Pilot Project
Our report on the SAM pilot project disclosed that FLITE program managers did not take well-timed actions to ensure VA achieved cost, schedule, and performance goals. Further, the contractor did not provide acceptable deliverables in a timely manner (Audit of the FLITE Strategic Asset Management Pilot Project, September 14, 2010). Once again, we identified instances where FLITE program managers could have avoided mistakes by paying closer attention to lessons learned from the CoreFLS effort.
Specifically, FLITE program managers:
- Awarded a task order on April 21, 2009, to General Dynamics for implementation of the SAM pilot project, even though the FLITE program suffered from a known shortage of legacy system programmers critical to integration efforts required to make FLITE a success.
- Did not clearly define FLITE program and SAM pilot project roles and responsibilities, resulting in confusion and unclear communications between VA and General Dynamics. Contractor personnel indicated that they received directions and guidance from multiple sources. One of their biggest obstacles was trying to overcome the lack of one clear voice for VA’s FLITE
- Did not ensure that the solicitation for the SAM pilot project clearly described VA’s requirements for SAM end-user training. As such, VA contractually agreed to a training solution that did not meet its expectations. General Dynamics subsequently revised its training approach to meet VA’s needs, but at a total cost of $1,090,175, which was more than a 300 percent increase from the original $244,451training cost.
- Did not always effectively identify and manage risks associated with the SAM pilot project even though inadequate risk management had also been a problem with the failed CoreFLS. Specifically, FLITE program managers did not take steps early on to ensure that the contractor participated in the risk management process and that the Risk Control Review Board adequately mitigated risks before closing them.
Because of such issues, in early 2010 VA was considering extending the SAM pilot project by 17 months (from 12 to 29 months), potentially more than doubling the original contract cost of $8 million. We recommended that VA establish stronger program management controls to facilitate achieving cost, schedule, and performance goals, as well as mitigating risks related to the successful accomplishment of the SAM pilot project. (SAM was suspended in March 2011 for not meeting user requirements. Further details are discussed below.)
Review of Alleged Improper Program Management within the FLITE Strategic Asset Management Pilot Project
This report, in response to a hotline allegation, disclosed that FLITE program managers needed to improve their overall management of the SAM pilot project (Review of Alleged Improper Program Management within the FLITE Strategic Asset Management Pilot Project, September 7, 2010). FLITE program managers did not develop written procedures that clearly defined roles and responsibilities, provide timely guidance to program and contract staff, or foster an effective working environment within the FLITE program. FLITE program managers also did not ensure certain elements considered necessary for a successful software development effort, such as “to be” and architectural models were included as project deliverables in the FLITE program. In general, we recommended that VA strengthen project management controls to improve the SAM pilot, beta, and national deployment projects.
New Office of Management and Budget (OMB) guidance on financial systems IT projects, issued on June 28, 2010, also had a major impact on the FLITE program. OMB issued the guidance because large-scale financial system modernization efforts undertaken by Federal agencies have historically led to complex project management requirements that are difficult to manage. Moreover, by the time the lengthy projects are finished, they are technologically obsolete. Consequently, OMB directed all Chief Financial Officer Act agencies immediately to halt the issuance of new procurements for financial system projects until it approves new project plans developed by the agencies. In July 2010, VA’s Assistant Secretary for Information and Technology announced termination of the IFAS and Data Warehouse portions of FLITE. In March 2011, the SAM pilot project, the final component of the FLITE program, was suspended just weeks before it was scheduled for deployment. SAM had received its “third strike” in the PMAS review process for failing user acceptance testing, which indicated that SAM was not ready for live operation. As of March 2011, program managers estimated obligations of about $126 million for the FLITE program; of that amount, the SAM project represented approximately $40 million.
GI Bill Long Term Solution
In September 2010, we reported that OI&T’s plan for deployment of the GI Bill Long Term Solution (LTS) was effective in part (Audit of VA’s Implementation of the Post-9/11 GI Bill Long Term Solution, September 30, 2010). LTS is a fully automated claims processing system that utilizes a rules-based engine to process Post 9/11 GI Bill Chapter 33 veterans’ education benefits.
OI&T developed and deployed both LTS Releases 1 and 2 on time. Lacking the management discipline and processes necessary to control performance and cost in project development, OI&T has relied upon PMAS to achieve project scheduling goals. With this schedule-driven strategy, OI&T has been able to satisfy users and incrementally move VA forward in providing automated support for education benefits processing under the Post-9/11 GI Bill.
