[Senate Hearing 109-498]
[From the U.S. Government Publishing Office]
S. Hrg. 109-498
INFORMATION AND TECHNOLOGY AT THE VA: IS IT READY FOR THE 21ST CENTURY?
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON VETERANS' AFFAIRS
UNITED STATES SENATE
ONE HUNDRED NINTH CONGRESS
FIRST SESSION
__________
OCTOBER 20, 2005
__________
Printed for the use of the Committee on Veterans' Affairs
Available via the World Wide Web: http://www.access.gpo.gov/congress/
senate
______
U.S. GOVERNMENT PRINTING OFFICE
25-790 WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
COMMITTEE ON VETERANS' AFFAIRS
Larry Craig, Idaho, Chairman
Arlen Specter, Pennsylvania Daniel K. Akaka, Ranking Member,
Kay Bailey Hutchison, Texas Hawaii
Lindsey O. Graham, South Carolina John D. Rockefeller IV, West
Richard Burr, North Carolina Virginia
John Ensign, Nevada James M. Jeffords, (I) Vermont
John Thune, South Dakota Patty Murray, Washington
Johnny Isakson, Georgia Barack Obama, Illinois
Ken Salazar, Colorado
Lupe Wissel, Majority Staff Director
D. Noelani Kalipi, Minority Staff Director
C O N T E N T S
----------
DATE
SENATORS
Page
Akaka, Hon. Daniel K., U.S. Senator from Hawaii.................. 2
Craig, Hon. Larry, Chairman, U.S. Senator from Idaho............. 1
Salazar, Hon. Ken, U.S. Senator from Colorado.................... 3
Thune, Hon. John, U.S. Senator from South Dakota................. 5
WITNESSES
Mansfield, Gordon H., Deputy Secretary, Department of Veterans
Affairs, accompanied by: Robert N. McFarland, Assistant
Secretary for Information Technology and Chief Information
Officer, Department of Veterans Affairs; Robert Lynch, M.D.,
VISN 16 Director, VHA; and Jack McCoy, Associate Deputy Under
Secretary for Policy and Program Management, VBA............... 5
Prepared statement........................................... 8
Responses to written questions submitted by:
Hon. Daniel K. Akaka..................................... 11
Hon. John D. Rockefeller IV.............................. 15
Wohlleben, Paul, Partner, Grant Thorton, LLP, on Behalf of the
Information Technology Association of America.................. 29
Prepared statement........................................... 31
Koontz, Linda D., Director, Information Management Issues, United
States Government Accountability Office........................ 32
Prepared statement........................................... 34
APPENDIX
Articles:
Improving Patient Care....................................... 47
Revamped Veterans' Health Care Now a Model................... 55
Brief Report: Quality of Ambulatory Care for Women and Men in
the Veterans Affairs Health Care System.................... 58
Special Communication: Five Years After to Err is Human...... 62
Washington Monthly: The Best Care Anywhere................... 69
U.S. News & World Report: America's Best Hospitals........... 83
INFORMATION AND TECHNOLOGY AT THE VA: IS IT READY FOR THE 21ST CENTURY
----------
THURSDAY, OCTOBER 20, 2005
U.S. Senate,
Committee on Veterans' Affairs,
Washington, D.C.
The committee met, pursuant to notice, at 10:05 a.m., in
room SR-418, Russell Senate Office Building, Hon. Larry Craig
(Chairman of the committee) presiding.
Present: Senators Craig, Thune, Isakson, Akaka and Salazar.
OPENING STATEMENT OF HON. LARRY CRAIG, CHAIRMAN,
U.S. SENATOR FROM IDAHO
Chairman Craig. Good morning, everyone. The Committee on
Veterans' Affairs meets this morning to receive testimony on
VA's effort to reorganize both the internal management
structure of its information technology programs and the
financing of its IT development projects. This is a critically
important topic for oversight, I think, by this committee.
I say in all seriousness to my colleagues that VA's ability
to provide quality health care, timely and accurate benefits
decisions and compassionate readjustment counseling for our
veterans in the future rests largely on its ability to
modernize its IT infrastructure. Tomorrow's modernization
requires strong, qualified, rigorous management today.
I want to stress that this is not a hearing intended to
chide VA for failures in its IT program management. In fact, VA
has had numerous successes in its IT programs, and I think we
can be proud of those successes. For example, I do not think
there is a person in the health care industry that is not
overwhelmed by, and frankly, jealous of VA's electronic health
records. Just recently, during the events of Hurricane Katrina,
we saw firsthand how important the electronic records can be
for our veterans.
That success did not go unnoticed to even Time Magazine,
which recently wrote in a story about medical care during
Hurricane Katrina,
``Throughout the chaos of Katrina, doctors treating displaced
patients in the Veterans Affairs system have had access to
information that those outside the VA are dreaming of: up to 20
years of lab results and 6 years worth of x-rays, scans,
doctors' notes and medication records, available for all 5.2
million active patients.''
This is truly a remarkable achievement.
Still, there have been some shortcomings in the management
of VA's IT projects. Most recently there was a failure for the
core financial and logistics system VA attempted to implement
at the Bay Pines Medical Center in Florida. In that case
taxpayers spent hundreds of millions of dollars, and VA spent
thousands of man hours. Still, at the end of the day, taxpayers
and VA had nothing to show for it. Clearly, Congress cannot
continue to fund failures, especially ones of that scale.
To the end, the Senate, through the Appropriations bill for
MilCon/VA, recently took action to protect taxpayers from large
scale project management failures. The fiscal year 2006 MilCon/
VA Appropriations bill places VA's IT budget under one person.
Further, and perhaps more importantly, the bill withholds VA IT
project monies for the new Health-e-Vet project until VA
reorganizes its IT management, to make certain that the project
is run by a well-qualified project manager.
Changes such as this one will have consequences large and
small all across the Agency, and it is important that this
committee understand those consequences and any tradeoffs that
may come from such a move. As has been pointed out to me on
more than one occasion, VA is one of the largest agencies in
Government. A change in management structure that will affect
over 200,000 people must be done in a thoughtful manner and
implemented correctly.
The question before the committee today, that I hope we
have answers by our witnesses, is a very special one: How can
we ensure that the Department undertakes very costly projects
to both upgrade its IT programs and build newer programs so we
see more successes like those in the electronic health records
systems, and less very expensive failures such as the one that
took place with Core FLS?
To answer that question, and perhaps many others, we will
hear from witnesses from VA, the Government Accountability
Office and the Information Technology Association of America.
Before I call upon our witnesses, I would like to turn to
my Ranking Member, Senator Akaka, for any opening comments he
would like to make.
Danny.
OPENING STATEMENT OF HON. DANIEL K. AKAKA,
U.S. SENATOR FROM HAWAII
Senator Akaka. Thank you very much, Mr. Chairman. I want to
thank you for this hearing. A hearing on this issue is long
overdue, as you state, and I am with you on your statement that
you have just made, and to let our witnesses know that we are
doing this to try to improve the system.
I also want to welcome all of our witnesses to this
hearing.
In the recent past I can recall one IT hearing. I believe
it was a field hearing 2 years ago, chaired by my predecessor's
Ranking Member, which focused on VA's failed $300 million
financial and logistics IT system. By now we all have heard the
story. It is a story of unrealistic expectations and complete
mismanagement of a contractor, and it is a costly story, one
which wasted taxpayer dollars and caused failures in the
delivery of medical care.
I would remind my colleagues that VA paid the contractor a
bonus after they knew that the system had failed. This was
shameful.
Some would argue that we may soon have at our feet another
IT disaster. VA is in the midst of a major initiative to
modernize its VISTA system. Fortunately, VA had the wisdom to
hire an expert to evaluate the project and to identify the
problems before they go too far down this expensive road.
Carnegie Mellon found major problems with VA's approach. The
analysts at Carnegie Mellon wrote, and I quote, ``Current plans
are not realistic given the complexity and magnitude of the
project and VA's ability to carry them out.'' Hopefully, VA
will be able to reverse course and solve these problems.
I must question if VA had bitten off more of an IT solution
than it can chew, especially because the system which it was
designed to replace, is still in much demand in the health care
sector. The VA has had its IT successes. A much mentioned
example is the world class electronic medical records system,
which proved its viability and robustness in the days following
Hurricane Katrina. Yet with each endeavor, we must be cognizant
of the bottom line. Given VA's limited health care budget, we
cannot afford to sink millions into IT solutions that may not
be viable.
We have to figure out how we can become smarter and better
in the way we plan for and implement new or replacement IT
solutions. It is extremely important for our veterans and for
taxpayers that Congress ensures effective management of
information technology within VA. It is all the more important
because all veterans have come to rely on IT solutions every
day to faultlessly deliver their benefits and services.
For me, the question confronting the committee today is
whether or not VA should be directed through legislation on how
to solve its IT problems.
Mr. Chairman, I look forward to this hearing and to
eventually continuing to work with you on this problem. Thank
you very much.
Chairman Craig. Senator Akaka, thank you very much. We have
been joined by our colleague, Senator Salazar.
Ken, do you have any opening comment?
OPENING STATEMENT OF HON. KEN SALAZAR, U.S. SENATOR FROM
COLORADO
Senator Salazar. Thank you, Chairman Craig and Senator
Akaka. Today we will discuss proposals to centralize VA's
information technology system. I want to use my opening
statement to offer a cautionary note to all of you who will
work on this very important project for the VA.
I agree that a centralized IT structure has the potential
to eliminate waste as much as $345 million a year, and to
improve the care of veterans. This is a notable and a very
important goal. However, wonder about the VA's ability to make
this transformation quickly. I fear that if we push VA too hard
and too fast we may set the agency up for failure and waste
hundreds of millions of dollars in the process, as we have some
with many agencies at both the Federal and State level as they
implement new IT projects over the last decade.
These Federal IT programs are expensive and we do have a
record of failure with many of these projects. The IRS and the
FBI are recent examples of failures. VA has also seen major IT
problems with Core FLS, which was scrapped last year after $342
million was wasted. HR Links was cancelled after $300 million
was spent. These are warning systems about what we had to do,
or warning signs about what we had to do as we move forward to
centralization.
In addition, there is a deeply entrenched culture of
decentralization of VA. VA's IT structure is inherently
decentralized because of its history. VistA, VA's biggest IT
success story, is a 30-year-old outgrowth of DHCP. This program
was developed by individual VA programmers working without
permission from VA Headquarters. It worked because it was
developed locally and was flexible. To this day individual
hospitals have excellent IT systems because of VistA. I do not
suggest that this system is perfect. Individual hospitals have
trouble sharing records, but transformation is especially risky
because the VA may not have the capacity to make such a large
change.
I want to note four or five concerns that I have in terms
of the transition. First, this kind of transition requires buy-
in from top management. The VA's record here is not
particularly encouraging. It took 5 years after the Clinger-
Cohen Act before VA appointed a full-time CIO. The VA CIO has
since been slow in implementing major reforms. VA's leadership
is opposed to the centralized model espoused in the Gartner
Report and in the House legislation as I understand it.
Second, the transition cannot succeed without cooperation
and input from the individualized service networks and
hospitals that will use the product. In the past individual VA
hospitals have been reluctant to work with VA's CIO or cede any
budget authority.
Third, funding. VA's CIO currently directly controls $50
million, only 3 percent of VA's total IT budget, 3 percent of
the entire IT budget for VA. The CIO's office recently has had
to cancel conferences because of budgetary constraints. The CIO
does not currently have the capacity to spend significantly
more money.
Fourth, good contracting is a keystone to a successful
project. One of the main reasons VA's recent IT have failed is
the VA did not have the capacity to establish good contracts
and to oversee them. Just last month, VA's CIO, Robert
McFarland, testified candidly that contracting delays held up
the Gartner study for months.
Fifth, the length of service. GAO reported that it often
takes as many as 5 years for a CIO at a Federal agency to make
an impact, but the average tenure of a CIO is only 2 years. Mr.
McFarland testified that a centralized model is best long term
for VA, but he does not think he can accomplish this in his
tenure. He likened this task to, ``pouring concrete with good
rebar.''
I am raising these cautions now because I am pessimistic or
have given up on reforming the VA on this system. The VA
definitely needs to move forward towards centralization.
Congress, however, must work with the VA, and we must move
forward with caution.
Given the VA CIO more budget authority and oversight would
be a step in the right direction, in my view, if it is done
right and it is done at the appropriate pace.
I thank the Chair, and I look forward to the hearing.
Chairman Craig. Ken, thank you very much.
Now let us turn to our first panel. We have the Hon. Gordon
H. Mansfield, Deputy Secretary, Department of Veterans Affairs.
He is accompanied by the Hon. Robert N. McFarland, Assistant
Secretary for Information Technology and Chief Information
Officer, Department of Veterans' Affairs.
We have two additional witnesses seated at the table: Dr.
Robert Lynch, VISN 16 Director, VHA; and Jack McCoy, Associate
Deputy Under Secretary for Policy and Program Management.
Welcome, gentlemen. We appreciate you being with us this
morning. Before I ask your thoughts, we have just had another
one of our colleagues arrive.
Senator Thune, do you have any opening comments prior to us
going to the first panel?
OPENING STATEMENT OF HON. JOHN THUNE, U.S. SENATOR FROM SOUTH
DAKOTA
Senator Thune. Mr. Chairman, I just want to thank you for
holding this hearing. I am very interested in the subject of
information technology and its application to health care, and
I appreciate the good work the VA has done in leading the way
and pioneering some of the technologies, and I am also pleased
that they are making some of those same technologies available
to nongovernment doctors and hospitals, and I am hopeful that
in today's high tech world that it will become more possible to
rapidly exchange information electronically, and that these
exchanges will, in fact, do a lot to help the health care
sector of additional patients.
I want to congratulate you for holding this hearing, and am
anxious to hear the testimony from our panelists today, and
look forward to working with the VA to continue to improve the
quality of care that they deliver to America's veterans, and
hope that we can take some of the things that are happening in
the area of electronic medical records that is already under
way at the VA and see that more readily applied in other areas
of our health care economy in this country.
That is all I have, Mr. Chairman. Thank you.
Chairman Craig. Senator, Thank you very much.
Now we will turn to the panel, and Gordon, we will start
with your testimony first. Please proceed.
STATEMENT OF GORDON H. MANSFIELD, DEPUTY SECRETARY, DEPARTMENT
OF VETERANS AFFAIRS, ACCOMPANIED BY: ROBERT N. McFARLAND,
ASSISTANT SECRETARY FOR INFORMATION TECHNOLOGY AND CHIEF
INFORMATION OFFICER, DEPARTMENT OF VETERANS AFFAIRS; ROBERT
LYNCH, M.D., VISN 16 DIRECTOR, VHA; AND JACK McCOY, ASSOCIATE
DEPUTY UNDER SECRETARY FOR POLICY AND PROGRAM MANAGEMENT, VBA
Mr. Mansfield. Thank you, Mr. Chairman, and Mr. Akaka and
Members of the committee. I am pleased to be here this morning
to discuss the VA's ongoing activities in reorganization of our
information technology programs.
Before I start, I would just like to make the point that
Dr. Lynch, who is here with me, is the head of our largest
health care network, VISN 16, and this is the man who was on
the scene in the efforts in Katrina and Rita, and he was the
one that we were talking to from the VA Ops Center, and he was
in charge of the folks on the scene down there. I have to tell
you that he is a personal hero of mine for all the efforts he
has done down there.
Chairman Craig. He certainly deserves our congratulations.
It was a job very well done.
Mr. Mansfield. Sir, I request that my full statement be
entered in the record, and I also request that the articles
noted in the formal statement be entered into the record, with
your permission.
Chairman Craig. Without objection, all of your statements
will be a full part of the record.
Mr. Mansfield. Thank you. In starting I want to emphasize
that IT is a tool to be utilized to assist us to carry out the
Department's reason for existence, to deliver services and
benefits to our Nation's veterans. Last year we provided health
care to 5.2 million veterans out of 7.1 million that are
enrolled. We provided compensation and pension benefits to more
than 3.5 million veterans and dependents. We provided over
500,000 veterans and family members education benefits, and
95,000 received vocational rehabilitation. We buried 95,000
veterans in our cemeteries. These large numbers are made up of
individuals who have earned the benefits we are charged with
delivering.
I believe we have an obligation to these millions of
veterans who operate by the principle that we must first do no
harm, a part of the Hippocratic oath that doctors take when
they are treating patients, to do no harm. Secondly, we should
deliver these services and benefits that they require in a
timely and efficient manner. Our current IT system is assisting
us in doing that now. We are delivering those benefits each
day, each month, and throughout the year.
You mentioned the history. In the past we decentralized
this system, and this action gained us effectiveness. However,
that effectiveness has come with a loss of some efficiencies.
