[Senate Hearing 109-498]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 109-498
 
INFORMATION AND TECHNOLOGY AT THE VA: IS IT READY FOR THE 21ST CENTURY?

=======================================================================

                                HEARING

                               BEFORE THE

                     COMMITTEE ON VETERANS' AFFAIRS
                          UNITED STATES SENATE

                       ONE HUNDRED NINTH CONGRESS

                             FIRST SESSION

                               __________

                            OCTOBER 20, 2005

                               __________

       Printed for the use of the Committee on Veterans' Affairs


 Available via the World Wide Web: http://www.access.gpo.gov/congress/
                                 senate



                                 ______

                    U.S. GOVERNMENT PRINTING OFFICE
25-790                      WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                     COMMITTEE ON VETERANS' AFFAIRS

                      Larry Craig, Idaho, Chairman
Arlen Specter, Pennsylvania          Daniel K. Akaka, Ranking Member, 
Kay Bailey Hutchison, Texas              Hawaii
Lindsey O. Graham, South Carolina    John D. Rockefeller IV, West 
Richard Burr, North Carolina             Virginia
John Ensign, Nevada                  James M. Jeffords, (I) Vermont
John Thune, South Dakota             Patty Murray, Washington
Johnny Isakson, Georgia              Barack Obama, Illinois
                                     Ken Salazar, Colorado
                  Lupe Wissel, Majority Staff Director
               D. Noelani Kalipi, Minority Staff Director


                            C O N T E N T S

                              ----------                              

                                  DATE
                                SENATORS

                                                                   Page
Akaka, Hon. Daniel K., U.S. Senator from Hawaii..................     2
Craig, Hon. Larry, Chairman, U.S. Senator from Idaho.............     1
Salazar, Hon. Ken, U.S. Senator from Colorado....................     3
Thune, Hon. John, U.S. Senator from South Dakota.................     5

                               WITNESSES

Mansfield, Gordon H., Deputy Secretary, Department of Veterans 
  Affairs, accompanied by: Robert N. McFarland, Assistant 
  Secretary for Information Technology and Chief Information 
  Officer, Department of Veterans Affairs; Robert Lynch, M.D., 
  VISN 16 Director, VHA; and Jack McCoy, Associate Deputy Under 
  Secretary for Policy and Program Management, VBA...............     5
    Prepared statement...........................................     8
    Responses to written questions submitted by:
        Hon. Daniel K. Akaka.....................................    11
        Hon. John D. Rockefeller IV..............................    15
Wohlleben, Paul, Partner, Grant Thorton, LLP, on Behalf of the 
  Information Technology Association of America..................    29
    Prepared statement...........................................    31
Koontz, Linda D., Director, Information Management Issues, United 
  States Government Accountability Office........................    32
    Prepared statement...........................................    34

                                APPENDIX

Articles:
    Improving Patient Care.......................................    47
    Revamped Veterans' Health Care Now a Model...................    55
    Brief Report: Quality of Ambulatory Care for Women and Men in 
      the Veterans Affairs Health Care System....................    58
    Special Communication: Five Years After to Err is Human......    62
    Washington Monthly: The Best Care Anywhere...................    69
    U.S. News & World Report: America's Best Hospitals...........    83


 INFORMATION AND TECHNOLOGY AT THE VA: IS IT READY FOR THE 21ST CENTURY

                              ----------                              


                       THURSDAY, OCTOBER 20, 2005

                               U.S. Senate,
                    Committee on Veterans' Affairs,
                                                   Washington, D.C.
    The committee met, pursuant to notice, at 10:05 a.m., in 
room SR-418, Russell Senate Office Building, Hon. Larry Craig 
(Chairman of the committee) presiding.
    Present: Senators Craig, Thune, Isakson, Akaka and Salazar.

       OPENING STATEMENT OF HON. LARRY CRAIG, CHAIRMAN, 
                    U.S. SENATOR FROM IDAHO

    Chairman Craig. Good morning, everyone. The Committee on 
Veterans' Affairs meets this morning to receive testimony on 
VA's effort to reorganize both the internal management 
structure of its information technology programs and the 
financing of its IT development projects. This is a critically 
important topic for oversight, I think, by this committee.
    I say in all seriousness to my colleagues that VA's ability 
to provide quality health care, timely and accurate benefits 
decisions and compassionate readjustment counseling for our 
veterans in the future rests largely on its ability to 
modernize its IT infrastructure. Tomorrow's modernization 
requires strong, qualified, rigorous management today.
    I want to stress that this is not a hearing intended to 
chide VA for failures in its IT program management. In fact, VA 
has had numerous successes in its IT programs, and I think we 
can be proud of those successes. For example, I do not think 
there is a person in the health care industry that is not 
overwhelmed by, and frankly, jealous of VA's electronic health 
records. Just recently, during the events of Hurricane Katrina, 
we saw firsthand how important the electronic records can be 
for our veterans.
    That success did not go unnoticed to even Time Magazine, 
which recently wrote in a story about medical care during 
Hurricane Katrina,

          ``Throughout the chaos of Katrina, doctors treating displaced 
        patients in the Veterans Affairs system have had access to 
        information that those outside the VA are dreaming of: up to 20 
        years of lab results and 6 years worth of x-rays, scans, 
        doctors' notes and medication records, available for all 5.2 
        million active patients.''

    This is truly a remarkable achievement.
    Still, there have been some shortcomings in the management 
of VA's IT projects. Most recently there was a failure for the 
core financial and logistics system VA attempted to implement 
at the Bay Pines Medical Center in Florida. In that case 
taxpayers spent hundreds of millions of dollars, and VA spent 
thousands of man hours. Still, at the end of the day, taxpayers 
and VA had nothing to show for it. Clearly, Congress cannot 
continue to fund failures, especially ones of that scale.
    To the end, the Senate, through the Appropriations bill for 
MilCon/VA, recently took action to protect taxpayers from large 
scale project management failures. The fiscal year 2006 MilCon/
VA Appropriations bill places VA's IT budget under one person. 
Further, and perhaps more importantly, the bill withholds VA IT 
project monies for the new Health-e-Vet project until VA 
reorganizes its IT management, to make certain that the project 
is run by a well-qualified project manager.
    Changes such as this one will have consequences large and 
small all across the Agency, and it is important that this 
committee understand those consequences and any tradeoffs that 
may come from such a move. As has been pointed out to me on 
more than one occasion, VA is one of the largest agencies in 
Government. A change in management structure that will affect 
over 200,000 people must be done in a thoughtful manner and 
implemented correctly.
    The question before the committee today, that I hope we 
have answers by our witnesses, is a very special one: How can 
we ensure that the Department undertakes very costly projects 
to both upgrade its IT programs and build newer programs so we 
see more successes like those in the electronic health records 
systems, and less very expensive failures such as the one that 
took place with Core FLS?
    To answer that question, and perhaps many others, we will 
hear from witnesses from VA, the Government Accountability 
Office and the Information Technology Association of America.
    Before I call upon our witnesses, I would like to turn to 
my Ranking Member, Senator Akaka, for any opening comments he 
would like to make.
    Danny.

          OPENING STATEMENT OF HON. DANIEL K. AKAKA, 
                    U.S. SENATOR FROM HAWAII

    Senator Akaka. Thank you very much, Mr. Chairman. I want to 
thank you for this hearing. A hearing on this issue is long 
overdue, as you state, and I am with you on your statement that 
you have just made, and to let our witnesses know that we are 
doing this to try to improve the system.
    I also want to welcome all of our witnesses to this 
hearing.
    In the recent past I can recall one IT hearing. I believe 
it was a field hearing 2 years ago, chaired by my predecessor's 
Ranking Member, which focused on VA's failed $300 million 
financial and logistics IT system. By now we all have heard the 
story. It is a story of unrealistic expectations and complete 
mismanagement of a contractor, and it is a costly story, one 
which wasted taxpayer dollars and caused failures in the 
delivery of medical care.
    I would remind my colleagues that VA paid the contractor a 
bonus after they knew that the system had failed. This was 
shameful.
    Some would argue that we may soon have at our feet another 
IT disaster. VA is in the midst of a major initiative to 
modernize its VISTA system. Fortunately, VA had the wisdom to 
hire an expert to evaluate the project and to identify the 
problems before they go too far down this expensive road. 
Carnegie Mellon found major problems with VA's approach. The 
analysts at Carnegie Mellon wrote, and I quote, ``Current plans 
are not realistic given the complexity and magnitude of the 
project and VA's ability to carry them out.'' Hopefully, VA 
will be able to reverse course and solve these problems.
    I must question if VA had bitten off more of an IT solution 
than it can chew, especially because the system which it was 
designed to replace, is still in much demand in the health care 
sector. The VA has had its IT successes. A much mentioned 
example is the world class electronic medical records system, 
which proved its viability and robustness in the days following 
Hurricane Katrina. Yet with each endeavor, we must be cognizant 
of the bottom line. Given VA's limited health care budget, we 
cannot afford to sink millions into IT solutions that may not 
be viable.
    We have to figure out how we can become smarter and better 
in the way we plan for and implement new or replacement IT 
solutions. It is extremely important for our veterans and for 
taxpayers that Congress ensures effective management of 
information technology within VA. It is all the more important 
because all veterans have come to rely on IT solutions every 
day to faultlessly deliver their benefits and services.
    For me, the question confronting the committee today is 
whether or not VA should be directed through legislation on how 
to solve its IT problems.
    Mr. Chairman, I look forward to this hearing and to 
eventually continuing to work with you on this problem. Thank 
you very much.
    Chairman Craig. Senator Akaka, thank you very much. We have 
been joined by our colleague, Senator Salazar.
    Ken, do you have any opening comment?

   OPENING STATEMENT OF HON. KEN SALAZAR, U.S. SENATOR FROM 
                            COLORADO

    Senator Salazar. Thank you, Chairman Craig and Senator 
Akaka. Today we will discuss proposals to centralize VA's 
information technology system. I want to use my opening 
statement to offer a cautionary note to all of you who will 
work on this very important project for the VA.
    I agree that a centralized IT structure has the potential 
to eliminate waste as much as $345 million a year, and to 
improve the care of veterans. This is a notable and a very 
important goal. However, wonder about the VA's ability to make 
this transformation quickly. I fear that if we push VA too hard 
and too fast we may set the agency up for failure and waste 
hundreds of millions of dollars in the process, as we have some 
with many agencies at both the Federal and State level as they 
implement new IT projects over the last decade.
    These Federal IT programs are expensive and we do have a 
record of failure with many of these projects. The IRS and the 
FBI are recent examples of failures. VA has also seen major IT 
problems with Core FLS, which was scrapped last year after $342 
million was wasted. HR Links was cancelled after $300 million 
was spent. These are warning systems about what we had to do, 
or warning signs about what we had to do as we move forward to 
centralization.
    In addition, there is a deeply entrenched culture of 
decentralization of VA. VA's IT structure is inherently 
decentralized because of its history. VistA, VA's biggest IT 
success story, is a 30-year-old outgrowth of DHCP. This program 
was developed by individual VA programmers working without 
permission from VA Headquarters. It worked because it was 
developed locally and was flexible. To this day individual 
hospitals have excellent IT systems because of VistA. I do not 
suggest that this system is perfect. Individual hospitals have 
trouble sharing records, but transformation is especially risky 
because the VA may not have the capacity to make such a large 
change.
    I want to note four or five concerns that I have in terms 
of the transition. First, this kind of transition requires buy-
in from top management. The VA's record here is not 
particularly encouraging. It took 5 years after the Clinger-
Cohen Act before VA appointed a full-time CIO. The VA CIO has 
since been slow in implementing major reforms. VA's leadership 
is opposed to the centralized model espoused in the Gartner 
Report and in the House legislation as I understand it.
    Second, the transition cannot succeed without cooperation 
and input from the individualized service networks and 
hospitals that will use the product. In the past individual VA 
hospitals have been reluctant to work with VA's CIO or cede any 
budget authority.
    Third, funding. VA's CIO currently directly controls $50 
million, only 3 percent of VA's total IT budget, 3 percent of 
the entire IT budget for VA. The CIO's office recently has had 
to cancel conferences because of budgetary constraints. The CIO 
does not currently have the capacity to spend significantly 
more money.
    Fourth, good contracting is a keystone to a successful 
project. One of the main reasons VA's recent IT have failed is 
the VA did not have the capacity to establish good contracts 
and to oversee them. Just last month, VA's CIO, Robert 
McFarland, testified candidly that contracting delays held up 
the Gartner study for months.
    Fifth, the length of service. GAO reported that it often 
takes as many as 5 years for a CIO at a Federal agency to make 
an impact, but the average tenure of a CIO is only 2 years. Mr. 
McFarland testified that a centralized model is best long term 
for VA, but he does not think he can accomplish this in his 
tenure. He likened this task to, ``pouring concrete with good 
rebar.''
    I am raising these cautions now because I am pessimistic or 
have given up on reforming the VA on this system. The VA 
definitely needs to move forward towards centralization. 
Congress, however, must work with the VA, and we must move 
forward with caution.
    Given the VA CIO more budget authority and oversight would 
be a step in the right direction, in my view, if it is done 
right and it is done at the appropriate pace.
    I thank the Chair, and I look forward to the hearing.
    Chairman Craig. Ken, thank you very much.
    Now let us turn to our first panel. We have the Hon. Gordon 
H. Mansfield, Deputy Secretary, Department of Veterans Affairs. 
He is accompanied by the Hon. Robert N. McFarland, Assistant 
Secretary for Information Technology and Chief Information 
Officer, Department of Veterans' Affairs.
    We have two additional witnesses seated at the table: Dr. 
Robert Lynch, VISN 16 Director, VHA; and Jack McCoy, Associate 
Deputy Under Secretary for Policy and Program Management.
    Welcome, gentlemen. We appreciate you being with us this 
morning. Before I ask your thoughts, we have just had another 
one of our colleagues arrive.
    Senator Thune, do you have any opening comments prior to us 
going to the first panel?

 OPENING STATEMENT OF HON. JOHN THUNE, U.S. SENATOR FROM SOUTH 
                             DAKOTA

    Senator Thune. Mr. Chairman, I just want to thank you for 
holding this hearing. I am very interested in the subject of 
information technology and its application to health care, and 
I appreciate the good work the VA has done in leading the way 
and pioneering some of the technologies, and I am also pleased 
that they are making some of those same technologies available 
to nongovernment doctors and hospitals, and I am hopeful that 
in today's high tech world that it will become more possible to 
rapidly exchange information electronically, and that these 
exchanges will, in fact, do a lot to help the health care 
sector of additional patients.
    I want to congratulate you for holding this hearing, and am 
anxious to hear the testimony from our panelists today, and 
look forward to working with the VA to continue to improve the 
quality of care that they deliver to America's veterans, and 
hope that we can take some of the things that are happening in 
the area of electronic medical records that is already under 
way at the VA and see that more readily applied in other areas 
of our health care economy in this country.
    That is all I have, Mr. Chairman. Thank you.
    Chairman Craig. Senator, Thank you very much.
    Now we will turn to the panel, and Gordon, we will start 
with your testimony first. Please proceed.

