[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]


 
               VA IT INFRASTRUCTURE REORGANIZATION
                   REORGANIZATION AND THE ROLE
                             OF THE CIO
----------------------------------------------------------------------------

                              HEARING

                            before the

                           COMMITTEE ON
                        VETERANS' AFFAIRS
 
                     HOUSE OF REPRESENTATIVES

                    one hundred ninth congress

                           first session

                              -------

                         September 14, 2005

                              -------

        Printed for the use of the Committee on Veterans' Affairs

                          Serial No. 109-22

                    U.S. GOVERNMENT PRINTING OFFICE
23-846                      WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512091800  
Fax: (202) 512 092250 Mail: Stop SSOP, Washington, DC 20402090001




        VA IT Infrastructure reorganization and the role of the cio


Wednesday, September 14, 2005

U.S. House of Representatives,     
Committee on Veterans' Affairs,
Washington, D.C.

    The Committee met, pursuant to notice, at 10:08 a.m., in Room 334, Cannon 
House Office Building, Hon. Steve Buyer [Chairman of the Committee] presiding.
 
    Present:  Representatives Buyer, Bilirakis, Evans & Michaud.

    The Chairman. The VA's Information Technology (IT) infrastructure 
reorganization hearing before the House Veterans' Affairs Full Committee will 
come to order September 14, 2005.
    This hearing will provide the Committee with an update on the Department 
of Veterans' Affairs information technology infrastructure reorganization to 
learn more about the role of the chief information officer within that 
department.
    VA's IT modernization efforts go back at least 29 years to 1985, when it 
was the policy of the Veterans Administration to ``better serve the veteran 
through modern technology.  Despite 20 years of ``modernizing,'' this 
Committee has authorized, and Congress has appropriated roughly $10 billion 
over the last decade alone for VA IT spending.
    This is probably a very conservative figure, as historically the VA has 
included funding for IT in general administration accounts of the Veterans 
Health Administration, the VA's Benefits Administration, and the National 
Cemetery  Administration.
	Since coming to Congress in 1993, I have witnessed this Committee 
struggle 
with VA's inability to adequately manage its IT funding and IT modernization 
efforts.
	The Subcommittee on Oversight and Investigations has conducted six 
separate hearings on VA IT and related issues since 2000, when I chaired the 
Subcommittee.
	Ms. Koontz, I see you so often, I feel like you're part of my family.
	While there have been significant improvements in VA's IT 
modernization 
efforts, the improvements have come at a significant cost to our veterans and 
the system:
	$600 million plus for a decade of VETSNET, the automated compensation 
and pension claims processing system that still has not been implemented in 10 
years;
	$342 million for CoreFLS -- the failed financial management system;
	$300 million for HR Links, the failed automated personnel system;
	$485 million annually to maintain VISTA, VA's 25-year-old medical 
information system.
	In fiscal year 2004 and fiscal year 2005, VA received $1.4 and $1.6 
billion respectively for IT funding. For the fiscal year 2006, VA's projected 
spending for IT will be approximately $2.2 billion.
	This lack of accountability in VA IT spending, I believe must stop, 
and that's the reason why there was such a reduction in your budget requests 
for IT.  Not only did I recommend it, it was supported then by the Budget 
Committee, by the Appropriations Committee, and also by the Senate.
	So somewhere in here, we need to come to a meeting of the minds and to 
figure out how we're going to do this.
	Last year, VA was able to testify before the Committee, that they were 
``well under way with an enterprise architecture that aims to align the 
business 
with the information technology plans, goals, and efforts.''  However, I am 
concerned that the structure in place lacks the authority to provide a better 
service to the veteran.
	Today, we will hear testimony from Gartner Consulting, VA's own 
private IT 
consultant, on what the VA needs to do more effectively to reorganize itself, 
and at what cost would be of letting the bureaucracy maintain the status quo.
	That's why myself, along with Ranking Member Lane Evans and other 
distinguished members of this Committee, we will soon be introducing 
legislation 
that will mandate the Department of Veterans' Affairs to empower the chief 
information officer with authority over resources, budget, and personnel 
related to the information technology of the Department.
	I'm holding this hearing, Lane and I are, because our legislation is 
in draft form, we've not shared it with anyone.
	We've come into a comfort zone where we are with the legislation, but 
we're going to ask a series of questions today, because we want to make sure 
that what we're about to do, we do correctly, because we also then want it to 
be leveraged into other departments of the federal government; so we want to 
walk cautiously and carefully as we do this correctly.
	So I am really pleased that the GAO is here to testify.  We have you 
as the first panel for a reason, because you're experts in your field.  Also,  
CRS, with all your vast knowledge and expertise.  Ms. Koontz, the survey that 
you have done and also with an outside consultant of all the Chief Information 
Officers (CIOs) and how things are looking out there, you've spoken to so 
many, and so they've shared with you their successes and they've shared with 
you their challenges, and from that we want to create the model that can be 
leveraged.
	With that, I'll yield to the Ranking Member for any comments that he 
may have.
	Mr. Evans. Thank you.  Thank you, Mr. Chairman.
	I also want to praise the VA workers and the crisis response team for 
safely and swiftly evacuating so many veterans, staff, and their families out 
of the Gulf Coast.
	I also commend VA workers for their current efforts to keep veterans 
out of the path of Ophelia.
	I'm proud of the VA staff.
	I have introduced three bills to help veterans and their families get 
their medical needs and their shelter after the storm.  I hope we can mark up 
these three bills sometime in the near future.
	As for information technology management, I think we see this issue in 
the same way.  It is nice to be on the same sheet of music on this.
	For years major IT projects at the VA have failed or suffered costly 
delays.  This Committee and its Subcommittees have held a significant number 
of hearings on VA's mismanagement of IT.  We've got to change that need.
	Mr. Chairman, we both have consistently pushed for accountability and 
change.  We now have an environment where any successes in the IT area are 
overshadowed by some well-publicized failure in IT someplace else.	
	Let us hear testimony about the current status of IT management and 
then facilitate any needed change.
	Thank you, Mr. Chairman.
	[The statement of Hon. Lane Evans appears on p. 44]
	The Chairman. Thank you, Mr. Evans.
	I join you in your spirit and compliments to the VA in their rapid 
response.  America doesn't get to hear about it, but Lane and I and members of 
this Committee are very proud of the VA employees and your direction, and how 
you responded to the crisis on the Gulf Coast, continue to respond, and help 
as part of our national response.
	Here on Capitol Hill also there are different Committees that are 
examining Katrina, and so Secretary Mansfield, if you know of things that you 
need to do within your agencies, that you cannot do right presently within 
your executive authorities, let us know.
	I'm not interested in doing theater or do something, that ``do 
something'' stuff that we get here in Washington, that really is duplicative 
or multiplicious.
	So if it's outside that, please be in touch with Mr. Evans and I.
	Mr. Bilirakis.
	Mr. Bilirakis. Mr. Chairman, thank you.
	I really appreciate both you and Mr. Evans giving accolades where 
they're deserved.
	The VA, certainly on this particular issue,is far from perfect.  
There's 
an awful lot of work that needs to be done and there are a lot of frustrations 
in the sense that we haven't been able to get IT to the point that it should 
be after all these many years.
	But at the same time, they're probably heads over heels above most of 
the departments in the government in terms of IT, and they've proven that time 
and time again.  They certainly proved it in New York City in 9/11.  They 
proved it certainly in Katrina. And so they've done really good work.
	And what we want to do is to help you to improve upon that, so the 
potential legislative solutions that the Chairman mentioned are very 
important.
	So we want to be here to help you, but we're not going to be able to 
help you to really get this thing going the way it should be unless you're 
cooperative and unless you're being frankly very frank and blunt with us in 
terms of what needs to be done, in addition to money.  It's always money, of 
course, and that's the unfortunate thing.
	Thanks, Mr. Chairman.
	The Chairman. Mr. Bilirakis, we appreciate your leadership in the 
continued work on IT from your Subcommittee.
	Mr. Michaud, opening statement?
	Mr. Michaud. Thank you very much, Mr. Chairman.
	I too want to thank you, Mr. Chairman, and Ranking Member Evans for 
having this hearing today.
	Since this is our first hearing after Katrina, I, too, want to take 
this opportunity to praise the VA employees who kept our veterans, staff, and 
others safe during the storm.
	I understand the staff did an amazing job in evacuating the very sick 
veterans after the storm and flooding.  I applaud the VA front-line workers 
for 
reaching out to the veterans to make sure that the storm will not disrupt the 
delivery of needed medication and benefits.
	Those employees and the others who have not yet been found, our 
thoughts and prayers are definitely with them, and I hope that they are safe.
	I understand that the crisis response team is making sure that the VA 
IT system is working and the benefit files and medical data is secure, so I 
look forward to hearing your testimony here today.
	So thank you very much, Mr. Chairman.
	The Chairman. Thank you, Mr. Michaud.
	The first panel, I will now recognize Mr. Jeff Seifert, who is the 
Analyst in Information, Science, and Technology Policy Resources, Science, and 
Industry Division of the Congressional Research Service.
	Next we'll hear from Ms. Linda Koontz.  She is the Director, 
Information Management Issues, U.S. Government Accountability Office.
	Then we'll hear from Mr. Michael Pedersen, Managing Vice President of 
Gartner Consulting.
	Do each of you have a written statement?
	All three have nodded their heads in the affirmative.
	Your complete written statements will be made part of the official 
hearing record.
	I will ask members to hold all their questions until the panel has 
testified.  We will move under the five-minute rule.
	And Mr. Seifert, you are now recognized.

STATEMENT OF MR. JEFFREY W. SEIFERT, ANALYST IN INFORMATION SCIENCE AND 
TECHNOLOGY POLICY, CONGRESSIONAL RESEARCH SERVICE