For example, we have situations where all three
administrations, Benefits, Health Care and Cemetery, are co-
located on the same campus, yet each is running a separate IT
system.
For example, as an illustration, I point to the Hines VA
Medical Center in Chicago, where the Veterans Health Care
Administration has a major computing center, and within a few
hundred yards the Veterans Benefits Administration runs another
major IT center. These facilities are separated by a chain link
fence, but that is instrumental in the picture because their IT
systems are not connected and we are not gaining efficiencies
that are available.
Another example is Milwaukee, where we have a Cemetery
Office, a Benefits Regional Office and a hospital all on the
same campus, and the same thing is true.
As a result, when Mr. McFarland came to the VA in 2004, he
recommended, and I agreed based on the history that has been
discussed here in the introduction, that we had major issues in
IT and that we needed an outside consultant to review the total
IT program. The goal was to give us an ``as is'' view of the
organization, and we chose Gartner Corporation as a consultant
to help us do that. That consultant's report also gave us not
only an ``as is'', what the existing efforts were, but some
recommendation or options on a ``to be'' position. They
confirmed that the VA's IT resources are currently operated and
managed within a highly decentralized structure.
Assistant Secretary McFarland, our CIO, oversees right now
a staff, as mentioned, of about 350 individuals on a budget of
roughly 40 to 50 million. While responsible for ensuring the
success of all the VA's IT operations, he has no direct
management control or organizational authority over the great
majority of VA's IT resources. We can only provide policy
guidance, budgetary review and general oversight via indirect
supervision.
Following a briefing on the Gartner Report, Secretary
Nicholson asked me to review the options provided with the CIO
and the Under Secretaries for Administration and recommend a
course of action. The senior management, the Secretary, myself,
the CIO, the Under Secretaries, believe that the federated
model presented in that report is the best answer for the VA.
All IT operational service delivery personnel and the budget
associated with their support to include all non-medical IT
equipment, maintenance and contract support, will come under
the direct supervision of a national organization that reports
directly to the CIO's office.
For example, all cyber security personnel and programs will
be centralized to the Office of Cyber Security under the CIO.
This organization will deliver all IT-related operational
services to all elements of the VA based upon negotiated and
formerly agreed upon set of specific standard IT services
delivered according to a clearly understood and documented set
of service level agreement standards.
The CIO clearly maintains overall responsibility for the
successful management of these resources and continues to
provide budget oversight policy and program management
direction for the Department in the model that we have chosen.
Budget authority would be centralized to the CIO. We know that
this is a concern of the Appropriations Subcommittee and we are
in agreement with the approps they have taken. Most IT
employees will be under the CIO's authority, running the IT
operations infrastructure for the VA.
The chief difference is, one, selection, and our selection
is that administration IT employees will continue to do
software development and software application selections that
are vital to health care or benefits function. This will ensure
that proper planning, design, integration and standardization
requirements are followed throughout the Department as we build
our next generation systems. CIO will still have budget
decision authority over all development projects.
Let me close by pointing out why VA believes this plan is
going to work. First, we have reviewed and learned from the
lessons of the past, some of the incidences that have been
presented here in your introductory statements. We know that we
must communicate to our workforce the backing of the entire
departmental leadership from the Secretary on down, and I would
make the point that while the CIO is present for maybe only 2
years, if he has the direct backing of the Secretary, then I
believe that he can move forward a lot quicker and get the job
done, and that is part of what we are depending on.
Second, we need to take the time needed to explain this
process to the whole workforce. We also need to involve
workforce in the actual planning process to define changes
needed and the timelines needed to make effective change.
Third, we need to have a check, a recheck, and a third
check to make sure that all aspects of the plan and how, in
being implemented, are checked each and every step of the way.
We must be prepared to make adjustments as necessary, as we
learn from our implementation plan.
Fourth, we need to report to outside entities as
appropriate, to the Congress, to the VSO partners and to others
who would be interested in this area.
Fifth, we need to ensure right from the start all the way
through the finish, that senior leadership from the Secretary
on down, are continually following through on all planning and
implementation.
Sixth, as mentioned, more than IT is being reorganized. Our
Procurement Office is also undergoing a change of leadership to
better enable us to deal with contracts and implementation.
The Secretary has recently made a decision to proceed with
implementing the federated model and reorganizing VA IT, and
the leadership represented here at this witness table is
committed to making that happen.
Thank you for inviting us here to discuss these important
matters, and we look forward to answering your questions.
[The prepared statement of Mr. Mansfield follows:]
Prepared Statement of Gordon H. Mansfield, Deputy Secretary,
Department of Veterans Affairs
Thank you, Mr. Chairman. I am pleased to appear before this
Committee on behalf of the Secretary and the Department to discuss with
you the Department of Veterans Affairs (VA) information technology
infrastructure reorganization assessment.
The Department's business is the health and well-being of our
nation's veterans. To ensure mission success, it is imperative that we
employ all means at our disposal, including information technology, in
the most effective way possible.
Some history of how VA's IT infrastructure and organization have
evolved may prove useful to the Committee. For at least 25 years prior
to 1990, VA's IT program was centralized. In July 1990, under a belief
that decentralized operations provide for better management of VA
facilities, the Department decentralized resources to the
Administrations and staff offices for VA's IT systems design and
applications development, systems operations, and systems oversight,
along with four data processing centers. The remaining IT oversight
program was placed under the Chief Financial Officer (CFO). Then, in
accordance with the Clinger-Cohen Act of 1996, VA formally established
the position of Assistant Secretary for Information and Technology
(CIO), but the IT oversight program remained aligned under the CFO and
decentralization of VA's IT program continued.
At his confirmation hearing in January 2001, Secretary-designee
Principi stated that he was committed to ending stove piped systems in
VA.
Secretary Principi directed the centralization of the Department's
IT program, including authority over personnel and funding, in the
Office of the Assistant Secretary for Information Technology effective
October 1, 2002. A team of executives from across VA was convened to
design a centralized IT organization for VA. The Secretary approved a
centralized reorganization plan on May 14, 2003.
The result of this reorganization was a matrix organization which,
over time, VA came to realize was not best suited for a large,
geographically dispersed organization that is highly dependent on
information technology to deliver services.
Robert N. McFarland was confirmed by the Senate on January 22, 2004
as the second Assistant Secretary for Information and Technology and
Chief Information Officer (CIO). Under his leadership, a rigorous IT
review process, disciplined project management methodology and an IT
portfolio management system have continued to evolve. We are in the
final phase of rebuilding our nationwide telecommunications
infrastructure, beginning the consolidation of some infrastructure
assets, and implementing aggressive cyber security and privacy programs
to ensure the protection of our information assets, infrastructure, and
veterans' personal information. We submitted the VA Enterprise
Architecture design to OMB in June 2005 and received a score of 3.0,
significantly higher than the previous score of 1.25. We continue to
refine it.
A strong Enterprise Architecture is critical to any effort to bring
down our stove piped systems and replace them with integrated systems.
The score of 3.0 demonstrates progress in this information technology
area and signals that we are steadfastly working to build a foundation
for systems integration and standardization.
In the wake of the difficulties with CoreFLS, as a new Deputy
Secretary, I asked Assistant Secretary McFarland to undertake a study
of our IT system and resources and to pursue outside assistance, if
necessary. In December 2004, he contracted with The Gartner Group to
conduct an Organizational Assessment of VA IT.
This assessment was to enhance the effectiveness of VA's IT by
first baselining how it operates today, then developing organizational
models to increase VA's IT value (in terms of greater efficiencies,
economies of scale, and added business value), and finally, charting
the path VA IT can follow to deploy its new organizational model to
truly deliver value. The completed assessment was delivered to the
Assistant Secretary for Information and Technology and CIO in May 2005.
The study proposed five different alternatives, as follows.
Option 1--Status quo. Currently, VA IT resources are operated and
managed within a highly decentralized management structure. The
Department's CIO manages a central office staff of approximately 350
government employees and a direct budget of approximately $40 million
per year. While the CIO is charged with overall responsibility for the
successful management of all VA IT resources (in fiscal year 05, $1.8
billion and approximately 5400 IT FTE) the CIO has no direct management
control or organizational authority over any of these resources. The
CIO provides policy guidance, budgetary review and general oversight
via indirect supervision (dotted line) of the Administration and staff
office CIO's. Within some of the Administrations, the CIO does not
directly supervise or have authority over the majority of IT resources
in the field and must also provide policy guidance, budgetary review
and general oversight via indirect supervision.
Option 2--Regional Option. Under this option, VA would be divided
into three to five geographically based subdivisions. Within each of
these, a Deputy CIO would control all IT assets (Operations, Staff
Functions, and Systems Development) and be responsible for all service
delivery within that region. These Deputy CIO's would report directly
to the VA CIO.
Option 3--Administration-Centric Option. Under this option, VA
would be divided by Administration and Staff Offices and a Deputy CIO
for each would control all IT assets (Operations, Staff Functions, and
Systems Development) and be responsible for all service delivery within
that Administration or Staff Office. These Deputy CIO's would report
directly to the VA CIO.
Option 4--Federated Option. Under this option, VA would separate
operational responsibilities and IT systems development
responsibilities into separate domains. All IT operational service
delivery personnel and the budget associated with their support (to
include all non-medical IT equipment, maintenance, and contractor
support) would come under the direct supervision of the CIO. This
organization would be charged with delivering all IT-related corporate
services (such as electronic mail, financial systems,
telecommunications) to all elements of VA based upon a negotiated and
formally agreed upon set of specific standard IT services delivered
according to a clearly understood and documented set of service-level-
agreement standards. Under a federated approach, IT mission/program
systems development responsibility remains with the Administrations or
staff office business units. The Administrations and staff offices
directly manage all mission/program systems--development FTE and budget
authority. The CIO clearly maintains overall responsibility for the
successful management of these resources and continues to provide IT
budget oversight, policy, and program management direction for the
Department.
Option 5--Centralized Option. Under this option, all VA IT
personnel resources, assets, and budget would be under the direct
supervision of the VA's CIO. This centralized IT organization would be
charged with delivering all IT-related corporate operation and mission
systems development services to all elements of the VA based upon a
negotiated and formally agreed upon set of specific standard IT
services and systems development standards delivered according to a
clearly understood and documented set of service level agreement
standards. Under this option the Administrations remain responsible for
system and user requirements definition, service delivery standards
development, and end user participation in systems development
acceptance criteria development and testing.
The consultant's report delivered an ``as is'' assessment that VA's
IT resources are currently operated and managed within a highly
decentralized structure. While the Assistant Secretary for Information
and Technology, our CIO, oversees a staff of approximately 350 VA
employees and a budget of over $40 million, total VA IT resources are
approximately 5,400 full-time-equivalent employees with a budget of
some $1.8 billion. Despite having overall responsibility for ensuring
the success of VA's IT operations, the Assistant Secretary has no
direct management control or organizational authority over the great
majority of VA's IT resources. He can only provide policy guidance,
budgetary review and general oversight via indirect supervision.
We are determined to move sequentially towards a ``to be'' model
under the Federated Concept.
In the model we have chosen, the budget will be centralized to the
CIO. Security will be centralized under the control of the CIO.
Development will require the CIO's review and budget approval. This
model will also include a migration of most workers to the control of
the CIO, while leaving some employees under the control of the
administrations.
This will move us closer to greater efficiencies, centralized
planning and standardization. VA will bring in the necessary expertise
to plan and manage this transition. We will communicate our plans up
and down the line so every employee understands what is to be done. We
will train and test to ensure employees can perform the tasks at hand,
and keep them motivated during the transition. We will have timelines
and goals that are agreed upon throughout the organization.
This is a plan that VA can execute.
It is important to note that the IT operation today has evolved
over time and has included the services of many talented and dedicated
professionals. Their efforts are paying off. For example, in terms of
cyber security, VA IT systems are certified and accredited for the
first time. Additionally, external independent gateways have been
reduced.
We will build upon our successes. It is vital that any
reorganization not adversely impact services to veterans or
unnecessarily affect our employees. Keeping in mind that our department
exists to serve veterans and their families, our first principle will
be to ``do no harm'' to the patients in our world class health care
system, or to the millions of beneficiaries that depend on checks being
dispatched in a timely and accurate manner. We know there are no simple
``light-switch'' solutions to be found in any model, but we are
committed to managing these changes for the good of the Department.
Mr. Chairman, top-level executives of this Department have been
involved in the evaluation of alternative organizational models, and
understand the importance of this endeavor. There is an understanding
that cultural change has to take place and buy-in must occur at the
lower-worker level. We also know that it isn't just the IT
reorganization that is involved. The Department is considering changes
at the CFO level, in logistics, in finances, in our collections, and
our efforts to comply with OMB's Circular A-123, ``Management's
Responsibility for Internal Control.'' We are mindful of lessons
learned and know for this change to be successful, we must collaborate.
As we implement this reorganization, we remain mindful of the
successes recently acknowledged--accomplishments with which our IT team
had considerable involvement. For example, in just the past 6 months,
no fewer than five major publications have attested to VA's leadership
of private and Government health care providers across almost every
measure.
A Rand report published in the Annals of Internal Medicine
ranked the overall quality of VA medical care as significantly higher
than any other health care system in the country.
An article in the Washington Monthly, entitled, ``The Best
Care Anywhere,'' rated VA as the recognized leader in the health care
industry. It pointed out that, 10 years ago, veterans' hospitals were
in deep crisis--but that today, and I quote, ``VA is producing the
highest quality care in the country. VA's turnaround points the way
towards solving America's health care crisis.''
An editorial in the prestigious Journal of the American
Medical Association, referred to VA as `a bright star' within the
health care profession for its cutting-edge dedication to patient
safety.
Last month, in their review of `America's Best Hospitals,'
U.S. News and World Report titled their article on VA as, `Military
Might: VA Hospitals are Models of Top-Notch Care.'
And just on August 22, on the front page, the Washington
Post ran a headline that read, ``Revamped Veterans' Health Care Now a
Model.''
Further, on April 27, 2004 President Bush chose the VA Medical
Center in Baltimore to announce his commitment to ensuring that all
U.S. citizens have an electronic health record in the next 10 years. In
doing so, he held out VA's fine example. The reorganization of our
resources will enable VA to be the benchmark in the development and
implementation of Health information technology solutions and standards
as envisioned by the President's Initiative for Health IT as both an
example and national leader in this arena.
I would say all those assessments are right on target. We view the
Veterans Health Administration as the vanguard for national standards
for electronic medical records, now the rest of the nation does as
well. Our health IT systems--and the quality of our employees--helped
us reap these headlines. Clearly, we are delivering more services to
more veterans each and every year. And, this was accomplished under our
current structure.
Our IT successes are also facilitating the business of claims
processing and benefit delivery in the face of daunting demands:
VA provides monthly compensation and pension benefits
totaling $32 billion to over 3.5 million veterans and beneficiaries.
Disability claims increased by 33% from 2000 to 2004. Last year alone,
VA added nearly 240,000 new beneficiaries to the compensation and
pension rolls.
By the end of fiscal year 2005, over 750,000 veterans
received decisions on their disability claims, with VA processing an
additional 1.5 million pension, dependency, and other adjustments to
beneficiaries' accounts. Even with the increased claims volumes, we
have reduced by 30 percent the length of time veterans must wait for
decisions on their claims over the last 3 years.
We are also providing in excess of $2.5 billion in
Education benefits to over 500,000 beneficiaries, and are working to
rehabilitate nearly 95,000 service-disabled veterans through our
Vocational Rehabilitation and Employment Program.
I would also note that in December 2004, the American Customer
Satisfaction Index announced the National Cemetery Administration
earned a customer satisfaction rating of 95 out of a possible 100
points--the highest score ever received by a federal agency or private
organization. In the survey, both the ratings for respect shown to
loved ones and maintenance of VA cemeteries as National Shrines
received a score of 97.
The report called this finding ``an outstanding score by any
standard of ACSI measurement and for any context, public or private.''
NCA was able to achieve this milestone through the support of IT in all
aspects of cemetery and memorial services, from the timely acquisition
of veteran headstones with accurate inscriptions to the nationwide
gravesite locator available to the public on the World Wide Web.
This concludes my statement. Thank you, Mr. Chairman, for the
opportunity to discuss these important matters. I am prepared to answer
any questions you might have.
______
Response to Written Questions Submitted by Hon. Daniel K. Akaka
to Gordon H. Mansfield
Question 1. VA's IT budget will be centralized under the Chief
Information Officer. Development of IT will require the CIO's review
and budget approval. How will the CIO facilitate communication within
VA to meet the individual IT of its health, benefits and burial
administrations?