STATEMENT OF GORDON H. MANSFIELD, DEPUTY SECRETARY, DEPARTMENT 
   OF VETERANS AFFAIRS, ACCOMPANIED BY: ROBERT N. McFARLAND, 
   ASSISTANT SECRETARY FOR INFORMATION TECHNOLOGY AND CHIEF 
  INFORMATION OFFICER, DEPARTMENT OF VETERANS AFFAIRS; ROBERT 
 LYNCH, M.D., VISN 16 DIRECTOR, VHA; AND JACK McCOY, ASSOCIATE 
 DEPUTY UNDER SECRETARY FOR POLICY AND PROGRAM MANAGEMENT, VBA

    Mr. Mansfield. Thank you, Mr. Chairman, and Mr. Akaka and 
Members of the committee. I am pleased to be here this morning 
to discuss the VA's ongoing activities in reorganization of our 
information technology programs.
    Before I start, I would just like to make the point that 
Dr. Lynch, who is here with me, is the head of our largest 
health care network, VISN 16, and this is the man who was on 
the scene in the efforts in Katrina and Rita, and he was the 
one that we were talking to from the VA Ops Center, and he was 
in charge of the folks on the scene down there. I have to tell 
you that he is a personal hero of mine for all the efforts he 
has done down there.
    Chairman Craig. He certainly deserves our congratulations. 
It was a job very well done.
    Mr. Mansfield. Sir, I request that my full statement be 
entered in the record, and I also request that the articles 
noted in the formal statement be entered into the record, with 
your permission.
    Chairman Craig. Without objection, all of your statements 
will be a full part of the record.
    Mr. Mansfield. Thank you. In starting I want to emphasize 
that IT is a tool to be utilized to assist us to carry out the 
Department's reason for existence, to deliver services and 
benefits to our Nation's veterans. Last year we provided health 
care to 5.2 million veterans out of 7.1 million that are 
enrolled. We provided compensation and pension benefits to more 
than 3.5 million veterans and dependents. We provided over 
500,000 veterans and family members education benefits, and 
95,000 received vocational rehabilitation. We buried 95,000 
veterans in our cemeteries. These large numbers are made up of 
individuals who have earned the benefits we are charged with 
delivering.
    I believe we have an obligation to these millions of 
veterans who operate by the principle that we must first do no 
harm, a part of the Hippocratic oath that doctors take when 
they are treating patients, to do no harm. Secondly, we should 
deliver these services and benefits that they require in a 
timely and efficient manner. Our current IT system is assisting 
us in doing that now. We are delivering those benefits each 
day, each month, and throughout the year.
    You mentioned the history. In the past we decentralized 
this system, and this action gained us effectiveness. However, 
that effectiveness has come with a loss of some efficiencies. 
For example, we have situations where all three 
administrations, Benefits, Health Care and Cemetery, are co-
located on the same campus, yet each is running a separate IT 
system.
    For example, as an illustration, I point to the Hines VA 
Medical Center in Chicago, where the Veterans Health Care 
Administration has a major computing center, and within a few 
hundred yards the Veterans Benefits Administration runs another 
major IT center. These facilities are separated by a chain link 
fence, but that is instrumental in the picture because their IT 
systems are not connected and we are not gaining efficiencies 
that are available.
    Another example is Milwaukee, where we have a Cemetery 
Office, a Benefits Regional Office and a hospital all on the 
same campus, and the same thing is true.
    As a result, when Mr. McFarland came to the VA in 2004, he 
recommended, and I agreed based on the history that has been 
discussed here in the introduction, that we had major issues in 
IT and that we needed an outside consultant to review the total 
IT program. The goal was to give us an ``as is'' view of the 
organization, and we chose Gartner Corporation as a consultant 
to help us do that. That consultant's report also gave us not 
only an ``as is'', what the existing efforts were, but some 
recommendation or options on a ``to be'' position. They 
confirmed that the VA's IT resources are currently operated and 
managed within a highly decentralized structure.
    Assistant Secretary McFarland, our CIO, oversees right now 
a staff, as mentioned, of about 350 individuals on a budget of 
roughly 40 to 50 million. While responsible for ensuring the 
success of all the VA's IT operations, he has no direct 
management control or organizational authority over the great 
majority of VA's IT resources. We can only provide policy 
guidance, budgetary review and general oversight via indirect 
supervision.
    Following a briefing on the Gartner Report, Secretary 
Nicholson asked me to review the options provided with the CIO 
and the Under Secretaries for Administration and recommend a 
course of action. The senior management, the Secretary, myself, 
the CIO, the Under Secretaries, believe that the federated 
model presented in that report is the best answer for the VA. 
All IT operational service delivery personnel and the budget 
associated with their support to include all non-medical IT 
equipment, maintenance and contract support, will come under 
the direct supervision of a national organization that reports 
directly to the CIO's office.
    For example, all cyber security personnel and programs will 
be centralized to the Office of Cyber Security under the CIO. 
This organization will deliver all IT-related operational 
services to all elements of the VA based upon negotiated and 
formerly agreed upon set of specific standard IT services 
delivered according to a clearly understood and documented set 
of service level agreement standards.
    The CIO clearly maintains overall responsibility for the 
successful management of these resources and continues to 
provide budget oversight policy and program management 
direction for the Department in the model that we have chosen. 
Budget authority would be centralized to the CIO. We know that 
this is a concern of the Appropriations Subcommittee and we are 
in agreement with the approps they have taken. Most IT 
employees will be under the CIO's authority, running the IT 
operations infrastructure for the VA.
    The chief difference is, one, selection, and our selection 
is that administration IT employees will continue to do 
software development and software application selections that 
are vital to health care or benefits function. This will ensure 
that proper planning, design, integration and standardization 
requirements are followed throughout the Department as we build 
our next generation systems. CIO will still have budget 
decision authority over all development projects.
    Let me close by pointing out why VA believes this plan is 
going to work. First, we have reviewed and learned from the 
lessons of the past, some of the incidences that have been 
presented here in your introductory statements. We know that we 
must communicate to our workforce the backing of the entire 
departmental leadership from the Secretary on down, and I would 
make the point that while the CIO is present for maybe only 2 
years, if he has the direct backing of the Secretary, then I 
believe that he can move forward a lot quicker and get the job 
done, and that is part of what we are depending on.
    Second, we need to take the time needed to explain this 
process to the whole workforce. We also need to involve 
workforce in the actual planning process to define changes 
needed and the timelines needed to make effective change.
    Third, we need to have a check, a recheck, and a third 
check to make sure that all aspects of the plan and how, in 
being implemented, are checked each and every step of the way. 
We must be prepared to make adjustments as necessary, as we 
learn from our implementation plan.
    Fourth, we need to report to outside entities as 
appropriate, to the Congress, to the VSO partners and to others 
who would be interested in this area.
    Fifth, we need to ensure right from the start all the way 
through the finish, that senior leadership from the Secretary 
on down, are continually following through on all planning and 
implementation.
    Sixth, as mentioned, more than IT is being reorganized. Our 
Procurement Office is also undergoing a change of leadership to 
better enable us to deal with contracts and implementation.
    The Secretary has recently made a decision to proceed with 
implementing the federated model and reorganizing VA IT, and 
the leadership represented here at this witness table is 
committed to making that happen.
    Thank you for inviting us here to discuss these important 
matters, and we look forward to answering your questions.
    [The prepared statement of Mr. Mansfield follows:]

     Prepared Statement of Gordon H. Mansfield, Deputy Secretary, 
                     Department of Veterans Affairs

    Thank you, Mr. Chairman. I am pleased to appear before this 
Committee on behalf of the Secretary and the Department to discuss with 
you the Department of Veterans Affairs (VA) information technology 
infrastructure reorganization assessment.
    The Department's business is the health and well-being of our 
nation's veterans. To ensure mission success, it is imperative that we 
employ all means at our disposal, including information technology, in 
the most effective way possible.
    Some history of how VA's IT infrastructure and organization have 
evolved may prove useful to the Committee. For at least 25 years prior 
to 1990, VA's IT program was centralized. In July 1990, under a belief 
that decentralized operations provide for better management of VA 
facilities, the Department decentralized resources to the 
Administrations and staff offices for VA's IT systems design and 
applications development, systems operations, and systems oversight, 
along with four data processing centers. The remaining IT oversight 
program was placed under the Chief Financial Officer (CFO). Then, in 
accordance with the Clinger-Cohen Act of 1996, VA formally established 
the position of Assistant Secretary for Information and Technology 
(CIO), but the IT oversight program remained aligned under the CFO and 
decentralization of VA's IT program continued.
    At his confirmation hearing in January 2001, Secretary-designee 
Principi stated that he was committed to ending stove piped systems in 
VA.
    Secretary Principi directed the centralization of the Department's 
IT program, including authority over personnel and funding, in the 
Office of the Assistant Secretary for Information Technology effective 
October 1, 2002. A team of executives from across VA was convened to 
design a centralized IT organization for VA. The Secretary approved a 
centralized reorganization plan on May 14, 2003.
    The result of this reorganization was a matrix organization which, 
over time, VA came to realize was not best suited for a large, 
geographically dispersed organization that is highly dependent on 
information technology to deliver services.
    Robert N. McFarland was confirmed by the Senate on January 22, 2004 
as the second Assistant Secretary for Information and Technology and 
Chief Information Officer (CIO). Under his leadership, a rigorous IT 
review process, disciplined project management methodology and an IT 
portfolio management system have continued to evolve. We are in the 
final phase of rebuilding our nationwide telecommunications 
infrastructure, beginning the consolidation of some infrastructure 
assets, and implementing aggressive cyber security and privacy programs 
to ensure the protection of our information assets, infrastructure, and 
veterans' personal information. We submitted the VA Enterprise 
Architecture design to OMB in June 2005 and received a score of 3.0, 
significantly higher than the previous score of 1.25. We continue to 
refine it.
    A strong Enterprise Architecture is critical to any effort to bring 
down our stove piped systems and replace them with integrated systems. 
The score of 3.0 demonstrates progress in this information technology 
area and signals that we are steadfastly working to build a foundation 
for systems integration and standardization.
    In the wake of the difficulties with CoreFLS, as a new Deputy 
Secretary, I asked Assistant Secretary McFarland to undertake a study 
of our IT system and resources and to pursue outside assistance, if 
necessary. In December 2004, he contracted with The Gartner Group to 
conduct an Organizational Assessment of VA IT.
    This assessment was to enhance the effectiveness of VA's IT by 
first baselining how it operates today, then developing organizational 
models to increase VA's IT value (in terms of greater efficiencies, 
economies of scale, and added business value), and finally, charting 
the path VA IT can follow to deploy its new organizational model to 
truly deliver value. The completed assessment was delivered to the 
Assistant Secretary for Information and Technology and CIO in May 2005.
    The study proposed five different alternatives, as follows.
    Option 1--Status quo. Currently, VA IT resources are operated and 
managed within a highly decentralized management structure. The 
Department's CIO manages a central office staff of approximately 350 
government employees and a direct budget of approximately $40 million 
per year. While the CIO is charged with overall responsibility for the 
successful management of all VA IT resources (in fiscal year 05, $1.8 
billion and approximately 5400 IT FTE) the CIO has no direct management 
control or organizational authority over any of these resources. The 
CIO provides policy guidance, budgetary review and general oversight 
via indirect supervision (dotted line) of the Administration and staff 
office CIO's. Within some of the Administrations, the CIO does not 
directly supervise or have authority over the majority of IT resources 
in the field and must also provide policy guidance, budgetary review 
and general oversight via indirect supervision.
    Option 2--Regional Option. Under this option, VA would be divided 
into three to five geographically based subdivisions. Within each of 
these, a Deputy CIO would control all IT assets (Operations, Staff 
Functions, and Systems Development) and be responsible for all service 
delivery within that region. These Deputy CIO's would report directly 
to the VA CIO.
    Option 3--Administration-Centric Option. Under this option, VA 
would be divided by Administration and Staff Offices and a Deputy CIO 
for each would control all IT assets (Operations, Staff Functions, and 
Systems Development) and be responsible for all service delivery within 
that Administration or Staff Office. These Deputy CIO's would report 
directly to the VA CIO.
    Option 4--Federated Option. Under this option, VA would separate 
operational responsibilities and IT systems development 
responsibilities into separate domains. All IT operational service 
delivery personnel and the budget associated with their support (to 
include all non-medical IT equipment, maintenance, and contractor 
support) would come under the direct supervision of the CIO. This 
organization would be charged with delivering all IT-related corporate 
services (such as electronic mail, financial systems, 
telecommunications) to all elements of VA based upon a negotiated and 
formally agreed upon set of specific standard IT services delivered 
according to a clearly understood and documented set of service-level-
agreement standards. Under a federated approach, IT mission/program 
systems development responsibility remains with the Administrations or 
staff office business units. The Administrations and staff offices 
directly manage all mission/program systems--development FTE and budget 
authority. The CIO clearly maintains overall responsibility for the 
successful management of these resources and continues to provide IT 
budget oversight, policy, and program management direction for the 
Department.
    Option 5--Centralized Option. Under this option, all VA IT 
personnel resources, assets, and budget would be under the direct 
supervision of the VA's CIO. This centralized IT organization would be 
charged with delivering all IT-related corporate operation and mission 
systems development services to all elements of the VA based upon a 
negotiated and formally agreed upon set of specific standard IT 
services and systems development standards delivered according to a 
clearly understood and documented set of service level agreement 
standards. Under this option the Administrations remain responsible for 
system and user requirements definition, service delivery standards 
development, and end user participation in systems development 
acceptance criteria development and testing.
    The consultant's report delivered an ``as is'' assessment that VA's 
IT resources are currently operated and managed within a highly 
decentralized structure. While the Assistant Secretary for Information 
and Technology, our CIO, oversees a staff of approximately 350 VA 
employees and a budget of over $40 million, total VA IT resources are 
approximately 5,400 full-time-equivalent employees with a budget of 
some $1.8 billion. Despite having overall responsibility for ensuring 
the success of VA's IT operations, the Assistant Secretary has no 
direct management control or organizational authority over the great 
majority of VA's IT resources. He can only provide policy guidance, 
budgetary review and general oversight via indirect supervision.
    We are determined to move sequentially towards a ``to be'' model 
under the Federated Concept.
    In the model we have chosen, the budget will be centralized to the 
CIO. Security will be centralized under the control of the CIO. 
Development will require the CIO's review and budget approval. This 
model will also include a migration of most workers to the control of 
the CIO, while leaving some employees under the control of the 
administrations.
    This will move us closer to greater efficiencies, centralized 
planning and standardization. VA will bring in the necessary expertise 
to plan and manage this transition. We will communicate our plans up 
and down the line so every employee understands what is to be done. We 
will train and test to ensure employees can perform the tasks at hand, 
and keep them motivated during the transition. We will have timelines 
and goals that are agreed upon throughout the organization.
    This is a plan that VA can execute.
    It is important to note that the IT operation today has evolved 
over time and has included the services of many talented and dedicated 
professionals. Their efforts are paying off. For example, in terms of 
cyber security, VA IT systems are certified and accredited for the 
first time. Additionally, external independent gateways have been 
reduced.
    We will build upon our successes. It is vital that any 
reorganization not adversely impact services to veterans or 
unnecessarily affect our employees. Keeping in mind that our department 
exists to serve veterans and their families, our first principle will 
be to ``do no harm'' to the patients in our world class health care 
system, or to the millions of beneficiaries that depend on checks being 
dispatched in a timely and accurate manner. We know there are no simple 
``light-switch'' solutions to be found in any model, but we are 
committed to managing these changes for the good of the Department.
    Mr. Chairman, top-level executives of this Department have been 
involved in the evaluation of alternative organizational models, and 
understand the importance of this endeavor. There is an understanding 
that cultural change has to take place and buy-in must occur at the 
lower-worker level. We also know that it isn't just the IT 
reorganization that is involved. The Department is considering changes 
at the CFO level, in logistics, in finances, in our collections, and 
our efforts to comply with OMB's Circular A-123, ``Management's 
Responsibility for Internal Control.'' We are mindful of lessons 
learned and know for this change to be successful, we must collaborate.
    As we implement this reorganization, we remain mindful of the 
successes recently acknowledged--accomplishments with which our IT team 
had considerable involvement. For example, in just the past 6 months, 
no fewer than five major publications have attested to VA's leadership 
of private and Government health care providers across almost every 
measure.
     A Rand report published in the Annals of Internal Medicine 
ranked the overall quality of VA medical care as significantly higher 
than any other health care system in the country.
     An article in the Washington Monthly, entitled, ``The Best 
Care Anywhere,'' rated VA as the recognized leader in the health care 
industry. It pointed out that, 10 years ago, veterans' hospitals were 
in deep crisis--but that today, and I quote, ``VA is producing the 
highest quality care in the country. VA's turnaround points the way 
towards solving America's health care crisis.''
     An editorial in the prestigious Journal of the American 
Medical Association, referred to VA as `a bright star' within the 
health care profession for its cutting-edge dedication to patient 
safety.
     Last month, in their review of `America's Best Hospitals,' 
U.S. News and World Report titled their article on VA as, `Military 
Might: VA Hospitals are Models of Top-Notch Care.'
     And just on August 22, on the front page, the Washington 
Post ran a headline that read, ``Revamped Veterans' Health Care Now a 
Model.''
    Further, on April 27, 2004 President Bush chose the VA Medical 
Center in Baltimore to announce his commitment to ensuring that all 
U.S. citizens have an electronic health record in the next 10 years. In 
doing so, he held out VA's fine example. The reorganization of our 
resources will enable VA to be the benchmark in the development and 
implementation of Health information technology solutions and standards 
as envisioned by the President's Initiative for Health IT as both an 
example and national leader in this arena.
    I would say all those assessments are right on target. We view the 
Veterans Health Administration as the vanguard for national standards 
for electronic medical records, now the rest of the nation does as 
well. Our health IT systems--and the quality of our employees--helped 
us reap these headlines. Clearly, we are delivering more services to 
more veterans each and every year. And, this was accomplished under our 
current structure.
    Our IT successes are also facilitating the business of claims 
processing and benefit delivery in the face of daunting demands:
     VA provides monthly compensation and pension benefits 
totaling $32 billion to over 3.5 million veterans and beneficiaries. 
Disability claims increased by 33% from 2000 to 2004. Last year alone, 
VA added nearly 240,000 new beneficiaries to the compensation and 
pension rolls.
     By the end of fiscal year 2005, over 750,000 veterans 
received decisions on their disability claims, with VA processing an 
additional 1.5 million pension, dependency, and other adjustments to 
beneficiaries' accounts. Even with the increased claims volumes, we 
have reduced by 30 percent the length of time veterans must wait for 
decisions on their claims over the last 3 years.
     We are also providing in excess of $2.5 billion in 
Education benefits to over 500,000 beneficiaries, and are working to 
rehabilitate nearly 95,000 service-disabled veterans through our 
Vocational Rehabilitation and Employment Program.
    I would also note that in December 2004, the American Customer 
Satisfaction Index announced the National Cemetery Administration 
earned a customer satisfaction rating of 95 out of a possible 100 
points--the highest score ever received by a federal agency or private 
organization. In the survey, both the ratings for respect shown to 
loved ones and maintenance of VA cemeteries as National Shrines 
received a score of 97.
    The report called this finding ``an outstanding score by any 
standard of ACSI measurement and for any context, public or private.'' 
NCA was able to achieve this milestone through the support of IT in all 
aspects of cemetery and memorial services, from the timely acquisition 
of veteran headstones with accurate inscriptions to the nationwide 
gravesite locator available to the public on the World Wide Web.
    This concludes my statement. Thank you, Mr. Chairman, for the 
opportunity to discuss these important matters. I am prepared to answer 
any questions you might have.

