Skip to main content

Hospital ADP Systems: VA Needs To Better Manage Its Decentralized System Before Expansion

IMTEC-87-28 Published: Jul 24, 1987. Publicly Released: Jul 24, 1987.
Jump To:
Skip to Highlights

Highlights

In response to a congressional request, GAO reviewed the Veterans Administration's (VA) Decentralized Hospital Computer Program (DHCP) system, which services 172 medical centers, to determine: (1) the status of the decentralized system; (2) VA effectiveness in managing the system's development and implementation; and (3) the possibility of using three commercial systems VA tested as alternatives to the decentralized system.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Veterans Administration The Administrator of Veterans Affairs should report the lack of sufficient software development controls and continue to report the lack of risk analyses and contingency plans as material control weaknesses under the Federal Managers' Financial Integrity Act until: (1) appropriate software development controls have been implemented; (2) risk analyses, as well as needed corrected action identified by such analyses, have been completed for all computer centers; and (3) contingency plans have been developed, certified, and tested.
Closed – Implemented
VA issued policy on software development controls, risk analysis, and contingency plans in October 1987. VA implemented an interim policy and began holding its management office accountable for it in February 1987.
Veterans Administration The Administrator of Veterans Affairs should hold the Management Office accountable for ensuring that the existing and expanded DHCP system is effectively managed and adequately protected. At a minimum, this office should: (1) institute procedures to collect work-load and cost-benefit data on prototype modules at test sites; (2) implement controls to ensure that software is adequately tested, documented, and approved, and that software and hardware problems are systematically tracked and corrected; (3) implement appropriate internal controls to protect data, equipment, and facilities as required in Office of Management and Budget Circular A-130; (4) issue a policy to restrict release of DHCP software under the Freedom of Information Act; (5) ensure that the data requirements are defined and incorporated in the DHCP modules so that the data can be efficiently assessed by system users; and (6) establish policies and procedures for regular system monitoring and assessment.
Closed – Implemented
VA recognized and began holding its management office accountable for the existing and expanded DHCP system. VA is instituting procedures to: (1) collect cost-benefit data; (2) implement software controls; (3) track software/hardware problems and correct them; (4) implement new security policy; (5) restrict software release; (6) define data requirements; and (7) monitor computer capacity.

Full Report

Office of Public Affairs

Topics

IT acquisitionsSoftwareHealth care cost controlInformation systemsInternal controlsMilitary cost controlSystems evaluationVeterans hospitalsSystems designDynamic host configuration protocol