	Mr. Seifert. Thank you, Mr. Chairman and members of the Committee for 
the 
invitation to appear before you today to offer testimony on the background and 
role of chief information officers in the federal government.
	While the specific topic of today's hearing is on the responsibilities 
and authority entrusted to the Office of the Chief Information Officer at the 
Department of Veterans' Affairs, my comments today will focus on the 
performance and challenges of federal CIOs more generally.
	As you are aware, the Congressional Research Service does not take a 
position on issues or legislation.
	The federal government spends more than $60 billion annually on 
information technology goods and services, reflecting how technology has 
become integrated into nearly all government processes.
	Federal CIOs are on the front lines in implementing a wide range of e-
government and homeland security initiatives.  These include initiatives to 
develop a federal enterprise architecture, improve information security, and 
identify opportunities to facilitate information sharing.
	While CIOs were once commonly thought of as ``technocrats,'' they are 
now being called upon not only for their technological expertise, but also to 
provide strategic leadership in the areas of policy, budget, and contract 
oversight.
	Federal CIOs serve as change agents for business modernization and 
transformation.  They must possess strong management, leadership, and 
communication skills.  The CIO's relationship with top-level department 
decisionmakers can also be critical to successfully implementing IT and e-
government initiatives.
	Inherent to the nature of their responsibilities, CIOs need to look at 
the departments horizontally, across a department, rather than vertically, 
such as at a single program or function.
	Likewise, there is a need to be able to exercise control over 
resources 
horizontally, in part to break down the so-called ``stovepipes'' and ``islands 
of automation'' that are created when resources and programs are developed 
individually.
	However, this difference in perspectives can frequently put the CIO at 
odds with his/her counterparts, such as program managers, whose 
responsibilities may foster a more vertical view of the department and its 
assets.
	For example, whereas CIOs may recommend adopting a standardized 
software 
platform for desktop computers, in order to facilitate interoperability and 
lower costs, program managers may oppose this approach on the basis that it 
reduces their decisionmaking authority to procure and develop assets used in 
the delivery of services.
	This clash of perspectives exemplifies why the biggest challenges 
facing federal CIOs are not technical, but instead, organizational.
	Decentralized organizations can be especially challenging for CIOs, 
whose 
primary role includes coordinating resources and personnel in an effort to 
effect transformation of the organization.
	While having access to or direct participation in decisions regarding 
funding issues and allocation of resources is important, simply having a seat 
at the management table may not be sufficient if other parts of the department 
can act autonomously in areas that either undermine or mitigate attempts by 
the CIO to develop enterprise-wide standards.
	Consolidating authority over IT resources and clarifying who is 
accountable for specific functions is one approach that some departments have 
begun using to address these challenges.
	For example, earlier this year, the Federal Bureau of Investigation 
announced it was implementing a new strategic approach to information 
technology.
	Specifically, the strategy includes centralizing management of FBI IT 
resources under the FBI's Office of the Chief Information Officer; creating 
several IT governance bonds; implementing an IT investment strategy and an 
enterprise architecture; and granting the CIO ``budgetary authority over all 
FBI IT funds.''
	However, efforts to consolidate IT investment management decisions can 
be 
hindered at the outset by a lack of comprehensive accounting of a department's 
IT resources and responsibilities.
	For example, in a March 2005 report, the inspector general at the 
Department of Transportation found that the consolidation of department-wide 
IT responsibilities, begun in fiscal year 2003, was not accompanied by a 
comparable level of budgetary and contract services oversight.
	Among the problems specifically identified in consolidating CIO 
control over systems originally maintained by the DOT's 11 individual 
operating 
administrations was an incommensurate transfer of project management and 
budget authority, as well as duplicative funding requests made by the CIO's 
office and the operating administrations.
	In closing, information technology management has been a longstanding 
challenge for the federal government.  The general problems facing the 
Department of Veterans' Affairs are not unlike those facing CIOs in other 
executive branch departments and agencies.
	However, the challenges of harmonizing the acquisition, development, 
and maintenance of information resources across the department, including its 
three major subcomponents -- the Veterans Benefits Administration, the 
Veterans Health 
Administration, and the National Cemetery Administration -- are considerable.
	By enhancing the authority of the department CIO, the Department of 
Veterans' Affairs may be able to better address some of its information 
technology management challenges in the future.
	Thank you for your attention.
	I welcome any questions.
	[The statement of Jeffrey W. Seifert appears on p. 46]
 
	The Chairman. Thank you, Mr. Seifert.
	Ms. Koontz.

STATEMENT OF MS. LINDA D. KOONTZ, DIRECTOR, INFORMATION MANAGEMENT ISSUES, 
U.S. GOVERNMENT ACCOUNTABILITY OFFICE

	Ms. Koontz. Mr. Chairman and members of the Committee, I am pleased to 
be here at today's hearing on reorganization of VA's CIO office.
	At your request, I will be discussing our previous work on the role of 
the CIOs in the federal government generally, and at VA in particular, to 
provide background and perspective for your consideration.
	As you know, the CIO position was established by the Clinger-Cohen Act 
in 1996.  Through this law and others, the Congress has expressed the view 
that the 
federal CIOs should play a central role in managing information and technology 
within federal agencies.
	In this way,  the CIO can help ensure that agencies manage their 
information functions in a coordinated and integrated fashion and thus improve 
the efficiency and effectiveness of government programs and operations.
	CIOs have a wide range of responsibilities.  For a review of federal 
CIOs that we reported on in 2004, we identified 13 major areas of CIO 
responsibility 
that were either statutory requirements or critical to effective information 
and technology management.
	Our review showed that CIOs were generally responsible for these key 
areas, although not all CIOs were completely responsible for all areas.
	To give a few examples, all the CIOs were responsible for enterprise 
architecture and information security, and more than half were responsible for 
systems acquisition and major e-government initiatives.
	In certain areas such as system acquisition and statistical policy, it 
was common for CIOs to share responsibilities with others.
	We have also developed guidance on the effective use of CIOs in which 
we describe characteristics of organizations that contribute to CIO success.
	First, successful CIOs work with supportive senior executives who 
embrace 
the central role of technology in accomplishing mission objectives and include 
the CIO as a full participant in senior executive decisionmaking.
	Second, successful CIOs have legitimate and influential roles in 
leading 
top managers to apply IT to business problems and needs.  Placement of the 
position at an executive management level in the organization is important, 
but in addition, CIOs earn credibility and produce results by establishing 
effective working relationships with business unit heads.
	Third, successful CIOs structure their organizations in ways that 
reflect 
a clear understanding of business and mission needs.  Along with knowledge of 
business processes, market trends, internal legacy structures, and available 
IT skills, this understanding is necessary that the CIO's office is aligned to 
best serve agency needs.
	To achieve this kind of success, CIOs face a number of challenges.  
In our 2004 review, CIOs most frequently cited two in particular:
	First, implementing effective IT management practices.
	A little over 80 percent of the CIOs reported that they face one or 
more challenges related to this area.  This is not surprising, given the 
government's recognized difficulties in IT management.
	We have issued numerous reports describing challenges in the specific 
management areas that the CIOs cited most frequently:  information security, 
enterprise architecture, investment management, and e-government.
	Second, obtaining sufficient and relevant resources.
	Virtually all agency CIOs cited resources both in dollars and staff as 
major challenges.
	Two other commonly cited challenges were communication and 
collaboration, both internal and external, and managing change.
	CIOs cited the challenge of establishing effective communications with 
the business part of their organizations as well as sharing information with 
partners and influencing OMB and the Congress.
	And of course implementing major IT changes can involve not only 
technical risks but also risks associated with people and organizational 
culture.
	At VA, the CIO position and IT management have received increasing 
attention in recent years.
	The department went for two-and-a-half years after the passage of the 
Clinger-Cohen Act without a CIO.
	For two years after that, the CIO role was held by an executive who 
also had other major responsibilities.
	The department then had an acting CIO for a year, and in August 2001, 
it appointed a full-time permanent CIO.
	Since then, the department proposed further strengthening the CIO 
position 
and centralizing IT management, recognizing that aspects of the VA computing 
environment were particularly challenging and required substantial management 
attention.
	In particular, the department information systems and services were 
highly 
decentralized and a huge proportion of the department IT budget was controlled 
by the VA's administrations and staff office.
	To address these challenges, the Secretary issued a memo in 2002 
announcing that IT functions, programs, and funding would be centralized under 
the department-level CIO.
	In our view, this alignment held promise for improving IT 
accountability 
and enabling the department to accomplish its mission.  The additional 
oversight 
afforded by the CIO could have a significant impact on the department's 
ability 
to more effectively account for and manage the approximately $2.1 billion in 
planned IT spending.
	Mr. Chairman, that completes my statement, and I would be happy to 
answer questions at the appropriate time.
	[The statement of Linda Koontz appears on p. 54]
 
	The Chairman. Thank you, Ms. Koontz.
	Mr. Pedersen.

STATEMENT OF MR. MICHAEL L. PEDERSEN, MANAGING
	VICE PRESIDENT, GARTNER CONSULTING

	Mr. Pedersen. Thank you, Mr. Chairman, and members of the Committee.
	I appreciate the opportunity to participate in today's hearing 
regarding the Department of Veterans' Affairs IT reorganization.
	My name is Michael Pedersen.  I'm the managing vice president within 
the 
consulting division at Gartner, a provider of research and analysis on the 
global IT industry.
	Unlike our competitors, we do not offer implementation services that 
would compromise our independence and objectivity.
	It is this objectivity that was the basis for us being selected to 
assess 
whether the VA's IT personnel assets are appropriately aligned to efficiently 
deliver world-class IT program management, operational support, and systems 
design and development services.
	I was the lead consultant and subject matter expert on this assessment 
and directed activities.
	When looking at the VA today, we documented several issues that must 
be 
addressed for the VA to achieve its objective of efficiently delivering world-
class IT services in a veteran-centric model.
	Our principal finding is there is excessive duplication of IT assets 
-- defined as people, process, and technologies -- across the VA It 
organizations.  
This approach leads to inefficiencies in IT delivery and creates significant 
barriers to improve performance at a VA-wide level.
	Each IT group, and there are many, has its own unique, at times 
competing, at times complementary approach to delivering IT services.
	Different approaches to work means working together on common 
objectives that much more difficult.  It also costs more to operate such a 
fragmented IT organization and has the potential to leave unmanaged risk 
within its major programs.
	There are few incentives or mechanisms in place for these multiple IT 
groups to work together.
	In fact, the culture fosters a go-it-alone approach which forces the 
IT staff to engage their informal personal network when required to work 
across organizational boundaries.
	To resolve these issues, we recommended changes at the VA.  We 
recommended significant change in the underlying processes that make 
organizations work, as noted in my written testimony.
	As organizational structure is the most visible aspect of 
organizations, it is worthy of additional discussion.
	Several organizational structures were analyzed to resolve the issues 
uncovered within the VA.  Two organizational structures had the greatest 
potential for application at the VA.
	The first is an organizational structure where technology operations, 
such as data centers and networks, are controlled by a single group with all 
business applications developed and supported by each business line, whether 
medical care, pension, housing, or finance.  We call this the federated model.
	The second is an organizational structure where all VA IT is organized 
into a single entity reporting to a chief information officer.  We call this 
the centralized model.
	Each has its own risks and benefits.
	The primary benefit of the federated model is it allows business 
leaders 
to develop the applications unique to their missions while achieving economies 
of scale by managing the VA infrastructure through the centralized function.
	While we did not undertake a cost analysis, our organization does 
extensive IT cost modeling regarding savings potential.
	We estimate implementing the federated model will reduce the annual 
run 
rate by approximately $207 million within five years. However, this comes with 
risk to the VA.
	The VA will struggle to obtain in a timely manner its One VA mission 
objectives, because of its culture, unaligned investment priorities between 
and within administrations, and differences in technology and process, which 
hinders efforts to create veteran-centric systems.
	In contrast to this approach, the centralized organizational model 
provides the greatest opportunity to successfully execute One VA mission 
objectives in a timely manner.
	Like the federated model, it achieves economies of scale, but will 
also 
allow for rapidly maturing the IT investment management process to better 
deliver its major IT programs.
	We estimate potential savings from the centralized option to be 
approximately $345 million in annual run rate reduction within five years.
	The potential risk from implementing the centralized option is 
significant.  It is the big bang.
	But both the centralized and federated potions are viable 
organizational structures to achieve One VA mission objectives.
	However, it is our recommendation that the VA pursue the 
centralization 
option and aggressively manage the risk to maximize cost saving opportunity 
and reduce program risk.
	Let me clearly state the organizational change is hard work.  If not 
done properly, it places the entire organization at risk.
	Many examples exist where change efforts were not conducted properly.
	Whether a computerized position order entry system at Cedars Sinai or 
a financial management system at the VA itself, organizational change requires 
extensive planning, executive commitment, and a relentless focus on the 
details.
	The whole organization must see the need for change, understand how 
change will occur, and participate in the change efforts.
	If it embarks on any change effort, the VA must have:
	One, its entire leadership team dedicated to the effort, visible in 
its executive, and held accountable for its results;
	Two, fast-track budgeting and personnel change authority for its 
leaders to act quickly; and
	Three, use outside experts to guide, track, and report on its 
performance against plan.
	While it has risk, the payoff can be substantial improvement in IT 
performance at the VA.
	Mr. Chairman, this concludes my statement.
	Thank you again for the opportunity to discuss an important matter 
for our veterans.
	I'll answer any questions at the appropriate time.
	[The statement of Michael L. Pedersen appears on p. 77]
 