                                 ______
                                 
    Response to Written Questions Submitted by Hon. Daniel K. Akaka 
                         to Gordon H. Mansfield

    Question 1. VA's IT budget will be centralized under the Chief 
Information Officer. Development of IT will require the CIO's review 
and budget approval. How will the CIO facilitate communication within 
VA to meet the individual IT of its health, benefits and burial 
administrations?
    Response. There are several points at which requirements for 
information technology (IT) on the part of the Department of Veterans 
Affairs (VA) administrations and staff offices are communicated to the 
VA Chief Information Officer (CIO). First, there is the development of 
the IT portfolio, which determines resource requirements, both 
financial and otherwise, for all of the projects, programs, and 
investments in IT throughout VA. Administrations and staff offices 
develop capital asset plans (Exhibit 300s) for major investments, and 
provide funding information for minor investments. These investments 
are deliberated by the VA Enterprise Information Board (EIB), which is 
comprised of representatives from each administration and major staff 
office. Decisions are made by this group as to whether investments 
should be undertaken, modified, or cancelled. The EIB will also be the 
entry point for a portfolio to become part of the program management 
milestone review process.
    Once the IT portfolio is created, the EIB meets regularly to 
monitor the progress of investments. Semi-annual program management 
reviews (PMRs) will be conducted, one at mid-year to determine 
adherence to spend plans and to check year-of-execution progress; and 
one at the receipt of the new fiscal year budget to ensure continued 
adequate resources for program execution. Emergent reviews will be 
performed whenever programs break management thresholds that indicate 
negative variance to sound program execution
    Finally, the federated IT approach leaves development activity 
centered in the most logical place--with the organization that will 
benefit from the results of the development. The VA CIO will control 
the flow of funds based upon the information provided through the EIB 
in the IT portfolio and program management monitoring processes
    Question 2. The Government Accountability Office recommended that 
the Secretary develop a plan that describes how VA intends to use data 
from the Rating Board Automation 2000. GAO recommended that VA conduct 
studies of the impairments for which data reveal inconsistencies among 
VA regional offices. Please tell the Committee if such a plan has been 
developed. VA's computer programs are tools that can be used to 
determine where inconsistencies exist and to develop better training 
methods for VA employees.
    Response. Veterans Benefit Administration (VBA) concurred in the 
Government Accountability Office's (GAO) recommendations. VBA's 
Compensation and Pension (C&P) Service initiated a pilot review 
selecting three disabilities for consideration, including cases 
involving knees, hearing loss, and service connection for post 
traumatic stress disorder (PTSD). For those decisions where service 
connection was granted, the evaluation assigned to the condition was 
also reviewed. A random sample of ratings completed on or after October 
1, 2004, was selected for the study. The data source was Rating Board 
Automation 2000 (RBA2000).
    Integral to the pilot review was development of checklists to 
collect data to determine if there was inconsistency among raters and, 
if so, the cause of the variance. VBA asked members of the Veterans 
Health Administration (VHA's) Tennessee Valley Healthcare System Center 
for Health Services to assess the value of the checklists that were 
developed, to analyze the review process and results, and to provide 
recommendations for improvement.
    Ultimately, the process was judged too lengthy and costly to 
continue with other reviews. As an alternative course of action, VBA's 
Office of Performance Analysis and Integrity (PA&I) is working with C&P 
Service to gather data through RBA2000 to identify possible 
inconsistencies among regional offices in the award and denial of 
compensation benefits for specific impairments.
    PA&I and C&P are prioritizing body systems and/or diagnostic codes 
to be reviewed. Data will be extracted from the corporate database for 
specific diagnostic codes in the rating schedule. PA&I has also 
extracted data for grants/denials of service connection, and 
evaluations of service-connected conditions for the remaining mental 
disorder diagnostic codes that use the General Rating Formula for 
Mental Disorders. Data pulls for the most prevalent diagnostic codes 
for each subsequent body system occur monthly and the projected 
completion date is June 2006.
    Other data runs will be analyzed in conjunction with these body 
system data runs to determine possible factors that may be affecting 
rating variance. Variables to be analyzed include veteran 
characteristics, station characteristics, station performance, legal/
representational issues, rating characteristics, and staff 
characteristics.
    Question 3. The Gartner Report found that VA's IT culture was 
resistant to change. For example, in May 2003, the Secretary approved a 
plan for reorganization of VA's IT management structure. Yet, to date 
this reorganization has not yet been implemented fully. What steps can 
you take to make VA more receptive to change and allow you to fully 
implement pending and future IT management changes?
    Response. The Secretary of VA has made a decision to proceed with 
implementing the federated model in reorganizing VA IT and the 
leadership represented at the Senate Committee on Veterans' Affairs 
hearing on October 20, 2005, witness table is committed to making it 
happen. An Information and Technology Realignment Office (ITRO) has 
been established to lead and manage the development and implementation 
of a federated information and technology program. The Executive 
Director of the ITRO, reports to the Assistant Secretary for 
Information and Technology, and will work in collaboration with VA's 
Strategic Management Council in the developing and executing of the 
reorganization of IT in VA. The Strategic Management Council is chaired 
by the Deputy Secretary and comprised of the Deputy Under Secretaries, 
Assistant Secretaries, the General Council and other key senior 
officials. Also, internally, and in parallel, a task force, comprised 
of senior budget officials representing each administration and major 
staff office, has been working together to develop a process for 
developing, implementing, monitoring, and managing a single VA IT 
budget.
    Question 4. How can VA provide incentives to contractors to take on 
the costly and risky development work for IT programs, software, and 
systems?
    Response. VA will use the full range of contracting options open to 
it to provide high quality information technology solutions that 
benefit our administrations and staff offices and, ultimately, the 
Nation's veterans. VA will choose the contracting approach that makes 
the most sense based on a determination of technical, schedule and cost 
risks involved in the particular program. If the particular contract 
involves a well-proven commodity, VA will use a firm-fixed price 
vehicle. If there is increasing risk, VA may choose to accept some of 
that risk through use of cost incentives. If the effort is very risky, 
VA might use a time and materials approach. VA is not committed to a 
``one-size-fits-all'' approach when it comes to contracting for IT 
equipment, software, and services. Each effort will be evaluated on its 
own merits and the appropriate determination made to deliver the 
intended results in a timely manner, staying within budget. Contracts 
would also be reviewed to ensure that the contracting solution selected 
enhances the ability of the program to execute by considering 
innovative approaches such as performance-based maintenance concepts in 
the upkeep of legacy software programs.
    Question 5. One of the significant contributing factors to the 
problems associated with the CoreFLS program was that the same 
contractor hired by VA to provide independent advice and assistance 
were also given responsibility to implement the program. One of the 
conclusions of the Carnegie Mellon report on CoreFLS was that in 
allowing this, VA created a conflict of interest. What is VA doing to 
prevent contractors hired to provide independent IT advice and 
assistance from then being hired to implement the work and approach 
they recommend?
    Response. VA's program management and contracting personnel are 
trained in Government ethics and work closely together to identify 
conflicts of interest and the appearance thereof. Additionally, the one 
VA Enterprise Program Management Office (EPMO) was formed on August 8, 
2004. It is designed to improve and standardize the management of IT 
projects and the IT portfolio by defining VA-wide policies, procedures 
and best practices, and providing tools to facilitate the successful 
management, reporting an oversight of VA's IT projects. When fully 
implemented, EMPO will conduct periodic program management reviews 
(PMRs) of all major projects. A key component of reviews will focus on 
the acquisition strategy, supporting acquisition plans and 
implementation. This will provide a greater level of scrutiny of the 
contracting process and ensure that contracting strategies are sound 
and proper. Administrations will be encouraged to implement similar 
internal reviews to ensure appropriate contracting methodologies are 
used.
    Question 6. VBA has undertaken many steps to identify and reduce 
the significant backlog in C&P claims processing application and 
adjudication. It still seems that much more might be done to streamline 
and shorten this process, as well as to ensure that decisions are 
standardized across the nation. Using technology throughout to enhance 
this process, incorporating industry best practices has seemed to lag 
in VBA's efforts. Has VBA considered using a rules-based decision 
engine, such as is used throughout the insurance industry, to help 
standardize at least the bodily injury component of the claims 
adjudication process?
    Response. From 2001 to 2003, VBA worked on the Compensation and 
Pension Evaluation Redesign (CAPER) project, an initiative to enhance 
the disability evaluation process and the exam request/return process 
for VBA claims adjudication. CAPER explored the use of rules-based 
decision-making technology in evaluating medical symptoms (the bodily 
injury component) under the VA Schedule for Rating Disabilities (38 
C.F.R., Part 4). Although VBA's Information Technology Investment Board 
(ITIB) determined in 2004 that IT resources should be redirected from 
CAPER to other higher priority IT initiatives, some of the concepts 
developed for CAPER were integrated into other VBA applications, such 
as the Compensation and Pension Records Interchange (CAPRI) and medical 
examination templates.
    Question 7. I understand a pilot program is underway at the Ft. 
Bragg BDD site to include the compensation program in VBA's efforts to 
automate some of the application, exam and adjudication process. Please 
explain what is involved in this effort and what role if any, 
Commercial-Off-The-Shelf (COTS) or other IT tools will play.
    Response. Virtual VA will be used to pilot the paperless processing 
of (Benefits Delivery at Discharge) BDD claims. Virtual VA is a web-
based computer application designed to electronically maintain all the 
documents in a veteran's claims folder and to simulate the paper 
workflow process of compensation claims. While Virtual VA's interfaces 
are custom designed, the solution employs widely accepted imaging 
software, web components, and hardware. Predominantly, Virtual VA uses 
commercial-off-the-shelf software (COTS) including:
    FileNet, Macromedia, Oracle, Xerox software, Microsoft, Kodak 
scanners, Adobe, Sun Servers, Active PDF Conversion Services, and IBM 
Servers.
    To create the plan for a paperless BDD claims process, VBA reviewed 
the current BDD business process and the existing functionality of the 
Virtual VA application. Specific IT enhancements/interfaces to existing 
applications are required to support the paperless BDD business 
process, including:
    1. Modification of existing Virtual VA workflow tracking 
functionality.
    2. Automatic import of rating decisions created in RBA 2000
    3. Data feeds from the Defense Manpower Data Center and creating a 
web interface inquiry so that users can retrieve verified military 
history reports.
    4. Automatic import of Compensation and Pension medical examination 
reports generated by QTC (the contract provider of C&P exams at BDD 
sites).
    5. Import of Compensation and Pension medical examination reports 
generated by VHA.
    6. Creation of a web interface to capture imaged records from the 
Defense Personnel Records Imaging System.
    Question 8. Please provide a detailed explanation of what VBA is 
doing to improve the C&P application and exam process and adjudication. 
How are industry best practices, such as rules-based decision engines 
and performance management tools, being incorporated into these program 
enhancements?
    Response. Modern Award Processing--Development (MAP-D) is a 
nationally deployed application designed to facilitate and automate the 
development phase of claims processing. MAP-D provides standard 
development paragraphs to use in composing letters. In addition, it 
provides automatic and manual claims development. The automatic 
development is rules-based development logic that was proven in a prior 
beta application trial for original compensation claims. The automatic 
development feature allows users to answer questions and enter basic 
veteran information. The system determines what development needs to be 
initiated and generates it in the form of letters, messages, and 
automatic requests for service information. The goal of MAP-D was to 
provide an easy way for users to create and amend development letters. 
To facilitate fast reaction to changes in policy or procedures, the 
paragraphs were stored centrally. Currently, the MAP-D application is 
being maintained through process improvements made with regular 
quarterly releases. The most recent change was released on November 14, 
2005. VBA is focused on improving the letter generation capability over 
the next year, and expects to revalidate automatic development and make 
modifications mandated by changes in the applicable laws and 
regulations that govern the claims process. Compensation and Pension 
Records Interchange (CAPRI) provides online access to veterans' 
electronic health records (EHRs) contained in the VHA system of 
records. It is also the IT application that VBA uses to request and 
print VHA C&P examinations. The VA regional offices (ROs) have used 
CAPRI since 2001 to electronically request C&P examinations from VA 
medical centers (VAMCs). Upon receiving the electronic VBA C&P 
examination request, VAMC personnel schedule the veteran for the 
required medical examinations. Once all requested C&P medical 
examinations and corresponding worksheets have been completed, the 
exams are loaded and stored electronically in CAPRI. Individual C&P 
examination reports become a permanent record in the veteran's EHR, 
where they can be viewed and/or printed by claims adjudication 
personnel. C&P Service has taken steps through CAPRI to standardize the 
VBA C&P examination request. The CAPRI exam request organizes the 57 
medical examination worksheets by 14 body systems identified in the VA 
Schedule for Rating Disabilities. CAPRI also gives VBA users a template 
that contains language common to requests for increased evaluations, 
pension benefits claims, representation by a power of attorney, and 
medical opinion requests. The ``General Remarks'' portion of the CAPRI 
C&P exam request allows the user to customize exam requests as 
necessary. CAPRI also uses rules-based technology to prevent a user 
from requesting a duplicate C&P medical examination worksheet when a 
request for that particular exam is pending.
    VBA and VHA continue to improve the exam process through the work 
of the jointly funded and staffed Compensation and Pension Examination 
Program (CPEP) office. The CPEP office is in the process of developing 
templates that map to the CAPRI worksheets. The goal of the template 
development is to provide rules-based technology to ensure that medical 
examiners complete the required information and accurately reflect the 
information requested in the worksheet. It is hoped that use of rules-
based technology in the C&P medical examination report will decrease 
the number of inadequate VHA medical examinations. Upon satisfactory 
completion of the templates, VBA will work with VHA to determine 
whether to make use of the template mandatory for VHA examiners.
    VBA has also initiated a critical review of the QTC (VA exam 
contractor) templates to ensure that they track VBA's examination 
protocols and properly solicit medical evidence. The review will ensure 
that VBA decision makers receive accurate and consistent medical 
evidence whether the examination is performed by VHA or QTC. Under the 
terms of its contract with VA, QTC must reprogram its templates to be 
consistent with VBA policy.
    Question 9. What thought has VA given to incorporating IT planning 
into new hospital construction to ensure new VA medical facilities will 
be ``digital hospitals''--to included ``smart'' HVAC, security, 
diagnostic, operating rooms, personnel information, etc. that will 
allow VA to take advantage of an integrated facility infrastructure 
prior to opening the facility to patients?
    Response. VA does in fact design in digital capability into our new 
and renovated facilities. In the development of IT systems for new VA 
facility construction, VA uses an integrated process with extensive 
coordination and communication among the design team members. These 
teams include representatives from the local VAMC, the Veterans 
Integrated Services Network (VISN) office, the Office of the Assistant 
Secretary for Information and Technology, and the Office of Facilities 
Management as well as a knowledgeable architectural and engineering 
consultant. IT system configuration and integration are developed by 
the VAMC and IT staffs. Supporting the IT systems with infrastructure 
systems are a range of design criteria, including design manuals and 
master specifications, which outline VA requirements. The systems and 
supporting infrastructure are coordinated and implemented by the design 
team for each specific project. Infrastructure elements, such as 
advanced heating ventilation and air conditioning, electrical and 
security system controls, are outlined in VA criteria. System elements 
are important as is privacy, control of assess to data, HIPAA 
requirements, redundancy, procurement regulations, and ease of use. For 
a new addition or renovation project at an existing VAMC, integration 
into existing systems and maintenance of ongoing operations are 
critical elements to consider. This project management approach results 
in IT systems that function well and meet VA operational needs. In 
addition, VA regularly consults with manufacturers to keep abreast of 
changes and improvements in all related technologies.

                                 ______
                                 
Response to Written Questions Submitted by Hon. John D. Rockefeller IV 
                         to Gordon H. Mansfield

    Question 1. As VA works to improve and upgrade its IT, will there 
be a process and consideration given to research opportunities? Will 
there be a sensitivity to develop electronic records in such a way that 
the development of registries and sharing of research data will be 
possible and affordable? Will an effort be made to find IT solutions to 
provide access to valuable research and information about many diseases 
facing both veterans and the general population, such as Alzheimer's 
and dementia?
    Response. VA is developing and implementing a Health Data 
Repository (HDR) to provide integrated views of patient data across VA 
sites of care. The HDR functionality will include all of the domains of 
clinical data as well as notifications, clinical reminders, decision 
support, and alerts. Additionally, VA is creating a Corporate Data 
Warehouse (CDW) that will allow users to aggregate information from the 
HDR and other sources to look at particular disease cohorts and 
population-based health issues. The availability of the HDR and CDW 
promise to greatly enhance research opportunities and facilitate the 
creation of data marts and special population registries for such 
things as Alzheimer's, dementia, diabetes, etc. Demographics and vital 
sign measurements are available today in the HDR/CDW. Allergies, 
outpatient pharmacy and hematology and chemistry laboratory tests will 
be available by the middle of 2006 and other clinical domains will be 
added as they are standardized. Restrictions on IT funding may slow 
down development and full deployment of the HDR and CDW.
    When the HDR and CDW are fully deployed, researchers will greatly 
benefit from the following: (1) accessibility of national data clinical 
data; (2) improved data base design that facilitates analyses; (3) 
economies of scale in data collection and processing; (4) centralized 
authoritative data source; and (5) standardized data and definitions.
    Question 2. Please explain how the new system will cover IT issues 
dealing with medical devices at local VAMCs and security issues.
    Response. In collaboration with the Office of Cyber and Information 
Security (OCIS), VHA mandated that all facilities create virtual local 
area networks (VLANs) to isolate medical devices from the rest of the 
facility's IT network by September 30, 2004. This was a starting point 
in VA's defense-in-depth approach to networked medical devices, which 
added a layer of protection to the medical devices across VHA. By 
isolating all of the networked medical devices within the IT networks, 
VHA has effectively reduced the exposure of critical hospital equipment 
and data to risk of penetration by a worm, virus, or other cyber 
attack. VHA will continue to work with OCIS' Health Information 
Security Division (HISD) to develop sound guidance and provide direct 
assistance to VA facilities regarding security protections for 
networked medical devices.
    Question 3. How could the Office of Health Data and Informatics use 
automated coding and automatic coding audits software from the 
commercial market to improve the coding and auditing of VA records? 
Will part of the IT restructuring include a process to consider such 
opportunities?
    Response. VA already evaluates and uses commercial off-the-shelf 
products and will continue to do so under the new IT structure. The 
Office of Health Data and Informatics has been involved with a number 
of vendors, reviewing coding products that suggest they can 
automatically review and code inpatient and outpatient records by using 
natural language processing tools. We are in discussions with several 
VA sites and other non-VA organizations to undertake testing of these 
products. The testing will help validate whether the benefits projected 
by the vendors can be achieved in the VA environment.
    Re-engineering the Computerized Patient Record System (CPRS) is a 
major VHA initiative. The re-engineering of CPRS will include 
requirements that address creating a foundation for the concept of 
coded data as a by-product of documentation, in order to minimize or 
eliminate provider involvement in the coding process. We plan to 
provide automated coding audit functionality within CPRS that would 
auto-review and code provider documentation and validate the accuracy 
of already coded records. This type of functionality could provide 
audit results that would be used to provide educational material for 
providers and coders, and, importantly, would provide needed leverage 
to challenge insurance companies on denied claims. As VA pursues 
automated coding, we must maintain awareness that, as yet, automated 
coding is not an industry standard.
    Again, VA is concerned that limits on IT funding will delay 
development and deployment of the re-engineered CPRS.
    Question 4. How could VA better use IT to more accurately audit 
inpatient and outpatient records to more effectively recover funds 
through third party payers under the Medical Care Cost Recovery 
provisions?
    Response. All VA medical center facilities have installed the same 
Encoder/claim scrubber product (Quadramed) which allows sites to ensure 
more consistency and accuracy in bills submitted to third party payers. 
All claims go through a scrubber with edits to ensure that the most 
accurate and complete claim is submitted to third party insurers. VA 
continues to enhance the capabilities of this system and to further 
train users to maximize system capabilities.