Response. There are several points at which requirements for
information technology (IT) on the part of the Department of Veterans
Affairs (VA) administrations and staff offices are communicated to the
VA Chief Information Officer (CIO). First, there is the development of
the IT portfolio, which determines resource requirements, both
financial and otherwise, for all of the projects, programs, and
investments in IT throughout VA. Administrations and staff offices
develop capital asset plans (Exhibit 300s) for major investments, and
provide funding information for minor investments. These investments
are deliberated by the VA Enterprise Information Board (EIB), which is
comprised of representatives from each administration and major staff
office. Decisions are made by this group as to whether investments
should be undertaken, modified, or cancelled. The EIB will also be the
entry point for a portfolio to become part of the program management
milestone review process.
Once the IT portfolio is created, the EIB meets regularly to
monitor the progress of investments. Semi-annual program management
reviews (PMRs) will be conducted, one at mid-year to determine
adherence to spend plans and to check year-of-execution progress; and
one at the receipt of the new fiscal year budget to ensure continued
adequate resources for program execution. Emergent reviews will be
performed whenever programs break management thresholds that indicate
negative variance to sound program execution
Finally, the federated IT approach leaves development activity
centered in the most logical place--with the organization that will
benefit from the results of the development. The VA CIO will control
the flow of funds based upon the information provided through the EIB
in the IT portfolio and program management monitoring processes
Question 2. The Government Accountability Office recommended that
the Secretary develop a plan that describes how VA intends to use data
from the Rating Board Automation 2000. GAO recommended that VA conduct
studies of the impairments for which data reveal inconsistencies among
VA regional offices. Please tell the Committee if such a plan has been
developed. VA's computer programs are tools that can be used to
determine where inconsistencies exist and to develop better training
methods for VA employees.
Response. Veterans Benefit Administration (VBA) concurred in the
Government Accountability Office's (GAO) recommendations. VBA's
Compensation and Pension (C&P) Service initiated a pilot review
selecting three disabilities for consideration, including cases
involving knees, hearing loss, and service connection for post
traumatic stress disorder (PTSD). For those decisions where service
connection was granted, the evaluation assigned to the condition was
also reviewed. A random sample of ratings completed on or after October
1, 2004, was selected for the study. The data source was Rating Board
Automation 2000 (RBA2000).
Integral to the pilot review was development of checklists to
collect data to determine if there was inconsistency among raters and,
if so, the cause of the variance. VBA asked members of the Veterans
Health Administration (VHA's) Tennessee Valley Healthcare System Center
for Health Services to assess the value of the checklists that were
developed, to analyze the review process and results, and to provide
recommendations for improvement.
Ultimately, the process was judged too lengthy and costly to
continue with other reviews. As an alternative course of action, VBA's
Office of Performance Analysis and Integrity (PA&I) is working with C&P
Service to gather data through RBA2000 to identify possible
inconsistencies among regional offices in the award and denial of
compensation benefits for specific impairments.
PA&I and C&P are prioritizing body systems and/or diagnostic codes
to be reviewed. Data will be extracted from the corporate database for
specific diagnostic codes in the rating schedule. PA&I has also
extracted data for grants/denials of service connection, and
evaluations of service-connected conditions for the remaining mental
disorder diagnostic codes that use the General Rating Formula for
Mental Disorders. Data pulls for the most prevalent diagnostic codes
for each subsequent body system occur monthly and the projected
completion date is June 2006.
Other data runs will be analyzed in conjunction with these body
system data runs to determine possible factors that may be affecting
rating variance. Variables to be analyzed include veteran
characteristics, station characteristics, station performance, legal/
representational issues, rating characteristics, and staff
characteristics.
Question 3. The Gartner Report found that VA's IT culture was
resistant to change. For example, in May 2003, the Secretary approved a
plan for reorganization of VA's IT management structure. Yet, to date
this reorganization has not yet been implemented fully. What steps can
you take to make VA more receptive to change and allow you to fully
implement pending and future IT management changes?
Response. The Secretary of VA has made a decision to proceed with
implementing the federated model in reorganizing VA IT and the
leadership represented at the Senate Committee on Veterans' Affairs
hearing on October 20, 2005, witness table is committed to making it
happen. An Information and Technology Realignment Office (ITRO) has
been established to lead and manage the development and implementation
of a federated information and technology program. The Executive
Director of the ITRO, reports to the Assistant Secretary for
Information and Technology, and will work in collaboration with VA's
Strategic Management Council in the developing and executing of the
reorganization of IT in VA. The Strategic Management Council is chaired
by the Deputy Secretary and comprised of the Deputy Under Secretaries,
Assistant Secretaries, the General Council and other key senior
officials. Also, internally, and in parallel, a task force, comprised
of senior budget officials representing each administration and major
staff office, has been working together to develop a process for
developing, implementing, monitoring, and managing a single VA IT
budget.
Question 4. How can VA provide incentives to contractors to take on
the costly and risky development work for IT programs, software, and
systems?
Response. VA will use the full range of contracting options open to
it to provide high quality information technology solutions that
benefit our administrations and staff offices and, ultimately, the
Nation's veterans. VA will choose the contracting approach that makes
the most sense based on a determination of technical, schedule and cost
risks involved in the particular program. If the particular contract
involves a well-proven commodity, VA will use a firm-fixed price
vehicle. If there is increasing risk, VA may choose to accept some of
that risk through use of cost incentives. If the effort is very risky,
VA might use a time and materials approach. VA is not committed to a
``one-size-fits-all'' approach when it comes to contracting for IT
equipment, software, and services. Each effort will be evaluated on its
own merits and the appropriate determination made to deliver the
intended results in a timely manner, staying within budget. Contracts
would also be reviewed to ensure that the contracting solution selected
enhances the ability of the program to execute by considering
innovative approaches such as performance-based maintenance concepts in
the upkeep of legacy software programs.
Question 5. One of the significant contributing factors to the
problems associated with the CoreFLS program was that the same
contractor hired by VA to provide independent advice and assistance
were also given responsibility to implement the program. One of the
conclusions of the Carnegie Mellon report on CoreFLS was that in
allowing this, VA created a conflict of interest. What is VA doing to
prevent contractors hired to provide independent IT advice and
assistance from then being hired to implement the work and approach
they recommend?
Response. VA's program management and contracting personnel are
trained in Government ethics and work closely together to identify
conflicts of interest and the appearance thereof. Additionally, the one
VA Enterprise Program Management Office (EPMO) was formed on August 8,
2004. It is designed to improve and standardize the management of IT
projects and the IT portfolio by defining VA-wide policies, procedures
and best practices, and providing tools to facilitate the successful
management, reporting an oversight of VA's IT projects. When fully
implemented, EMPO will conduct periodic program management reviews
(PMRs) of all major projects. A key component of reviews will focus on
the acquisition strategy, supporting acquisition plans and
implementation. This will provide a greater level of scrutiny of the
contracting process and ensure that contracting strategies are sound
and proper. Administrations will be encouraged to implement similar
internal reviews to ensure appropriate contracting methodologies are
used.
Question 6. VBA has undertaken many steps to identify and reduce
the significant backlog in C&P claims processing application and
adjudication. It still seems that much more might be done to streamline
and shorten this process, as well as to ensure that decisions are
standardized across the nation. Using technology throughout to enhance
this process, incorporating industry best practices has seemed to lag
in VBA's efforts. Has VBA considered using a rules-based decision
engine, such as is used throughout the insurance industry, to help
standardize at least the bodily injury component of the claims
adjudication process?
Response. From 2001 to 2003, VBA worked on the Compensation and
Pension Evaluation Redesign (CAPER) project, an initiative to enhance
the disability evaluation process and the exam request/return process
for VBA claims adjudication. CAPER explored the use of rules-based
decision-making technology in evaluating medical symptoms (the bodily
injury component) under the VA Schedule for Rating Disabilities (38
C.F.R., Part 4). Although VBA's Information Technology Investment Board
(ITIB) determined in 2004 that IT resources should be redirected from
CAPER to other higher priority IT initiatives, some of the concepts
developed for CAPER were integrated into other VBA applications, such
as the Compensation and Pension Records Interchange (CAPRI) and medical
examination templates.
Question 7. I understand a pilot program is underway at the Ft.
Bragg BDD site to include the compensation program in VBA's efforts to
automate some of the application, exam and adjudication process. Please
explain what is involved in this effort and what role if any,
Commercial-Off-The-Shelf (COTS) or other IT tools will play.
Response. Virtual VA will be used to pilot the paperless processing
of (Benefits Delivery at Discharge) BDD claims. Virtual VA is a web-
based computer application designed to electronically maintain all the
documents in a veteran's claims folder and to simulate the paper
workflow process of compensation claims. While Virtual VA's interfaces
are custom designed, the solution employs widely accepted imaging
software, web components, and hardware. Predominantly, Virtual VA uses
commercial-off-the-shelf software (COTS) including:
FileNet, Macromedia, Oracle, Xerox software, Microsoft, Kodak
scanners, Adobe, Sun Servers, Active PDF Conversion Services, and IBM
Servers.
To create the plan for a paperless BDD claims process, VBA reviewed
the current BDD business process and the existing functionality of the
Virtual VA application. Specific IT enhancements/interfaces to existing
applications are required to support the paperless BDD business
process, including:
1. Modification of existing Virtual VA workflow tracking
functionality.
2. Automatic import of rating decisions created in RBA 2000
3. Data feeds from the Defense Manpower Data Center and creating a
web interface inquiry so that users can retrieve verified military
history reports.
4. Automatic import of Compensation and Pension medical examination
reports generated by QTC (the contract provider of C&P exams at BDD
sites).
5. Import of Compensation and Pension medical examination reports
generated by VHA.
6. Creation of a web interface to capture imaged records from the
Defense Personnel Records Imaging System.
Question 8. Please provide a detailed explanation of what VBA is
doing to improve the C&P application and exam process and adjudication.
How are industry best practices, such as rules-based decision engines
and performance management tools, being incorporated into these program
enhancements?
Response. Modern Award Processing--Development (MAP-D) is a
nationally deployed application designed to facilitate and automate the
development phase of claims processing. MAP-D provides standard
development paragraphs to use in composing letters. In addition, it
provides automatic and manual claims development. The automatic
development is rules-based development logic that was proven in a prior
beta application trial for original compensation claims. The automatic
development feature allows users to answer questions and enter basic
veteran information. The system determines what development needs to be
initiated and generates it in the form of letters, messages, and
automatic requests for service information. The goal of MAP-D was to
provide an easy way for users to create and amend development letters.
To facilitate fast reaction to changes in policy or procedures, the
paragraphs were stored centrally. Currently, the MAP-D application is
being maintained through process improvements made with regular
quarterly releases. The most recent change was released on November 14,
2005. VBA is focused on improving the letter generation capability over
the next year, and expects to revalidate automatic development and make
modifications mandated by changes in the applicable laws and
regulations that govern the claims process. Compensation and Pension
Records Interchange (CAPRI) provides online access to veterans'
electronic health records (EHRs) contained in the VHA system of
records. It is also the IT application that VBA uses to request and
print VHA C&P examinations. The VA regional offices (ROs) have used
CAPRI since 2001 to electronically request C&P examinations from VA
medical centers (VAMCs). Upon receiving the electronic VBA C&P
examination request, VAMC personnel schedule the veteran for the
required medical examinations. Once all requested C&P medical
examinations and corresponding worksheets have been completed, the
exams are loaded and stored electronically in CAPRI. Individual C&P
examination reports become a permanent record in the veteran's EHR,
where they can be viewed and/or printed by claims adjudication
personnel. C&P Service has taken steps through CAPRI to standardize the
VBA C&P examination request. The CAPRI exam request organizes the 57
medical examination worksheets by 14 body systems identified in the VA
Schedule for Rating Disabilities. CAPRI also gives VBA users a template
that contains language common to requests for increased evaluations,
pension benefits claims, representation by a power of attorney, and
medical opinion requests. The ``General Remarks'' portion of the CAPRI
C&P exam request allows the user to customize exam requests as
necessary. CAPRI also uses rules-based technology to prevent a user
from requesting a duplicate C&P medical examination worksheet when a
request for that particular exam is pending.
VBA and VHA continue to improve the exam process through the work
of the jointly funded and staffed Compensation and Pension Examination
Program (CPEP) office. The CPEP office is in the process of developing
templates that map to the CAPRI worksheets. The goal of the template
development is to provide rules-based technology to ensure that medical
examiners complete the required information and accurately reflect the
information requested in the worksheet. It is hoped that use of rules-
based technology in the C&P medical examination report will decrease
the number of inadequate VHA medical examinations. Upon satisfactory
completion of the templates, VBA will work with VHA to determine
whether to make use of the template mandatory for VHA examiners.
VBA has also initiated a critical review of the QTC (VA exam
contractor) templates to ensure that they track VBA's examination
protocols and properly solicit medical evidence. The review will ensure
that VBA decision makers receive accurate and consistent medical
evidence whether the examination is performed by VHA or QTC. Under the
terms of its contract with VA, QTC must reprogram its templates to be
consistent with VBA policy.
Question 9. What thought has VA given to incorporating IT planning
into new hospital construction to ensure new VA medical facilities will
be ``digital hospitals''--to included ``smart'' HVAC, security,
diagnostic, operating rooms, personnel information, etc. that will
allow VA to take advantage of an integrated facility infrastructure
prior to opening the facility to patients?
Response. VA does in fact design in digital capability into our new
and renovated facilities. In the development of IT systems for new VA
facility construction, VA uses an integrated process with extensive
coordination and communication among the design team members. These
teams include representatives from the local VAMC, the Veterans
Integrated Services Network (VISN) office, the Office of the Assistant
Secretary for Information and Technology, and the Office of Facilities
Management as well as a knowledgeable architectural and engineering
consultant. IT system configuration and integration are developed by
the VAMC and IT staffs. Supporting the IT systems with infrastructure
systems are a range of design criteria, including design manuals and
master specifications, which outline VA requirements. The systems and
supporting infrastructure are coordinated and implemented by the design
team for each specific project. Infrastructure elements, such as
advanced heating ventilation and air conditioning, electrical and
security system controls, are outlined in VA criteria. System elements
are important as is privacy, control of assess to data, HIPAA
requirements, redundancy, procurement regulations, and ease of use. For
a new addition or renovation project at an existing VAMC, integration
into existing systems and maintenance of ongoing operations are
critical elements to consider. This project management approach results
in IT systems that function well and meet VA operational needs. In
addition, VA regularly consults with manufacturers to keep abreast of
changes and improvements in all related technologies.
______
Response to Written Questions Submitted by Hon. John D. Rockefeller IV
to Gordon H. Mansfield
Question 1. As VA works to improve and upgrade its IT, will there
be a process and consideration given to research opportunities? Will
there be a sensitivity to develop electronic records in such a way that
the development of registries and sharing of research data will be
possible and affordable? Will an effort be made to find IT solutions to
provide access to valuable research and information about many diseases
facing both veterans and the general population, such as Alzheimer's
and dementia?
Response. VA is developing and implementing a Health Data
Repository (HDR) to provide integrated views of patient data across VA
sites of care. The HDR functionality will include all of the domains of
clinical data as well as notifications, clinical reminders, decision
support, and alerts. Additionally, VA is creating a Corporate Data
Warehouse (CDW) that will allow users to aggregate information from the
HDR and other sources to look at particular disease cohorts and
population-based health issues. The availability of the HDR and CDW
promise to greatly enhance research opportunities and facilitate the
creation of data marts and special population registries for such
things as Alzheimer's, dementia, diabetes, etc. Demographics and vital
sign measurements are available today in the HDR/CDW. Allergies,
outpatient pharmacy and hematology and chemistry laboratory tests will
be available by the middle of 2006 and other clinical domains will be
added as they are standardized. Restrictions on IT funding may slow
down development and full deployment of the HDR and CDW.
When the HDR and CDW are fully deployed, researchers will greatly
benefit from the following: (1) accessibility of national data clinical
data; (2) improved data base design that facilitates analyses; (3)
economies of scale in data collection and processing; (4) centralized
authoritative data source; and (5) standardized data and definitions.
Question 2. Please explain how the new system will cover IT issues
dealing with medical devices at local VAMCs and security issues.
Response. In collaboration with the Office of Cyber and Information
Security (OCIS), VHA mandated that all facilities create virtual local
area networks (VLANs) to isolate medical devices from the rest of the
facility's IT network by September 30, 2004. This was a starting point
in VA's defense-in-depth approach to networked medical devices, which
added a layer of protection to the medical devices across VHA. By
isolating all of the networked medical devices within the IT networks,
VHA has effectively reduced the exposure of critical hospital equipment
and data to risk of penetration by a worm, virus, or other cyber
attack. VHA will continue to work with OCIS' Health Information
Security Division (HISD) to develop sound guidance and provide direct
assistance to VA facilities regarding security protections for
networked medical devices.