	The Chairman. Thank you very much, the three of you, for your 
testimony, your work, and that of your staffs, so please extend that to them.
	Let me ask, Mr. Pedersen, the credibility that you bring to this, 
being one of the top companies in the world in what you do, are you aware of 
any organization in the private sector that's like how the VA is presently 
operating its IT? Is there anyone out there?
	Mr. Pedersen. There is no one out there, sir.
	The profit motive of the commercial sector drives a natural cost 
reduction 
orientation and an investment oversight mentality, so I know of no other 
organizations like that.
	The Chairman. So as Congress has been asking the VA to act more like a 
business, this effort to bring -- streamline or bring a centralization to the 
CIO would place us in greater stead with modern business practices?
	Mr. Pedersen. Yes, sir.
	If I could add, there are -- the organization as a whole, the agencies 
are 
well operating.  I want to make that clear.  And there is a tremendous desire 
for the staff to serve the veteran.
	And is it our belief that there are efforts underway that have had 
small pockets of success.
	The Austin Automation Center was a good example that we found, where 
they 
had defined how they work in a very detailed way.  They talked about the costs 
of their services back through the franchise fund.
	And we found that a very effective model.  We applaud their efforts.  
It's 
the cost that they would -- the recovery or the price, if you will, that they 
charged the administration are comparable to the outside services.
	So there are efforts underway throughout the organization to drive 
towards 
that more business, more commercial-oriented practice.  It's just not on it as 
an organization as a whole.
	The Chairman. All right.
	Ms. Koontz, in your written statement, you indicated that the Clinger-
Cohen Act of 1996 mandated federal departments to establish the position of 
CIO.  
However, the VA did not appoint a permanent CIO position until August of 2001.
	What other federal departments, if any, requested and received OMB 
waivers for appointing a permanent CIO?
	Ms. Koontz. I know of no department that has a waiver for establishing a CIO.
	I don't know of any mechanism, either, that would allow an agency to 
go without a CIO.
	The law requires that they have a CIO, and that the CIO report to the 
agency head.
	The Chairman. Also, in your written statement, you indicated that GAO 
conducted reviews of the relationships of CIOs and agency heads in 23 
different agencies.
	You further indicated the vast majority of these CIOs reported 
directly to the agency head.
	Of the five largest federal agencies in terms of budget outlays, what 
is the reporting relationship for the CIO?
	Ms. Koontz. Of the five largest agencies that we looked at, based on 
discretionary spending -- and that would be Defense, Health and Human 
Services, 
Education, State, and VA -- four of the five, including VA, at the time we did 
our review in early 2004, the CIO reported directly to the agency head.  Only 
HHS did not at that time.
	The Chairman. Also, in your written statement you indicated that 
virtually 
all agency CIOs cite resources, both in dollars and in staff, as a major 
challenge in effective IT management.
	What specific challenges do you believe the VA's CIO must overcome in 
order for this position to effectively manage VA IT?
	Ms. Koontz. I think that the primary thing that the CIO needs --
there's 
two things that I think that are most important for the CIO to have in order 
to be successful.
	And the first of that is, obviously, that the CIO has to have the 
support 
of the Secretary.  Without management support, the CIO cannot be effective.
	Secondly, I think that it's critical that the CIO have -- be a 
participant 
in an investment management process that's established and mature at the 
agency, 
that allows the senior management to come together and make decisions on 
proposed investments and then oversee those investments over time.
	And as part of that process, it's absolutely critical that the CIO be 
able 
to veto any proposed investment that is not consistent, for example, with 
enterprise architecture, that's not consistent with standards, including network standards, or with other security requirements.
	The Chairman. Mr. Seifert and Mr. Pedersen, do you have an opinion 
based 
on Ms. Koontz' statement that she just made?
	Do you concur or non-concur?
	Mr. Pedersen. I'd agree that investment management and that control is 
critical for future investment planning and success.
	Mr. Seifert. Well, as you know, CRS does not take a position on it or 
express an opinion.
	The Chairman. Do you have a personal opinion of what you just heard 
Ms. Koontz say?
	Mr. Seifert. Well, I'm not allowed to express a personal opinion, but 
I would say that -- 
	The Chairman. Hypothetical?
	Mr. Seifert. -- evidence suggests that this is very important to the 
successful functioning of the department.
	The Chairman. That counts.  That counts.
	Mr. Evans and I and others on this Committee believe in line and 
budget authority for the CIO position.
	So I'm going to go right to the heart of the question.
	If we're to deliver line and budget authority to the CIO, give us your 
positives and negatives that you would foresee in that action being taken.
	And then I'll yield to Mr. Evans.
	All three of you can respond.
	Mr. Seifert. Well, some potential positives are that the CIO would 
gain 
control over all the IT resources within the department and be able to 
coordinate this in a better fashion, perhaps being able to execute an 
enterprise architecture plan.
	A potential drawback is that, a department of the VA's size is fairly 
complex and it would be hard to imagine any one person being able to honestly 
understand every nuance that's required for every department or every 
function.
	So it is possible that he or she may not be able to capture every 
little piece of that and may inadvertently overlook something.
	The Chairman. Ms. Koontz.
	Ms. Koontz. Similarly, I think that if you centralize the funding 
under 
the CIO, certainly the CIO gains control over the expenditure of those funds, 
and in that way can ensure that investments that are made are consistent with 
the enterprise architecture and standards and security requirements, et 
cetera, and that's an important thing.
	My concern, in addition to the scope issue that I think that Mr. 
Seifert 
just mentioned, is that it removes the funds from the business areas, and its' 
very important, if not critical, that information systems arise from 
identified business needs, and that's critical to any successful systems 
development effort.
	So removing that money from the business does run its own set of 
risks.  
It also puts the business in a position where they have -- they don't have the 
investment in the systems development effort anymore, because it's not their 
money.
	Mr. Pedersen. I'd agree with that.
	The idea of bringing accountability is critical. What you want to 
guard against -- and you'll have that if you bring that to the single point in 
the CIO.
	What you need to guard against is that budget flows for other purposes 
manifest themselves back into IT.  You need to guard against that.  And you 
need those executives, those business leaders, back at the table to guide 
investment decisions.
	It should not be the CIO deciding where investments go.  All right.  
They should manage it, get the business to decide where the money should go, 
what the 
requirements are, and acceptance of those systems they build.  That's where 
accountability lies on the business.
	On the CIO side, it's build towards that spec, and that's where that 
-- the investment management process can be very effective.
	The Chairman. Mr. Pedersen, that's where we'd like to go.
	Mr. Evans, you are recognized.
	Mr. Evans. Mr. Pedersen, could you describe the safeguards necessary 
to prevent a so-called federated adoption from just becoming what you 
described as the status quo option, if there were a bureaucratic show of 
resistance?  Can you tell us what those safeguards would have to be?
	Mr. Pedersen. There would be several that I could identify.
	Clearly the idea of where money, people, and assets find themselves is 
going to be one element.
	Policy alone won't protect that, because the complexity of the 
organization is so broad, the way money flows through the organization is so 
complex, IT spend is very difficult right now to control.
	So for the federated model to be successful, there must be all three 
of those aspects, so the technology, the people, and the budget authority for 
those assets must move, and that will prevent itself from at least the broad, 
the very significant change back to the status quo.
	But also, though, just good change management requires all members of 
the organization to be bought into it and lead that effort.
	This is not a strike-of-a-pen activity.  This is -- we've laid out 
that this is a long-term plan, it's hard work, it's hard work for the 
executive team.  
This is not something that's delegated.  The executive team must be critically 
involved with this and be held accountable for what progress is being made.
	Sir, does that help?
	Mr. Evans. Yes, sir.
	Thank you, Mr. Chairman.
	The Chairman. Mr. Bilirakis.
	Mr. Bilirakis. Thank you, Mr. Chairman.
	Mr. Chairman, I recently returned from a two-day visit to Estonia.
	Now, here is a country which just a few years ago was behind the Iron 
Curtain.  Their IT is unbelievable.
	Everybody in the country, I think, or virtually everybody in the 
country -
- certainly there must be some exceptions, although I understand there 
probably 
aren't -- pay all their bills electronically.  Everything is done 
electronically there.
	Their cabinets, if I can call them that -- they took us into a room 
where 
the cabinet sits, and they all have a computer right at their particular 
location.  Everything is done electronically.
	A smaller country, to be sure, but in no time at all, they're well 
past us when it comes to something like this.
	You know, it seems to me what Ms. Koontz said in her testimony here, 
that 
certainly the VA did not take Clinger-Cohen seriously when they handled the 
CIO 
position the way they did, given the time that VA took to even put the 
position 
into place, and then it was a part-time job, and functions were divided.  Then 
VA went one year with an acting CIO, and finally in August of 2001, VA 
appointed a full-time permanent CIO.
	So we pass these laws up here, and maybe it's our fault that we don't 
follow through adequately and have the proper oversight.
	In my time remaining, Ms. Koontz, you mentioned the challenges and you 
mentioned the lack, the implementing and practices -- I'm just paraphrasing.  
You mentioned obtaining relevant resources.  I guess there's always that.  And 
then the word ``collaboration,'' et cetera, everything related to 
collaboration.
	Why are these still challenges after so many years?  When you research 
something like this, the GAO does such a great job, you must have details, 
specific instances which lead you to these conclusions.
	Can you sort of expand upon that, go into these three challenges, 
particular the top two that you've mentioned, the implementing and the 
relevant resources, and sort of go into some details for us?
	You know, we want to be able to picture this, I guess, is what I'm 
saying.
	Ms. Koontz. I understand.
	I will confess, we have lots of details, because we're GAO, but I'm 
not sure that I have all of them at my fingertips.
	Mr. Bilirakis. Well, I don't want all of them.
	Ms. Koontz. But I will -- I will provide what I can.
	We have done an awful lot of work over the years about IT management 
practices, and in fact, that's one of the main -- you know, our main lines of 
work, and that's to look at things like, IT management practices, I mean 
having enterprise architectures in place, I mean having a robust investment 
management 
process in place that will again, like I said before, bring together the right 
people to make decisions about IT investments, and to not only make the right 
decisions but then continue to follow them over time.
	And also, we've done a huge body of work on security.  As you know 
from 
the annual reporting of agencies, there are many, many, continue to be many, 
many difficulties in these areas.
	Many of our reports over the years point to the need to strengthen all 
these management areas and we, you know, continue to work on that.
	VA specifically I think, one of the things that has been a threat in 
the 
work that we have done, and I think you would find it's at those other 
agencies 
as well, it is not really the technology that is the big, insurmountable 
problem, it's putting the right management practices in place to make things 
successful.
	Mr. Bilirakis. It's not the resources, the mechanical resources, if 
you will, it's the -- 
	Ms. Koontz. Exactly.  It's a matter of having the right institutional 
processes in place.  It's a matter of having accountability.  It's a matter of 
following disciplined processes in terms of building your systems.
	And that does sound very simple, but yes, those are challenges.  They 
have 
been challenges for a long time.  This is very difficult.  Much of what 
they're 
doing -- much of what's being done at the VA is very difficult.  I think we 
can't -- 
	Mr. Bilirakis. So it's people.
	Ms. Koontz. -- we can't ignore that.