    Chairman Craig. Gordon, thank you very much for that 
opening statement and testimony.
    Now let us turn to Robert McFarland, as I have introduced 
him, Assistant Secretary for Information Technology, Chief 
Information Officer, Department of Veterans Affairs, or should 
we just say the person in charge?
    Oh, I see, you are all together. The word has gone forth. 
All right. With that in mind, now that I have introduced you 
again, Bob, do you have any comments? I mean we have shifted 
all the burden to you anyway.
    Mr. McFarland. Mr. Chairman, I have no prepared statement, 
but I will be happy to answer any questions that you have. I am 
excited to be here and talk about some of the things that we 
are trying to do.
    Chairman Craig. I think questions we do have, and thank you 
all for being here. Your testimony describes the federated 
option as put forth by the Gartner Report. Your testimony then 
goes on to say that VA is determined to move towards a 
federated concept. What is the difference, if any, between what 
Gartner recommended you do under a federated option and what 
you have outlined as the federated concept that you are moving 
towards? Can you bring us into context on that?
    Mr. Mansfield. Mr. Chairman, I was referring to the fact 
that we understand that whatever we do here, there is not a 
light switch answer. We cannot just flip a switch and it will 
happen. No matter what we do we have to take it by phases. We 
have to make sure that the planning part of it is done 
correctly, and as I mentioned, checked and rechecked as we go 
forward. The comment about moving towards is that we are going 
to plan, and then we are going to start implementing, and that 
implementation will be by phases, we believe, as we move 
forward, but we will go with the federated model as outlined.
    Chairman Craig. Was there universal agreement within the 
Agency to go this way?
    Mr. Mansfield. No, sir.
    Chairman Craig. Who made the final decision?
    Mr. Mansfield. As I mentioned, the Secretary tasked me with 
working with the administrations and the CIO and our management 
office to come up with what was the best consensus on how to 
move forward, and I then brought that consensus to him, and he 
made the decision that we would go forward with the federated 
model.
    Chairman Craig. I appreciate your broadly outlining the 
mechanics of the federated concept and your assurances that the 
goals that are agreed upon throughout the organization will be 
cost effective and met with success. I intend to follow up with 
you and hold you, and all of you, accountable for those 
assurance.
    Will you commit to providing this committee with periodic 
reports on your progress? What I am saying to you, to all of 
you, and certainly to you, Gordon, is that we are going to work 
through this with you. We want to know where you are and where 
you have moved along the way. We do not want a report a year or 
two from now that we spend hundreds of millions of dollars and 
somehow it is not working.
    Mr. Mansfield. Mr. Chairman, let me make the point that--to 
preface my answer, which is yes--that we appreciate, No. 1, the 
bipartisan support we have gotten from this committee in your 
efforts to help us along the way, and we understand that we do 
have an obligation when taxpayer dollars are appropriated and 
given to us to spend, that they be spent the way they should be 
spent, and the results that we should get are gained. I would 
make the point that we would be more than happy to provide 
whatever periodic reports that you requested, and as I 
mentioned in my oral statement, we intend to do that.
    Chairman Craig. As you know, the Senate version of the 
MilCon/VA Appropriation Bill points out the fact that no 
individual or office has final budget or programmatic authority 
to oversee the Department's IT effort, and the legislation 
suggests an internal reorganization. Your testimony states that 
VA's first goal of any reorganization is to do no harm. First, 
do you believe the appropriation bill's language could do no 
harm to your current IT programs?
    Mr. Mansfield. Yes, sir, I do believe that. We have had an 
opportunity to have extensive discussions with the staff of the 
committee, and we are in agreement with where they are going. 
We have had an opportunity to be involved in how that language 
is being put forth, and we also have done some preliminary 
planning inside to be able to affect that if and when the bill 
is passed. We believe that that is where we want to go, and 
this will help us centralize authority in the CIO and that will 
be an effective tool in us going forward to make the changes we 
want. As I said, we are going through a process right now to 
plan to be able to implement what would be required.
    Chairman Craig. Secondly, how does this language complement 
or compete with VA's recent internal efforts to reorganize?
    Mr. Mansfield. I think that it complements it in the fact 
that if you look at the Gartner Report, one of their findings 
is that there needs to be centralized control of the dollars to 
be able to make sure that the standardization and efficiencies 
that we are looking for are gained, and that is a part of the 
way to get there.
    Chairman Craig. Senator Akaka, questions?
    Senator Akaka. Thank you, Mr. Chairman.
    Secretary Mansfield, some in Congress are pursuing 
legislation to direct VA to consolidate IT functions under the 
CIO. What progress has VA made that would indicate if it can 
get its own IT house in order without requiring Congress to get 
involved and provide a legislative solution?
    Mr. Mansfield. Sir, as I mentioned, the VA went out and 
hired the Gartner Consulting Group to come in and do the study. 
They made presentations to myself and Mr. McFarland. We then 
briefed the Secretary. Following that, he directed that I go 
forward and come up with a consensus agreement if possible, and 
since then we have been looking at ways to implement one of the 
options that was presented, and we believe that we can start 
doing that very soon. The Secretary has signed off on that as a 
directive to move forward, to start the implementation of the 
federated model.
    Senator Akaka. The study that you mentioned, when was that 
study done?
    Mr. Mansfield. Finished in late May, sir.
    Senator Akaka. Of this year?
    Mr. Mansfield. Yes, sir.
    Senator Akaka. Mr. Secretary, one of the problems 
identified with some VA IT systems is the lack of effective and 
expert program management during the design and fielding of IT 
systems. How can VA compete with private industry to attract 
the best and brightest minds in the IT field to ensure that we 
have effective program management for current and even future 
IT initiatives?
    Mr. Mansfield. Mr. Akaka, you point out a very big problem 
that we have, not only in this area, but in many of the 
specialized areas, in getting competent people into the system, 
given the hiring system that exists and how we have to go 
through that. We have started moving forward in this area, and 
I think I would ask Mr. McFarland to talk about his setting up 
of a program management office as we anticipate moving forward.
    Mr. McFarland. Sir, when I came here some 20 months ago, 
one of the things that disturbed me was we were in a mode of 
educating and trying to build project managers, but we did not 
have what I would call something similar to DOD, which is an 
enterprise project management office, where you have extremely 
experienced project management people who have overseen large 
projects and understand how to find the pitfalls through the 
process.
    I came to the Secretary and the Deputy, and since I was 
only able to affect the 2006 budget at that particular time, I 
inserted some dollars and a structure in the 2006 budget to 
start to build such an office to oversee these large at-risk 
projects. The Deputy and the Secretary were very much in favor 
of that idea, and have since pulled that into the 2005 budget, 
and I have just recently been able to hire a recently retired 
Navy captain that will head up the enterprise project 
management office. He is extremely experienced in managing 
extremely large programs, understands the complexity of large 
programs, understands how to deal with risk, and to be candid 
with you, we are going to supplement that office with more of 
that kind of talent.
    Now, we have an advantage here that we can compete in this 
area with private industry. No. 1, we have the best mission in 
Government, and that is to serve our veterans. We can attract 
retiring, very experienced ex-military to this environment 
because of that mission, and in fact, I stole this gentleman 
from private industry, and we were able to steal him because of 
this mission. I feel very confident that we can bring in talent 
that can help us oversee these projects in the future. It will 
take some time to build that office. It will not be built 
overnight. We will have to deal with the most at-risk projects 
in the beginning, and ultimately I would like to put it through 
all of our projects.
    Senator Akaka. Thank you.
    Dr. Lynch, I also want to add my commendation to you for 
your actions during and after Hurricane Katrina. As we all 
know, the Department of Veterans' Affairs was lauded for what 
it did after the disaster, and we are delighted to have you 
with us today. We have been waiting for sometime to get an idea 
of how much it would cost to rebuild the infrastructure. Where 
are you in your assessment, and can you give an estimate of the 
related costs?
    Dr. Lynch. Thank you, Senator. First off, I very much 
appreciate the kind words everybody has given to me personally 
regarding our response to Katrina, but I want to say that all 
the VA responded to Katrina, not just VISN 16. Certainly within 
my network, I shall say I am very proud of the people that work 
for me, and I think I have the real heroes working for me, and 
I think they deserve all the credit. I am just the figurehead 
that gets to stand up in front of them, and I want to make sure 
they get recognized.
    I want to be sure I understand your question. Is the 
infrastructure, the physical infrastructure of the medical 
facilities that have been damaged, not specifically IT issues.
    We are working on those costs right now, and there have 
been a number of engineering teams, for example, in New Orleans 
assessing the viability of restoring that building. It looks 
like the timelines for doing that, to fully bring it back to 
pre-Katrina, will be several years, and the costs are quite 
significant. Of course, we are assuming we want to try to 
mitigate the kind of vulnerabilities that the flooding caused 
this time around. You have to realize that while I am not aware 
of any final decision on the fate of the levees in New Orleans, 
if there is an attempt to repair those levees to a stronger 
strength, it will be, I am told, many, many more years before 
those are up to that level.
    I think if you are going to restore a large health care 
facility in New Orleans, you should mitigate your 
vulnerabilities. That is going to be the approach we are 
recommending.
    The costs for that could run as high as $200 million, maybe 
even go above that. There is a big debate about how much it is 
going to cost to rebuild in the environment in a disaster areas 
because costs are not normal.
    The other options we are looking at are the possibility of 
partnering with other entities down there, but that is in a 
very preliminary stage. I wish I could say we had final answers 
to all of this. I am dependent on the engineers to give me 
reports, and I am just kind of sharing with you the best 
knowledge I have at this point.
    In Biloxi and Gulfport, I think everybody in the room is 
aware of the CARES recommendation the Department put forward 
some time ago, and it was already recommending that Gulfport 
ultimately be closed and the services that were at Gulfport be 
recapitulated on the Biloxi campus. There were projected costs 
associated with that. We will again have the issue of doing 
that in a post-disaster environment. We are exploring moving 
that ahead, if you will, at this point. Again, no final 
decision has been made.
    There is a great demand for good, firm, hard numbers at 
this point, and things change almost every day, and that is 
sort of where the status stands right now. I appreciate the 
interest though.
    Senator Akaka. Thank you very much. My time has expired.
    Chairman Craig. Senator Akaka has asked an important 
question. We plan on November 3rd to have the VA back--the 
Secretary will be here--to give a detailed report on all 
aspects of Katrina costs and possibilities of change and 
adjustment and what we do to get everything back up to where it 
was or what adjustments we make. At that time also, Danny, we 
will invite the Senators from the affected States to be with us 
at that hearing. We wanted to give VA plenty of time to get 
their arms around these figures and to assess and give us the 
detail that I think all of us want to have to try to understand 
the impact of that. Is that a tentative date or is that a real 
date now? It is a real date now, November 3rd.
    With that, let me turn to Senator Salazar.
    Ken.
    Senator Salazar. Thank you, Chairman Craig.
    Mr. McFarland, last month you appeared before this 
committee, and as I recall, the comment that you gave to this 
committee was that you personally believed that a centralized 
system would be the best option, and I am sure you discussed 
your position with the VA. What I would like to ask you to do 
is two things, first, explain to me in layman's language what 
the difference is between the federated system versus a 
centralized system in terms of IT. And then second, what is it 
that changed your position from where you were when you came 
before the committee?
    Mr. McFarland. Sir, I made those statements before the 
House committee at a hearing I believe about a month ago, when 
I was asked for my professional opinion on the Gartner study. I 
had stated then, and I will state now, my professional opinion 
was in line with the Gartner study, based on my prior 
experience and having worked in this industry for some 33 
years.
    The issues of the differences between a centralized 
approach and a federated approach are clearly, in layman's 
terms, under a centralized approach, all development, 
application, selection and infrastructure is run through one 
organization. In the most successful environments, with that 
approach you wind up writing some very detailed service level 
agreements with your customers, you have a customer mentality, 
meaning the people that you provide service to, and you build 
around their needs, and you bring them in to the process of 
both development and operational control, and you deliver 
services based on the needs of your customers.
    In a federated approach what you have is a IT 
infrastructure, meaning the operations, the running of the 
tools, and the infrastructure meaning the equipment and all the 
aspects that go along with keeping the service running under a 
centralized management structure, and you leave the development 
and application program selection and the development of 
software, user-specific software, to the administration in this 
case or to another organization. The federated approach is a 
step towards centralization, but it is clearly delineated by 
having users continue in the administration to develop their 
own specific software requirements, while the operational 
aspects of running applications and providing IT services is 
managed through a central group.
    Senator Salazar. Are you, Mr. McFarland, now at a point in 
this position, comfortable that the centralized system is not 
something that is the best option, and that moving forward with 
the federated system is the best?
    Mr. McFarland. In my opinion, my personal opinion, the 
centralized option for the VA is a very big bang. This is a 
culture steeped in decades of decentralized environment. You do 
not make those kind of changes in any organization, especially 
one as deeply rooted as this, overnight.
    I still believe that in the long run, having IT centrally 
managed is the successful way to run it. I believe you have to 
take steps to get there, and the consensus with management is 
that the federated approach is the first step to do that, and I 
have agreed to support what management wants to do.
    Senator Salazar. Let me ask in terms of the dollars that 
you now will have responsibility for, your organization is 
going to grow very significantly in terms of the dollars that 
you would have responsibility for, as I understand it, from 1.4 
billion that the CIO has direct control, to I guess--no, from 
50 million to 1.4 billion. So your 50 million will go to 1.4 
billion. Are you ready to assume that kind of responsibility 
for those kinds of dollars as the CIO?
    Mr. McFarland. I am not familiar with----
    Senator Salazar. Or are you scared?
    [Laughter.]
    Mr. McFarland. No.
    Senator Salazar. That is a lot of money.
    Mr. McFarland. Sir, I come from a corporation where I 
managed far more than that, so I am not particularly afraid of 
that size number. To be candid with you, that will take setting 
up an infrastructure that does not exist in my office today. I 
am in the process right now, and have just reviewed yesterday 
the first draft of the IT Controllers Office, which will allow 
me to not only disburse the money, but be able to track it. 
That has not been something we have done very successfully in 
the past.
    It is my intent that I have responsibility to manage that 
kind of sum, I will track that kind of sum one way or the 
other, and I will make sure that that money will be spent on 
what it is designed to be spent on, and nothing other than what 
it is designed to be spent on. It will take some effort to do 
that. It will take some staff to do that, and it will take 
process, which is currently not in place, but it is possible 
and we have had some pretty good minds working it now for about 
2 weeks, and I think we are getting very close to putting an 
organization together that could manage the money.
    Senator Salazar. One more question, if I may, Mr. Chairman.
    Is now the time to do this, or would it be best if you, in 
your current position, and Secretary Nicholson and Secretary 
Mansfield were to take another year to study and to figure out 
how you are moving forward on this approach, as opposed to 
launching into what seems to be such an expensive and difficult 
undertaking, given the culture that we are dealing with here of 
independence on each one of the systems that we deal with? I 
mean talk to me a little bit about the timing question.
    Mr. McFarland. Sir, I am not an experienced Government 
employee. I come from the private sector, so I do not have the 
benefit of history and how long it takes Government to get 
things done.
    Senator Salazar. Do you have a comment on that, Secretary 
Mansfield?
    Mr. Mansfield. Yes, sir. It has been a part of the 
discussion on how we arrive at the decision and how we look at 
how we are going to implement it. In my testimony I believe I 
pointed out that it is going to take us 12 to 18 months to get 
this done. I recognize, as Mr. McFarland has indicated, we do 
not have all the people that we need in house to be able to get 
this done. The first thing we will have to do is to look for 
some consultants to come in and help us arrange the plan, and 
then decide where along the way we may need some outside help 
to get it done, as we move forward.
    It is not something that is going to happen overnight, but 
I believe that it is time to say this is what we are doing. The 
decision has been made by the Secretary, and as I said, the 
senior management of the Department, working together to come 
up with an agreement. You cannot always get 100 percent of what 
you want. What you have to do is get the most you can. Mr. 
McFarland has bought into this. The Health Care Administration 