Question 3. How could the Office of Health Data and Informatics use
automated coding and automatic coding audits software from the
commercial market to improve the coding and auditing of VA records?
Will part of the IT restructuring include a process to consider such
opportunities?
Response. VA already evaluates and uses commercial off-the-shelf
products and will continue to do so under the new IT structure. The
Office of Health Data and Informatics has been involved with a number
of vendors, reviewing coding products that suggest they can
automatically review and code inpatient and outpatient records by using
natural language processing tools. We are in discussions with several
VA sites and other non-VA organizations to undertake testing of these
products. The testing will help validate whether the benefits projected
by the vendors can be achieved in the VA environment.
Re-engineering the Computerized Patient Record System (CPRS) is a
major VHA initiative. The re-engineering of CPRS will include
requirements that address creating a foundation for the concept of
coded data as a by-product of documentation, in order to minimize or
eliminate provider involvement in the coding process. We plan to
provide automated coding audit functionality within CPRS that would
auto-review and code provider documentation and validate the accuracy
of already coded records. This type of functionality could provide
audit results that would be used to provide educational material for
providers and coders, and, importantly, would provide needed leverage
to challenge insurance companies on denied claims. As VA pursues
automated coding, we must maintain awareness that, as yet, automated
coding is not an industry standard.
Again, VA is concerned that limits on IT funding will delay
development and deployment of the re-engineered CPRS.
Question 4. How could VA better use IT to more accurately audit
inpatient and outpatient records to more effectively recover funds
through third party payers under the Medical Care Cost Recovery
provisions?
Response. All VA medical center facilities have installed the same
Encoder/claim scrubber product (Quadramed) which allows sites to ensure
more consistency and accuracy in bills submitted to third party payers.
All claims go through a scrubber with edits to ensure that the most
accurate and complete claim is submitted to third party insurers. VA
continues to enhance the capabilities of this system and to further
train users to maximize system capabilities.
Chairman Craig. Gordon, thank you very much for that
opening statement and testimony.
Now let us turn to Robert McFarland, as I have introduced
him, Assistant Secretary for Information Technology, Chief
Information Officer, Department of Veterans Affairs, or should
we just say the person in charge?
Oh, I see, you are all together. The word has gone forth.
All right. With that in mind, now that I have introduced you
again, Bob, do you have any comments? I mean we have shifted
all the burden to you anyway.
Mr. McFarland. Mr. Chairman, I have no prepared statement,
but I will be happy to answer any questions that you have. I am
excited to be here and talk about some of the things that we
are trying to do.
Chairman Craig. I think questions we do have, and thank you
all for being here. Your testimony describes the federated
option as put forth by the Gartner Report. Your testimony then
goes on to say that VA is determined to move towards a
federated concept. What is the difference, if any, between what
Gartner recommended you do under a federated option and what
you have outlined as the federated concept that you are moving
towards? Can you bring us into context on that?
Mr. Mansfield. Mr. Chairman, I was referring to the fact
that we understand that whatever we do here, there is not a
light switch answer. We cannot just flip a switch and it will
happen. No matter what we do we have to take it by phases. We
have to make sure that the planning part of it is done
correctly, and as I mentioned, checked and rechecked as we go
forward. The comment about moving towards is that we are going
to plan, and then we are going to start implementing, and that
implementation will be by phases, we believe, as we move
forward, but we will go with the federated model as outlined.
Chairman Craig. Was there universal agreement within the
Agency to go this way?
Mr. Mansfield. No, sir.
Chairman Craig. Who made the final decision?
Mr. Mansfield. As I mentioned, the Secretary tasked me with
working with the administrations and the CIO and our management
office to come up with what was the best consensus on how to
move forward, and I then brought that consensus to him, and he
made the decision that we would go forward with the federated
model.
Chairman Craig. I appreciate your broadly outlining the
mechanics of the federated concept and your assurances that the
goals that are agreed upon throughout the organization will be
cost effective and met with success. I intend to follow up with
you and hold you, and all of you, accountable for those
assurance.
Will you commit to providing this committee with periodic
reports on your progress? What I am saying to you, to all of
you, and certainly to you, Gordon, is that we are going to work
through this with you. We want to know where you are and where
you have moved along the way. We do not want a report a year or
two from now that we spend hundreds of millions of dollars and
somehow it is not working.
Mr. Mansfield. Mr. Chairman, let me make the point that--to
preface my answer, which is yes--that we appreciate, No. 1, the
bipartisan support we have gotten from this committee in your
efforts to help us along the way, and we understand that we do
have an obligation when taxpayer dollars are appropriated and
given to us to spend, that they be spent the way they should be
spent, and the results that we should get are gained. I would
make the point that we would be more than happy to provide
whatever periodic reports that you requested, and as I
mentioned in my oral statement, we intend to do that.
Chairman Craig. As you know, the Senate version of the
MilCon/VA Appropriation Bill points out the fact that no
individual or office has final budget or programmatic authority
to oversee the Department's IT effort, and the legislation
suggests an internal reorganization. Your testimony states that
VA's first goal of any reorganization is to do no harm. First,
do you believe the appropriation bill's language could do no
harm to your current IT programs?
Mr. Mansfield. Yes, sir, I do believe that. We have had an
opportunity to have extensive discussions with the staff of the
committee, and we are in agreement with where they are going.
We have had an opportunity to be involved in how that language
is being put forth, and we also have done some preliminary
planning inside to be able to affect that if and when the bill
is passed. We believe that that is where we want to go, and
this will help us centralize authority in the CIO and that will
be an effective tool in us going forward to make the changes we
want. As I said, we are going through a process right now to
plan to be able to implement what would be required.
Chairman Craig. Secondly, how does this language complement
or compete with VA's recent internal efforts to reorganize?
Mr. Mansfield. I think that it complements it in the fact
that if you look at the Gartner Report, one of their findings
is that there needs to be centralized control of the dollars to
be able to make sure that the standardization and efficiencies
that we are looking for are gained, and that is a part of the
way to get there.
Chairman Craig. Senator Akaka, questions?
Senator Akaka. Thank you, Mr. Chairman.
Secretary Mansfield, some in Congress are pursuing
legislation to direct VA to consolidate IT functions under the
CIO. What progress has VA made that would indicate if it can
get its own IT house in order without requiring Congress to get
involved and provide a legislative solution?
Mr. Mansfield. Sir, as I mentioned, the VA went out and
hired the Gartner Consulting Group to come in and do the study.
They made presentations to myself and Mr. McFarland. We then
briefed the Secretary. Following that, he directed that I go
forward and come up with a consensus agreement if possible, and
since then we have been looking at ways to implement one of the
options that was presented, and we believe that we can start
doing that very soon. The Secretary has signed off on that as a
directive to move forward, to start the implementation of the
federated model.
Senator Akaka. The study that you mentioned, when was that
study done?
Mr. Mansfield. Finished in late May, sir.
Senator Akaka. Of this year?
Mr. Mansfield. Yes, sir.
Senator Akaka. Mr. Secretary, one of the problems
identified with some VA IT systems is the lack of effective and
expert program management during the design and fielding of IT
systems. How can VA compete with private industry to attract
the best and brightest minds in the IT field to ensure that we
have effective program management for current and even future
IT initiatives?
Mr. Mansfield. Mr. Akaka, you point out a very big problem
that we have, not only in this area, but in many of the
specialized areas, in getting competent people into the system,
given the hiring system that exists and how we have to go
through that. We have started moving forward in this area, and
I think I would ask Mr. McFarland to talk about his setting up
of a program management office as we anticipate moving forward.
Mr. McFarland. Sir, when I came here some 20 months ago,
one of the things that disturbed me was we were in a mode of
educating and trying to build project managers, but we did not
have what I would call something similar to DOD, which is an
enterprise project management office, where you have extremely
experienced project management people who have overseen large
projects and understand how to find the pitfalls through the
process.
I came to the Secretary and the Deputy, and since I was
only able to affect the 2006 budget at that particular time, I
inserted some dollars and a structure in the 2006 budget to
start to build such an office to oversee these large at-risk
projects. The Deputy and the Secretary were very much in favor
of that idea, and have since pulled that into the 2005 budget,
and I have just recently been able to hire a recently retired
Navy captain that will head up the enterprise project
management office. He is extremely experienced in managing
extremely large programs, understands the complexity of large
programs, understands how to deal with risk, and to be candid
with you, we are going to supplement that office with more of
that kind of talent.
Now, we have an advantage here that we can compete in this
area with private industry. No. 1, we have the best mission in
Government, and that is to serve our veterans. We can attract
retiring, very experienced ex-military to this environment
because of that mission, and in fact, I stole this gentleman
from private industry, and we were able to steal him because of
this mission. I feel very confident that we can bring in talent
that can help us oversee these projects in the future. It will
take some time to build that office. It will not be built
overnight. We will have to deal with the most at-risk projects
in the beginning, and ultimately I would like to put it through
all of our projects.
Senator Akaka. Thank you.
Dr. Lynch, I also want to add my commendation to you for
your actions during and after Hurricane Katrina. As we all
know, the Department of Veterans' Affairs was lauded for what
it did after the disaster, and we are delighted to have you
with us today. We have been waiting for sometime to get an idea
of how much it would cost to rebuild the infrastructure. Where
are you in your assessment, and can you give an estimate of the
related costs?
Dr. Lynch. Thank you, Senator. First off, I very much
appreciate the kind words everybody has given to me personally
regarding our response to Katrina, but I want to say that all
the VA responded to Katrina, not just VISN 16. Certainly within
my network, I shall say I am very proud of the people that work
for me, and I think I have the real heroes working for me, and
I think they deserve all the credit. I am just the figurehead
that gets to stand up in front of them, and I want to make sure
they get recognized.
I want to be sure I understand your question. Is the
infrastructure, the physical infrastructure of the medical
facilities that have been damaged, not specifically IT issues.
We are working on those costs right now, and there have
been a number of engineering teams, for example, in New Orleans
assessing the viability of restoring that building. It looks
like the timelines for doing that, to fully bring it back to
pre-Katrina, will be several years, and the costs are quite
significant. Of course, we are assuming we want to try to
mitigate the kind of vulnerabilities that the flooding caused
this time around. You have to realize that while I am not aware
of any final decision on the fate of the levees in New Orleans,
if there is an attempt to repair those levees to a stronger
strength, it will be, I am told, many, many more years before
those are up to that level.
I think if you are going to restore a large health care
facility in New Orleans, you should mitigate your
vulnerabilities. That is going to be the approach we are
recommending.
The costs for that could run as high as $200 million, maybe
even go above that. There is a big debate about how much it is
going to cost to rebuild in the environment in a disaster areas
because costs are not normal.
The other options we are looking at are the possibility of
partnering with other entities down there, but that is in a
very preliminary stage. I wish I could say we had final answers
to all of this. I am dependent on the engineers to give me
reports, and I am just kind of sharing with you the best
knowledge I have at this point.
In Biloxi and Gulfport, I think everybody in the room is
aware of the CARES recommendation the Department put forward
some time ago, and it was already recommending that Gulfport
ultimately be closed and the services that were at Gulfport be
recapitulated on the Biloxi campus. There were projected costs
associated with that. We will again have the issue of doing
that in a post-disaster environment. We are exploring moving
that ahead, if you will, at this point. Again, no final
decision has been made.
There is a great demand for good, firm, hard numbers at
this point, and things change almost every day, and that is
sort of where the status stands right now. I appreciate the
interest though.
Senator Akaka. Thank you very much. My time has expired.
Chairman Craig. Senator Akaka has asked an important
question. We plan on November 3rd to have the VA back--the
Secretary will be here--to give a detailed report on all
aspects of Katrina costs and possibilities of change and
adjustment and what we do to get everything back up to where it
was or what adjustments we make. At that time also, Danny, we
will invite the Senators from the affected States to be with us
at that hearing. We wanted to give VA plenty of time to get
their arms around these figures and to assess and give us the
detail that I think all of us want to have to try to understand
the impact of that. Is that a tentative date or is that a real
date now? It is a real date now, November 3rd.
With that, let me turn to Senator Salazar.
Ken.
Senator Salazar. Thank you, Chairman Craig.
Mr. McFarland, last month you appeared before this
committee, and as I recall, the comment that you gave to this
committee was that you personally believed that a centralized
system would be the best option, and I am sure you discussed
your position with the VA. What I would like to ask you to do
is two things, first, explain to me in layman's language what
the difference is between the federated system versus a
centralized system in terms of IT. And then second, what is it
that changed your position from where you were when you came
before the committee?
Mr. McFarland. Sir, I made those statements before the
House committee at a hearing I believe about a month ago, when
I was asked for my professional opinion on the Gartner study. I
had stated then, and I will state now, my professional opinion
was in line with the Gartner study, based on my prior
experience and having worked in this industry for some 33
years.
The issues of the differences between a centralized
approach and a federated approach are clearly, in layman's
terms, under a centralized approach, all development,
application, selection and infrastructure is run through one
organization. In the most successful environments, with that
approach you wind up writing some very detailed service level
agreements with your customers, you have a customer mentality,
meaning the people that you provide service to, and you build
around their needs, and you bring them in to the process of
both development and operational control, and you deliver
services based on the needs of your customers.
In a federated approach what you have is a IT
infrastructure, meaning the operations, the running of the
tools, and the infrastructure meaning the equipment and all the
aspects that go along with keeping the service running under a
centralized management structure, and you leave the development
and application program selection and the development of
software, user-specific software, to the administration in this
case or to another organization. The federated approach is a
step towards centralization, but it is clearly delineated by
having users continue in the administration to develop their
own specific software requirements, while the operational
aspects of running applications and providing IT services is
managed through a central group.
Senator Salazar. Are you, Mr. McFarland, now at a point in
this position, comfortable that the centralized system is not
something that is the best option, and that moving forward with
the federated system is the best?
Mr. McFarland. In my opinion, my personal opinion, the
centralized option for the VA is a very big bang. This is a
culture steeped in decades of decentralized environment. You do
not make those kind of changes in any organization, especially
one as deeply rooted as this, overnight.
I still believe that in the long run, having IT centrally
managed is the successful way to run it. I believe you have to
take steps to get there, and the consensus with management is
that the federated approach is the first step to do that, and I
have agreed to support what management wants to do.
Senator Salazar. Let me ask in terms of the dollars that
you now will have responsibility for, your organization is
going to grow very significantly in terms of the dollars that
you would have responsibility for, as I understand it, from 1.4
billion that the CIO has direct control, to I guess--no, from
50 million to 1.4 billion. So your 50 million will go to 1.4
billion. Are you ready to assume that kind of responsibility
for those kinds of dollars as the CIO?
Mr. McFarland. I am not familiar with----
Senator Salazar. Or are you scared?
[Laughter.]
Mr. McFarland. No.
Senator Salazar. That is a lot of money.
Mr. McFarland. Sir, I come from a corporation where I
managed far more than that, so I am not particularly afraid of
that size number. To be candid with you, that will take setting
up an infrastructure that does not exist in my office today. I
am in the process right now, and have just reviewed yesterday
the first draft of the IT Controllers Office, which will allow
me to not only disburse the money, but be able to track it.
That has not been something we have done very successfully in
the past.
It is my intent that I have responsibility to manage that
kind of sum, I will track that kind of sum one way or the
other, and I will make sure that that money will be spent on
what it is designed to be spent on, and nothing other than what
it is designed to be spent on. It will take some effort to do
that. It will take some staff to do that, and it will take
process, which is currently not in place, but it is possible
and we have had some pretty good minds working it now for about
2 weeks, and I think we are getting very close to putting an
organization together that could manage the money.
Senator Salazar. One more question, if I may, Mr. Chairman.
Is now the time to do this, or would it be best if you, in
your current position, and Secretary Nicholson and Secretary
Mansfield were to take another year to study and to figure out
how you are moving forward on this approach, as opposed to
launching into what seems to be such an expensive and difficult
undertaking, given the culture that we are dealing with here of
independence on each one of the systems that we deal with? I
mean talk to me a little bit about the timing question.
Mr. McFarland. Sir, I am not an experienced Government
employee. I come from the private sector, so I do not have the
benefit of history and how long it takes Government to get
things done.
Senator Salazar. Do you have a comment on that, Secretary
Mansfield?
Mr. Mansfield. Yes, sir. It has been a part of the
discussion on how we arrive at the decision and how we look at
how we are going to implement it. In my testimony I believe I
pointed out that it is going to take us 12 to 18 months to get
this done. I recognize, as Mr. McFarland has indicated, we do
not have all the people that we need in house to be able to get
this done. The first thing we will have to do is to look for
some consultants to come in and help us arrange the plan, and
then decide where along the way we may need some outside help
to get it done, as we move forward.