	Mr. Bilirakis. It comes down to people and personalities, and yeah, 
the 
thing -- the big problem in government, maybe in life in general, I guess, is 
what turf, jurisdiction, power, that sort of thing.
	Is that what we're really talking about?
	Ms. Koontz. I think that may be an issue.  I can't say as I've studied 
it for sure, but the reason that we support the idea of having these 
institutional 
processes in place is that if you have these strong institutional processes, 
they sort of transcend all those kinds of issues.
	They transcend changes in personnel which happen all the time.  They 
transcend personalities.  They transcend turf. And that's why we continue to 
try to underscore the importance of having them.
	Mr. Bilirakis. Well, and it's critical, obviously, that we not do 
anything 
here in this legislation that's being talked about, and really heavily thought 
out, to hurt things.
	Ms. Koontz. Mm-hmm.
	Mr. Bilirakis. We don't want to make things worse.
	And I'm not really sure, and I haven't even talked to the staff about 
it, what kind of cooperation they're getting from the VA, how much they've 
even gone to the VA for their inputs on it, and that sort of thing, and that's 
something, of course, that we should be concerned with here.
	It's frustrating.  We had a round robin in this room here a while back 
where we're trying to get the VA to cooperate with the DoD in terms of 
exchange of medical information, interoperability.  And it's just frustrating.
	The VA has gone, I think, a lot further, obviously, and they have 
already 
been commended by us, and well they should be, but if we can't get it done in 
the VA, which is just one department, I don't know where we're going to be 
thinking about transferring it over and working with DoD, which is so very, 
very 
-- well, particularly in a war such as we're going through right now, where 
these people, you know, will -- you know, the transition, if you will, from 
DoD 
into the VA and the transfer of records that should take place adequately, and 
things of that nature.
	It's frustrating.  The bill was passed back in 1997, I believe, 
something like that, and here we are in 2005 and we're still not there.
	I don't know.  I know we change.  You know, there's changes up here 
all 
the time, and so you have a lack of stability maybe, and then obviously in the 
departments and in the agencies they have big changes and whatnot, so you have 
a lack of stability, so it's a little more difficult, Mr. Pedersen, than it 
would be, I guess, in the private sector, mainly for those reasons.
	But when it comes to the things like turf and whatnot, which stick 
their ugly, ugly head in the way, that upsets the hell out of me.
	Thanks, Mr. Chairman.
	The Chairman. Thank you.
	Mr. Michaud.
	Mr. Michaud. Thank you very much, Mr. Chairman.
	Many of the problems, when you look at the IT system at VHA, can be 
linked, I think, to the failure to involve front-line workers.
	In some cases, I've been told about, for example, the CoreFLS system 
failed to adequately understand the needs to supply staff and others in 
ordering 
basic hospital resources, and as a result, you know, surgeries had to be 
postponed due to lack of surgical kits; and there are other situations, such 
as this.
	My question is, under the different IT reorganization options, how can 
the 
VA best ensure that the end user, the front-line nurse, doctor, medical 
technician, and others, will have a meaningful involvement in identifying and 
selecting the IT system that will help them deliver the high quality care that 
they have to deliver.
	It's one thing to sit in an office and see what might be good for a 
system, but it's another thing to actually be out there having to use that 
system and knowing what they need.
	So what involvement is being done to ensure that end users have a say 
in this?
	Mr. Pedersen. Clearly, sir, defining the requirement, defining that 
need is the critical element for that whole investment process.
	This is not a central -- you know, there's no effort or desire to say, 
``We will build it and they will come.''  It is clearly the role for the 
practitioners themselves, the consumer of those services to define what they 
need with the sufficient clarity that people can build it, but also be have to 
accept what comes back, and if it's not accepted, they have to say why it's 
not 
accepted, and that's how the business and the technology work well together to 
define that.
	Where those problems emerge, they typically hadn't defined 
requirements 
sufficiently in detail.  They hadn't set up the change process of when it is a 
change, how will the new organization absorb that new system.  The work, will 
they be doing things differently?  How differently?  And has the business 
leader helped lead that effort?  If it comes from the technology group, these 
typically fail.
	Mr. Michaud. In what process do you envision that happening?  Clearly, 
you know, you might go to one area and just ask one or two, or it might be 
different in different regions, you know, around the country.
	I mean, how are you going to ensure that the end users will have, you 
know, adequate input into the process?
	Mr. Pedersen. As large organizations have defined it -- I go back to 
earlier when I said a principal challenge for the organization is defining how 
they work.  They haven't sat down to say how those interactions should occur 
so that you can capture and manage that risk.
	If there are differences for the health care system within each VISN, 
or within each hospital, we need to define that, or we need to understand it.  
That 
would be a cost to the system implementation and how the system will be built.
	But if that isn't well established up front, how it gets delivered in 
the back, that will create a huge problem.
	Mr. Michaud. Thank you.
	Thank you, Mr. Chairman.
	The Chairman. Mr. Pedersen, who are some of Gartner Consulting's 
private clients, if you're willing to tell me?
	Mr. Pedersen. We predominantly -- we have seven to ten thousand 
clients 
worldwide.  Predominantly, it is the largest commercial organizations in the 
world, so names -- household names.
	Bank of America, Abbott Laboratories, Office Depot, these are our 
clients, in addition to most states and large federal governments.
	The Chairman. So is it fair to say that you are the leader of your 
field?
	Mr. Pedersen. We are the leading provider of research services, yes, 
sir.
	The Chairman. Mr. Seifert, in your testimony when you mentioned 
Clinger-Cohen, and although the act is specifically -- strike the word 
``specifically'' 
-- does not explicitly identify federal CIOs as having any form of budgetary 
control or authority over IT resources, do you know if any federal CIOs that 
have explicit control over that budget authority?
	Mr. Seifert. As I mentioned in the testimony, the FBI recently granted 
that authority, and also in the budget proposal for fiscal year 2006, it was 
proposed, although I don't believe it has been formally approved, that the 
Department of Justice CIO have budgetary authority over IT related just to 
information sharing, as compared to the whole department.
	Otherwise, I would have to look at the different departments o see, 
but so far, most do not appear to.
	The Chairman. Are you familiar with HHS and in particular NIH?
	Mr. Seifert. To some degree, yes.
	The Chairman. They're making strides, are they not, in the same 
fashion 
where we're going, they just haven't gotten there yet?  Is that fair?
	Mr. Seifert. That would be a fair assessment.
	The Chairman. Ms. Koontz, I couldn't help but think that I could get 
this wrong, but it's probably pretty close.
	I almost feel like I'm having a flashback here.
	Five years ago, we sat just like this and at the time I believe it was 
Secretary Goss who had just testified.  He testified after you, but I remember 
-- it was before you -- and I was asking him, ``What kind of authority and 
powers do you need, you know, now that you've finally got this?''
	And he said, ``You know, I really don't -- I don't need any, because 
the Secretary is going to give me what I need to get this done'' -- five years 
ago.
	And then when I look at these systems that we have here, this 
Committee, 
has funded, that have failed, and that were even outside of his ability to 
control, it pains me.  It -- I just want to say personally -- it pains me.
	Because five years ago is where I came up with this, to give this line 
of budget authority, and I've been really patient, and you've been, too.
	But we are -- I think the Committee is finally about there, we really 
are, to actually do this. But I want to make sure we do it smartly and 
correctly.
	So I hate to be redundant, but I have to come back to this.
	If we're to give the CIO budget and line authority and say, then, to 
the CIO that these are your CIOs that serve for the three under secretaries 
-- they don't work for the under secretary.  They work for the CIO.
	And then those regional CIOs report to each CIO, right?  So we've got 
them in a control function?
	At the same time, we want business practices to continue, okay?
	So whatever system is being created, whether it's -- you know, we have 
in the works this competition going on with regard to our claims recovery.  So 
we're going to find out which two pilots we'll do for a national rollout.  But 
those are business practices.
	But help me here, give me your counsel, give the Committee counsel on 
how we deliver line and budget authority to the CIO and how then we're going 
to have proper interface with the business office.
	Tell me what your thoughts are.
	Ms. Koontz. I think that's precisely the question.
	And one thing that I would like to emphasize developing about 
investing in and developing systems, the importance of collaboration between 
the CIO and the business units.
	It's not necessarily that it's one or the other. It's really that it 
has to be a collaborative type of relationship.
	The business is -- the business units are definitely the ones who have 
to identify the needs.  They know what they want.  And then the CIO has to be 
involved to make sure that this fits with the rest of the enterprise, make 
sure 
that -- advises them on different technological solutions, and sort of guides 
the implementation from an IT perspective.
	I think that what is more important than who precisely controls the 
funds is that you have that investment process, that you have a strong 
institutionalized investment process that brings together the right people to 
the table to make these decisions, and of course that has to be supported by 
the 
head of the agency.  The head of the agency has to be committed to making this 
process work.
	The Chairman. All right.
	Mr. Pedersen, in your counsel, now to me, take the private sector, how 
they control the enterprise architecture, interfaced with business, and your 
counsel is to say, this is how we can do it in the VA.
	Mr. Pedersen. I agree heartily with the comments you just heard.
	The idea of transparency of the budget, of the money, of how it's 
being 
spent, where it's being spent is critical for this.  That's the first item 
that would come to mind.
	The second is again, it is not -- well, the chain of command needs to 
clearly understand the change.  They have to be very active in this.  This is 
a very large, complex organization.  I don't need to tell you all that.
	But how IT currently is structured is very complex today.  There isn't 
a well-defined chain of command.  It reports to different people.
	So bringing that together is itself an effort, so that all of those 
individuals need to be involved and have that ability to change.
	So that quick change needs to be managed.  That is a risk you'll have 
to manage as you go to that new operating model.
	The Chairman. All right.
	Mr. Michaud, do you have anything?
	Mr. Michaud. No, sir.
	The Chairman. All right.
	I'd like to thank all of you for your written testimony, and we may 
have follow-on, not today, but as we proceed, and if we can call on you, I'd 
appreciate that.
	As I said earlier, we're trying to build a model that we want to 
leverage into the rest of the departments in the federal government, and more 
importantly, how do we do it first in the VA, and then others can examine what 
we do right and what we do wrong.
	And I appreciate your counsel.
	Thank you.
	The first panel is now dismissed.
	The second panel I would like to introduce is The Honorable Gordon H. 
Mansfield, Deputy Secretary of the Department of Veterans Affairs.
	He is accompanied by the Honorable Daniel Cooper, the Under Secretary 
for 
Benefits, Veterans Benefits Administration; the Honorable Jonathan B. Perlin, 
Under Secretary for Health, Veterans Health Administration; and Richard A. 
Wannemacher, Jr., Acting Secretary for Memorial Affairs, National Cemetery 
Administration.
	Also at the table is the Honorable Robert N. McFarland, the Assistant 
Secretary for Information Technology and Chief Information Officer, Department 
of Veterans Affairs.
	We also have Pedro Cadenas, the Associate Deputy Assistant Secretary 
for Cyber and Information Security, Department of Veterans Affairs.
	I have a name that a lot of people butcher, and I think I just 
butchered somebody else's name.
	Mr. Cadenas. Yes, sir.  Cadenas.
	The Chairman. Cadenas?  I apologize.  You can call me Buyer.
	Mr. Secretary, your complete written statement will be made part of 
the official record, and you are now recognized for an opening statement.

