VA Information Technology: Important Initiatives Begun, Yet Serious Vulnerabilities Persist

Although the Department of Veterans' Affairs (VA) has taken actions to improve many of its information technology (IT) management processes, it continues to face substantive challenges that, if left incomplete, could disrupt existing progress and threaten the viability of its existing and future IT spending. VA has yet to fill its full-time department chief information officer vacancy since the position's creation three years ago. In addition, sustained leadership and commitment are necessary to improve VA's departmentwide computer security program, especially as VA begins to move some of its information and services to veterans onto the Internet. And although VA has done a good job of posting privacy and security notices on its websites, it should focus more attention on complying with Office of Management and Budget policies prohibiting the use of persistent cookies. Furthermore, until VA defines and begins to implement a departmentwide, enterprise architecture, it will continue to encounter costly difficulties in achieving its "One VA" vision. Finally, VA faces important decisions on making greater use of the Decision Support System and on the continued development and wide-scale implementation of the compensation and pension replacement project. Continued attention and full implementation of past recommendations by GAO and others are essential for achieving better IT management outcomes.