It is not something that is going to happen overnight, but
I believe that it is time to say this is what we are doing. The
decision has been made by the Secretary, and as I said, the
senior management of the Department, working together to come
up with an agreement. You cannot always get 100 percent of what
you want. What you have to do is get the most you can. Mr.
McFarland has bought into this. The Health Care Administration
has bought into this. The Benefits Administration has bought
into this. The Office of Management has bought into this, and
we are prepared to move forward.
It will not be, as Mr. McFarland says, with a light switch
approach, it will be done gradually. We need to send the word
to the organization that we are doing this. Then the next thing
we need to do is--a lesson learned from the last time--we need
to involve the people all the way down to the users in the
planning process, so they feel that what is going on here is
something that they have a part in and that the success of it
is going to be something that they are committed to, and that
is going to take us a little bit of time, as Mr. McFarland
mentioned, in the cultural aspects.
Then the other part of it too, and one of the reasons that
I believe that we should choose this model, is my ``do no
harm'' comment. We are dealing with health care. We are dealing
with patients. We are dealing with people in clinics or
hospital beds, and medical doctors with hands-on treatment,
some of it assisted with, helped with the tool of IT. In those
areas we have to make sure we do no harm, and that is a part of
what we have to play into here too.
Senator Salazar. Thank you. I very much look forward to
working with Senator Craig and Senator Akaka and this
committee, and you to monitor the situation as you move
forward.
Mr. Mansfield. If I might follow up, sir, I just would also
make the point that when you see in the report or when you hear
the big bang, then you want to stop and look at what this is.
That report gave us a risk versus rewards graph too that we
talked about. Even if we were going to complete centralization
with everything in Bob's pocket, we still would have to go
through the steps to get there, and this is one of the steps to
get there.
Right now the only difference that I see is that the
development phase, again with those clinical people involved
and making sure that the treatment of patients that they do is
part of the process for development and the benefits is a part
of it. That is the one step that is different. Security gets
centralized in IT. The budget dollars get centralized in IT.
The standardization requirement gets centralized in IT. That is
how we get the efficiencies out of this system and make it work
better and deliver better services, and hopefully save some
dollars that can then be translated into additional benefits
and additional health care.
Senator Salazar. Thank you.
Chairman Craig. Ken, thank you.
Senator Thune.
Senator Thune. Thank you, Mr. Chairman.
I appreciate all of your responses and answers and
testimony very much, and I credit you for not resting on your
laurels. I think that in order to stay on the creative cutting
edge, you have to constantly be thinking of ways that you can
approve and do things better, and the VA has been recognized,
as you have all noted, for their many successes and
improvements in the area of patient safety, and much of it
related to the things that you are doing in terms of
technology.
I am especially interested in the technology component part
of health care for a lot of reasons. One is I represent a very
diverse--a very large area with a lot of real estate and not a
lot of people, and health care facilities all across the State.
You have a big network as well. I am also interested in it,
because I think that electronic medical records has been proven
to improve patient safety to save lives. It has also been
proven to save money, and those are two things that are very
important in terms of where we are headed in health care.
I guess what I would like to ask you--and I appreciate the
update on where you are headed and look forward to working with
you and looking forward to working with the Chairman and this
committee as we provide the oversight that is necessary for you
all to deliver the very best possible health care services to
America's veterans. Looking at it in a broader context, we are
having a debate in this country too about how to take the model
of what you have done and duplicate that and use it in other
areas of health care.
One of the big issues that is raised is in operability
standards and how do different software packages in different
health care facilities communicate with each other, thereby
enabling them to have one integrated system or database whereby
a patient's record can be accessed from any particular
facility, whether they are somewhere in California or somewhere
in South Dakota.
I am curious to know what you all have done--I am told at
least that you are working to provide or distribute scaled-down
versions of your software to nongovernment hospitals and
doctors and physicians--I am curious to know what has been the
result of that effort? To what extent do hospitals have it? How
many of them are using it? Is there any indication that there
is an effort to use the software by doctors and hospitals that
might be receiving it?
Dr. Lynch. I think the release you are referring to is--
some people refer to it as VistA Lite, a basically available
Federal code that is given to the private sector, but it is a
partnership with Health and Human Services that was just
announced in the last couple of months. I believe August is
when that went out. It is really in a test phase in the
community, so it would be premature to tell you how that is
going, but that is the intent of the test phase.
There are other Federal and private sector organizations
that have used VistA in its current iteration or various
iterations of it, the Indian Health Service for one. Some of
the public health agencies in this town are using VistA.
I think the thing that is probably most--when you realize
how many physicians and other allied health professionals in
training spend some time in their training in a VA medical
center, you will find that almost every physician who left
their residency program or medical school--nurses, what have
you--in the last 6 to 10 years is very familiar with VistA in
one form or another. They just have a hard time not laying
hands on it at one time or another.
I think probably that is the biggest push for getting
health care providers to use the electronic health record, and
I think you will see--what I am hoping we will see is a
consumer-driven demand driven by providers, and it is
generational. Within VA, I think it was 6 years ago really, we
put out the current version from the providers' perspective
that we have now. That was when things really blossomed, and we
found that young physicians who grew up at a time when the
Internet and PCs were always part of their lives had no problem
adapting to it. Folks like myself, maybe a little bit more of a
struggle. I think we are going to see that this is the natural
trend of things.
What your question really gets to is will we have the tools
ready for them when the demand is there, and that is the
standards that I think that VA is participating with in Health
and Human Services and a lot of the President's push towards
the electronic medical record, that will drive it. How that
will exactly shake out, I don't know. What you are looking for
is sort of what you have with the Internet. It does not matter
which brand of computer, which operating system, even which
attachment you put to your operating system. They all talk to
each other because there are common standards that allow them
to communicate. That is what we are pushing for.
Senator Thune. I appreciate that. I would welcome, as this
particular, I guess, new arrangement or relationship with some
of the non-government hospitals, as you start getting data back
about who is using it and how they are using it and what level
of--what sort of results they are getting, it would be very
helpful.
Again, I appreciate the Chairman's interest in the subject
with respect to the VA and the good work that you are doing
there. I also know that in an area like my State, technology
can do wonderful things, and telemedicine, things we are doing
in that field as well. I also believe when it comes to
efficiency, saving money, and saving lives, moving more toward
electronic--and it is generational. There is no question about
that. One of the things you hear most often is it is hard to
get physicians and doctors who have always transcribed things
the old-fashioned way to actually--and how do we provide
incentives for them to be a part of the solution. I would
welcome any additional insights that you have about that as we
go forward.
Thank you, Mr. Chairman.
Chairman Craig. Senator Thune, thank you.
Senator Isakson, you arrived while the panel was underway,
so please proceed. Do you have any opening comments along with
your questions?
Senator Isakson. I was here earlier and then had to step
out for a call, which I apologize for, and I came back in.
No, I have no opening statement. I do have----
Chairman Craig. Please proceed.
Senator Isakson. I do bring greetings from my 91-year-old
father-in-law, a retired Navy Commander, who in 1999 when I was
elected to the House lectured me on all the VA needed to do,
particularly with regard to health care improvement, and he
told me last week it was remarkable how well they had done
since I got to Congress.
[Laughter.]
Senator Isakson. Being he is my father-in-law, I took total
credit for it, but I deserve none. I thought I would pass it on
to all of you because he is an absolute--Commander Davidson is
an absolute critic, and he has been very happy with the medical
improvement, Dr. Lynch and all the others.
I did come in during the testimony, so I had to go back and
read, and I just really have maybe one question and a follow-
up.
In the federated model, it says here in Option 4 describing
it as, ``All IT operational service delivery personnel and the
budget associated (to include all non-medical IT equipment,
maintenance, and contractor support) would come under the
direct supervision of the CIO.'' Does that mean that the
medical side of IT is not under that direct supervision?
Mr. McFarland. It means that all the medical devices and
all of the various medical pieces of equipment will stay under
the supervision of the hospital. Candidly, even--in my opinion,
even in a centralized form, that would be the same. No IT
organization should be making decisions on medical equipment
that is needed to carry out health care. We should aid and
support and try to help with security, but we should never be
in the mode of making those decisions.
Senator Isakson. I concur with that, and to the best of my
recollection, most of the concerns about IT at VA have been
non-medical IT concerns. Is that not correct?
Mr. McFarland. I believe that is correct.
Senator Isakson. Which brings me to my next question. On
the next page, it says, ``This model will . . . include a
migration of most workers to the control of the CIO, while
leaving some employees under the control of the
administrators.'' How many administrators are there?
Mr. McFarland. The breakdown, I can't give you exact
numbers, but the breakdown is somewhere around 4,500 to 1,500
approximately. Most of the employees are operational in nature,
meaning they are involved in running and maintaining the
infrastructure that is out there. Those that would stay under
the administrations are those who are programmers and
developers of the applications themselves of the software that
is designed to manage and run the medical applications.
Mr. Mansfield. Sir, if I may interrupt, I think you are
talking about the number of administrations. We are pointing
out there that the health care, the Veterans Health
Administration, would maintain the development for products in
their area. The Veterans Benefits Administration would maintain
the same for their area of expertise, and then the Cemetery
Administration. They would be aligned under those three
administrations.
Senator Isakson. Are any of those stovepipes integrated at
any point?
Mr. Mansfield. Not now, but under the federated model, the
operational infrastructure would be integrated.
Senator Isakson. Then therein lies me to my point, I guess,
which is more of a statement. Mr. McFarland, I have great
respect for Dell and what you did and what that great company
does. In one of my jobs in my life, I was asked to take over
the Department of Education in Georgia in a crisis, which was
the Y2K crisis where they were trying to become compliant. They
had 187 school systems, a State board of education. They had
decided to select--the software of their preference was SAV,
which is very complicated software. They had made the terrible
mistake of letting all 187 systems attempt to customize the
student information and the financial system, which led to a
catastrophic $45 million disaster and a last-minute patch to
become Y2K compliant.
Anytime I read that we are going to centralize, but some of
the employees are going to be under the supervision of the
administrators and not the CIO, I worry that a department or an
administrator working with a consultant or an outside vendor
trying to customize could take what otherwise should be a
baseline system and cause not only irreparable difficulty but
tremendous cost. You can comment on that any way you want to.
Mr. McFarland. I share your concern more than you realize.
Let me say that under where I think we are headed, I will have
budgetary control. I can promise you this. I will not sign off
on any budgeted item, including development projects, that do
not keep in concert with an enterprise architecture, and if
they are looked at as being custom solutions that do not fit
the environment, I simply won't fund them. We may have some
battles in that area, and I welcome them. I share your concern.
If you look at the big recent failure of Core FLS--you have
described a little bit what happened in Georgia--lack of
standardization will eat you alive in this world in IT. Without
standardization and without standard practices, you cannot
apply automation. It does not matter whether we would have made
Bay Pines work or not. You could not have picked that system up
and laid it into another hospital or another facility without
customizing it again. That is because we did not have any
standardization in place.
Those are the areas that I think we can manage, and I
intend to manage those through the budget process.
Senator Isakson. I am glad to hear that, because in the
end, not because people would intentionally want cost overruns,
but most administrative people are closer to my age and they do
not have the computers that my kids have that allow them to do
all these things instinctively. They start customizing or start
asking consultants to provide things which can be done but run
you off into some unbelievable cost overruns and problems. Your
knowledge is very satisfying to me, and if you can manage
through that process in the budget, then I think this federated
model will work.
Thank you, Mr. Chairman.
Chairman Craig. Thank you, Senator Isakson. The question
is: How did you do?
Senator Isakson. How did I do?
Chairman Craig. In the Department of Education in Georgia.
Now that you have led us down that path----
Senator Isakson. I got elected to Congress, Mr. Chairman. I
don't know whether that is because they wanted to get rid of me
or because it worked.
[Laughter.]
Senator Isakson. I will share with Mr. McFarland actually
the results of that, but not on camera.
[Laughter.]
Chairman Craig. In other words, special expressions belie
the camera.
All right. A couple of last questions of this panel. You
had mentioned the enterprise architecture design. I see OMB
scored it at a 3 in contrast to a previous 1.25 score.
Mathematically, that is a 100-percent improvement.
Now, what does that exact--what does that tell us about
enterprise architecture? How much better and is it good enough?
Mr. McFarland. I'd love to tell you that getting a 100-
percent improvement in my grade was a wonderful thing, but I
would have to be honest and fair with you and tell you that
when I got here, we were nowhere where we needed to be. We have
made great progress. I was very lucky to attract an enterprise
architect to the agency some 9 or 10 months ago, and he has
done incredible work in getting us moving towards where we need
to go. We are not there yet. We still have to try to reach, I
believe, a 4.0, and that additional one point is a significant
enterprise. I believe we will get there.
Enterprise architecture is an evolving thing. You just
don't get one and then put it in the drawer and everything is
fine. It will continue to evolve. It will have to evolve based
on the needs of the agency, and we will have to evolve it based
on the needs of the Government, because the Government has, OMB
has a very strict interpretation of enterprise architecture,
and we have had some challenges in getting ourselves in line
with that. We will get there, and that is the umbrella that
fits over all of our applications and all of our environment to
make sure there is commonality. We will never break up these
stovepipes if we do not have a strong enterprise architecture
to do it with.
Chairman Craig. Okay. I thank you for that comment, Mr.
McFarland, and I think all of us recognize the difficulty of
change, especially inside organizations as old, with the
positive reputation that VA has; at the same time, a
frustration on the part of all of us of costs and cost overrun
and the inability to get our arms around them and manage them.
It is pretty hard sometimes to go home to the taxpayer and try
to explain why a couple hundred million dollars or more just
got blown away, or it is no longer operating or it is non-
functional. We went through this with, you know, other agencies
of Government as we try to make these changes and bring them
into modern approaches.
Consultants are brought in, and sometimes effectively used,
sometimes not. Gordon, we talked about the Gartner study and
its costs. What were its costs in reality?
Mr. Mansfield. The costs were between $800,000 and $1
million, I believe. Is that right?
Mr. McFarland. Yes, sir. It was somewhere, if I remember
correctly, around $875,000, I believe.
Chairman Craig. That is viewed as money well spent?
Mr. Mansfield. Yes, sir.
Mr. McFarland. Yes, sir, I believe it was.
Chairman Craig. I don't ever want the record to show that
that is pocket change, but it was pocket change well spent in
the context of things. Thank goodness that you feel it was
appropriately spent, and that is a manageable amount of money
in most of our view when it comes to what we are doing here.
Gentlemen, thank you very much. We will have you back
again--and again, and I say that because we want to know what
you are doing and how it is going on. I will only ask you to
leave with this note: As I have told the Secretary, there don't
deserve to be surprises in any of this. We are all in this
together because we have one goal in mind, and I think,
Secretary Mansfield, you expressed it well in your opening
statement. The wiser we can spend the dollars, the more dollars
we can get to the ground to serve veterans. We thank you all
for being here this morning.
Mr. Mansfield. Thank you, Mr. Chairman.
Chairman Craig. Our second panel is made up of Paul
Wohlleben?
Mr. Wohlleben. Very good, Mr. Chairman.
Chairman Craig. Did I pass the test, Paul?
Mr. Wohlleben. You did. That was fantastic. Thank you.
Chairman Craig. Partner, Grant Thornton, on behalf of the
Information Technology Association of America; and Linda
Koontz, Director of Information Management for Government
Accountability Office.
With that, Paul, Linda, thank you for being with us. Please
proceed. Paul, we will start with you.
STATEMENT OF PAUL WOHLLEBEN, PARTNER, GRANT THORNTON, LLP, ON
BEHALF OF THE INFORMATION TECHNOLOGY ASSOCIATION OF AMERICA
Mr. Wohlleben. Thank you, Mr. Chairman. Good morning. My
name is Paul Wohlleben. I am a Partner with Grant Thornton of
Chicago, Illinois, an international accounting and management
consulting firm.
In my role as a witness before you this morning, however, I
am representing the Information Technology Association of
America. ITAA provides global public policy, business
networking and national leadership to promote the continued
rapid growth of the information technology industry. ITAA
consists of approximately 350 corporate members throughout the
United States in a global network of 67 country's IT
associations. ITAA members range from the smallest IT start-ups
to industry leaders.
Modern organizations, whether Government or commercial, use
IT to help them achieve their missions. For most organizations,
IT is both a major component of cost and a key resource in
managing business operations and in satisfying customers. This
morning I will describe how many of ITAA's member companies
employ, align and operate their IT assets to best align them
with the organization's missions, improve productivity and
maximize the return on their investments. Additionally, this
discussion will address our position on the placement and the
role of the Chief Information Officer in any large enterprise.