STATEMENT OF HON. GORDON H. MANSFIELD, DEPUTY SECRETARY, DEPARTMENT OF 
VETERANS AFFAIRS ACCOMPANIED BY HON. DANIEL L. COOPER, UNDER SECRETARY FOR 
BENEFITS, VETERANS BENEFITS ADMINISTRATION; HON. JONATHAN B. PERLIN, UNDER 
SECRETARY FOR HEALTH, VETERANS HEALTH ADMINISTRATION; HON. RICHARD A. 
ANNEMACHER, JR., ACTING UNDER SECRETARY FOR MEMORIAL AFFAIRS, NATIONAL 
CEMETERY ADMINISTRATION; HON. ROBERT N. MCFARLAND, ASSISTANT SECRETARY FOR 
INFORMATION TECHNOLOGY AND CHIEF INFORMATION OFFICER, DEPARTMENT OF VETERANS 
AFFAIRS; AND HON. PEDROCADENAS, ASSOCIATE DEPUTY ASSISTANT SECRETARY 
FOR CYBER AND INFORMATION SECURITY, DEPARTMENT OF VETERANS AFFAIRS

	Mr. Mansfield. Mr. Chairman and members of the Committee, I'm pleased 
to 
be here this morning to discuss the Department of Veterans' Affairs' ongoing 
activities in the reorganization of our information technology programs.
	I would request also, sir, that the articles noted in the full 
statement also be included in the record.
	Mr. Chairman, I wish to acknowledge your continued interest in this 
area and thank you for your efforts -- 
	The Chairman. Hold just a second.
	Which articles are you referring to?  Which articles are you referring 
to that you're asking be incorporated in the record?
	Mr. Mansfield. The ones that are mentioned in my full statement, sir, 
that are summarized, I would ask that the full articles be included.
	These are the ones that deal with our medical records, and they've 
been presented to the recorder, sir.
	The Chairman. All right.  Hold on just a second right here.
	Mr. Mansfield. If that creates a problem, we will withdraw the 
request, sir.
	The Chairman. Well, let me just share this with you, Mr. Secretary.
	What I'm going to try to get a control on here is the incorporation of 
so many outside journals and articles.
	I just learned that one of our members on this Committee asked that 
the Independent Budget be made part of an official record, and we exploded the 
cost of the production of a record because of how large it is, and it really 
wasn't something that really was necessary.
	So let me just -- 
	Mr. Mansfield. Sir, as a compromise, I would propose that I would 
withdraw 
that request and that, with your permission, copies of those articles will be 
sent to the members of the Committee.
	The Chairman. That sounds like a wonderful -- thank you -- request.
	You may proceed.
	Mr. Mansfield. Yes, sir, and my apologies for the problem.
	As I've said, sir, I wish to acknowledge your continued interest in 
this 
area and thank you for your efforts to aid our evolution in this important 
arena.
	In fact, I would say that this truly has been a bipartisan effort by 
this 
Committee, and an effort to move us forward in the area of IT technology for 
the VA.
	The size and scope of VA's mission demands a judicious use of all 
means at 
our disposal.  Information technology has proven to be a valuable tool in a 
number of important aspects of our business and it holds great promise for 
increasing our capacity to perform for America's veterans.
	I want to emphasize that IT is a tool to be utilized as an important 
aid 
to allow us to carry out the department's reason for existence, to deliver 
services and benefits to our nation's veterans.
	Today, we are nearing the end of a fiscal year in which we will 
provide 
health care to 5.2 million veterans out of 7.1 million who are enrolled in our 
system.
	We will provide monthly compensation and pension benefits to over 3.5 
million veterans and beneficiaries.
	Also, we will work with over 500,000 veterans or family members to 
provide 
education benefits and 95,000 service disabled veterans through our voc rehab 
programs.
	We are also approaching 100,000 burials in our National Cemetery 
Administration facilities.
	These large numbers are made up of individuals who have earned the 
benefits we are charged with delivering.
	One of the first considerations I believe we have to these millions of 
veterans is to do no harm.
	By that, I mean we must recognize that our current IT system is 
working and we are performing and providing those benefits.
	One of the reasons we are performing is because over the past decades 
plus 
we have decentralized our system, as I explained in my submitted testimony.
	One result of that decision was that we did gain an effectiveness.  
However, I recognize that that effectiveness has come with a loss of many 
efficiencies, and I agree that they must be regained.
	As a part of the need to regain some efficiency, the VA must also 
recognize that we have reached the point in time where we must move, we must 
move towards standardization in these activities.
	Dr. John Gauss, the first IT Assistant Secretary and CIO, started to 
move towards reorganization.
	His efforts resulted in some progress towards a One-VA enterprise 
architecture, effective project review and approval process, modernization of 
the telecommunications infrastructure, implementation of an effective cyber-
security program for the VA, and a move towards consolidating control over IT 
budgets, expenditures, and personnel.
	When Mr. McFarland came to the VA in 2004, he recommended, and I 
approved, 
that we needed an outside consultant to review the VA IT organization and 
activities with a goal of giving us an ``as is,'' that is an existing view of 
the organization, and some proposals on recommendations for change.
	That activity was performed by Gartner Consulting, whose testimony has 
been presented by Mr. Michael Pedersen, the managing vice president.
	This assessment was to help us enhance the effectiveness of VA's IT by 
first baselining how it operates today, then developing organizational models 
that increase VA's IT value in terms of greater efficiencies, economies of 
scale, and added business value, and finally, charting the path VA IT can 
follow to deploy its new organizational model to truly deliver value.
	This assessment, as you noted, was completed in May of 2005.  We are 
currently assessing alternative management structures and a recent  
organizational assessment has provided important input.
	We understand that any changes must serve to increase our performance 
on behalf of veterans, in a way ensuring no interruption of services to them.
	We are committed to organizing and managing our IT resources wisely 
and prudently, and look forward to this Committee's continued support.
	Basically, Secretary Nicholson, after the briefing from Mr. Pedersen, 
asked me to review recommendations with the CIO and the under secretaries of 
the administrations, and come up with a recommended model for him to make the 
final decision.
	I believe that the federated model is the best answer for VA at this 
point, in that it will produce the quickest return on investment.
	VA's size and the scale of its mission make it unique.  While 
centralization of IT application and system development should be the long-term 
goal, it is not a prudent near-term solution based on the current culture and 
the ability to manage significant change.
	The federated approach includes high-level management, budget control, 
and 
comprehensive oversight of application and systems development within the 
CIOs's 
office. This will significantly strengthen the VA's ability to deliver high-
risk, high-value application development projects.
	This is the first step, and will start breaking down the stovepipes, 
moving us closer towards One-VA.
	And finally, I have directed each administration to realign and 
reorganize 
the methods by which they do application and systems development and reorient 
those activities based on industry standard best practices.
	This will ensure proper planning, design, integration and 
standardization 
requirements are followed throughout the department as we build our next 
generation systems and applications as One-VA systems to better serve our 
veterans.
	I might note in closing that the CIO will have management oversight 
and budget decision authority.
	Two issues I would like to address include, number one, resources.  
That issue has been brought up.
	But I would say that this Congress and the administration have been 
generous with the VA for funding IT projects, and I believe that it's not an 
issue of dollar resources as much as it is qualified personnel that we need to 
be able to get into this organization and help us design, manage, and run 
these programs.
	We also recognize that right now we cannot do it from inside, and as 
we 
move forward towards a change, we're going to need outside help, and we're 
planning on that.  And the last point I would make is one that's mentioned in 
the Gartner report.  And that is that we do have a highly motivated workforce 
in 
the administrations that want to deliver services to veterans and will get in 
line with a proper plan that's properly explained and that they have a part in 
designing and moving forward.
	Thank you very much for this opportunity, Mr. Chairman, and I look 
forward to answering your questions.
	[The statement of Hon. Gordon H. Mansfield appears on p. 90]
 