has bought into this. The Benefits Administration has bought 
into this. The Office of Management has bought into this, and 
we are prepared to move forward.
    It will not be, as Mr. McFarland says, with a light switch 
approach, it will be done gradually. We need to send the word 
to the organization that we are doing this. Then the next thing 
we need to do is--a lesson learned from the last time--we need 
to involve the people all the way down to the users in the 
planning process, so they feel that what is going on here is 
something that they have a part in and that the success of it 
is going to be something that they are committed to, and that 
is going to take us a little bit of time, as Mr. McFarland 
mentioned, in the cultural aspects.
    Then the other part of it too, and one of the reasons that 
I believe that we should choose this model, is my ``do no 
harm'' comment. We are dealing with health care. We are dealing 
with patients. We are dealing with people in clinics or 
hospital beds, and medical doctors with hands-on treatment, 
some of it assisted with, helped with the tool of IT. In those 
areas we have to make sure we do no harm, and that is a part of 
what we have to play into here too.
    Senator Salazar. Thank you. I very much look forward to 
working with Senator Craig and Senator Akaka and this 
committee, and you to monitor the situation as you move 
forward.
    Mr. Mansfield. If I might follow up, sir, I just would also 
make the point that when you see in the report or when you hear 
the big bang, then you want to stop and look at what this is. 
That report gave us a risk versus rewards graph too that we 
talked about. Even if we were going to complete centralization 
with everything in Bob's pocket, we still would have to go 
through the steps to get there, and this is one of the steps to 
get there.
    Right now the only difference that I see is that the 
development phase, again with those clinical people involved 
and making sure that the treatment of patients that they do is 
part of the process for development and the benefits is a part 
of it. That is the one step that is different. Security gets 
centralized in IT. The budget dollars get centralized in IT. 
The standardization requirement gets centralized in IT. That is 
how we get the efficiencies out of this system and make it work 
better and deliver better services, and hopefully save some 
dollars that can then be translated into additional benefits 
and additional health care.
    Senator Salazar. Thank you.
    Chairman Craig. Ken, thank you.
    Senator Thune.
    Senator Thune. Thank you, Mr. Chairman.
    I appreciate all of your responses and answers and 
testimony very much, and I credit you for not resting on your 
laurels. I think that in order to stay on the creative cutting 
edge, you have to constantly be thinking of ways that you can 
approve and do things better, and the VA has been recognized, 
as you have all noted, for their many successes and 
improvements in the area of patient safety, and much of it 
related to the things that you are doing in terms of 
technology.
    I am especially interested in the technology component part 
of health care for a lot of reasons. One is I represent a very 
diverse--a very large area with a lot of real estate and not a 
lot of people, and health care facilities all across the State. 
You have a big network as well. I am also interested in it, 
because I think that electronic medical records has been proven 
to improve patient safety to save lives. It has also been 
proven to save money, and those are two things that are very 
important in terms of where we are headed in health care.
    I guess what I would like to ask you--and I appreciate the 
update on where you are headed and look forward to working with 
you and looking forward to working with the Chairman and this 
committee as we provide the oversight that is necessary for you 
all to deliver the very best possible health care services to 
America's veterans. Looking at it in a broader context, we are 
having a debate in this country too about how to take the model 
of what you have done and duplicate that and use it in other 
areas of health care.
    One of the big issues that is raised is in operability 
standards and how do different software packages in different 
health care facilities communicate with each other, thereby 
enabling them to have one integrated system or database whereby 
a patient's record can be accessed from any particular 
facility, whether they are somewhere in California or somewhere 
in South Dakota.
    I am curious to know what you all have done--I am told at 
least that you are working to provide or distribute scaled-down 
versions of your software to nongovernment hospitals and 
doctors and physicians--I am curious to know what has been the 
result of that effort? To what extent do hospitals have it? How 
many of them are using it? Is there any indication that there 
is an effort to use the software by doctors and hospitals that 
might be receiving it?
    Dr. Lynch. I think the release you are referring to is--
some people refer to it as VistA Lite, a basically available 
Federal code that is given to the private sector, but it is a 
partnership with Health and Human Services that was just 
announced in the last couple of months. I believe August is 
when that went out. It is really in a test phase in the 
community, so it would be premature to tell you how that is 
going, but that is the intent of the test phase.
    There are other Federal and private sector organizations 
that have used VistA in its current iteration or various 
iterations of it, the Indian Health Service for one. Some of 
the public health agencies in this town are using VistA.
    I think the thing that is probably most--when you realize 
how many physicians and other allied health professionals in 
training spend some time in their training in a VA medical 
center, you will find that almost every physician who left 
their residency program or medical school--nurses, what have 
you--in the last 6 to 10 years is very familiar with VistA in 
one form or another. They just have a hard time not laying 
hands on it at one time or another.
    I think probably that is the biggest push for getting 
health care providers to use the electronic health record, and 
I think you will see--what I am hoping we will see is a 
consumer-driven demand driven by providers, and it is 
generational. Within VA, I think it was 6 years ago really, we 
put out the current version from the providers' perspective 
that we have now. That was when things really blossomed, and we 
found that young physicians who grew up at a time when the 
Internet and PCs were always part of their lives had no problem 
adapting to it. Folks like myself, maybe a little bit more of a 
struggle. I think we are going to see that this is the natural 
trend of things.
    What your question really gets to is will we have the tools 
ready for them when the demand is there, and that is the 
standards that I think that VA is participating with in Health 
and Human Services and a lot of the President's push towards 
the electronic medical record, that will drive it. How that 
will exactly shake out, I don't know. What you are looking for 
is sort of what you have with the Internet. It does not matter 
which brand of computer, which operating system, even which 
attachment you put to your operating system. They all talk to 
each other because there are common standards that allow them 
to communicate. That is what we are pushing for.
    Senator Thune. I appreciate that. I would welcome, as this 
particular, I guess, new arrangement or relationship with some 
of the non-government hospitals, as you start getting data back 
about who is using it and how they are using it and what level 
of--what sort of results they are getting, it would be very 
helpful.
    Again, I appreciate the Chairman's interest in the subject 
with respect to the VA and the good work that you are doing 
there. I also know that in an area like my State, technology 
can do wonderful things, and telemedicine, things we are doing 
in that field as well. I also believe when it comes to 
efficiency, saving money, and saving lives, moving more toward 
electronic--and it is generational. There is no question about 
that. One of the things you hear most often is it is hard to 
get physicians and doctors who have always transcribed things 
the old-fashioned way to actually--and how do we provide 
incentives for them to be a part of the solution. I would 
welcome any additional insights that you have about that as we 
go forward.
    Thank you, Mr. Chairman.
    Chairman Craig. Senator Thune, thank you.
    Senator Isakson, you arrived while the panel was underway, 
so please proceed. Do you have any opening comments along with 
your questions?
    Senator Isakson. I was here earlier and then had to step 
out for a call, which I apologize for, and I came back in.
    No, I have no opening statement. I do have----
    Chairman Craig. Please proceed.
    Senator Isakson. I do bring greetings from my 91-year-old 
father-in-law, a retired Navy Commander, who in 1999 when I was 
elected to the House lectured me on all the VA needed to do, 
particularly with regard to health care improvement, and he 
told me last week it was remarkable how well they had done 
since I got to Congress.
    [Laughter.]
    Senator Isakson. Being he is my father-in-law, I took total 
credit for it, but I deserve none. I thought I would pass it on 
to all of you because he is an absolute--Commander Davidson is 
an absolute critic, and he has been very happy with the medical 
improvement, Dr. Lynch and all the others.
    I did come in during the testimony, so I had to go back and 
read, and I just really have maybe one question and a follow-
up.
    In the federated model, it says here in Option 4 describing 
it as, ``All IT operational service delivery personnel and the 
budget associated (to include all non-medical IT equipment, 
maintenance, and contractor support) would come under the 
direct supervision of the CIO.'' Does that mean that the 
medical side of IT is not under that direct supervision?
    Mr. McFarland. It means that all the medical devices and 
all of the various medical pieces of equipment will stay under 
the supervision of the hospital. Candidly, even--in my opinion, 
even in a centralized form, that would be the same. No IT 
organization should be making decisions on medical equipment 
that is needed to carry out health care. We should aid and 
support and try to help with security, but we should never be 
in the mode of making those decisions.
    Senator Isakson. I concur with that, and to the best of my 
recollection, most of the concerns about IT at VA have been 
non-medical IT concerns. Is that not correct?
    Mr. McFarland. I believe that is correct.
    Senator Isakson. Which brings me to my next question. On 
the next page, it says, ``This model will . . . include a 
migration of most workers to the control of the CIO, while 
leaving some employees under the control of the 
administrators.'' How many administrators are there?
    Mr. McFarland. The breakdown, I can't give you exact 
numbers, but the breakdown is somewhere around 4,500 to 1,500 
approximately. Most of the employees are operational in nature, 
meaning they are involved in running and maintaining the 
infrastructure that is out there. Those that would stay under 
the administrations are those who are programmers and 
developers of the applications themselves of the software that 
is designed to manage and run the medical applications.
    Mr. Mansfield. Sir, if I may interrupt, I think you are 
talking about the number of administrations. We are pointing 
out there that the health care, the Veterans Health 
Administration, would maintain the development for products in 
their area. The Veterans Benefits Administration would maintain 
the same for their area of expertise, and then the Cemetery 
Administration. They would be aligned under those three 
administrations.
    Senator Isakson. Are any of those stovepipes integrated at 
any point?
    Mr. Mansfield. Not now, but under the federated model, the 
operational infrastructure would be integrated.
    Senator Isakson. Then therein lies me to my point, I guess, 
which is more of a statement. Mr. McFarland, I have great 
respect for Dell and what you did and what that great company 
does. In one of my jobs in my life, I was asked to take over 
the Department of Education in Georgia in a crisis, which was 
the Y2K crisis where they were trying to become compliant. They 
had 187 school systems, a State board of education. They had 
decided to select--the software of their preference was SAV, 
which is very complicated software. They had made the terrible 
mistake of letting all 187 systems attempt to customize the 
student information and the financial system, which led to a 
catastrophic $45 million disaster and a last-minute patch to 
become Y2K compliant.
    Anytime I read that we are going to centralize, but some of 
the employees are going to be under the supervision of the 
administrators and not the CIO, I worry that a department or an 
administrator working with a consultant or an outside vendor 
trying to customize could take what otherwise should be a 
baseline system and cause not only irreparable difficulty but 
tremendous cost. You can comment on that any way you want to.
    Mr. McFarland. I share your concern more than you realize. 
Let me say that under where I think we are headed, I will have 
budgetary control. I can promise you this. I will not sign off 
on any budgeted item, including development projects, that do 
not keep in concert with an enterprise architecture, and if 
they are looked at as being custom solutions that do not fit 
the environment, I simply won't fund them. We may have some 
battles in that area, and I welcome them. I share your concern.
    If you look at the big recent failure of Core FLS--you have 
described a little bit what happened in Georgia--lack of 
standardization will eat you alive in this world in IT. Without 
standardization and without standard practices, you cannot 
apply automation. It does not matter whether we would have made 
Bay Pines work or not. You could not have picked that system up 
and laid it into another hospital or another facility without 
customizing it again. That is because we did not have any 
standardization in place.
    Those are the areas that I think we can manage, and I 
intend to manage those through the budget process.
    Senator Isakson. I am glad to hear that, because in the 
end, not because people would intentionally want cost overruns, 
but most administrative people are closer to my age and they do 
not have the computers that my kids have that allow them to do 
all these things instinctively. They start customizing or start 
asking consultants to provide things which can be done but run 
you off into some unbelievable cost overruns and problems. Your 
knowledge is very satisfying to me, and if you can manage 
through that process in the budget, then I think this federated 
model will work.
    Thank you, Mr. Chairman.
    Chairman Craig. Thank you, Senator Isakson. The question 
is: How did you do?
    Senator Isakson. How did I do?
    Chairman Craig. In the Department of Education in Georgia. 
Now that you have led us down that path----
    Senator Isakson. I got elected to Congress, Mr. Chairman. I 
don't know whether that is because they wanted to get rid of me 
or because it worked.
    [Laughter.]
    Senator Isakson. I will share with Mr. McFarland actually 
the results of that, but not on camera.
    [Laughter.]
    Chairman Craig. In other words, special expressions belie 
the camera.
    All right. A couple of last questions of this panel. You 
had mentioned the enterprise architecture design. I see OMB 
scored it at a 3 in contrast to a previous 1.25 score. 
Mathematically, that is a 100-percent improvement.
    Now, what does that exact--what does that tell us about 
enterprise architecture? How much better and is it good enough?
    Mr. McFarland. I'd love to tell you that getting a 100-
percent improvement in my grade was a wonderful thing, but I 
would have to be honest and fair with you and tell you that 
when I got here, we were nowhere where we needed to be. We have 
made great progress. I was very lucky to attract an enterprise 
architect to the agency some 9 or 10 months ago, and he has 
done incredible work in getting us moving towards where we need 
to go. We are not there yet. We still have to try to reach, I 
believe, a 4.0, and that additional one point is a significant 
enterprise. I believe we will get there.
    Enterprise architecture is an evolving thing. You just 
don't get one and then put it in the drawer and everything is 
fine. It will continue to evolve. It will have to evolve based 
on the needs of the agency, and we will have to evolve it based 
on the needs of the Government, because the Government has, OMB 
has a very strict interpretation of enterprise architecture, 
and we have had some challenges in getting ourselves in line 
with that. We will get there, and that is the umbrella that 
fits over all of our applications and all of our environment to 
make sure there is commonality. We will never break up these 
stovepipes if we do not have a strong enterprise architecture 
to do it with.
    Chairman Craig. Okay. I thank you for that comment, Mr. 
McFarland, and I think all of us recognize the difficulty of 
change, especially inside organizations as old, with the 
positive reputation that VA has; at the same time, a 
frustration on the part of all of us of costs and cost overrun 
and the inability to get our arms around them and manage them. 
It is pretty hard sometimes to go home to the taxpayer and try 
to explain why a couple hundred million dollars or more just 
got blown away, or it is no longer operating or it is non-
functional. We went through this with, you know, other agencies 
of Government as we try to make these changes and bring them 
into modern approaches.
    Consultants are brought in, and sometimes effectively used, 
sometimes not. Gordon, we talked about the Gartner study and 
its costs. What were its costs in reality?
    Mr. Mansfield. The costs were between $800,000 and $1 
million, I believe. Is that right?
    Mr. McFarland. Yes, sir. It was somewhere, if I remember 
correctly, around $875,000, I believe.
    Chairman Craig. That is viewed as money well spent?
    Mr. Mansfield. Yes, sir.
    Mr. McFarland. Yes, sir, I believe it was.
    Chairman Craig. I don't ever want the record to show that 
that is pocket change, but it was pocket change well spent in 
the context of things. Thank goodness that you feel it was 
appropriately spent, and that is a manageable amount of money 
in most of our view when it comes to what we are doing here.
    Gentlemen, thank you very much. We will have you back 
again--and again, and I say that because we want to know what 
you are doing and how it is going on. I will only ask you to 
leave with this note: As I have told the Secretary, there don't 
deserve to be surprises in any of this. We are all in this 
together because we have one goal in mind, and I think, 
Secretary Mansfield, you expressed it well in your opening 
statement. The wiser we can spend the dollars, the more dollars 
we can get to the ground to serve veterans. We thank you all 
for being here this morning.
    Mr. Mansfield. Thank you, Mr. Chairman.
    Chairman Craig. Our second panel is made up of Paul 
Wohlleben?
    Mr. Wohlleben. Very good, Mr. Chairman.
    Chairman Craig. Did I pass the test, Paul?
    Mr. Wohlleben. You did. That was fantastic. Thank you.
    Chairman Craig. Partner, Grant Thornton, on behalf of the 
Information Technology Association of America; and Linda 
Koontz, Director of Information Management for Government 
Accountability Office.
    With that, Paul, Linda, thank you for being with us. Please 
proceed. Paul, we will start with you.