Let me begin by stating that leading companies operate
using an organizational strategy drawn from their major
business and mission objectives. In developing such a strategy,
leading companies consider the role of all key resources in
accomplishing that strategy, including information technology.
It is a position of ITAA that in most cases a successful
organization's CIO will be part of the senior management team
that develops that overarching strategy. Such involvement by
the CIO increases the probability that IT will be properly
leveraged to achieve the desired outcomes.
Once an organization's business and mission strategy had
been defined, including the basic contributions expected from
IT, the CIO needs to develop the strategies and plans that
define how IT will be best deployed across the organization to
make those contributions. I will refer to this as the IT
strategy. The CIO must ensure that the IT strategy is aligned
to the organization's business and mission strategy, meaning
that each IT investment can be linked back to the
organizational goal or objective that it supports.
A key component of the IT strategy is the enterprise
architecture. The enterprise architecture provides views into
how the organization operates, its key desired outcomes, the
technology infrastructure that provides computing capability,
the data that is used in the organization in the application
systems that support the organization. ITAA believes it is
imperative for the CIO to have sufficient authority to produce,
deploy and maintain the IT strategy, including the enterprise
architecture. It is particularly important that the CIO be able
to keep them current with a changing business and mission
environment, and to ensure that they serve as the standard road
map for all IT investment, planning and execution.
The development of the IT strategy and the use of the
strategy to guide the organization during the implementation
projects designed to move the organization from the current to
the target states cannot be accomplished by the CIO
organization alone. The entire enterprise will be affected by
the IT strategy. The entire enterprise must be represented in
the process that develops and oversees the execution of the
strategy. This is, in effect, a component of organizational
governance. ITAA believes that the CIO must have appropriate
authority, organizational placement, and peer relationships to
ensure that an effective process exists for this organizational
governance.
I have touched on a number of key roles that must be
successfully addressed to ensure that an organization's IT
investments are both efficiently and effectively utilized. The
CIO must have effective control over the planning,
authorization, resourcing and implementation of all IT.
Effective control means that the CIO can delegate the
implementation of IT as long as the CIO retains oversight and
sufficient management mechanisms in place to ensure compliance
with CIO approved plans. We believe the CIO should not delegate
enterprise level planning, authorization and resourcing
responsibilities.
Let me turn my attention to the organizational placement of
the CIO. While ITAA recognizes the impact that attributes like
culture and management style have on determining how to
organize to optimize effectiveness, we believe that an
organization is best able to leverage its IT if a CIO reports
to the organization's most senior official. Such placement
sends an important signal to the rest of the organization about
the value of information technology in its management, and
better enables the CIO to ensure an effective IT governance
process. It better positions the CIO to develop working
relationships with other key senior executives in an
organization's leadership.
We also believe that with such high organizational
placement comes a responsibility to reach out to the
organization to develop effective collaboration and governance
processes. A seat at the executive table must be used to inject
IT into the strategic mainstream, and not to isolate it from
the rank and file. Elevating the CIO in combination with
effective collaboration will help ensure that the broad needs
of the organization are reflected in the IT requirements, and
that efforts to standardize both IT and business processes
receive appropriate representation.
To summarize, IT is a critical component in helping
organizations like VA realize their strategic objectives. To
harness the value of IT, the CIO maps agency mission and
business process objectives to an information technology
strategy. An enterprise architecture translates IT strategy
into an actionable blueprint for moving from the here and now
to where we want to be. Although the CIO is ultimately
responsible for the effective alignment of IT performance with
agency mission, goals and objectives, this individual does not
and must not operate in a vacuum. To be effective, the process
must enjoy widespread agency support and buy-in, and must
originate from the top down.
I thank you for the opportunity to testify before the
committee this morning. I will be pleased to answer any
questions you may have. ITAA will also be glad to meet with
Members of the committee and their staffs on the important
issues that are raised during this hearing.
Thank you.
[The prepared statement of Mr. Wohlleben follows:]
Prepared Statement of Paul Wohlleben, Partner, Grant Thornton, LLP,
on Behalf of the Information Technology Association of America
Good morning. My name is Paul Wohlleben. I am a Partner with Grant
Thornton LLP of Chicago, Illinois, an international accounting and
management advisory services firm.
In my role as a witness before you, I am representing the
Information Technology Association of America. ITAA provides global
public policy, business networking, and national leadership to promote
the continued rapid growth of the Information Technology (IT) industry.
ITAA consists of more approximately 350 corporate members throughout
the U.S. and a global network of 67 countries' IT associations. ITAA
members range from the smallest IT start-ups to industry leaders in the
Internet, software, IT services, ASP, digital content, systems
integration, telecommunications, and enterprise solution fields.
Modern organizations, whether commercial or government, use IT to
help them achieve their missions. For most organizations, IT is both a
major component of cost and a key resource in managing business
operations and satisfying customers. This morning, I will describe how
many of ITAA's member companies employ, align, and operate their IT
assets to best align them with their organization's missions, improve
productivity, and maximize the return from their investments.
Additionally, this discussion will address our position on the
placement and role of the Chief Information Officer (CIO) in any large
enterprise.
Let me begin by stating that leading companies operate using an
organizational strategy drawn from their major business and mission
objectives. In developing such a strategy, leading companies consider
the role of all key resources in accomplishing that strategy, including
IT. It is the position of ITAA that in most cases, a successful
organization's CIO will be part of the senior management team that
develops that overarching strategy. Such involvement by the CIO
increases the probability that IT will be properly leveraged to achieve
the desired outcomes.
Once an organization's business and mission strategy has been
defined, including the basic contributions expected from IT, the CIO
needs to develop the strategies and plans that define how IT will be
best deployed across the organization to make those contributions. I
will refer to this as the IT strategy. The CIO must ensure that the IT
strategy is aligned to the organization's business and mission
strategy, meaning that each IT investment can be linked back to the
organizational goal or objective that it supports. Ideally, the
contribution of the IT investment can be measured in terms of how well
it supports the relevant overarching organizational goal or objective.
A key component of the IT strategy is the enterprise architecture
(EA). The EA provides views into how the organization operates, its key
desired outcomes, the technology infrastructure that provides computing
capability, the data that is used in the organization, and the
application systems that support the organization. In leading
organizations, the EA consists of both a current snapshot of the
organization's IT infrastructure, called the `as is' architecture, and
a snapshot of the target infrastructure, called the `to be'
architecture. IT modernization plans are then developed with the intent
to move from the `as-is' to the `to-be' states. ITAA believes it is
imperative for the CIO to have sufficient authority to produce, deploy
and maintain the IT strategy, including the enterprise architecture. It
is particularly important that the CIO be free to keep them current
with a changing business and mission environment and to ensure that
they serve as the standard roadmap for all IT investment planning and
execution.
The development of the IT strategy, and the use of the strategy to
guide the organization during the implementation projects designed to
move the organization from the current `as-is' to the target `to-be'
states, cannot be accomplished by the CIO's organization alone. The
entire enterprise will be affected by the IT strategy; the entire
enterprise must be represented in the process that develops and
oversees the execution of the strategy. This is, in effect, a component
of organizational governance. ITAA believes that the CIO must have
appropriate authority, organizational placement, and peer relationships
to ensure that an effective process exists for organizational
governance.
I have touched on a number of key CIO roles that must be
successfully addressed to ensure that an organization's IT investments
are both efficiently and effectively utilized. The CIO must have
effective control over the planning, authorization, resourcing, and
implementation of all IT. Effective control means that the CIO can
delegate the implementation of IT as long as the CIO retains oversight
and sufficient management mechanisms in place to ensure compliance with
CIO-approved plans. We believe the CIO should not delegate enterprise-
level planning, authorization and resourcing responsibilities.
Let me turn attention to the organizational placement of the CIO.
While ITAA recognizes the impact that attributes like culture and
management style have on determining how to organize to optimize
effectiveness, we believe that an organization is best able to leverage
its IT if a CIO reports to the organization's most senior official.
Such placement sends an important signal to the rest of the
organization about the value of IT and its management and better
enables the CIO to ensure an effective IT governance process. It better
positions the CIO to develop working relationships with other key
senior executives in an organization's leadership.
We also believe that with such high organizational placement comes
a responsibility to reach out to the organization to develop effective
collaboration and governance processes. A seat at the executive table
must be used to inject IT into the strategic mainstream, not isolate it
from the rank and file. Elevating the CIO will help ensure that the
broad needs of the organization are reflected in IT requirements and
that efforts to standardize both IT and business processes receive
appropriate representation.
To summarize, IT is a critical component in helping organizations
like the VA realize their strategic objectives. To harness the value of
IT, the CIO maps agency mission and business process objectives to an
information technology strategy. An enterprise architecture translates
IT strategy into an actionable blueprint for moving from the here and
now to the where we want to be. Although the CIO is ultimately
responsible for the effective alignment of IT performance with agency
mission, goals and objectives, this individual does not and must not
operate in a vacuum. To be effective, the process must enjoy widespread
agency support and buy-in, and must originate from the top down.
I thank you for the opportunity to testify before the Committee on
Veterans' Affairs. I will be pleased to address any questions you may
have. ITAA will also be glad to meet with the Members of the Committee
and their staffs on the important issues raised in this hearing.
Chairman Craig. Thank you very much for that testimony, and
also thank you for that invite. We will continue to work with
you as we go through this.
Now, Linda, let us turn to you, Linda Koontz, Director of
Information Management, GAO.
STATEMENT OF LINDA D. KOONTZ, DIRECTOR, INFORMATION MANAGEMENT
ISSUES, UNITED STATES GOVERNMENT
ACCOUNTABILITY OFFICE
Ms. Koontz. Thank you, Mr. Chairman. I am pleased to be
here today to discuss the organization of VA's information
technology program. I will be discussing our previous work on
the role of Chief Information Officers in the Federal
Government and in the private sector, as well as providing
information on the evolution of the CIO position at VA.
As you know, under the Clinger-Cohen Act the Congress has
mandated that Federal CIOs play a central role in managing
information technology within Federal agencies. In this way
CIOs can help ensure that agencies manage their information
functions in a coordinated and integrated fashion, and thus
improve the efficiency and effectiveness of Government programs
and operations.
In 2004 we reported that Federal CIOs were responsible for
most of the key management areas we identified as required by
statute or critical to effective information and technology
management. All the CIOs were assigned responsibility for five
key areas, for example, enterprise architecture and IT
investment management, although they sometimes reported that
they shared responsibility for these areas with other
organizational units.
Our past work also identified a number of organizational
characteristics that contribute to CIO success. First,
successful CIOs work with supportive senior executives who
embrace the central role of technology in accomplishing mission
objectives, and include the CIO as a full participant in senior
decision-making.
Second, successful CIOs have legitimate and influential
roles in leading top managers to apply IT to business problems
and needs. Placement of the position at an executive management
level in the organization is important, but in addition, CIOs
earn credibility and produce results by establishing effective
working relationships with business units.
Third, successful CIOs structure their organizations in
ways that reflect a clear understanding of business and mission
needs. This understanding is a prerequisite to aligning the
CIO's office to best serve the agency. To do this, CIOs also
need knowledge of business processes, market trends, the
agency's current systems and available IT skills.
To be successful, Federal CIOs must overcome a number of
challenges. For example, according to a little over 80 percent
of the CIOs, one major challenge is implementing effective IT
management practices in such areas as information security,
enterprise architecture, investment management, and e-
Government.
In a study that we recently released, CIOs at leading
private sector organizations reported responsibilities and
challenges that were similar to those of their Federal
counterparts. These private sector companies used both
centralized and decentralized organizational structures, and
several of the CIOs spoke of their efforts to achieve the right
balance. In addition, most private sector companies had
executive committees with authority and responsibility for
governing major IT investments.
In recent years the CIO position at VA and the Department's
IT management, have received increased attention from VA
leadership. For 2\1/2\ years after the passage of the Clinger-
Cohen Act in 1996, the Department went without a CIO. For 2
years after that the CIO role was held by an executive who also
had other major responsibilities. The Department then had an
acting CIO for 1 year, and in August 2001 it appointed a full-
time permanent CIO.
Subsequently, the Department proposed further strengthening
the CIO position and centralizing IT management, recognizing
that aspects of the VA computing environment were particularly
challenging and required substantial management attention. In
particular, the Department's information services and systems
were highly decentralized, and a large proportion of the
Department's IT budget was controlled by the VA's
administrations and staff offices.
To address these challenges the Secretary issued a memo in
2002 announcing that IT functions, programs and funding would
be centralized under the Department level CIO.
Although we have not reviewed the current status of this
proposed realignment or VA's current organizational structure,
it remains our view that this realignment held promise for
building a more solid foundation for investing in IT resources
and improving the Department's accountability over those
resources.
The additional oversight afforded the CIO could have a
significant impact on the Department's ability to more
effectively account for and manage its approximately $2.1
billion in planned IT spending.
Mr. Chairman, that completes my statement. I would be happy
to answer questions.
[The prepared statement of Ms. Koontz follows:]
Prepared Statement of Linda D. Koontz, Director, Information Management
Issues, United States Government Accountability Office
Mr. Chairman and Members of the Committee:
Thank you for inviting us to take part in your discussion of the
information technology organization at the Department of Veterans
Affairs (VA) and the role of the Chief Information Officer (CIO). In
carrying out its mission of serving our nation's veterans, the
department relies heavily on information technology, for which it is
requesting about $2.1 billion in funding for fiscal year 2006. The CIO
will play a vital role in ensuring that this money is well spent and
that information technology is managed effectively. As we have
previously reported, an effective CIO can make a significant difference
in building the institutional capacity that is needed to improve an
agency's ability to manage information and technology and thus enhance
program performance.
At your request, we will discuss the role of CIOs in the Federal
Government, present for comparison the results of our study of private-
sector CIOs, and provide a historical perspective on the roles and
responsibilities of VA's CIO.
In developing this testimony, we reviewed our previous work in this
area. All work covered in this testimony was performed in accordance
with generally accepted government auditing standards.
RESULTS IN BRIEF
Since the Clinger-Cohen Act established the CIO position in 1996,
federal CIOs have played a central role in managing information and
technology within federal agencies. According to CIOs at major
departments and agencies,' they generally held wide responsibilities
and reported to their agency heads or other top level managers. In
general, CIOs reported that they were responsible for key information
and technology management areas; for example, all the CIOs were
responsible for five key areas (capital planning and investment
management, information security, IT human capital, strategic planning
for information technology and information resource management, and
enterprise architecture). In carrying out these responsibilities, the
tenure of federal CIOs was often less than the length of time that some
experts consider necessary for them to be effective and implement
changes: the median tenure was about 2 years, and the most common
response regarding time required to be effective was 3 to 5 years. In
contrast, CIOs were generally helped in carrying out their
responsibilities by the background and experience they brought to the
job. Although their background was varied, most had background in
information technology (IT) or related fields, many having previously
served as CIOs; many also had business knowledge related to their
agencies, having previously worked either at the agency or in an area
related to its mission. Other factors that help CIOs meet their
responsibilities effectively are described in guidance that we have
issued; key among these are (1) being supported by senior executives
who recognize the importance to their missions of IT and an effective
CIO; (2) playing an influential role in applying IT to business needs;
and (3) being able to structure their organizations appropriately. At
the same time, CIOs cited several challenges, of which the two most
frequently mentioned were implementing effective IT management and
obtaining sufficient and relevant resources.
Private-sector CIOs reported responsibilities, challenges, and
approaches to information and technology governance that are similar
but not identical to those of their federal counterparts. Most of the
private-sector CIOs we contacted had either sole or shared
responsibility for the key management areas we explored, which
corresponded to those that we reported on in our federal agency review.
Among the areas in which most of the private-sector CIOs had or shared
responsibility, 18 or more of the 20 we contacted cited five
information and technology management areas (capital planning and
investment management, information security, human capital for managing
information resources, systems acquisition, and e-commerce); the first
three of these were also responsibilities of all federal CIOs, and the
last two were responsibilities of 90 percent of federal CIOs. The
challenges cited by the private-sector CIOs were also similar to those
cited by federal CIOs. Both private-sector and federal CIOs noted
improving various IT management processes (e.g., IT investment decision
making), developing IT leadership and stalls, working with enterprise
architectures, and ensuring the security of systems. To manage their
IT, the private-sector companies used both centralized and
decentralized organizational structures: in some, authority is
centralized in the CIO's office, while in others, it is decentralized
in the business units, depending on other events in the company such as
strategic realignments and acquisitions. Most of the private-sector
companies had executive committees with authority and responsibility
for governing major IT investments. Many private-sector CIOs also told
us that they were making efforts to move toward common business
processes, such as by instituting cross-organizational teams to work on
developing enterprise wide systems and standards.