However, OI&T’s achievement of the timeframes for LTS Releases 1 and 2 required that VA sacrifice much of the system functionality promised. Specifically, due to unanticipated complexities in developing the system, OI&T deployed Release 1 as a “pilot” to approximately 16 claims examiners, with the functionality to handle only 15 percent of the Chapter 33 education claims that the Veterans Benefits Administration anticipated processing. Release 2 caught up on the functionality postponed from Release 1, while providing the capability to process 95 percent of all Chapter 33 education claims. However, due to data structure and quality issues that still had to be overcome, users could not make use of all of the functionality provided through Release 2 and were able to process only 30 percent of all Chapter 33 education claims. In addition to these performance issues, OI&T did not have processes in place to track actual LTS project costs.
Following Release 3 that allowed VA to automate input of college enrollment information, OI&T deployed LTS Release 4 in accordance with the original delivery schedule of December 2010. OI&T recently deployed LTS Release 4.2 and has plans for two additional releases, tentatively scheduled for June and November 2011, to accommodate recent revisions to the Post-9/11 GI Bill. These LTS releases should provide enhancements such as automated scheduling for future housing allocations, and claims processing for licensing and certification and national tests. Any delays in providing the promised functionality could require continued manual processing, which could in turn delay payment of GI Bill benefits to veterans.
In the absence of effective performance and cost controls, OI&T runs the risk that future LTS releases may continue to meet schedule, but at the expense of performance and cost project goals. We recommended that OI&T improve LTS management by conducting periodic independent reviews to help identify and address system development and implementation issues as they arise. We also recommended that OI&T adopt cost control processes and tools to ensure accountability for LTS costs in accordance with Federal IT investment management requirements. OI&T concurred with our recommendations and provided acceptable plans of action, but implementation of corrective actions such as putting independent oversight reviews into place is still ongoing.
Veterans Services Network
In February 2011, we reported that the Veterans Services Network (VETSNET) program faces the continuing challenge of managing competing requirements and new systems initiatives that have repeatedly changed the scope and direction of the program (Audit of the Veterans Service Network, February 11, 2001). Since 1996, VA has been working on this effort to consolidate compensation and pension benefits processing into a single replacement system. However, the repeated changes have adversely impacted schedule, cost, and performance goals over the life of VETSNET development. Given a loss of focus concerning the end goals of the program, VA’s plans and time frames for retiring the aging Benefits Delivery Network and migrating all entitlement programs to the VETSNET Corporate Database have become unclear. Work to meet original program objectives has been extended by nearly 5 years. In 2009, VA reported a revised cost estimate of $308 million through 2012, more than two times an amount previously projected in 2006.
Further, frequently changing business requirements have necessitated additional VETSNET software releases. Because software change controls and testing have not been adequate to ensure proper system functionality, software rework and rollback of installation packages have been required to correct defects, and planned functionality enhancements have been delayed. We recommended that VA align resources and establish a schedule for accomplishing the original goals of VETSNET in the near term. We also recommended that VA implement improved processes to address software development deficiencies.
IT ACQUISITION AND CONTRACT MANAGEMENT WEAKNESSES
In response to a hotline complaint, we reviewed the contract awarded to Catapult Technology, Ltd., for the installation of wireless fidelity (Wi-Fi) services at 236 VA sites (Review of Allegations of Acquisition Planning Weaknesses and Cost Overruns on the Contract Awarded to Catapult Technology, Ltd., March 31, 2011). The complainant made several allegations regarding the award and administration of the contract. Our review substantiated all of the allegations except one, and partially substantiated the remaining allegation.
We determined that the time frames established to plan, solicit, and award the contract were unreasonable. VA did not establish firm requirements and issued a Statement of Objectives that lacked the detail needed for vendors to submit reasonable, firm fixed-price proposals. Because of inadequate planning and incomplete information regarding requirements, VA processed modifications that caused contract costs to increase significantly; the current contract costs are projected at $161.5 million, which is a $70.5 million (77 percent) increase in contract costs.
VA processed modifications adding additional sites; however, the contract had no provision that permitted VA to increase the number of sites. We also determined that VA was improperly paying Catapult on a milestone basis rather than on a completed site basis according to the contract terms. This was not only inconsistent with the contract, it was also inconsistent with the information provided to vendors during solicitation. The Office of Acquisitions and Logistics concurred with all our findings and recommendations and terminated the contract.
VA continues to rely on IT advancements to provide better services to our Nation’s veterans. Historically, VA has struggled to manage IT developments that successfully deliver desired results within cost, schedule, and performance objectives. OI&T recently implemented PMAS to strengthen IT project management and improve the rate of success of VA’s IT projects. We are currently conducting an audit to determine whether OI&T has planned and implemented PMAS with the management controls needed for effective oversight of the Department’s IT initiatives. Specifically, we are examining PMAS data reliability, project cost tracking, and guidance and processes for ensuring project compliance with the oversight approach. Our audit results should provide valuable information to VA and Congress as VA moves forward in managing its technology investments. We expect to issue a final report this summer.
Mr. Chairman, this concludes my statement. We would be pleased to answer any questions that you or other Members of the Subcommittee may have.