 STATEMENT OF PAUL WOHLLEBEN, PARTNER, GRANT THORNTON, LLP, ON 
  BEHALF OF THE INFORMATION TECHNOLOGY ASSOCIATION OF AMERICA

    Mr. Wohlleben. Thank you, Mr. Chairman. Good morning. My 
name is Paul Wohlleben. I am a Partner with Grant Thornton of 
Chicago, Illinois, an international accounting and management 
consulting firm.
    In my role as a witness before you this morning, however, I 
am representing the Information Technology Association of 
America. ITAA provides global public policy, business 
networking and national leadership to promote the continued 
rapid growth of the information technology industry. ITAA 
consists of approximately 350 corporate members throughout the 
United States in a global network of 67 country's IT 
associations. ITAA members range from the smallest IT start-ups 
to industry leaders.
    Modern organizations, whether Government or commercial, use 
IT to help them achieve their missions. For most organizations, 
IT is both a major component of cost and a key resource in 
managing business operations and in satisfying customers. This 
morning I will describe how many of ITAA's member companies 
employ, align and operate their IT assets to best align them 
with the organization's missions, improve productivity and 
maximize the return on their investments. Additionally, this 
discussion will address our position on the placement and the 
role of the Chief Information Officer in any large enterprise.
    Let me begin by stating that leading companies operate 
using an organizational strategy drawn from their major 
business and mission objectives. In developing such a strategy, 
leading companies consider the role of all key resources in 
accomplishing that strategy, including information technology. 
It is a position of ITAA that in most cases a successful 
organization's CIO will be part of the senior management team 
that develops that overarching strategy. Such involvement by 
the CIO increases the probability that IT will be properly 
leveraged to achieve the desired outcomes.
    Once an organization's business and mission strategy had 
been defined, including the basic contributions expected from 
IT, the CIO needs to develop the strategies and plans that 
define how IT will be best deployed across the organization to 
make those contributions. I will refer to this as the IT 
strategy. The CIO must ensure that the IT strategy is aligned 
to the organization's business and mission strategy, meaning 
that each IT investment can be linked back to the 
organizational goal or objective that it supports.
    A key component of the IT strategy is the enterprise 
architecture. The enterprise architecture provides views into 
how the organization operates, its key desired outcomes, the 
technology infrastructure that provides computing capability, 
the data that is used in the organization in the application 
systems that support the organization. ITAA believes it is 
imperative for the CIO to have sufficient authority to produce, 
deploy and maintain the IT strategy, including the enterprise 
architecture. It is particularly important that the CIO be able 
to keep them current with a changing business and mission 
environment, and to ensure that they serve as the standard road 
map for all IT investment, planning and execution.
    The development of the IT strategy and the use of the 
strategy to guide the organization during the implementation 
projects designed to move the organization from the current to 
the target states cannot be accomplished by the CIO 
organization alone. The entire enterprise will be affected by 
the IT strategy. The entire enterprise must be represented in 
the process that develops and oversees the execution of the 
strategy. This is, in effect, a component of organizational 
governance. ITAA believes that the CIO must have appropriate 
authority, organizational placement, and peer relationships to 
ensure that an effective process exists for this organizational 
governance.
    I have touched on a number of key roles that must be 
successfully addressed to ensure that an organization's IT 
investments are both efficiently and effectively utilized. The 
CIO must have effective control over the planning, 
authorization, resourcing and implementation of all IT. 
Effective control means that the CIO can delegate the 
implementation of IT as long as the CIO retains oversight and 
sufficient management mechanisms in place to ensure compliance 
with CIO approved plans. We believe the CIO should not delegate 
enterprise level planning, authorization and resourcing 
responsibilities.
    Let me turn my attention to the organizational placement of 
the CIO. While ITAA recognizes the impact that attributes like 
culture and management style have on determining how to 
organize to optimize effectiveness, we believe that an 
organization is best able to leverage its IT if a CIO reports 
to the organization's most senior official. Such placement 
sends an important signal to the rest of the organization about 
the value of information technology in its management, and 
better enables the CIO to ensure an effective IT governance 
process. It better positions the CIO to develop working 
relationships with other key senior executives in an 
organization's leadership.
    We also believe that with such high organizational 
placement comes a responsibility to reach out to the 
organization to develop effective collaboration and governance 
processes. A seat at the executive table must be used to inject 
IT into the strategic mainstream, and not to isolate it from 
the rank and file. Elevating the CIO in combination with 
effective collaboration will help ensure that the broad needs 
of the organization are reflected in the IT requirements, and 
that efforts to standardize both IT and business processes 
receive appropriate representation.
    To summarize, IT is a critical component in helping 
organizations like VA realize their strategic objectives. To 
harness the value of IT, the CIO maps agency mission and 
business process objectives to an information technology 
strategy. An enterprise architecture translates IT strategy 
into an actionable blueprint for moving from the here and now 
to where we want to be. Although the CIO is ultimately 
responsible for the effective alignment of IT performance with 
agency mission, goals and objectives, this individual does not 
and must not operate in a vacuum. To be effective, the process 
must enjoy widespread agency support and buy-in, and must 
originate from the top down.
    I thank you for the opportunity to testify before the 
committee this morning. I will be pleased to answer any 
questions you may have. ITAA will also be glad to meet with 
Members of the committee and their staffs on the important 
issues that are raised during this hearing.
    Thank you.
    [The prepared statement of Mr. Wohlleben follows:]

  Prepared Statement of Paul Wohlleben, Partner, Grant Thornton, LLP, 
     on Behalf of the Information Technology Association of America

    Good morning. My name is Paul Wohlleben. I am a Partner with Grant 
Thornton LLP of Chicago, Illinois, an international accounting and 
management advisory services firm.
    In my role as a witness before you, I am representing the 
Information Technology Association of America. ITAA provides global 
public policy, business networking, and national leadership to promote 
the continued rapid growth of the Information Technology (IT) industry. 
ITAA consists of more approximately 350 corporate members throughout 
the U.S. and a global network of 67 countries' IT associations. ITAA 
members range from the smallest IT start-ups to industry leaders in the 
Internet, software, IT services, ASP, digital content, systems 
integration, telecommunications, and enterprise solution fields.
    Modern organizations, whether commercial or government, use IT to 
help them achieve their missions. For most organizations, IT is both a 
major component of cost and a key resource in managing business 
operations and satisfying customers. This morning, I will describe how 
many of ITAA's member companies employ, align, and operate their IT 
assets to best align them with their organization's missions, improve 
productivity, and maximize the return from their investments. 
Additionally, this discussion will address our position on the 
placement and role of the Chief Information Officer (CIO) in any large 
enterprise.
    Let me begin by stating that leading companies operate using an 
organizational strategy drawn from their major business and mission 
objectives. In developing such a strategy, leading companies consider 
the role of all key resources in accomplishing that strategy, including 
IT. It is the position of ITAA that in most cases, a successful 
organization's CIO will be part of the senior management team that 
develops that overarching strategy. Such involvement by the CIO 
increases the probability that IT will be properly leveraged to achieve 
the desired outcomes.
    Once an organization's business and mission strategy has been 
defined, including the basic contributions expected from IT, the CIO 
needs to develop the strategies and plans that define how IT will be 
best deployed across the organization to make those contributions. I 
will refer to this as the IT strategy. The CIO must ensure that the IT 
strategy is aligned to the organization's business and mission 
strategy, meaning that each IT investment can be linked back to the 
organizational goal or objective that it supports. Ideally, the 
contribution of the IT investment can be measured in terms of how well 
it supports the relevant overarching organizational goal or objective.
    A key component of the IT strategy is the enterprise architecture 
(EA). The EA provides views into how the organization operates, its key 
desired outcomes, the technology infrastructure that provides computing 
capability, the data that is used in the organization, and the 
application systems that support the organization. In leading 
organizations, the EA consists of both a current snapshot of the 
organization's IT infrastructure, called the `as is' architecture, and 
a snapshot of the target infrastructure, called the `to be' 
architecture. IT modernization plans are then developed with the intent 
to move from the `as-is' to the `to-be' states. ITAA believes it is 
imperative for the CIO to have sufficient authority to produce, deploy 
and maintain the IT strategy, including the enterprise architecture. It 
is particularly important that the CIO be free to keep them current 
with a changing business and mission environment and to ensure that 
they serve as the standard roadmap for all IT investment planning and 
execution.
    The development of the IT strategy, and the use of the strategy to 
guide the organization during the implementation projects designed to 
move the organization from the current `as-is' to the target `to-be' 
states, cannot be accomplished by the CIO's organization alone. The 
entire enterprise will be affected by the IT strategy; the entire 
enterprise must be represented in the process that develops and 
oversees the execution of the strategy. This is, in effect, a component 
of organizational governance. ITAA believes that the CIO must have 
appropriate authority, organizational placement, and peer relationships 
to ensure that an effective process exists for organizational 
governance.
    I have touched on a number of key CIO roles that must be 
successfully addressed to ensure that an organization's IT investments 
are both efficiently and effectively utilized. The CIO must have 
effective control over the planning, authorization, resourcing, and 
implementation of all IT. Effective control means that the CIO can 
delegate the implementation of IT as long as the CIO retains oversight 
and sufficient management mechanisms in place to ensure compliance with 
CIO-approved plans. We believe the CIO should not delegate enterprise-
level planning, authorization and resourcing responsibilities.
    Let me turn attention to the organizational placement of the CIO. 
While ITAA recognizes the impact that attributes like culture and 
management style have on determining how to organize to optimize 
effectiveness, we believe that an organization is best able to leverage 
its IT if a CIO reports to the organization's most senior official. 
Such placement sends an important signal to the rest of the 
organization about the value of IT and its management and better 
enables the CIO to ensure an effective IT governance process. It better 
positions the CIO to develop working relationships with other key 
senior executives in an organization's leadership.
    We also believe that with such high organizational placement comes 
a responsibility to reach out to the organization to develop effective 
collaboration and governance processes. A seat at the executive table 
must be used to inject IT into the strategic mainstream, not isolate it 
from the rank and file. Elevating the CIO will help ensure that the 
broad needs of the organization are reflected in IT requirements and 
that efforts to standardize both IT and business processes receive 
appropriate representation.
    To summarize, IT is a critical component in helping organizations 
like the VA realize their strategic objectives. To harness the value of 
IT, the CIO maps agency mission and business process objectives to an 
information technology strategy. An enterprise architecture translates 
IT strategy into an actionable blueprint for moving from the here and 
now to the where we want to be. Although the CIO is ultimately 
responsible for the effective alignment of IT performance with agency 
mission, goals and objectives, this individual does not and must not 
operate in a vacuum. To be effective, the process must enjoy widespread 
agency support and buy-in, and must originate from the top down.
    I thank you for the opportunity to testify before the Committee on 
Veterans' Affairs. I will be pleased to address any questions you may 
have. ITAA will also be glad to meet with the Members of the Committee 
and their staffs on the important issues raised in this hearing.

    Chairman Craig. Thank you very much for that testimony, and 
also thank you for that invite. We will continue to work with 
you as we go through this.
    Now, Linda, let us turn to you, Linda Koontz, Director of 
Information Management, GAO.

STATEMENT OF LINDA D. KOONTZ, DIRECTOR, INFORMATION MANAGEMENT 
               ISSUES, UNITED STATES GOVERNMENT 
                     ACCOUNTABILITY OFFICE

    Ms. Koontz. Thank you, Mr. Chairman. I am pleased to be 
here today to discuss the organization of VA's information 
technology program. I will be discussing our previous work on 
the role of Chief Information Officers in the Federal 
Government and in the private sector, as well as providing 
information on the evolution of the CIO position at VA.
    As you know, under the Clinger-Cohen Act the Congress has 
mandated that Federal CIOs play a central role in managing 
information technology within Federal agencies. In this way 
CIOs can help ensure that agencies manage their information 
functions in a coordinated and integrated fashion, and thus 
improve the efficiency and effectiveness of Government programs 
and operations.
    In 2004 we reported that Federal CIOs were responsible for 
most of the key management areas we identified as required by 
statute or critical to effective information and technology 
management. All the CIOs were assigned responsibility for five 
key areas, for example, enterprise architecture and IT 
investment management, although they sometimes reported that 
they shared responsibility for these areas with other 
organizational units.
    Our past work also identified a number of organizational 
characteristics that contribute to CIO success. First, 
successful CIOs work with supportive senior executives who 
embrace the central role of technology in accomplishing mission 
objectives, and include the CIO as a full participant in senior 
decision-making.
    Second, successful CIOs have legitimate and influential 
roles in leading top managers to apply IT to business problems 
and needs. Placement of the position at an executive management 
level in the organization is important, but in addition, CIOs 
earn credibility and produce results by establishing effective 
working relationships with business units.
    Third, successful CIOs structure their organizations in 
ways that reflect a clear understanding of business and mission 
needs. This understanding is a prerequisite to aligning the 
CIO's office to best serve the agency. To do this, CIOs also 
need knowledge of business processes, market trends, the 
agency's current systems and available IT skills.
    To be successful, Federal CIOs must overcome a number of 
challenges. For example, according to a little over 80 percent 
of the CIOs, one major challenge is implementing effective IT 
management practices in such areas as information security, 
enterprise architecture, investment management, and e-
Government.
    In a study that we recently released, CIOs at leading 
private sector organizations reported responsibilities and 
challenges that were similar to those of their Federal 
counterparts. These private sector companies used both 
centralized and decentralized organizational structures, and 
several of the CIOs spoke of their efforts to achieve the right 
balance. In addition, most private sector companies had 
executive committees with authority and responsibility for 
governing major IT investments.
    In recent years the CIO position at VA and the Department's 
IT management, have received increased attention from VA 
leadership. For 2\1/2\ years after the passage of the Clinger-
Cohen Act in 1996, the Department went without a CIO. For 2 
years after that the CIO role was held by an executive who also 
had other major responsibilities. The Department then had an 
acting CIO for 1 year, and in August 2001 it appointed a full-
time permanent CIO.
    Subsequently, the Department proposed further strengthening 
the CIO position and centralizing IT management, recognizing 
that aspects of the VA computing environment were particularly 
challenging and required substantial management attention. In 
particular, the Department's information services and systems 
were highly decentralized, and a large proportion of the 
Department's IT budget was controlled by the VA's 
administrations and staff offices.
    To address these challenges the Secretary issued a memo in 
2002 announcing that IT functions, programs and funding would 
be centralized under the Department level CIO.
    Although we have not reviewed the current status of this 
proposed realignment or VA's current organizational structure, 
it remains our view that this realignment held promise for 
building a more solid foundation for investing in IT resources 
and improving the Department's accountability over those 
resources.
    The additional oversight afforded the CIO could have a 
significant impact on the Department's ability to more 
effectively account for and manage its approximately $2.1 
billion in planned IT spending.
    Mr. Chairman, that completes my statement. I would be happy 
to answer questions.
    [The prepared statement of Ms. Koontz follows:]

Prepared Statement of Linda D. Koontz, Director, Information Management 
         Issues, United States Government Accountability Office

    Mr. Chairman and Members of the Committee:
    Thank you for inviting us to take part in your discussion of the 
information technology organization at the Department of Veterans 
Affairs (VA) and the role of the Chief Information Officer (CIO). In 
carrying out its mission of serving our nation's veterans, the 
department relies heavily on information technology, for which it is 
requesting about $2.1 billion in funding for fiscal year 2006. The CIO 
will play a vital role in ensuring that this money is well spent and 
that information technology is managed effectively. As we have 
previously reported, an effective CIO can make a significant difference 
in building the institutional capacity that is needed to improve an 
agency's ability to manage information and technology and thus enhance 
program performance.
    At your request, we will discuss the role of CIOs in the Federal 
Government, present for comparison the results of our study of private-
sector CIOs, and provide a historical perspective on the roles and 
responsibilities of VA's CIO.
    In developing this testimony, we reviewed our previous work in this 
area. All work covered in this testimony was performed in accordance 
with generally accepted government auditing standards.

                            RESULTS IN BRIEF

    Since the Clinger-Cohen Act established the CIO position in 1996, 
federal CIOs have played a central role in managing information and 
technology within federal agencies. According to CIOs at major 
departments and agencies,' they generally held wide responsibilities 
and reported to their agency heads or other top level managers. In 
general, CIOs reported that they were responsible for key information 
and technology management areas; for example, all the CIOs were 
responsible for five key areas (capital planning and investment 
management, information security, IT human capital, strategic planning 
for information technology and information resource management, and 
enterprise architecture). In carrying out these responsibilities, the 
tenure of federal CIOs was often less than the length of time that some 
experts consider necessary for them to be effective and implement 
changes: the median tenure was about 2 years, and the most common 
response regarding time required to be effective was 3 to 5 years. In 
contrast, CIOs were generally helped in carrying out their 
responsibilities by the background and experience they brought to the 
job. Although their background was varied, most had background in 
information technology (IT) or related fields, many having previously 
served as CIOs; many also had business knowledge related to their 
agencies, having previously worked either at the agency or in an area 
related to its mission. Other factors that help CIOs meet their 
responsibilities effectively are described in guidance that we have 
issued; key among these are (1) being supported by senior executives 
who recognize the importance to their missions of IT and an effective 
CIO; (2) playing an influential role in applying IT to business needs; 
and (3) being able to structure their organizations appropriately. At 
the same time, CIOs cited several challenges, of which the two most 
frequently mentioned were implementing effective IT management and 
obtaining sufficient and relevant resources.
    Private-sector CIOs reported responsibilities, challenges, and 
approaches to information and technology governance that are similar 
but not identical to those of their federal counterparts. Most of the 
private-sector CIOs we contacted had either sole or shared 
responsibility for the key management areas we explored, which 
corresponded to those that we reported on in our federal agency review. 
Among the areas in which most of the private-sector CIOs had or shared 
responsibility, 18 or more of the 20 we contacted cited five 
information and technology management areas (capital planning and 
investment management, information security, human capital for managing 
information resources, systems acquisition, and e-commerce); the first 
three of these were also responsibilities of all federal CIOs, and the 
last two were responsibilities of 90 percent of federal CIOs. The 
challenges cited by the private-sector CIOs were also similar to those 
cited by federal CIOs. Both private-sector and federal CIOs noted 
improving various IT management processes (e.g., IT investment decision 
making), developing IT leadership and stalls, working with enterprise 
architectures, and ensuring the security of systems. To manage their 
IT, the private-sector companies used both centralized and 
decentralized organizational structures: in some, authority is 
centralized in the CIO's office, while in others, it is decentralized 
in the business units, depending on other events in the company such as 
strategic realignments and acquisitions. Most of the private-sector 
companies had executive committees with authority and responsibility 
for governing major IT investments. Many private-sector CIOs also told 
us that they were making efforts to move toward common business 
processes, such as by instituting cross-organizational teams to work on 
developing enterprise wide systems and standards.
    With regard to VA, both the CIO position and IT management have 
received increased management attention over time. After going for 2 
years after the passage of the Clinger-Cohen Act without a CIO, 
followed by 2 years with an executive whose time was divided among CIO 
and other major duties, and then 1 year with an acting CIO, the 
department appointed a full-time permanent CIO in August 2001. Since 
then, the department proposed further strengthening the position and 
centralizing IT management, recognizing that aspects of its computing 
environment were particularly challenging and required substantial 
management attention. In particular, the department's information 
systems and services were highly decentralized, and a large proportion 
of the department's IT budget was controlled by the VA's 
administrations and staff offices. To address these challenges, the 
Secretary issued a memo in 2002 announcing that IT functions, programs, 
and funding would be centralized under the department-level CIO. 
Although we have not reviewed the current status of this proposed 
realignment or VA's current organizational structure, it remains our 
view that the proposal held promise for improving IT accountability and 
enabling the department to accomplish its mission. The additional 
oversight afforded the CIO could have a significant impact on the 
department's ability to more effectively account for and manage its 
approximately $2.1 billion in planned IT spending.
    VA comprises three major components: the Veterans Benefits 
Administration (VBA), the Veterans Health Administration (VHA), and the 
National Cemetery Administration (NCA). VA's mission is summed up in 
its mission statement, a quotation from Abraham Lincoln: ``to care for 
him who shall have borne the battle and for his widow and his orphan.'' 
VA carries out this mission by providing benefits and other services to 
veterans and dependents.
    The department's vision is to be a more customer-focused 
organization, functioning as ``One VA.'' This vision stemmed from the 
recognition that veterans think of VA as a single entity, but often 
encountered a confusing, bureaucratic maze of uncoordinated programs 
that put them through repetitive and frustrating administrative 
procedures and delays. The ``One VA'' vision is to create versatile new 
ways for veterans to obtain services and information by streamlining 
interactions with customers and integrating IT resources to enable VA 
employees to help customers more quickly and effectively. This vision 
will require modifying or replacing separate information systems with 
integrated systems using common standards to the information across VA 
programs and with external partner organizations, such as the 
Department of Defense. Accordingly, effective management of its IT 
programs is vital to VA's successful achievement of its vision and 
mission.
    Table 1 shows a breakdown of VA's approximately $2.1 billion IT 
budget request for fiscal year 2006. Of the total, VHA accounted for 
approximately $1.8 billion, VBA approximately $150 million, and NCA 
approximately $11 million. The remaining $84 million was designated for 
the department level.