	The Chairman. Thank you, Mr. Secretary.
	I can choose one word to describe the mission when I took over this 
job as 
Chairman of the Committee:  accountability -- accountability, accountability, 
accountability.
	People will demand it on this Committee, will demand it equally of the 
administration or any of the advocates on behalf of veterans.
	Why did you hire Gartner Consulting?
	Mr. Mansfield. At the point in time we made the decision to hire them, 
we 
decided that, with Mr. McFarland as a brand new assistant secretary for 
information technology, and I as a brand new deputy secretary, looking at the 
situation we had in hand and in discussions with the then Secretary, 
acknowledged that we needed to look at this total IT structure, what it was 
doing, what it was not doing, and make decisions to make changes in its 
operations.
	We wanted to bring in somebody from the outside that could take an 
outside 
view of it, and give us some information on where they saw the ``as is'' 
picture, and also make some recommendations where they thought we might want 
to go.
	And Mr. McFarland is the person that was put in charge of that, and 
followed up on that mission.
	The Chairman. And why that specific consulting firm?
	Mr. Mansfield. I'll turn that over to Mr. McFarland, since he's the 
expert in this area.
	Mr. McFarland. Well, sir, Gartner and the firm which they acquired, 
which was META, is known throughout the industry as having a unique set of 
qualifications.
	Primarily, I was interested in someone that didn't have a vested 
interest in what we did and how we organized ourselves and what the outcome 
was.
	Gartner nor META had any businesses that are related to integration of 
products or selection of products and tools, so I was interested in an 
independent attitude.
	I also wanted a fresh set of eyes.  Everybody in the VA has an opinion 
about IT.  I wanted a fresh set of eyes, and that was the best fresh set of 
eyes I could find at the time, and I -- 
	The Chairman. What was the cost of the contract?
	Mr. McFarland. The contract was, I believe, sir, somewhere between 
$4.5 and $5 million, I believe, to the best of my recollection.
	The Chairman. Secretary Mansfield, what makes an effective CIO?
	Mr. Mansfield. Someone that, number one, is knowledgeable and 
understands 
information technology, understands what it can do as a tool, somebody who is 
able to look to the future, and in this fast-changing arena, be able to 
anticipate some of the changes or be able to move with the changes, and then 
somebody who is dedicated to ensuring that these activities go forward in the 
best way possible.
	The Chairman. You would concur with this statement, that this is the 
101, that IT is an enabler for you to accomplish your mission in an effective 
manner, correct?
	Mr. Mansfield. Yes.
	The Chairman. In order to have a good enabler, you have to have one 
architecture; would you concur with that?
	Mr. Mansfield. Yes.
	The Chairman. So it is extremely important, whether you choose a 
centralized approach or a federated approach, that we maintain one 
architecture, correct?
	Mr. Mansfield. Yes, sir.
	The Chairman. Okay.
	Let me -- Mr. Secretary, may I turn to your three under secretaries 
for a moment?
	Mr. Mansfield. Pardon me, sir?
	The Chairman. May I turn to your three under secretaries for a moment 
for questions?
	Mr. Mansfield. Yes, sir.  That's what they're here for.
	The Chairman. What would be the concern of the three of you of a 
centralized approach, whereby we give a line of budget authority to the CIO?
	What are the positives of that approach, and what are the negatives of 
that approach with regard to centralized, let me just say this, recognizing 
that testimony we just had before you took to this table, the testimony was 
what you presently do is not mirrored anywhere, not anywhere.
	So give me your counsel.  Whoever wants to go first.
	Mr. Mansfield. Dr. Perlin, do you want to go first?
	Dr. Perlin. Thank you, Mr. Chairman for the opportunity to comment on 
that.
	First, let me acknowledge the positives of either centralization or a 
federated approach.
	We are One-VA.  We should have seamless interoperability between 
benefits 
and health and commemoration of veterans, period. We should have an 
architecture that supports and facilitates that.
	Some might actually agree that the control of funds within the Office of 
Information Technology will allow us to coordinate our projects and realize an 
enterprise architecture that delivers that.
	My concern about centralization really relates to our history, as well 
as the experience of health information technology in the United States.
	Health information technology is not pervasive. Less than 20 percent 
of health care providers, certainly hospitals, have health information 
systems, and 
certainly VA has been hailed for its exceptional performance in delivery of 
high-quality health care facilitated by health information technologies.
	In fact, this month's issue of Healthcare Papers in Canada, (an entire 
issue) was dedicated to understanding the improvement and the transformation 
of VA.  It recognized the health information technology as a supporting 
technology, 
and it recognized further the performance measurement and the accountability.
	Sir, you asked about accountability.  Our performance is our 
accountability.  Our performance is the fulfillment of our mission of high-
quality health care services.
	We've had a history of a centralized health information before.  In 
fact, 
before this very Committee, the Inspector General testified he did a 
``flyoff'' 
between one centralized and one decentralized program.  Ultimately it was the 
centralized one that had failed.
	It failed because it had characteristics that were similar to some of 
the shortcomings of CoreFLS.  It didn't engage the end user.
	So with all due respect to what I've just heard in terms of testimony 
and 
with absolute cognizance of health information in the United States and the 
experience of health care executives and chief information officers in health 
care, I support the consolidation of the infrastructure, the generic 
architecture, the enterprise architecture, but the attachment of development 
to 
the clinicians, to the end users is the defining characteristic and has been 
reported in Healthcare Papers, among other journals, as the key feature of the 
success of the health information system in VA.
	So in the federated model, I think we gain the efficiencies but 
preserve 
that unique aspect of the information system that allows and has demonstrated 
VA's ability to deliver high-quality care to veterans.
	The Chairman. Admiral Cooper.
	Admiral Cooper. Essentially, I would say that the devil is in the 
details.
	In my organization, VBA, we essentially have a centralized process.  
In my opinion, I could acclimate to whatever decision is made.
	The whole execution of the IT reorganization is dependent upon the 
agreements that we have and how we execute them.  My concern is that because 
such a large portion of VBA's budget goes to paying people, if at times I have 
to use money, I do not having full control of the budget.  However, that is 
something that can be worked out.
	The Chairman. Mr. Wannemacher.
	Mr. Wannemacher. The National Cemetery Administration supports the VA 
CIO 
by working within federated model.  This insures we adapt and adhere to 
Department goals which promote synergy and efficiency of business processes.
	With the smallest of the three VA administrations IT budget, NCA has 
operated with an internalized centralized system for the past 10 years in 
order 
to enhance memorial benefits and service delivery to our Nation's veterans and 
their families.
	Mr. Mansfield. Mr. Chairman, Dr. Perlin would like to add another 
point, if he may.
	Dr. Perlin. I think you asked for the pros and cons of the two models, 
so 
I was very taken by the testimony where it supported the thesis that I just 
offered.
	It was said that one of the risks is a lack of intellectual investment 
in the activity.
	That singularly has been the disconnect in the clinical community in 
terms 
of getting health information technologies to work.  Maintaining that 
connectivity with clinicians, is one of the key features.  That is why I 
recommend the federated model.
	The Chairman. Secretary McFarland, if we were to give you line and 
budget 
authority, how do you place at ease the three under secretaries that you're 
not going to stymie innovation, and their ideas?
	There's a budget.  There's only so many dollars. But you're part of a 
team, and when we're now going to heed counsel that you paid a lot of money 
for, 
and he talked about the importance of collaboration between the business and 
the CIO, how do we achieve a central model?
	Mr. McFarland. Well, I believe in no matter which model you choose, a 
key factor has to take place, and that is a customer orientation.
	I've spent 33 years in the information technology sector, and I am a 
full believer and have seen this environment be successful, where you have a 
customer mentality.
	IT is a tool.  It's a business enabler.  It serves its customers.  It 
should first serve the veteran in this organization and it should second serve 
the employees, and the employees of the administrations.
	If the users are not served, then IT fails.
	So any IT organization that I've ever headed up or will ever head up 
will 
have a customer mentality that says that the people we serve every day and 
supply power to, supply technology to, are the customers.  They are the people 
that we have to deliver services and technology that make their business 
applications work.
	We have to take input from them on what's required. They are the 
experts.
	IT itself is not a business application.  IT is a tool.  And it can 
only be enabled if you're able to serve the customer.
	Candidly, I haven't always seen a customer mentality in VA in the 18 
months I've been here, and I believe we have to first and foremost take 6,000 
IT 
people out there, no matter what they're doing or where they're serving, and 
get them to understand that IT and their participation is about serving the 
customers -- the veterans and the employees.
	The Chairman. All right.  That was pretty hard.
	We're well aware of, as we roll out in more areas the patient medical 
records issues, that those words are all meant to be customer friendly and 
help deliver and improve quality care.
	So as Dr. Perlin would come up with an idea, all right, or roll out 
into 
another VISN, your job would be to make sure that it fits the architecture, 
right, and hardware and software, right?
	So you got to put a check in the box for that, under a centralized 
approach?
	Mr. McFarland. Yes, sir.
	The Chairman. All right?  Not that you're the guy that's to tell him, 
``No, it cannot be done,'' or if you say it can't be done, then it's a real 
issue that's got to be resolved then between Secretary Mansfield and the 
Secretary, right?
	Mr. McFarland. Well, under either model you have to be able to do 
this.
	Under either model, you have to be able to agree that anything the 
user wants you to build or wants you to run has to be able to meet the 
enterprise 
architecture.  It has to be able to fit within the One-VA approach to 
delivering services.
	Our job, in either model, is to advise the administrations and their 
constituents exactly what will fit and what won't fit -- 
	The Chairman. Okay.
	Mr. McFarland. -- and then sit down and negotiate how we change a 
specification, how do we move a design to make it fit.  That's a collaborative 
effort.  It has to be done that way.
	The Chairman. All right.
	Mr. Michaud,.
	Mr. Michaud. Thank you, Mr. Chairman.
	I have one question for Mr. Mansfield.
	I realize that the VA is still in the process of securing IT assets 
and 
restoring information systems and communication in the Katrina-affected area, 
and this may be too early for the question.
	But do you have any preliminary lessons learned on improving the IT 
system 
at VA, and how would IT reorganization have improved or hindered efforts 
during this disaster?
	Mr. Mansfield. Thank you for that question, sir.
	I would make a couple of introductory comments, and then turn it over 
to the experts here.
	But I do know the one lesson -- and we do have a lessons learned group 
out 
of our readiness operations center that is currently in the process of coming 
up 
with a total lessons learned for everything in this operation, as we do every 
time we go through one of these exercises.
	One lesson learned is that our backup communications systems were not 
able 
to do the job, and we need to go forward and find something better than we had 
and get that on site and be able to use that so we can maintain 
communications.
	One of the aspects of our system, though, is fortunately, because of 
our 
planning, because of our training, we have folks out there that have been 
through this, and were able to operate on their own even if communications was 
interrupted from a certain point.
	The other part of it is dealing with records, and I'll turn that over 
to 
Dr. Perlin, is that in general, we were able to make the move in time to be 
sure 
that any of the veterans in that affected area, no matter where they moved to, 
the practitioners were able to get access to those records.
	However, it does raise one issue that is a problem in our system, and 
that 
is that it oftentimes, again in these, as I say, decentralized operations, 
each 
one doesn't fit across the whole system, and that's where we need to go, where 
instead of having to work a special fix each time, we can ensure that across 
the 
total system, those records are interoperable.
	And I would ask Dr. Perlin to comment on that, and then Mr. McFarland.
	Dr. Perlin. Thank you, Secretary Mansfield.
	Congressman Michaud, thank you for the question.
	I actually have in front of me two articles from today.
	One:  ``Katrina Shows Need to Computerize Records,'' Orlando Sentinel, 
talking about how effective having electronic health records were.
	And a similar article from Government Computer notes, ``Agency IT 
Provides Relief After Katrina.''
	Both comment on VA's effectiveness in meeting the mission:  That's 
serving 
veterans - ultimately our mission, not an IT mission - a mission of patient 
care, because those records could be made available to the entire system, 
being hosted at another facility, even after New Orleans came off-line.
	The deputy had mentioned one important improvement, that backup 
communications henceforth will have satellite uplinks, and we appreciate the 
collaboration with the Office of Information Technology in establishing those 
at Biloxi and Jackson in the middle of the crisis to provide broadband 
communications.
	The second is that -- 
	The Chairman. Can I interrupt a second?
	I want you to correct me if I'm wrong.
	There's no single data repository for all of these records.  Would 
that not be correct?  That's correct, is it not?
	Dr. Perlin. That is correct.
	The Chairman. Okay.  So when a patient was transferred directly from, 
whether it's New Orleans to Houston, or Biloxi to Jackson, somebody had to 
back up a tape.
	So when that patient was taken directly to Houston, Houston couldn't 
come on line, show a doctor, ``Here's what the medical record is,'' that it 
had to be backed up and inserted?
	Dr. Perlin. No, that record would have been, Sir, available had there 
been connectivity between New Orleans and Houston.
	Under the circumstance, the latest footprint, the most recent data was 
acquired in fact, during the storm.  In fact, that's one of the take-home 
lessons:  that the facility could continue to operate independently!
	Let me turn to Mr. McFarland in terms of our corporate repository.
	Mr. McFarland. It is true that, in order to get the records from New 
Orleans to Houston, we did have to take a tape from New Orleans bring it to 
Houston, install a configuration that was equal to the New Orleans 
configuration, and then bring it up.
	One of the initiatives that Dr. Perlin's people and myself have been 
working on some two months now, two-and-a-half, three months now, is the 
concept 
of regional data processing centers, so that we can get to a point where these 
records will not have to be moved by tape, that they would be accessible 
anywhere within a region that a veteran would be able to go.
	But, yes, currently today, they are different instances, different 
configurations based on medical centers, but there is a process in place to 
change that.
	The Chairman. All right.
	Mr. Michaud, I want to thank you for yielding to me, because that's a 
fine 
example of why I'm hesitant on a federated approach, because we think that 
this is all out there, but it's really not if you don't have the word, 
``connectivity.''
	I yield back to the gentleman.
	Mr. Michaud. That's a good point, Mr. Chairman.
	Actually, that was going to be my follow-up question. Is there a 
central 
place where there is a backup, and if so, where is that, or do you envision 
that being so?
	Dr. Perlin. Sir, there is backup of corporate data nationally.  It 
doesn't integrate as one seamless record at this moment.
	The project Mr. McFarland described, the health data repository, will 
allow it to operate as one seamless health record.
	The reason it does not is not because we willfully wanted to have 
different instances of VISTA.  The reason it is as it is now is entirely an 
artifact of history.
	Even ten years ago, let alone 20 years ago, one didn't think in 
terabytes 
of data or national data files.  It was really quite miraculous to stand up 
one hospital on one system.
	In fact, as they evolved over time, there was differentiation.
	The task before us, and Mr. McFarland and I are absolutely in lockstep 
agreement on this, is that there be one consistent instance of the system of 
the 
electronic health record, and it's that which allows in this really imminent 
next generation of the health data repository one seamless record across the 
United States.
	Mr. Mansfield. Sir, if I may add a follow-up to that, to the 
Chairman's 
point, it's my belief in the federated model that we're talking about and 
recommending to go forward with, that the issue you brought up would be solved 
because there would be one operational system that would be under the control 
of 
the CIO, across the whole VA, and that would take care of not only the problem 
with VHA, but it would, when we get to the final point, also give us One-VA 
where the veterans' records would be accessible across the system.
	So in the model that I'm looking at and proposing, we would have that 
solution, sir.
	Mr. Michaud. I want to follow up on that question.
	So what would happen if we had a terrorist attack and it took out that 
system?  What would happen as far as the records?
	The Chairman. The national system or the local system?
	Mr. Michaud. Yes, the national system.
	Mr. McFarland. Well, first off, sir, we would never have a single 
instance of any system.
	I believe we will be able to put those records, that national system 
in 
multiple locations, and have a mirror image of those at all times, so that no 
matter whether we lose any specific site, we will be able to recover 
immediately 
from the backup site, and that's a mirroring effect.  You don't want it to be 
anything except a mirrored image.
	Mr. Michaud. Thank you very much.
	And Mr. Chairman, Dr. Perlin had mentioned a couple of articles.  We 
do 
not need them for the record, but if he could provide the Committee with those 
articles, I'd appreciate it.
	The material was provided to the Committee, and is maintained in the 
Committee files.]