With regard to VA, both the CIO position and IT management have
received increased management attention over time. After going for 2
years after the passage of the Clinger-Cohen Act without a CIO,
followed by 2 years with an executive whose time was divided among CIO
and other major duties, and then 1 year with an acting CIO, the
department appointed a full-time permanent CIO in August 2001. Since
then, the department proposed further strengthening the position and
centralizing IT management, recognizing that aspects of its computing
environment were particularly challenging and required substantial
management attention. In particular, the department's information
systems and services were highly decentralized, and a large proportion
of the department's IT budget was controlled by the VA's
administrations and staff offices. To address these challenges, the
Secretary issued a memo in 2002 announcing that IT functions, programs,
and funding would be centralized under the department-level CIO.
Although we have not reviewed the current status of this proposed
realignment or VA's current organizational structure, it remains our
view that the proposal held promise for improving IT accountability and
enabling the department to accomplish its mission. The additional
oversight afforded the CIO could have a significant impact on the
department's ability to more effectively account for and manage its
approximately $2.1 billion in planned IT spending.
VA comprises three major components: the Veterans Benefits
Administration (VBA), the Veterans Health Administration (VHA), and the
National Cemetery Administration (NCA). VA's mission is summed up in
its mission statement, a quotation from Abraham Lincoln: ``to care for
him who shall have borne the battle and for his widow and his orphan.''
VA carries out this mission by providing benefits and other services to
veterans and dependents.
The department's vision is to be a more customer-focused
organization, functioning as ``One VA.'' This vision stemmed from the
recognition that veterans think of VA as a single entity, but often
encountered a confusing, bureaucratic maze of uncoordinated programs
that put them through repetitive and frustrating administrative
procedures and delays. The ``One VA'' vision is to create versatile new
ways for veterans to obtain services and information by streamlining
interactions with customers and integrating IT resources to enable VA
employees to help customers more quickly and effectively. This vision
will require modifying or replacing separate information systems with
integrated systems using common standards to the information across VA
programs and with external partner organizations, such as the
Department of Defense. Accordingly, effective management of its IT
programs is vital to VA's successful achievement of its vision and
mission.
Table 1 shows a breakdown of VA's approximately $2.1 billion IT
budget request for fiscal year 2006. Of the total, VHA accounted for
approximately $1.8 billion, VBA approximately $150 million, and NCA
approximately $11 million. The remaining $84 million was designated for
the department level.
Table 1.--Breakdown of VA's Fiscal Year 2006 Information Technology
Budget Request
[in millions]
------------------------------------------------------------------------
Organization Request In percent
------------------------------------------------------------------------
VHA............................. $1835............. 88%
VBA............................. 150............. 7%
NCA............................. 11............. <1%
Department...................... 84............. 4%
--------------------
Total......................... $2,080............
------------------------------------------------------------------------
Spune: GAO analysis VA data.
CIO PLAYS MAJOR ROLE IN FEDERAL IT MANAGEMENT
The Congress has long recognized that IT has the potential to
enable federal agencies to accomplish their missions more quickly,
effectively, and economically. However, fully exploiting this potential
presents challenges to agencies. Despite substantial IT investments,
the federal government's management of information resources has
produced mixed results. One of the ways in which the Congress has
addressed this issue was to establish the CIO position; an agency's CIO
is to serve as the focal point for information and technology
management within an agency. In 1996, the Clinger-Cohen Act established
the position of agency CIO and specified responsibilities for this
position. Among these responsibilities, the Act required that the CIOs
in the 24 major departments and agencies have information resources
management (IRM) as their ``primary duty.''
The Congress has mandated that CIOs should play a key leadership
role in ensuring that agencies manage their information functions in a
coordinated and integrated fashion in order to improve the efficiency
and effectiveness of government programs and operations.''
CIO RESPONSIBILITIES AND REPORTING RELATIONSHIPS
CIOs have responsibilities that can contribute significantly to the
successful implementation of information systems and processes. In July
2004, we reported on CIO roles, responsibilities, and challenges (among
other things) at 27 major agencies. For this work, we identified major
areas of CIO responsibilities that were either statutory requirements
or critical to effective information and technology management.
Altogether, we identified the 13 areas shown in table 2.
Table 2.--Major Areas of CIO Responsibility
------------------------------------------------------------------------
------------------------------------------------------------------------
Area of responsibility.................... IT capital planning and
investment management
Description............................... Planning and management of
IT capital investments
Applicable laws........................... 44 U.S.C. 3506(h), 40 U.S.C.
11312 & 11313
Records management........................ Ensuring that agency
implements and enforces
records management policies
and procedures under the
Federal Records Act 44
U.S.C. 3506(f)
Information dissemination*................ Ensuring that information
dissemination activities
meet policy goals such as
timely and equitable public
access to information 44
U.S.C. 3506(d)
Information disc1osure*................... Ensuring appropriate
information 44 U.S.C.
3506(g) access under the
Freedom of Information Act
Privacy................................... Ensuring agency compliance
44 U.S.C. 3506(g) with the
Privacy Act and related
laws
Area of responsibility.................... Description
Statistical policy and coordination....... Performing statistical
policy and coordination
functions, including
ensuring the relevance,
accuracy, and timeliness of
information collected or
created for statistical
purposes
Applicable laws........................... 44 U.S.C. 3506(e)
------------------------------------------------------------------------
Source: GAO analysis.
``Three areas of responsibility-enterprise architecture; systems
acquisition, development, and integration; and government initiatives--
are not assigned to CIOs by statute; they are assigned to the agency
heads by law or guidance. However, in virtually all agencies, the
agency heads have delegated these areas of responsibility to their
CIOs.
For our later private-sector study, we combined Information
dissemination and Information disclosure into a single function in
order to increase these functions' relevance for private-sector CIOs.
According to our report, CIOs were generally responsible for the
key information and technology management areas shown in the table,
although not all CIOs were completely responsible for all areas.'' For
example:
All the CIOs were responsible for the first five areas in the table
(capital planning and investment management, enterprise architecture,
information security, IT/IRM strategic planning, and IT/IRM human
capital).
More than half had responsibility for six additional areas (major
government initiatives, systems acquisition, information collection/
paperwork reduction, records management, information dissemination, and
privacy).
Fewer than half were responsible for two areas (information
disclosure and statistics).
It was common for CIOs to share responsibility for certain
functions, and in some cases responsibilities were assigned to other
offices. For example, systems acquisition responsibility could be
shared among the CIO and other officials, such as a procurement
executive or program executive; disclosure could be assigned to general
counsel and public affairs, while statistical policy could be assigned
to offices that deal with the agency's data analysis. Nevertheless,
even for areas of responsibility that were not assigned to CIOs, agency
CIOs generally reported that they contributed to the successful
execution of the agency's overall responsibilities in that area.
In carrying out their responsibilities, CIOs generally reported to
their agency heads. For 19 of the agencies in our review, the CIOs
stated that they had this reporting relationship. In the other 8
agencies, the CIOs stated that they reported instead to another senior
official, such as a deputy secretary, under secretary, or assistant
secretary. In addition, 8 of the 19 CIOs who said they had a direct
reporting relationship with the agency head noted that they also
reported to another senior executive, usually the deputy secretary or
under secretary for management, on an operational basis. According to
members of our Executive Council on Information Management and
Technology, what is most critical is for the CIO to report to a top
level official.
TENURE AND BACKGROUNDS OF CIOS
Federal CIOs often remained in their positions for less than the
length of time that some experts consider necessary for them to be
effective and implement changes. At the departments and agencies
included in our review, the median time in the position of permanent
CIOs whose time in office had been completed was about 23 months. For
career CIOs, the median was 32 months; the median for political
appointees was 19 months. To the question of how long a CIO needed to
stay in office to be effective, the most common response of the CIOs
(and former agency IT executives whom we consulted) was 3 to 5 years.
Between February 10, 1996, and March 1, 2004, only about 35 percent of
the permanent CIOs who had completed their time in office reportedly
had stayed in office for a minimum of 3 years. The gap between actual
time in office and the time needed to be effective is consistent with
the view of many agency CIOs that the turnover rate was high, and that
this rate was influenced by the political environment, the pay
differentials between the public and private sectors, and the
challenges that CIOs face.
In contrast, the CIOs at the 27 agencies were generally helped in
carrying out their responsibilities by the background and experience
they brought to the job. The background of the CIOs varied in that they
had previously worked in the government, the private sector, or
academia, and they had a mix of technical and management experience.
However, virtually all had work experience or educational backgrounds
in IT or IT-related fields; 12 agency CIOs had previously served in a
CIO or deputy CIO capacity. Moreover, most of them had business
knowledge related to their agencies because they had previously worked
at the agency or had worked in an area related to the agency's mission.
SUCCESS FACTORS AND CHALLENGES OF CIOS
To allow CIOs to serve effectively in the key leadership role
envisioned by the Congress, federal agencies should use the full
potential of CIOs as information and technology management leaders and
active participants in the development of the agency's strategic plans
and policies. The CIOs, in turn, must meet the challenges of building
credible organizations and developing and organizing information and
technology management capabilities to meet mission needs.
In February 2001, we issued guidance on the effective use of CIOs,
which describes the following three factors as key contributors to CIO
success:
Supportive senior executives embrace the central role of
technology in accomplishing mission objectives and include the CIO as a
full participant in senior executive decision making.
Effective CIOs have legitimate and influential roles in
leading top managers to apply IT to business problems and needs.
Placement of the position at an executive management level in the
organization is important, but in addition, effective CIOs earn
credibility and produce results by establishing effective working
relationships with business unit heads.
Successful CIOs structure their organizations in ways that
reflect a clear understanding of business and mission needs. Along with
knowledge of business processes, market trends, internal legacy
structures, and available IT skills, this understanding is necessary to
ensure that the CIO's office is aligned to best serve agency needs.
The CIO study that we reported on in July 2004 also provides
information on the major challenges that federal CIOs face in
fulfilling their duties. In particular, CIOs view IT governance
processes, funding, and human capital as critical to their success, as
indicated by two challenges that were cited by over 80 percent of the
CIOs: implementing effective information technology management and
obtaining sufficient and relevant resources.
EFFECTIVE IT MANAGEMENT
Leading organizations execute their information technology
management responsibilities reliably and efficiently. A little over 80
percent of the CIOs reported that they faced one or more challenges
related to implementing effective IT management practices at their
agencies. This is not surprising given that, as we have previously
reported, the government has not always successfully executed the IT
management areas that were most frequently cited as challenges by the
CIOs-information security, enterprise architecture, investment
management, and e-gov.
SUFFICIENT AND RELEVANT RESOURCES
One key element in ensuring an agency's information and technology
success is having adequate resources. Virtually all agency CIOs cited
resources, both in dollars and staff, as major challenges. The funding
issues cited generally concerned the development and implementation of
agency IT budgets and whether certain IT projects, programs, or
operations were being adequately funded.
We have previously reported that the way agency initiatives are
originated can create funding challenges that are not found in the
private sector. For example, certain information systems may be
mandated or legislated, so the agency does not have the flexibility to
decide whether to pursue them. Additionally, there is a great deal of
uncertainty about the funding levels that may be available from year to
year.
The government also faces long-standing and widely recognized
challenges in maintaining a high-quality IT workforce. In 1994 and
2001, we reported on the importance that leading organizations placed
on malting sure they had the right mix of skills in their IT workforce.
About 70 percent of the agency CIOs reported on a number of substantial
IT human capital challenges, including, in some cases, the need for
additional staff. Other challenges included recruiting, retention,
training and development, and succession planning.
In addition, two other commonly cited challenges were communicating
and collaborating (both internally and externally) and managing change.
COMMUNICATING AND COLLABORATING
Our prior work has shown the importance of communication and
collaboration, both within an agency and with its external partners.
For example, one of the critical success factors we identified in our
guide focuses on the CIO's ability to establish his or her organization
as a central player in the enterprise. Ten agency CIOs reported that
communication and collaboration were challenges. Examples of internal
communication and collaboration challenges included: (1) cultivating,
nurturing, and maintaining partnerships and alliances while producing
results in the best interest of the enterprise; and (2) establishing
supporting governance structures that ensure two-way communication with
the agency head and effective communication with the business part of
the organization and component entities. Other CIOs cited activities
associated with communicating and collaborating with outside entities
as challenges, including sharing information with partners and
influencing the Congress and OMB.
MANAGING CHANGE
Top leadership involvement and clear lines of accountability for
making management improvements are critical to overcoming an
organization's natural resistance to change, marshaling the resources
needed to improve management, and building and maintaining
organization-wide commitment to new ways of doing business. Some CIOs
reported challenges associated with implementing both changes
originating from their own initiative and changes from outside forces.
Implementing major IT changes can involve not only technical risks but
also non-technical risks, such as those associated with people and the
organization's culture. Six CIOs cited dealing with the government's
culture and bureaucracy as challenges to implementing change. Former
agency IT executives also cited the need for cultural changes as a
major challenge facing CIOs. Accordingly, in order to effectively
implement change, it is important that CIOs build understanding,
commitment, and support among those who will be affected by the change.
Effectively tackling these reported challenges can improve the
likelihood of a CIO's success. Until these challenges are overcome,
federal agencies are unlikely to optimize their use of information and
technology, which can affect an organization's ability to effectively
and efficiently implement its programs and missions.
The CIO Position in the Private Sector Has Similarities to the
Federal CIO Position.
In September 2005, we reported the results of our study of CIOs at
leading private-sector organizations, in which we described the CIOs'
responsibilities and major challenges, as well as private-sector
approaches to information and technology governance.
The set of responsibilities assigned to CIOs in the private sector
were similar to those in the federal sector. In most areas, there was
little difference between the private and federal sectors in the
percentage of CIOs who had or shared a particular responsibility. In 4
of the 12 areas--enterprise architecture, strategic planning,
information collection, and information dissemination and disclosure--
the difference between the private- and federal-sector CIOs was
greater; in each case, fewer CIOs in the private sector had these
responsibilities. In all, the six functions least likely to be the
CIO's responsibility in the federal sector were equivalent to the five
functions least likely to be his or her responsibility in the private
sector. Some of the federal CIOs functions, such as information
collection and statistical policy, did not map directly to the
management areas in several of the private-sector organizations we
contacted.
Figure 1 compares federal and private-sector CIO responsibilities
for the 12 areas, showing the percentage of CIOs who had or shared
responsibility for each area.
FIGURE 1: COMPARISON OF THE EXTENT TO WHICH PRIVATE-SECTOR AND FEDERAL
CIOS ARE RESPONSIBLE FOR MANAGEMENT AREAS.
Federal CIOs Private CIOs.
Source: W.
Among the private-sector CIOs, it was common to share
responsibility with either business units or corporate functional
areas; these sharing relationships accounted for almost a third of all
responses. Among federal CIOs, the sharing of responsibility was not
described in as many areas.
CHALLENGES IDENTIFIED BY PRIVATE-SECTOR CIOS
Approximately half of all the private-sector CIOs described four
major challenges:
Aligning IT with business goals was cited by 11 of the
CIOs. This challenge requires the CIOs to develop IT plans to support
their companies' business objectives. In many cases this entails cross-
organization coordination and collaboration.
Implementing new enterprise technologies (e.g., radio
frequency identification, enterprise resource planning systems, and
customer relationship management systems) was cited by 8 of the CIOs.
This challenge requires the broad coordination of business and
corporate units.
Controlling IT costs and increasing efficiencies was cited
by 9 of the CIOs. Several CIOs explained that by controlling costs and
providing the wane or better service at lower cost, they are able to
contribute to their companies' bottom lines. A few CIOs also said that
they generate resources for new investments out of the resources freed
up by cost savings.
Ensuring data security and integrity was cited by 9 of the
CIOs. Closely associated with this challenge was ensuring the privacy
of data, which was raised by 6 CIOs.
Additional management challenges commonly raised by the private-
sector CIOs included:
developing IT leadership and skills (7),
managing vendors, including outsourcing (7),
improving internal customer satisfaction (5).
Additional technical challenges commonly raised by the private-
sector CIOs included:
implementing customer service/customer relationship
management (CRM) systems (7),
identifying opportunities to leverage new technology (6),
integrating and enhancing systems and processes (5), and
rationalizing IT architecture (5).
The challenges mentioned by the private-sector CIOs overlapped with
those mentioned by Federal CIOs in our previous study. Improving
various IT management processes was mentioned by several private-sector
CIOs (e.g., IT investment decision making) as well as by federal CIOs,
as was developing IT leadership and skills. In technology-related
areas, both private-sector and federal CIOs mentioned working with
enterprise architectures and ensuring the security of systems as
challenges. Although the challenges mentioned by private-sector CIOs
resembled those mentioned by federal CIOs, there were a few
differences. Private-sector CIOs mentioned challenges related to
increasing IT's contribution to the bottom line--such as controlling
costs, increasing efficiencies, and using technology to improve
business processes--while federal CIOs tended to mention overcoming
organizational barriers and obtaining sufficient resources.