   Table 1.--Breakdown of VA's Fiscal Year 2006 Information Technology
                             Budget Request
                              [in millions]
------------------------------------------------------------------------
      Organization Request                                In percent
------------------------------------------------------------------------
VHA.............................  $1835.............  88%
VBA.............................    150.............  7%
NCA.............................     11.............  <1%
Department......................     84.............  4%
                                 --------------------
  Total.........................  $2,080............
------------------------------------------------------------------------
Spune: GAO analysis VA data.

             CIO PLAYS MAJOR ROLE IN FEDERAL IT MANAGEMENT

    The Congress has long recognized that IT has the potential to 
enable federal agencies to accomplish their missions more quickly, 
effectively, and economically. However, fully exploiting this potential 
presents challenges to agencies. Despite substantial IT investments, 
the federal government's management of information resources has 
produced mixed results. One of the ways in which the Congress has 
addressed this issue was to establish the CIO position; an agency's CIO 
is to serve as the focal point for information and technology 
management within an agency. In 1996, the Clinger-Cohen Act established 
the position of agency CIO and specified responsibilities for this 
position. Among these responsibilities, the Act required that the CIOs 
in the 24 major departments and agencies have information resources 
management (IRM) as their ``primary duty.''
    The Congress has mandated that CIOs should play a key leadership 
role in ensuring that agencies manage their information functions in a 
coordinated and integrated fashion in order to improve the efficiency 
and effectiveness of government programs and operations.''

            CIO RESPONSIBILITIES AND REPORTING RELATIONSHIPS

    CIOs have responsibilities that can contribute significantly to the 
successful implementation of information systems and processes. In July 
2004, we reported on CIO roles, responsibilities, and challenges (among 
other things) at 27 major agencies. For this work, we identified major 
areas of CIO responsibilities that were either statutory requirements 
or critical to effective information and technology management. 
Altogether, we identified the 13 areas shown in table 2.

               Table 2.--Major Areas of CIO Responsibility
------------------------------------------------------------------------

------------------------------------------------------------------------
Area of responsibility....................  IT capital planning and
                                             investment management
Description...............................  Planning and management of
                                             IT capital investments
Applicable laws...........................  44 U.S.C. 3506(h), 40 U.S.C.
                                             11312 & 11313
Records management........................  Ensuring that agency
                                             implements and enforces
                                             records management policies
                                             and procedures under the
                                             Federal Records Act 44
                                             U.S.C. 3506(f)
Information dissemination*................  Ensuring that information
                                             dissemination activities
                                             meet policy goals such as
                                             timely and equitable public
                                             access to information 44
                                             U.S.C. 3506(d)
Information disc1osure*...................  Ensuring appropriate
                                             information 44 U.S.C.
                                             3506(g) access under the
                                             Freedom of Information Act
Privacy...................................  Ensuring agency compliance
                                             44 U.S.C. 3506(g) with the
                                             Privacy Act and related
                                             laws
Area of responsibility....................  Description
Statistical policy and coordination.......  Performing statistical
                                             policy and coordination
                                             functions, including
                                             ensuring the relevance,
                                             accuracy, and timeliness of
                                             information collected or
                                             created for statistical
                                             purposes
Applicable laws...........................  44 U.S.C. 3506(e)
------------------------------------------------------------------------
Source: GAO analysis.

    ``Three areas of responsibility-enterprise architecture; systems 
acquisition, development, and integration; and government initiatives--
are not assigned to CIOs by statute; they are assigned to the agency 
heads by law or guidance. However, in virtually all agencies, the 
agency heads have delegated these areas of responsibility to their 
CIOs.
    For our later private-sector study, we combined Information 
dissemination and Information disclosure into a single function in 
order to increase these functions' relevance for private-sector CIOs.
    According to our report, CIOs were generally responsible for the 
key information and technology management areas shown in the table, 
although not all CIOs were completely responsible for all areas.'' For 
example:
    All the CIOs were responsible for the first five areas in the table 
(capital planning and investment management, enterprise architecture, 
information security, IT/IRM strategic planning, and IT/IRM human 
capital).
    More than half had responsibility for six additional areas (major 
government initiatives, systems acquisition, information collection/
paperwork reduction, records management, information dissemination, and 
privacy).
    Fewer than half were responsible for two areas (information 
disclosure and statistics).
    It was common for CIOs to share responsibility for certain 
functions, and in some cases responsibilities were assigned to other 
offices. For example, systems acquisition responsibility could be 
shared among the CIO and other officials, such as a procurement 
executive or program executive; disclosure could be assigned to general 
counsel and public affairs, while statistical policy could be assigned 
to offices that deal with the agency's data analysis. Nevertheless, 
even for areas of responsibility that were not assigned to CIOs, agency 
CIOs generally reported that they contributed to the successful 
execution of the agency's overall responsibilities in that area.
    In carrying out their responsibilities, CIOs generally reported to 
their agency heads. For 19 of the agencies in our review, the CIOs 
stated that they had this reporting relationship. In the other 8 
agencies, the CIOs stated that they reported instead to another senior 
official, such as a deputy secretary, under secretary, or assistant 
secretary. In addition, 8 of the 19 CIOs who said they had a direct 
reporting relationship with the agency head noted that they also 
reported to another senior executive, usually the deputy secretary or 
under secretary for management, on an operational basis. According to 
members of our Executive Council on Information Management and 
Technology, what is most critical is for the CIO to report to a top 
level official.

                     TENURE AND BACKGROUNDS OF CIOS

    Federal CIOs often remained in their positions for less than the 
length of time that some experts consider necessary for them to be 
effective and implement changes. At the departments and agencies 
included in our review, the median time in the position of permanent 
CIOs whose time in office had been completed was about 23 months. For 
career CIOs, the median was 32 months; the median for political 
appointees was 19 months. To the question of how long a CIO needed to 
stay in office to be effective, the most common response of the CIOs 
(and former agency IT executives whom we consulted) was 3 to 5 years. 
Between February 10, 1996, and March 1, 2004, only about 35 percent of 
the permanent CIOs who had completed their time in office reportedly 
had stayed in office for a minimum of 3 years. The gap between actual 
time in office and the time needed to be effective is consistent with 
the view of many agency CIOs that the turnover rate was high, and that 
this rate was influenced by the political environment, the pay 
differentials between the public and private sectors, and the 
challenges that CIOs face.
    In contrast, the CIOs at the 27 agencies were generally helped in 
carrying out their responsibilities by the background and experience 
they brought to the job. The background of the CIOs varied in that they 
had previously worked in the government, the private sector, or 
academia, and they had a mix of technical and management experience. 
However, virtually all had work experience or educational backgrounds 
in IT or IT-related fields; 12 agency CIOs had previously served in a 
CIO or deputy CIO capacity. Moreover, most of them had business 
knowledge related to their agencies because they had previously worked 
at the agency or had worked in an area related to the agency's mission.

                 SUCCESS FACTORS AND CHALLENGES OF CIOS

    To allow CIOs to serve effectively in the key leadership role 
envisioned by the Congress, federal agencies should use the full 
potential of CIOs as information and technology management leaders and 
active participants in the development of the agency's strategic plans 
and policies. The CIOs, in turn, must meet the challenges of building 
credible organizations and developing and organizing information and 
technology management capabilities to meet mission needs.
    In February 2001, we issued guidance on the effective use of CIOs, 
which describes the following three factors as key contributors to CIO 
success:
     Supportive senior executives embrace the central role of 
technology in accomplishing mission objectives and include the CIO as a 
full participant in senior executive decision making.
     Effective CIOs have legitimate and influential roles in 
leading top managers to apply IT to business problems and needs. 
Placement of the position at an executive management level in the 
organization is important, but in addition, effective CIOs earn 
credibility and produce results by establishing effective working 
relationships with business unit heads.
     Successful CIOs structure their organizations in ways that 
reflect a clear understanding of business and mission needs. Along with 
knowledge of business processes, market trends, internal legacy 
structures, and available IT skills, this understanding is necessary to 
ensure that the CIO's office is aligned to best serve agency needs.
    The CIO study that we reported on in July 2004 also provides 
information on the major challenges that federal CIOs face in 
fulfilling their duties. In particular, CIOs view IT governance 
processes, funding, and human capital as critical to their success, as 
indicated by two challenges that were cited by over 80 percent of the 
CIOs: implementing effective information technology management and 
obtaining sufficient and relevant resources.

                        EFFECTIVE IT MANAGEMENT

    Leading organizations execute their information technology 
management responsibilities reliably and efficiently. A little over 80 
percent of the CIOs reported that they faced one or more challenges 
related to implementing effective IT management practices at their 
agencies. This is not surprising given that, as we have previously 
reported, the government has not always successfully executed the IT 
management areas that were most frequently cited as challenges by the 
CIOs-information security, enterprise architecture, investment 
management, and e-gov.

                   SUFFICIENT AND RELEVANT RESOURCES

    One key element in ensuring an agency's information and technology 
success is having adequate resources. Virtually all agency CIOs cited 
resources, both in dollars and staff, as major challenges. The funding 
issues cited generally concerned the development and implementation of 
agency IT budgets and whether certain IT projects, programs, or 
operations were being adequately funded.
    We have previously reported that the way agency initiatives are 
originated can create funding challenges that are not found in the 
private sector. For example, certain information systems may be 
mandated or legislated, so the agency does not have the flexibility to 
decide whether to pursue them. Additionally, there is a great deal of 
uncertainty about the funding levels that may be available from year to 
year.
    The government also faces long-standing and widely recognized 
challenges in maintaining a high-quality IT workforce. In 1994 and 
2001, we reported on the importance that leading organizations placed 
on malting sure they had the right mix of skills in their IT workforce. 
About 70 percent of the agency CIOs reported on a number of substantial 
IT human capital challenges, including, in some cases, the need for 
additional staff. Other challenges included recruiting, retention, 
training and development, and succession planning.
    In addition, two other commonly cited challenges were communicating 
and collaborating (both internally and externally) and managing change.

                    COMMUNICATING AND COLLABORATING

    Our prior work has shown the importance of communication and 
collaboration, both within an agency and with its external partners. 
For example, one of the critical success factors we identified in our 
guide focuses on the CIO's ability to establish his or her organization 
as a central player in the enterprise. Ten agency CIOs reported that 
communication and collaboration were challenges. Examples of internal 
communication and collaboration challenges included: (1) cultivating, 
nurturing, and maintaining partnerships and alliances while producing 
results in the best interest of the enterprise; and (2) establishing 
supporting governance structures that ensure two-way communication with 
the agency head and effective communication with the business part of 
the organization and component entities. Other CIOs cited activities 
associated with communicating and collaborating with outside entities 
as challenges, including sharing information with partners and 
influencing the Congress and OMB.

                            MANAGING CHANGE

    Top leadership involvement and clear lines of accountability for 
making management improvements are critical to overcoming an 
organization's natural resistance to change, marshaling the resources 
needed to improve management, and building and maintaining 
organization-wide commitment to new ways of doing business. Some CIOs 
reported challenges associated with implementing both changes 
originating from their own initiative and changes from outside forces. 
Implementing major IT changes can involve not only technical risks but 
also non-technical risks, such as those associated with people and the 
organization's culture. Six CIOs cited dealing with the government's 
culture and bureaucracy as challenges to implementing change. Former 
agency IT executives also cited the need for cultural changes as a 
major challenge facing CIOs. Accordingly, in order to effectively 
implement change, it is important that CIOs build understanding, 
commitment, and support among those who will be affected by the change.
    Effectively tackling these reported challenges can improve the 
likelihood of a CIO's success. Until these challenges are overcome, 
federal agencies are unlikely to optimize their use of information and 
technology, which can affect an organization's ability to effectively 
and efficiently implement its programs and missions.
    The CIO Position in the Private Sector Has Similarities to the 
Federal CIO Position.
    In September 2005, we reported the results of our study of CIOs at 
leading private-sector organizations, in which we described the CIOs' 
responsibilities and major challenges, as well as private-sector 
approaches to information and technology governance.
    The set of responsibilities assigned to CIOs in the private sector 
were similar to those in the federal sector. In most areas, there was 
little difference between the private and federal sectors in the 
percentage of CIOs who had or shared a particular responsibility. In 4 
of the 12 areas--enterprise architecture, strategic planning, 
information collection, and information dissemination and disclosure--
the difference between the private- and federal-sector CIOs was 
greater; in each case, fewer CIOs in the private sector had these 
responsibilities. In all, the six functions least likely to be the 
CIO's responsibility in the federal sector were equivalent to the five 
functions least likely to be his or her responsibility in the private 
sector. Some of the federal CIOs functions, such as information 
collection and statistical policy, did not map directly to the 
management areas in several of the private-sector organizations we 
contacted.
    Figure 1 compares federal and private-sector CIO responsibilities 
for the 12 areas, showing the percentage of CIOs who had or shared 
responsibility for each area.

FIGURE 1: COMPARISON OF THE EXTENT TO WHICH PRIVATE-SECTOR AND FEDERAL 
               CIOS ARE RESPONSIBLE FOR MANAGEMENT AREAS.

    Federal CIOs Private CIOs.

    Source: W.
    Among the private-sector CIOs, it was common to share 
responsibility with either business units or corporate functional 
areas; these sharing relationships accounted for almost a third of all 
responses. Among federal CIOs, the sharing of responsibility was not 
described in as many areas.

              CHALLENGES IDENTIFIED BY PRIVATE-SECTOR CIOS

    Approximately half of all the private-sector CIOs described four 
major challenges:
     Aligning IT with business goals was cited by 11 of the 
CIOs. This challenge requires the CIOs to develop IT plans to support 
their companies' business objectives. In many cases this entails cross-
organization coordination and collaboration.
     Implementing new enterprise technologies (e.g., radio 
frequency identification, enterprise resource planning systems, and 
customer relationship management systems) was cited by 8 of the CIOs. 
This challenge requires the broad coordination of business and 
corporate units.
     Controlling IT costs and increasing efficiencies was cited 
by 9 of the CIOs. Several CIOs explained that by controlling costs and 
providing the wane or better service at lower cost, they are able to 
contribute to their companies' bottom lines. A few CIOs also said that 
they generate resources for new investments out of the resources freed 
up by cost savings.
     Ensuring data security and integrity was cited by 9 of the 
CIOs. Closely associated with this challenge was ensuring the privacy 
of data, which was raised by 6 CIOs.
    Additional management challenges commonly raised by the private-
sector CIOs included:
     developing IT leadership and skills (7),
     managing vendors, including outsourcing (7),
     improving internal customer satisfaction (5).
    Additional technical challenges commonly raised by the private-
sector CIOs included:
     implementing customer service/customer relationship 
management (CRM) systems (7),
     identifying opportunities to leverage new technology (6),
     integrating and enhancing systems and processes (5), and
     rationalizing IT architecture (5).
    The challenges mentioned by the private-sector CIOs overlapped with 
those mentioned by Federal CIOs in our previous study. Improving 
various IT management processes was mentioned by several private-sector 
CIOs (e.g., IT investment decision making) as well as by federal CIOs, 
as was developing IT leadership and skills. In technology-related 
areas, both private-sector and federal CIOs mentioned working with 
enterprise architectures and ensuring the security of systems as 
challenges. Although the challenges mentioned by private-sector CIOs 
resembled those mentioned by federal CIOs, there were a few 
differences. Private-sector CIOs mentioned challenges related to 
increasing IT's contribution to the bottom line--such as controlling 
costs, increasing efficiencies, and using technology to improve 
business processes--while federal CIOs tended to mention overcoming 
organizational barriers and obtaining sufficient resources.