	The Chairman. Thank you, Mr. Michaud.
	Mr. Michaud. Thank you.
	The Chairman. Mr. Bilirakis.
	Mr. Bilirakis. This is not, I guess, considered a very sexy subject, 
high-profile, et cetera, and yet we've got a room full of people here.
	I mean, to me that's very meaningful.  There's concern in this area.  
There's a lot of interest in this area. And I'd like to say there's a lot of 
frustration in this area.
	Mr. McFarland, Mr. Secretary McFarland -- I guess you're Secretary, 
right?
	Mr. McFarland. Assistant Secretary.
	Mr. Bilirakis. Under the federated model that Mr. Mansfield and others 
have talked about putting that into effect, you would be in charge, I guess.
	Would you have the adequate authority to be able to do what is 
necessary 
to be done, referring now again -- I don't know whether Ms. Koontz is still in 
the room -- referring again to the challenges that she mentioned, the 
implementation practices, the obtaining relevant resources, the collaboration.
	Would you have the adequate authority?
	Now, I know you guys work next to each other and you probably go to 
lunch together and you're friends, as well you should be.
	But can you be honest with us?
	Mr. McFarland. As long as I have what I would consider, and this may 
not 
be the right government word, but I'll use it anyway, as long as I have veto 
power over the way money is spent on IT infrastructure and IT projects -- 
	Mr. Bilirakis. How about if money is spent for -- money which may be 
allocated to IT, but is not being proposed to be spent for IT, is being used 
for any other purposes?
	Mr. McFarland. Well, then, would that be the case, then I would not 
have the control, no.
	But I don't believe that is the intent of either model, If I 
understand what we're working -- 
	Mr. Bilirakis. I'm sure it's not the intent, officially the intent.
	What happens now?  You have money allocated to IT, and is all of it 
being spent on IT?
	Mr. McFarland. I daresay, according to what staff tells me, it is not.
	I do not have visibility into all of the money being spent today, and 
as to whether it is completely spent on IT -- 
	Mr. Bilirakis. Should you not have that authority?
	Mr. McFarland. I definitely should have.
	Mr. Bilirakis. You should have that authority, and you would not have 
under the model that is proposed by the VA, would you?
	Mr. McFarland. No, I believe I could have it under either model.  I 
don't have it today, but I could have it under either of the models that are 
proposed here.
	Mr. Bilirakis. Well, I should think that it's not a matter of could 
have.  
I think it should be a matter of should have or will have based on the way 
legislation is crafted.
	The VA has spent, what is it, half a billion dollars, whatever, what 
the figure was for the consultant that we talked about earlier.
	They disagree, the VA disagrees with the consultant's recommendations.  
As I understand it the piece of legislation which the Committee is crafting is 
consistent with the consultant's recommendations.
	How do you feel about that?
	Mr. Mansfield. Sir, I would say that -- 
	Mr. Bilirakis. I was asking Mr. McFarland, but I would like to hear 
from you, too, Gordon.
	Mr. Mansfield. Sir, I would say that we have agreed with one of the 
options, and the consultant, as requested, came up with a number of options, 
and 
we believe that, based on his input plus other input, that the one that we've 
chosen is the best one for the organization.
	Mr. Bilirakis. Are you saying the consultant -- 
	Mr. Mansfield. We didn't say that ``You have complete control and 
you'll run this.''  We said, ``We want you to make recommendations.''
	We've taken those recommendations inside the Department, and as I 
mentioned, at the Secretary's direction, we've had numerous discussions with 
the CIO and the administrations and come up with what we have -- 
	Mr. Bilirakis. So the consultant suggested a number of options and the 
centralized model which is going into the legislation is one of them, but the 
federalist -- the federated model -- 
	Mr. Mansfield. Yes, sir.  And I believe his testimony that he 
presented 
here indicates that those two are the preferred -- those two are the preferred 
models.
	Mr. Bilirakis. Mr. McFarland, what say you?
	Mr. McFarland. I believe that I can support a federated model based on 
the concept that the very first thing we need to do is get our arms around the 
infrastructure.
	The reason we have stovepipes today is because the infrastructure is 
divided among the administrations.  There is no collaboration.  There is no 
joint use.  There is none of that today.  And that is the primary reason for 
the stovepipes.  And I also -- 
	Mr. Bilirakis. Would the federated model be consistent with that 
particular status quo?
	Mr. McFarland. The federated model would solve that.  Both the 
centralized and the federated model would solve that issue.
	The other thing, candidly, that I have to look at as a political 
appointee 
is, I have a limited amount of time to pour what I call concrete with good 
rebar, and that is that what can I do quickly in my three years left here that 
I can do to make sure that we make change that stays here; and certainly, the 
infrastructure is the quickest return on investment.
	Mr. Bilirakis. Which model would you prefer, sir? You, our political 
appointee?
	The Chairman. In your personal opinion.
	Mr. McFarland. In my professional opinion -- 
	Mr. Bilirakis. Personal, professional, any kind of opinion.
	Mr. McFarland. -- I support what the consultant said.
	That being said, it is the big bang, and the big bang has a great 
amount of risk to it.	
	And at the direction of the Secretary and the deputy -- 
	Mr. Bilirakis. Are you a lawyer, Mr. McFarland?
	Mr. McFarland. Pardon me, sir?
	Mr. Bilirakis. Are you a lawyer?
	Mr. McFarland. No, sir, I am not a lawyer.
	Mr. Bilirakis. Well, you know how to dance around these questions.
	Mr. McFarland. I'm not trying to dance, sir.
	I'll be honest and tell you, in my professional opinion and my 
personal 
opinion, the centralized option is the best thing in the long run for the VA.
	Mr. Bilirakis. Okay.
	Mr. McFarland. I'm also a realist and know that we have to take this 
thing a step at a time.  There are no -- 
	Mr. Bilirakis. Okay, and that's good.  I really appreciate your adding 
those additional words.  We have to take it a step at a time and what not.
	And I think it's important that the Committee understand, I know that 
the Chairman understands, that we don't want to do any harm here.  We don't 
want to cause more problems.
	And we understand also, or we should understand, hopefully we 
understand 
correctly that you're on the line and you know this stuff better than we do.
	But, you know, we have concerns.  The major VA IT investments that 
have 
failed in the past, who was -- you know, the questions, who was in charge of 
the 
following programs: VETSNET, CoreFLS, VISTA, two billion dollars down the 
drain, that could have gone to health care, Mr. Secretary.
	I understand the CIO was not in charge.  Who was in charge?  Who is 
currently in charge of management of these programs?
	We can get answers from you, but these things have happened.
	Now, there's a level.  We've already said great things about the VA.  
We've commended you.  Frankly, I felt like standing up and applauding you on 
the 
work that you have done on Katrina and your help with 9/11 back in 2001, et 
cetera.
	But there are a lot of failures here, and so there's a lack of 
credibility, I would say.
	And Dr. Perlin -- you know, you want to put up your hand -- you're a 
doctor, and you care about health care, and you don't mind my concern.  I've 
chaired the Health Subcommittee on the Energy and Commerce Committee for 10 
years on health care, and I'm very much concerned with it all.
	By God, the question that Mr. Michaud asked, about why the Houston 
computers had to be reconfigured in order to be able to use that tape?  What's 
wrong?  Something is wrong with that scenario.  
	And I'm going to ask, on behalf of -- I'm vice Chairman of the 
Committee.  I've already cosponsored the legislation.
	But I'm going to ask that we sit down with you all and that you'll be 
yielding, that you'll be yielding, that you're not going to be stubborn and 
say, ``Hey, our model is the model that we want to go to and we don't want to 
cooperate as far as a centralized model is concerned.''
	But Mr. McFarland, who I think can see the forest for the trees 
hopefully, 
has said that the centralized model is clearly the preferred one.  He said he 
can work with both of them, I think, as I understand his paraphrasing his 
statements, but that's the better model.
	Now, should that model be twisted a little bit and whatnot to make 
sure 
that no harm is done?  I suppose so.  But we've all got to be open minded.
	I've taken a lot of time, Mr. Chairman.  I apologize for it.  But I've 
sat in these meetings all through the years. We had our roundtable the other 
day.  I 
just can't get over how little Estonia can do what they've done and how we 
can't even do it within one of our departments.
	Thanks, Mr. Chairman.
	The Chairman. Mr. Michaud.
	Mr. Michaud. Thank you, Mr. Chairman.
	I'm reading the GAO Report, and I have one question, Mr. Chairman.
	According to a memorandum dated back in August of 2002 from Secretary 
Principi, in that memorandum, he talked about realigning to a central IT 
system.  That was back in 2002.
	The GAO reported in September of 2002 that it would build credibility, 
it 
would achieve a One-VA, it was bold, it was innovative, and that memorandum 
was 
signed in 2002.
	My question is, why hasn't it happened?  That was for a centralized 
system.
	Mr. McFarland. I've only been here 18 months, so I didn't have the 
benefit of being here at that time, but I've done my best to look into the 
history.
	I believe the intent was there.  With all due respect to my 
predecessor, I 
do not believe it was executed on.  It's as simple as that.
	Mr. Michaud. I guess from the VA side this was signed by the former 
Secretary.
	What has been done to move it to a centralized system?
	And I realize, Mr. Mansfield, you've only been there for a short time, 
as well.  I don't know if Dr. Perlin or -- 
	Mr. Mansfield. Sir, the effect of that memo was carried out with a 
change, I believe, of 97 personnel being in effect dual-lined, reporting both 
to the CIO and to the administration head, and then further down the line.
	And as I mentioned in my oral statement, there was work done on a 
One-VA 
enterprise architecture.  There was a move towards project review that got the 
Office of the CIO the ability to sign off before money could be authorized.
	There was a modernization of the telecommunications infrastructure 
that 
Mr. McFarland finished, which is saving us millions of dollars, the 
implementation of an effective cyber security program -- for the first time in 
history, VA has completed that and is certified -- and a move towards, only a 
move towards, consolidating control over IT budgets, expenditures, and  
personnel.
	And as I indicated, what Mr. McFarland and I were looking for when we 
asked for the outside consultant to come in was to look at, based on that 
change, where we were and what did we need to do to go forward so that we 
would 
have a plan, and then we could, inside the Department, make a decision or make 
a recommendation to the Secretary, based on his final decision then, as you 
said, sir, assume the responsibility and move forward.
	Mr. Michaud. If I might, Mr. Chairman, just follow up.
	Mr. McFarland, you said you've only  been there 18 months.  That's a 
year-and-a-half.
	Did you make any attempt to try to move forward on this memorandum?
	Mr. McFarland. Well, as soon as I got my hands on the memorandums and 
the 
history is when I sat down with the new deputy and said, ``We are not where 
this 
says we were supposed to go.  I think we need to get an understanding of where 