IT GOVERNANCE IN THE PRIVATE SECTOR
When asked to describe how the governance of information management
and technology is carried out in their companies, 16 of the 20 private-
sector companies told us that they had an executive committee with the
authority and responsibility for governing major IT investments. As
part of the governance of IT assets in their companies, nine of the
CIOs said that they shared responsibility for IT investment management
and that their involvement ranged from providing strong leadership to
reviewing plans to ensure that they complied with corporate standards.
Many of the private-sector CIOs were actively working to increase
coordination among business units to enhance their governance process.
Seven of the CIOs described efforts under way to implement enterprise-
wide financial and supply chain systems, which will move the companies
to common business processes. Six CIOs also described using cross-
organizational teams (sometimes called centers of excellence), which
drive these broad collaborative efforts and others, such as the
establishment of standards and common practices.
With regard to the governance of the development of new systems,
many of the private-sector CIOs described a process in which they
collaborated closely with business units and corporate functional units
in planning and developing systems to meet specific needs.
The extent of the CIOs' involvement ranged from providing strong
leadership and carrying out most activities to reviewing the other
components' plans to ensure that they complied with corporate
standards.
With regard to sharing authority for decisions on the management of
IT assets, several CIOs spoke of balancing between centralization and
decentralization of authority and described their efforts to move
between the two extremes to find the right balance. The appropriate
balance depended on other events occurring in the companies, such as
major strategic realignments or acquisitions. For example, one CIO
described his current evolution from a relatively decentralized
structure--an artifact of a major effort to enable growth in the
corporation--to a more centralized structure in order to reduce costs
and drive profits.
ROLES AND RESPONSIBILITIES OF THE CIO POSITION AT VA HAVE EVOLVED OVER
TIME
Since enactment of the Clinger-Cohen Act in 1996, the roles and
responsibilities of VA's Chief Information Officer have evolved. From
lacking a CIO entirely, the department has taken steps to address the
challenges posed by its multiple widespread components and its
decentralized information technology and services. In June 1998, VA
assigned CIO responsibility to a top manager. However, we reported in
July 1998 that the person holding the CIO position at VA had multiple
additional major responsibilities, as this person also served as
Assistant Secretary for Management, Chief Financial Officer, and Deputy
Assistant Secretary for Budget. According to the Act, the CIO's primary
responsibility should be information and technology management. Noting
that VA's structure was decentralized, its IT budget was large, and its
CIO faced serious information and technology management issues, we
recommended that the Secretary appoint a CIO with full-time
responsibilities for IRM. Concurring with the recommendation, VA
established the position of Assistant Secretary for Information and
Technology to serve as its CIO.
As of May 2000, however, the position of Assistant Secretary for
Information and Technology was vacant, and as we reported at the time,
it had been unfilled since its creation in 1998. The Secretary then
created and filled the position of Principal Deputy Assistant Secretary
for Information and Technology, designating that person as VA's acting
CIO until an Assistant Secretary could be appointed. The Secretary also
realigned IRM functions within VA under this position, which reported
directly to the Secretary.
As we reported, the Principal Deputy Assistant Secretary was
involved in IT planning issues across the department. In addition to
advising the Secretary on IT issues, he served as chair of the
department's CIO Council and as a member of the department's Capital
Investment Board, and he worked with the CIOs in VBA and VHA (at the
time, NCA had no CIO). According to this official, one of his
priorities was to ensure that IT activities in VBA and VHA were in
concert with VA's department-wide efforts.
In August 2001, VA filled the CIO position. In March 2002, we
testified that this hiring was one of the important strides that the
Secretary of Veterans Affairs had made to improve the department's IT
leadership and management, along with malting a commitment to reform
the department's use of IT.
On June 29, 2003, the CIO retired after a tenure of almost 2 years
(about the median length of tenure for federal CIOs, as discussed
above); the current CIO was confirmed in January 2004.
Figure 1 is a time line showing the history of the CIO position at
VA since the passage of the Clinger-Cohen Act.
[GRAPHIC] [TIFF OMITTED] T5790.042
VA PROPOSED TO REALIGN ITS IT ORGANIZATION IN RESPONSE TO IT
MANAGEMENT CHALLENGES
Our prior work highlighted some of the challenges that the CIO
faced as a result of the way the department was organized to carry out
its IT mission. Among these challenges was that information systems and
services were highly decentralized, and the VA administrations and
staff offices controlled a majority of the department's IT budget. For
example, in VA's information technology budget for fiscal year 2002 of
approximately $1.25 billion, YHA controlled about $1.02 billion (over
80 percent), whereas the department level controlled about $60.2
million (less than 5 percent).
In addition, we noted that there was neither direct nor indirect
reporting to VA's cyber security officer--the department's senior
security official--thus raising questions about this person's ability
to enforce compliance with security policies and procedures and ensure
accountability for actions taken throughout the department. The more
than 600 information security officers in VA's three administrations
and its many medical facilities throughout the country were responsible
for ensuring the department's information security, although they
reported only to their facility's director or to the chief information
officer of their administration.
Given the large annual funding base and decentralized management
structure, we testified that it was crucial for the departmental CIO to
ensure that well-established and integrated processes for leading,
managing, and controlling investments are commonplace and followed
throughout the department. This is consistent with the finding in our
CIO review that implementation of IT management practices was a
challenge; over half of federal CIOs identified IT investment
management specifically.
Recognizing weaknesses in accountability for the department's IT
resources and the need to reorganize IT management and financing, the
Secretary announced a realignment of the department's IT operations in
a memorandum dated August 2002. According to the memorandum, the
realignment would centralize IT functions, programs, workforce
personnel, and funding into the office of the department-level CIO. In
particular, several significant changes were described:
The CIOs in each of the three administrations-VHA, VBA,
and NCA--were to be designated deputy CIOs and were to report directly
to the department-level CIO. Previously, these officials served as
component-level CIOs who reported only to their respective
administrations under secretaries.
All administration-level cyber security functions were to
be consolidated under the department's cyber security office, and all
monies earmarked by VA for these functions were to be placed under the
authority of the cyber security officer. Information security officers
previously assigned to VHA's 21 veterans integrated service network
would report directly to the cyber security officer, thus extending the
responsibilities of the cyber security office to the field.
Beginning in fiscal year 2003, the department level CIO would
assume executive authority over VA's IT funding.
In September 2002, we testified that in pursuing these reforms, the
Secretary demonstrated the significance of establishing an effective
management structure for building credibility in the way IT is used,
and took a significant step toward achieving a ``One VA'' vision. The
Secretary's initiative was also a bold and innovative step by the
department--one that has been undertaken by few other federal agencies.
For example, of 17 agencies contacted in 2002, 8 reported having
component level CIOs, none of which reported to the department level
CIO. Only one agency with component-level CIOs reported that its
department-level CIO had authority over all IT funding.
We also noted that the CIO's success in managing IT operations
under the realignment would hinge on effective collaboration with
business counterparts to guide IT solutions that meet mission needs,
and we pointed out the importance of the three key contributors to CIO
success described in our 2001 guidance (discussed earlier).
Although we have not reviewed the current status of this proposed
realignment or VA's current organizational structure, it remains our
view that the proposed realignment held promise for building a more
solid foundation for investing in and improving the department's
accountability over IT resources. Specifically, under the realignment
the CIO would assume budget authority over all IT funding, including
authority to veto proposals submitted from sub-department levels. This
could have a significant effect on VA's accountability for how
components are spending money.
To sum up, the CIO plays a vital role in ensuring that VA's funds
are well spent and in managing information technology to serve our
nation's veterans. In our view, the realignment of VA's IT organization
proposed in 2002 held promise for improving accountability and enabling
the department to accomplish its mission. The additional oversight
afforded the CIO could have a significant impact on the department's
ability to more effectively account for and manage its proposed $2.1
billion in planned IT spending.
Mr. Chairman, this concludes my statement. I would be pleased to
respond to any questions that you or other Members of this Committee
may have at this time.
Chairman Craig. Thank you very much, Linda.
Paul, you stated in your testimony that the CIO should not
delegate enterprise level planning, authorization or resourcing
responsibilities, and that the CIO should report to the
organization's most senior officer. Can you cite an example of
another government entity with whom ITAA organizations have
contracted, that from your vantage point, have achieved this
organizational structure, and how has that led to a successful
IT strategy?
Mr. Wohlleben. Mr. Chairman, I do not believe that I can
cite a single large department that has achieved all aspects of
that. There are some small independent agencies that I think
have moved in the direction where the CIO is charged,
responsible, and executes against all of those.
By the same token, I have not pursued a study of all of
those organizations. I am sort of speaking from an ad hoc
basis.
Chairman Craig. All right. Also in your testimony you
stated that the IT business process must originate from the top
down. VA, however, believes that much of the credit for its
success in electronic health records is directly due to some
very decentralized initiatives. Do you believe that there is an
appropriate balance to be struck between planning,
authorization, resourcing and implementation of a macro-program
level, and less centralization at a micro-project level? In
short, should VA vest total control in its CIO?
Mr. Wohlleben. My experience with Government organizations
in general--and I would prefer not to speak to VA specifically
because I do not claim to be an expert on their internal
culture--but in general, our position at ITAA is that the
planning that involves the vision and the strategy needs to be
centrally controlled and that should be a duty of the CIO. That
involves the control of the strategy and the budgeting and
resourcing of that strategy in terms of execution plans.
Depending on the nature of an organization and its mission,
the execution of that plan could be accomplished centrally or
could be accomplished in a more decentralized approach where
those responsibilities are delegated.
If I could further explain that, where you have an
organization that has, across the enterprise their mission is
either the same or has attributes of a common mission, the
centralized model is one that can be executed. Where you have
missions that differ, where people at the local level who are
executing that mission understand how you carry out that
mission much better, it is imperative that those people be
involved in the design of the systems that are going to support
them. If they are not, our finding, and I believe the finding
in both commercial and in Government sectors over time, has
been that those systems are not able to be developed to meet
those requirements of the people who are actually executing the
work and carrying out the mission.
Chairman Craig. Linda, your testimony has indicated that
the average tenure of Federal CIOs is less than the length of
time that any consider necessary to implement the policies that
a CIO is expected to implement. VA is certainly no exception.
With that said, should the Government expect CIOs to do less,
or do we believe that there are any strategies the Government
can implement to encourage CIOs to remain in their positions
longer?
Ms. Koontz. When we did our study on Federal CIOs that we
issued in 2004, I think that we said the average tenure was
around 23 months, which was about 2 years. CIOs at the same
time said that staying in a position for about 3 to 5 years was
really the amount of time that was needed in order to show any
kind of results or to make an impact.
Some of the major things that were cited in terms of the
turnover by CIOs were the differences in salary between the
private sector and the public sector, and also the scope of
responsibilities that are involved in being a public sector
CIO. We actually have some ongoing work looking at various
governance models, and we are continuing to study the
appropriate responsibilities for a CIO in a public setting.
Chairman Craig. Most private sector companies authorize and
govern major IT investments by executive committees, we are
told, and I think you reference that also, Paul. The Federal
Government is not a private sector corporation. Still, do you
believe the Government should consider management of large IT
investments through the use of an executive committee, and do
you think this could help our continuity efforts, given that
different committee members may stay with Government employment
for longer tenures than the average CIO? I mean in examining
this, has that been a part of your consideration?
Ms. Koontz. Yes, that has clearly been part of our
consideration. When we talk about an executive committee
responsible for overseeing IT investments, I think what we are
talking about is having some kind of IT investment process.
What we have noted from our studies is that, just as my
colleague here mentioned in his testimony, that developing
systems is a collaborative process, and both the CIOs and the
business units need to be involved. Bringing together the
executives who all have a stake in this, including the CIO, to
make decisions about investments, is very, very important. If
you have a strong investment process in place, I think it
actually transcends changes in individual personnel or even
maybe changes in administrations that take place because you
have a strong process for bringing the right people to the
table.
One feature that we think is critical though in an
investment management process is that the CIO have veto power
over proposed investments, and the reason is, is that in that
way the CIO can ensure that any proposed projects that are
brought to him by the administrations or that are centrally
proposed, fit with the enterprise architecture and they meet
the various network and other standards that are in place, and
that they meet security requirements. He uses an enterprise
architecture in order to ensure that there is an enterprise
approach, and that systems are not duplicative, but they are
integrated.
So, yes, that is a feature that is important in both the
private and the public sectors, and can help any organization
do more effective IT management.
Chairman Craig. Paul, any comments on that question?
Mr. Wohlleben. I would agree, Mr. Chairman. The way I would
describe the introduction of the enterprise architecture into
an organization and the utility, the enterprise architecture,
if agreed to by the senior leadership team as capturing the
intended business processes and the use of technology that the
organization is moving towards, it gives the CIO and whatever
governance committee is being used to look at IT investments,
something to compare the investments, and gives them a very,
very strong tool to enforce compliance to a blueprint to move
to the future, or to veto investments that are not in
compliance, and it is a tool that is just now coming onto the
scene in the Federal Government, but maturing to the point
where it is useful.
Chairman Craig. We have a unique challenge here in
transitioning government into the 21st century, gaining the
efficiencies that we see in the private sector in these areas,
and still sustaining core missions as attended. Even with
executive committees, the reality of the politics involved when
you have an executive committee of 575 Members of the United
States Congress----
[Laughter.]
Chairman Craig. Yet, I would suggest in all of that
frustration the absolute need for continuance, continuity and
all of that for the sake of those who these agencies serve, but
also the efficiency of the resources that are employed in these
agencies.
We appreciate your testimony, and we will more than likely
be back, ask you to revisit this along the way, as we stay in
tune with what the VA is doing. We are not going to say
``attempting to do,'' but ``will be doing'' to get the kind of
changes necessary, and the evolution of the culture to where it
is most efficient.
Thank you all very much for being with us today, and the
committee will stand adjourned.
[Whereupon, at 11:40 a.m., the committee was adjourned.]
A P P E N D I X
----------
[GRAPHIC] [TIFF OMITTED] T5790.001
[GRAPHIC] [TIFF OMITTED] T5790.002
[GRAPHIC] [TIFF OMITTED] T5790.003
[GRAPHIC] [TIFF OMITTED] T5790.004
[GRAPHIC] [TIFF OMITTED] T5790.005
[GRAPHIC] [TIFF OMITTED] T5790.006
[GRAPHIC] [TIFF OMITTED] T5790.007
[GRAPHIC] [TIFF OMITTED] T5790.008
[GRAPHIC] [TIFF OMITTED] T5790.009
[GRAPHIC] [TIFF OMITTED] T5790.010
[GRAPHIC] [TIFF OMITTED] T5790.011
[GRAPHIC] [TIFF OMITTED] T5790.012
[GRAPHIC] [TIFF OMITTED] T5790.013
[GRAPHIC] [TIFF OMITTED] T5790.014
[GRAPHIC] [TIFF OMITTED] T5790.015
[GRAPHIC] [TIFF OMITTED] T5790.016
[GRAPHIC] [TIFF OMITTED] T5790.017
[GRAPHIC] [TIFF OMITTED] T5790.018
[GRAPHIC] [TIFF OMITTED] T5790.019
[GRAPHIC] [TIFF OMITTED] T5790.020
[GRAPHIC] [TIFF OMITTED] T5790.021
[GRAPHIC] [TIFF OMITTED] T5790.022
[GRAPHIC] [TIFF OMITTED] T5790.023
[GRAPHIC] [TIFF OMITTED] T5790.024
[GRAPHIC] [TIFF OMITTED] T5790.025
[GRAPHIC] [TIFF OMITTED] T5790.026
[GRAPHIC] [TIFF OMITTED] T5790.027
[GRAPHIC] [TIFF OMITTED] T5790.028
[GRAPHIC] [TIFF OMITTED] T5790.029
[GRAPHIC] [TIFF OMITTED] T5790.030
[GRAPHIC] [TIFF OMITTED] T5790.031
[GRAPHIC] [TIFF OMITTED] T5790.032
[GRAPHIC] [TIFF OMITTED] T5790.033
[GRAPHIC] [TIFF OMITTED] T5790.034
[GRAPHIC] [TIFF OMITTED] T5790.035
[GRAPHIC] [TIFF OMITTED] T5790.036
[GRAPHIC] [TIFF OMITTED] T5790.037
[GRAPHIC] [TIFF OMITTED] T5790.038
[GRAPHIC] [TIFF OMITTED] T5790.039
[GRAPHIC] [TIFF OMITTED] T5790.040
[GRAPHIC] [TIFF OMITTED] T5790.041