                  IT GOVERNANCE IN THE PRIVATE SECTOR

    When asked to describe how the governance of information management 
and technology is carried out in their companies, 16 of the 20 private-
sector companies told us that they had an executive committee with the 
authority and responsibility for governing major IT investments. As 
part of the governance of IT assets in their companies, nine of the 
CIOs said that they shared responsibility for IT investment management 
and that their involvement ranged from providing strong leadership to 
reviewing plans to ensure that they complied with corporate standards.
    Many of the private-sector CIOs were actively working to increase 
coordination among business units to enhance their governance process. 
Seven of the CIOs described efforts under way to implement enterprise-
wide financial and supply chain systems, which will move the companies 
to common business processes. Six CIOs also described using cross-
organizational teams (sometimes called centers of excellence), which 
drive these broad collaborative efforts and others, such as the 
establishment of standards and common practices.
    With regard to the governance of the development of new systems, 
many of the private-sector CIOs described a process in which they 
collaborated closely with business units and corporate functional units 
in planning and developing systems to meet specific needs.
    The extent of the CIOs' involvement ranged from providing strong 
leadership and carrying out most activities to reviewing the other 
components' plans to ensure that they complied with corporate 
standards.
    With regard to sharing authority for decisions on the management of 
IT assets, several CIOs spoke of balancing between centralization and 
decentralization of authority and described their efforts to move 
between the two extremes to find the right balance. The appropriate 
balance depended on other events occurring in the companies, such as 
major strategic realignments or acquisitions. For example, one CIO 
described his current evolution from a relatively decentralized 
structure--an artifact of a major effort to enable growth in the 
corporation--to a more centralized structure in order to reduce costs 
and drive profits.

ROLES AND RESPONSIBILITIES OF THE CIO POSITION AT VA HAVE EVOLVED OVER 
                                  TIME

    Since enactment of the Clinger-Cohen Act in 1996, the roles and 
responsibilities of VA's Chief Information Officer have evolved. From 
lacking a CIO entirely, the department has taken steps to address the 
challenges posed by its multiple widespread components and its 
decentralized information technology and services. In June 1998, VA 
assigned CIO responsibility to a top manager. However, we reported in 
July 1998 that the person holding the CIO position at VA had multiple 
additional major responsibilities, as this person also served as 
Assistant Secretary for Management, Chief Financial Officer, and Deputy 
Assistant Secretary for Budget. According to the Act, the CIO's primary 
responsibility should be information and technology management. Noting 
that VA's structure was decentralized, its IT budget was large, and its 
CIO faced serious information and technology management issues, we 
recommended that the Secretary appoint a CIO with full-time 
responsibilities for IRM. Concurring with the recommendation, VA 
established the position of Assistant Secretary for Information and 
Technology to serve as its CIO.
    As of May 2000, however, the position of Assistant Secretary for 
Information and Technology was vacant, and as we reported at the time, 
it had been unfilled since its creation in 1998. The Secretary then 
created and filled the position of Principal Deputy Assistant Secretary 
for Information and Technology, designating that person as VA's acting 
CIO until an Assistant Secretary could be appointed. The Secretary also 
realigned IRM functions within VA under this position, which reported 
directly to the Secretary.
    As we reported, the Principal Deputy Assistant Secretary was 
involved in IT planning issues across the department. In addition to 
advising the Secretary on IT issues, he served as chair of the 
department's CIO Council and as a member of the department's Capital 
Investment Board, and he worked with the CIOs in VBA and VHA (at the 
time, NCA had no CIO). According to this official, one of his 
priorities was to ensure that IT activities in VBA and VHA were in 
concert with VA's department-wide efforts.
    In August 2001, VA filled the CIO position. In March 2002, we 
testified that this hiring was one of the important strides that the 
Secretary of Veterans Affairs had made to improve the department's IT 
leadership and management, along with malting a commitment to reform 
the department's use of IT.
    On June 29, 2003, the CIO retired after a tenure of almost 2 years 
(about the median length of tenure for federal CIOs, as discussed 
above); the current CIO was confirmed in January 2004.
    Figure 1 is a time line showing the history of the CIO position at 
VA since the passage of the Clinger-Cohen Act.

[GRAPHIC] [TIFF OMITTED] T5790.042

     VA PROPOSED TO REALIGN ITS IT ORGANIZATION IN RESPONSE TO IT 
                         MANAGEMENT CHALLENGES

    Our prior work highlighted some of the challenges that the CIO 
faced as a result of the way the department was organized to carry out 
its IT mission. Among these challenges was that information systems and 
services were highly decentralized, and the VA administrations and 
staff offices controlled a majority of the department's IT budget. For 
example, in VA's information technology budget for fiscal year 2002 of 
approximately $1.25 billion, YHA controlled about $1.02 billion (over 
80 percent), whereas the department level controlled about $60.2 
million (less than 5 percent).
    In addition, we noted that there was neither direct nor indirect 
reporting to VA's cyber security officer--the department's senior 
security official--thus raising questions about this person's ability 
to enforce compliance with security policies and procedures and ensure 
accountability for actions taken throughout the department. The more 
than 600 information security officers in VA's three administrations 
and its many medical facilities throughout the country were responsible 
for ensuring the department's information security, although they 
reported only to their facility's director or to the chief information 
officer of their administration.
    Given the large annual funding base and decentralized management 
structure, we testified that it was crucial for the departmental CIO to 
ensure that well-established and integrated processes for leading, 
managing, and controlling investments are commonplace and followed 
throughout the department. This is consistent with the finding in our 
CIO review that implementation of IT management practices was a 
challenge; over half of federal CIOs identified IT investment 
management specifically.
    Recognizing weaknesses in accountability for the department's IT 
resources and the need to reorganize IT management and financing, the 
Secretary announced a realignment of the department's IT operations in 
a memorandum dated August 2002. According to the memorandum, the 
realignment would centralize IT functions, programs, workforce 
personnel, and funding into the office of the department-level CIO. In 
particular, several significant changes were described:
     The CIOs in each of the three administrations-VHA, VBA, 
and NCA--were to be designated deputy CIOs and were to report directly 
to the department-level CIO. Previously, these officials served as 
component-level CIOs who reported only to their respective 
administrations under secretaries.
     All administration-level cyber security functions were to 
be consolidated under the department's cyber security office, and all 
monies earmarked by VA for these functions were to be placed under the 
authority of the cyber security officer. Information security officers 
previously assigned to VHA's 21 veterans integrated service network 
would report directly to the cyber security officer, thus extending the 
responsibilities of the cyber security office to the field.
    Beginning in fiscal year 2003, the department level CIO would 
assume executive authority over VA's IT funding.
    In September 2002, we testified that in pursuing these reforms, the 
Secretary demonstrated the significance of establishing an effective 
management structure for building credibility in the way IT is used, 
and took a significant step toward achieving a ``One VA'' vision. The 
Secretary's initiative was also a bold and innovative step by the 
department--one that has been undertaken by few other federal agencies. 
For example, of 17 agencies contacted in 2002, 8 reported having 
component level CIOs, none of which reported to the department level 
CIO. Only one agency with component-level CIOs reported that its 
department-level CIO had authority over all IT funding.
    We also noted that the CIO's success in managing IT operations 
under the realignment would hinge on effective collaboration with 
business counterparts to guide IT solutions that meet mission needs, 
and we pointed out the importance of the three key contributors to CIO 
success described in our 2001 guidance (discussed earlier).
    Although we have not reviewed the current status of this proposed 
realignment or VA's current organizational structure, it remains our 
view that the proposed realignment held promise for building a more 
solid foundation for investing in and improving the department's 
accountability over IT resources. Specifically, under the realignment 
the CIO would assume budget authority over all IT funding, including 
authority to veto proposals submitted from sub-department levels. This 
could have a significant effect on VA's accountability for how 
components are spending money.
    To sum up, the CIO plays a vital role in ensuring that VA's funds 
are well spent and in managing information technology to serve our 
nation's veterans. In our view, the realignment of VA's IT organization 
proposed in 2002 held promise for improving accountability and enabling 
the department to accomplish its mission. The additional oversight 
afforded the CIO could have a significant impact on the department's 
ability to more effectively account for and manage its proposed $2.1 
billion in planned IT spending.
    Mr. Chairman, this concludes my statement. I would be pleased to 
respond to any questions that you or other Members of this Committee 
may have at this time.

    Chairman Craig. Thank you very much, Linda.
    Paul, you stated in your testimony that the CIO should not 
delegate enterprise level planning, authorization or resourcing 
responsibilities, and that the CIO should report to the 
organization's most senior officer. Can you cite an example of 
another government entity with whom ITAA organizations have 
contracted, that from your vantage point, have achieved this 
organizational structure, and how has that led to a successful 
IT strategy?
    Mr. Wohlleben. Mr. Chairman, I do not believe that I can 
cite a single large department that has achieved all aspects of 
that. There are some small independent agencies that I think 
have moved in the direction where the CIO is charged, 
responsible, and executes against all of those.
    By the same token, I have not pursued a study of all of 
those organizations. I am sort of speaking from an ad hoc 
basis.
    Chairman Craig. All right. Also in your testimony you 
stated that the IT business process must originate from the top 
down. VA, however, believes that much of the credit for its 
success in electronic health records is directly due to some 
very decentralized initiatives. Do you believe that there is an 
appropriate balance to be struck between planning, 
authorization, resourcing and implementation of a macro-program 
level, and less centralization at a micro-project level? In 
short, should VA vest total control in its CIO?
    Mr. Wohlleben. My experience with Government organizations 
in general--and I would prefer not to speak to VA specifically 
because I do not claim to be an expert on their internal 
culture--but in general, our position at ITAA is that the 
planning that involves the vision and the strategy needs to be 
centrally controlled and that should be a duty of the CIO. That 
involves the control of the strategy and the budgeting and 
resourcing of that strategy in terms of execution plans.
    Depending on the nature of an organization and its mission, 
the execution of that plan could be accomplished centrally or 
could be accomplished in a more decentralized approach where 
those responsibilities are delegated.
    If I could further explain that, where you have an 
organization that has, across the enterprise their mission is 
either the same or has attributes of a common mission, the 
centralized model is one that can be executed. Where you have 
missions that differ, where people at the local level who are 
executing that mission understand how you carry out that 
mission much better, it is imperative that those people be 
involved in the design of the systems that are going to support 
them. If they are not, our finding, and I believe the finding 
in both commercial and in Government sectors over time, has 
been that those systems are not able to be developed to meet 
those requirements of the people who are actually executing the 
work and carrying out the mission.
    Chairman Craig. Linda, your testimony has indicated that 
the average tenure of Federal CIOs is less than the length of 
time that any consider necessary to implement the policies that 
a CIO is expected to implement. VA is certainly no exception. 
With that said, should the Government expect CIOs to do less, 
or do we believe that there are any strategies the Government 
can implement to encourage CIOs to remain in their positions 
longer?
    Ms. Koontz. When we did our study on Federal CIOs that we 
issued in 2004, I think that we said the average tenure was 
around 23 months, which was about 2 years. CIOs at the same 
time said that staying in a position for about 3 to 5 years was 
really the amount of time that was needed in order to show any 
kind of results or to make an impact.
    Some of the major things that were cited in terms of the 
turnover by CIOs were the differences in salary between the 
private sector and the public sector, and also the scope of 
responsibilities that are involved in being a public sector 
CIO. We actually have some ongoing work looking at various 
governance models, and we are continuing to study the 
appropriate responsibilities for a CIO in a public setting.
    Chairman Craig. Most private sector companies authorize and 
govern major IT investments by executive committees, we are 
told, and I think you reference that also, Paul. The Federal 
Government is not a private sector corporation. Still, do you 
believe the Government should consider management of large IT 
investments through the use of an executive committee, and do 
you think this could help our continuity efforts, given that 
different committee members may stay with Government employment 
for longer tenures than the average CIO? I mean in examining 
this, has that been a part of your consideration?
    Ms. Koontz. Yes, that has clearly been part of our 
consideration. When we talk about an executive committee 
responsible for overseeing IT investments, I think what we are 
talking about is having some kind of IT investment process. 
What we have noted from our studies is that, just as my 
colleague here mentioned in his testimony, that developing 
systems is a collaborative process, and both the CIOs and the 
business units need to be involved. Bringing together the 
executives who all have a stake in this, including the CIO, to 
make decisions about investments, is very, very important. If 
you have a strong investment process in place, I think it 
actually transcends changes in individual personnel or even 
maybe changes in administrations that take place because you 
have a strong process for bringing the right people to the 
table.
    One feature that we think is critical though in an 
investment management process is that the CIO have veto power 
over proposed investments, and the reason is, is that in that 
way the CIO can ensure that any proposed projects that are 
brought to him by the administrations or that are centrally 
proposed, fit with the enterprise architecture and they meet 
the various network and other standards that are in place, and 
that they meet security requirements. He uses an enterprise 
architecture in order to ensure that there is an enterprise 
approach, and that systems are not duplicative, but they are 
integrated.
    So, yes, that is a feature that is important in both the 
private and the public sectors, and can help any organization 
do more effective IT management.
    Chairman Craig. Paul, any comments on that question?
    Mr. Wohlleben. I would agree, Mr. Chairman. The way I would 
describe the introduction of the enterprise architecture into 
an organization and the utility, the enterprise architecture, 
if agreed to by the senior leadership team as capturing the 
intended business processes and the use of technology that the 
organization is moving towards, it gives the CIO and whatever 
governance committee is being used to look at IT investments, 
something to compare the investments, and gives them a very, 
very strong tool to enforce compliance to a blueprint to move 
to the future, or to veto investments that are not in 
compliance, and it is a tool that is just now coming onto the 
scene in the Federal Government, but maturing to the point 
where it is useful.
    Chairman Craig. We have a unique challenge here in 
transitioning government into the 21st century, gaining the 
efficiencies that we see in the private sector in these areas, 
and still sustaining core missions as attended. Even with 
executive committees, the reality of the politics involved when 
you have an executive committee of 575 Members of the United 
States Congress----
    [Laughter.]
    Chairman Craig. Yet, I would suggest in all of that 
frustration the absolute need for continuance, continuity and 
all of that for the sake of those who these agencies serve, but 
also the efficiency of the resources that are employed in these 
agencies.
    We appreciate your testimony, and we will more than likely 
be back, ask you to revisit this along the way, as we stay in 
tune with what the VA is doing. We are not going to say 
``attempting to do,'' but ``will be doing'' to get the kind of 
changes necessary, and the evolution of the culture to where it 
is most efficient.
    Thank you all very much for being with us today, and the 
committee will stand adjourned.
    [Whereupon, at 11:40 a.m., the committee was adjourned.]


                            A P P E N D I X

                              ----------                              

[GRAPHIC] [TIFF OMITTED] T5790.001

[GRAPHIC] [TIFF OMITTED] T5790.002

[GRAPHIC] [TIFF OMITTED] T5790.003

[GRAPHIC] [TIFF OMITTED] T5790.004

[GRAPHIC] [TIFF OMITTED] T5790.005

[GRAPHIC] [TIFF OMITTED] T5790.006

[GRAPHIC] [TIFF OMITTED] T5790.007

[GRAPHIC] [TIFF OMITTED] T5790.008

[GRAPHIC] [TIFF OMITTED] T5790.009

[GRAPHIC] [TIFF OMITTED] T5790.010

[GRAPHIC] [TIFF OMITTED] T5790.011

[GRAPHIC] [TIFF OMITTED] T5790.012

[GRAPHIC] [TIFF OMITTED] T5790.013

[GRAPHIC] [TIFF OMITTED] T5790.014

[GRAPHIC] [TIFF OMITTED] T5790.015

[GRAPHIC] [TIFF OMITTED] T5790.016

[GRAPHIC] [TIFF OMITTED] T5790.017

[GRAPHIC] [TIFF OMITTED] T5790.018

[GRAPHIC] [TIFF OMITTED] T5790.019

[GRAPHIC] [TIFF OMITTED] T5790.020

[GRAPHIC] [TIFF OMITTED] T5790.021

[GRAPHIC] [TIFF OMITTED] T5790.022

[GRAPHIC] [TIFF OMITTED] T5790.023

[GRAPHIC] [TIFF OMITTED] T5790.024

[GRAPHIC] [TIFF OMITTED] T5790.025

[GRAPHIC] [TIFF OMITTED] T5790.026

[GRAPHIC] [TIFF OMITTED] T5790.027

[GRAPHIC] [TIFF OMITTED] T5790.028

[GRAPHIC] [TIFF OMITTED] T5790.029

[GRAPHIC] [TIFF OMITTED] T5790.030

[GRAPHIC] [TIFF OMITTED] T5790.031

[GRAPHIC] [TIFF OMITTED] T5790.032

[GRAPHIC] [TIFF OMITTED] T5790.033

[GRAPHIC] [TIFF OMITTED] T5790.034

[GRAPHIC] [TIFF OMITTED] T5790.035

[GRAPHIC] [TIFF OMITTED] T5790.036

[GRAPHIC] [TIFF OMITTED] T5790.037

[GRAPHIC] [TIFF OMITTED] T5790.038

[GRAPHIC] [TIFF OMITTED] T5790.039

[GRAPHIC] [TIFF OMITTED] T5790.040

[GRAPHIC] [TIFF OMITTED] T5790.041

  

                                  