we are and then figure out how we get to go where we're supposed to go.''  And 
that's what generated the Gartner study.
	And, you know, it took me some time to get that contract awarded.  We 
have 
our share of issues in the area of getting contracts, so it took some matter 
of months before I could actually get a contract out.
	So I apologize for having been here 18 months and not getting it done 
sooner, but I moved about as fast as I was able to, sir, candidly.
	Mr. Michaud. Okay.  Thank you very much.
	Thank you, Mr. Chairman.
	The Chairman. You know, Mr. Michaud, when you talked about what's been 
done in moving toward that direction of centralization, I couldn't help but 
think there's also been a trip, a stumble, and a fall.
	And I recall the trip, the stumble, and the fall: CoreFLS, VETSNET, 
and VISTA, and some of that was outside of control and responsibility.
	And so what I'm hopeful, I think, as we move toward this 
centralization, 
that there's not going to be a lot of fingerpointing.  We're going to know how 
we're going to make the system accountable.
	At this moment, I want to pause, and I think we need to get some input 
here from the chief information security officer.
	We've heard from the other three under secretaries, and you work 
directly 
for McFarland.  Now, we know that the Federal Information Systems Management 
Act 
gave an F on the report with regard to cyber security, and so we've got some 
pretty strong concerns here.
	And so if Congress were to move toward a centralized approach and 
follow 
the counsel of Gartner Consulting, as opposed to a federated approach -- so 
take 
federated approach and flush it out of your mind at the moment -- how do we 
improve the cyber security under a centralized approach?
	Mr. Cadenas. Thank you for the opportunity to be here, sir.
	Tremendous opportunities in regards to a centralized approach, as 
you've been talking about, sir.
	With me working for Mr. McFarland, it allows me to go out there with 
my 
teams, established a more formalized process, applying hardening systems to 
ensure configuration baseline, change control boards, everything, and bringing 
in what I would call good systems engineering from a security point of view, 
to out there and do that to the systems out there, to ensure hardening -- 
perimeter in depth, defense in depth approach.
	The Chairman. So if we're under the centralized approach, the CIO, 
your 
boss, now owns the people for the three under secretaries, and then owns those 
CIOs that go down regionally, right, and it continues to go down.
	Do you believe that the centralized approach will regain control, or 
could take this control away from these autonomous networks?
	Mr. Cadenas. Well, sir, I've been there -- I'm a newbie, as well.  I 
will have my third anniversary here in November.
	Yes, it will help in those areas, but what we have been doing is, we 
have 
developed a tremendous collaboration effort with the community in working with 
us.  The result of worms that we've experienced in the past have only applied 
or reinforced the need for that strong collaboration.
	The control that you're talking about, sir, that it will allow us to 
have, 
will allow us to act much quicker.  A great deal of our success has been on 
KOOMBAYA's, shared accountability working groups with the various communities 
out there.  Versus having that control, I can immediately engage and move out.
	The Chairman. Well, if the Federal Information Systems Management Act 
Report gave you an F -- 
	Mr. Cadenas. Yes, sir.
	The Chairman. -- I mean, come on.  We need to move out swiftly here.
	Mr. Mansfield. Sir, if I may, I believe that the federated model that 
I'm 
proposing would give him exactly the same capability.  He would be able to do 
it.
	The Chairman. Well, I asked my particular question because I think 
we're about to follow the centralized approach that you paid $5 million to a 
consultant that's giving us counsel here.
	And I know, Mr. Secretary, you're under tremendous pressures.  You 
have 
three under secretaries that you also have to work with, and you've developed 
relationships with.
	And to be very frank with you, I don't have much patience, because 
I've 
been doing this for six years -- six years -- and I've watched the system, and 
all along, it's been, ``Steve, let this mature, let it massage, we'll move in 
that direction, incremental approaches.''  I'm pretty exhausted, Mr. 
Secretary.
	Mr. Bilirakis. Well, Mr. Chairman, sorry to hitchhiked upon your 
comments.
	This trying to set up an IT system that will be able to accomplish all 
of 
these things the way it should in today's high-powered electronic and 
mechanical 
world is significant, but it's even more so now because of the threat of 
terrorism, because of natural disasters, and everything of that nature.
	So, boy, we should all have lost our patience, not knowing what may 
happen tomorrow.
	But you seem to be intent on the federated model. The Committee seems 
to be intent on the centralized model. Hopefully, there will be something in 
between or at least some of your ideas certainly should be used to be part of 
any legislation that comes up.
	But what I'm wondering, Mr. Chairman, is if they're working towards a 
federated model with their full speed ahead on the federated model, and we in 
the meantime are thinking another way, and the time that it takes, of course, 
to 
get through the process, through this very unwieldy republic system of ours, it 
becomes legislation, are they going to be expending dollars on a system that 
will not -- that will be moot, basically, once we finally have -- 
	The Chairman. That's a good question, and I think that's one that we 
can also entertain off line, but just playing this out, my counsel to the 
Secretary would be to be cautious, in how you proceed.
	Because there is such strong bipartisan support on this Committee for 
a centralized approach, we will immediately go to conference with the Senate, 
where we also know that House Appropriations staff along the Senate 
Appropriations staff is also embracing, I believe, a centralized approach.
	So there is time between now and when we leave, potentially, on 
November 18th, that we could actually send this to the President.
	So, Mr. Bilirakis, your point is well made, and I think Mr. Mansfield 
has heard the response.
	I yield back to Mr. Bilirakis.
	Mr. Bilirakis. Well, thank you, sir.
	I would just hope, Mr. Mansfield, that you would -- you know, let's be 
logical and reasonable and all this, knowing that this may be coming down the 
pike, with hopefully suggestions from you all, which might sort of squirm it a 
little bit, you know and change it a little bit and that sort of thing.
	I don't know where it might be needed and acceptable that in the 
process 
of what you're doing with your federated model, you take all that into 
consideration.
	As I understand the federated model, it probably would be right on the 
same path as the centralized model, anyhow, so hopefully, we're not talking 
about any waste of dollars or waste of effort that would then have to be 
undone later on.
	Mr. Mansfield. Yes, sir.  In fact, the Gartner report makes the point 
for 
the centralized model that it cannot be done in one step, that it will require 
multiple steps, and the federated model is a part of that process, I would 
believe, or can be made so.
	Mr. Bilirakis. Okay.  That's good.  Thank you, sir.
	The Chairman. Thank you.
	Mr. Michaud.
	Mr. Michaud. Just a comment, Mr. Chairman.
	My question to Mr. McFarland wasn't to point fingers.  It was more or 
less 
to find out why they have not moved in that direction, because having been 
involved for a number of years at the state level, if sometimes individuals 
who 
are running programs, if they do not like the particular program, they'll do 
everything they can to make sure that it doesn't happen, so that was my 
questioning.
	And I agree with you 100 percent on the accountability, and we 
definitely 
have to have accountability and make sure that the end users are involved in 
doing it, because they're the ones that are going to have to use the system.
	And I know that you will hold them accountable, and actually, in 
Maine, 
Mr. Chairman, we have a saying, and hopefully you don't take it 
disrespectfully, 
but knowing you just the short time I have known you, you're like a pit bull. 
When you get something, you hold onto it, and you hold that accountability.
	And I think we definitely will get that accountability.  Looking 
forward 
to working with you, making sure that we have a system that everyone can live 
with and will be accountable not only to the taxpayers but also to members of 
Congress.
	Thank you, Mr. Chairman.
	The Chairman. Thank you, Mr. Michaud.
	I appreciated the candor of the gentleman from Gartner Consulting in 
that 
it's almost like, well, of course, this isn't going to be out in the private 
sector, because there it is for profit.  Right?  And if you're a government 
enterprise, you don't have to worry about it.  You do budget submissions. Who 
wants to be against spending in the veterans' arena? Right?
	And so trying to bring efficiencies to these processes, I mean, it is 
our responsibility.
	You know, there are a couple of really large procurement contracts 
with 
regard to IT that are sitting out there -- PAIRS and PCHS.  PCHS and PAIRS.
	So if we're about to move into this, tell me where we are on these two 
larger procurement contracts that could involve billions of dollars.  What are 
we doing?
	Mr. McFarland. Well, sir, we are currently operating under what's 
called 
PCHS II, which is a common hardware and software procurement vehicle that we 
use 
to buy all of our hardware and software throughout the VA.  It's based on a 
set of standards.
	It has served us reasonably well, but it's due to be redone, because 
it's 
about to hit its cap, and we'll have to implement anew what I call PCHS III 
next year.
	I've been intimately involved with procurement and have made it clear 
what I want out of PCHS III, which is different than what we've had in PCHS 
II.
	I want to get a lot more standardization, because it appeared as PCHS 
II evolved, just about anyone could select something and get it on PCHS, and 
that allowed them to buy it, and that did not serve us as well as I would have 
hoped in our standardization efforts.
	So PCHS III will produce a much stronger standardized environment.
	Under any move that we make from an IT reorg, I will control that 
hardware 
and software buy, and I will see that we get standardization and that we get 
common configurations out there through this contract.
	The Chairman. I don't know where you are in the letting of these 
contracts.
	Mr. McFarland, should we not let these contracts until this 
legislation is 
in place, so that you've got this line of budget authority?
	Mr. McFarland. We are still working under PCHS II, and will through a 
part of next year.
	I believe PCHS III isn't due to come online or be let, if you will, 
the contract be let until about the middle of next year.
	So we're at a point where nothing that you would do between now and 
then would get in the way of any aspect of trying to modernize that 
procurement vehicle.
	The Chairman. All right.
	Admiral Cooper, the Navy uses a process where the Fleet expresses a 
need 
for a new system, provides requirements, and the systems commands work with 
the 
Pentagon and the Fleet users to build a system that meets the Fleet's needs.
	The process is very structured and has rigorous reviews at many levels 
in the acquisition chain of command, does it not?
	Admiral Cooper. That's correct.  Yes, sir.
	The Chairman. Do you similarly see a structure and would you like to 
see a 
system very similar to that within the systems that you presently control?
	Admiral Cooper. Yes, sir.
	The Chairman. I'm going to give it to you.
	This hearing is now concluded.
	[Whereupon, at 12:08 p.m., the Committee was adjourned.]
 

