|
VA Watchdog Stuff...
cups, hats, shirts...
click on item to order
and support the site.
Be sure to get all four
VA Watchdog dot Org
RSS feeds --
Daily VA
News Flashes
House CVA
Veterans' News
Senate CVA
Veterans' News
VA Press
Releases
Download your
free copy of the
2008 VA benefits
handbook here...
|
Printer-Friendly Version
GAO REPORT ON VA'S COMPUTER EQUIPMENT LOSSES --
VA could not locate 62,800 computer items, of
which
9,800 could have stored sensitive information.
But,
VA has no idea what data was on those devices.
There were four GAO reports about the VA this
past week...and none of them were good news.
This one is about computer (IT, which stands for
Information Technology) equipment. Looks like it just grows legs and
takes a walk.
For more about VA data loss problems, go to this
page...
http://www.vawatchdog.org/va%20data%20theft%20news.htm
For more GAO reports about the VA, use the VA
Watchdog search engine...click here...
http://www.yourvabenefits.org/sessearch.php?q=gao&op=and
Full GAO report here...
http://www.gao.gov/new.items/d08918.pdf
Highlights here...
http://www.gao.gov/highlights/d08918high.pdf
Summary here...
http://www.gao.gov/docsearch/abstract.php?rptno=GAO-08-918
Summary below:
-------------------------
Veterans Affairs: Continued Action Needed
to Reduce IT Equipment Losses and Correct Control Weaknesses
GAO-08-918 July 31, 2008
In July 2004, GAO reported that the six Department of Veterans Affairs
(VA) medical centers it audited lacked a reliable property control
database and effective inventory policies and procedures. In July 2007,
GAO reported that continuing internal control weaknesses over IT equipment
at four case study
 locations
at VA resulted in an increased risk of theft, loss, and misappropriation
of IT equipment assets. GAO's two reports included 18 recommendations to
improve internal control over IT equipment. GAO was asked to perform a
follow-up audit to determine (1) whether VA has made progress in
implementing GAO's prior recommendations for improving internal control
over IT equipment and (2) the effectiveness of VA's current internal
controls to prevent theft, loss, or misappropriation of IT equipment. GAO
reviewed policies and other pertinent documentation, statistically tested
IT equipment inventory controls at four geographically disparate
locations, and interviewed VA officials.
VA has made significant progress in addressing prior GAO recommendations
to improve controls over IT equipment. Of the 18 recommendations GAO made
in its two earlier reports, VA completed action on 14 recommendations,
partially implemented action on 2 recommendations, and is working to
address the 2 remaining open recommendations. These recommendations
focused on strengthening policies and procedures to establish a framework
for accountability and control of IT equipment. If effectively
implemented, VA's July 2008 policy changes would address many of the
control weaknesses GAO identified. Mandated early implementation of this
new policy addresses user-level accountability and requirements for
strengthening physical security. In addition, to determine the extent of
inventory control weaknesses over its IT equipment, VA performed a
departmentwide physical inventory in 2007. However, as of May 15, 2008, VA
reported that it could not locate about 62,800 IT equipment items, of
which 9,800 could have stored sensitive information. Because VA does not
know what, if any, sensitive information resided on the equipment,
potentially affected individuals could not be notified. GAO's statistical
tests of IT equipment inventory controls from February through May 2008 at
four locations identified continuing control weaknesses, including missing
items, lack of accountability, and errors in IT equipment inventory
records. Although these control weaknesses may be addressed through early
implementation of the July 2008 policies, the fact that GAO identified
missing items only a few months after these locations had completed their
physical inventories is an indication that underlying weaknesses in
accountability over IT equipment have not yet been corrected. GAO's tests
identified 50 missing items, of which 34 could have stored sensitive data,
but again, notifications to individuals could not be made. Further, the
lack of user-level accountability and inaccurate records on status,
location, and item description of IT equipment items at the four case
study locations make it difficult to determine the extent to which actual
theft, loss, or misappropriation of IT equipment may have occurred. In
addition, the four locations had weaknesses in controls over hard drives
in the property disposal process as well as physical security weaknesses
at IT storage facilities. These control weaknesses present a risk that VA
could lose control over new, used, and excess IT equipment and that any
sensitive personal and medical information residing on hard drives in this
equipment could be compromised.
-------------------------
Press release here...
http://www.vawatchdog.org/08/hcva08/hcva073108-1.htm
Press release below:
-------------------------
VA Spends Billions on ‘Miscellaneous
Expenditures’
Subcommittee Demands Greater
Accountability
For more information, contact: Brian Lawrence, (202) 225-3527
Washington, D.C. —The Subcommittee on Oversight and Investigations held a
hearing today to investigate the findings of a government report on a
questionable means of procuring goods and services within the Department
of Veterans Affairs (VA).
The U.S. Government Accountability
Office (GAO) report on VA’s use of its “miscellaneous obligations” account
stemmed from a joint letter sent on October 5, 2007, by Subcommittee
Chairman, Harry Mitchell (D-Ariz.) and Subcommittee Ranking Member, Ginny
Brown-Waite (R-Fla.). The Subcommittee leaders directed GAO to look at
purchases made through the account and determine if VA policies provide
adequate controls over the use of miscellaneous obligations.
The audit revealed that $9.6 billion, out of total of $12 billion in
purchases, was paid for through the miscellaneous obligations account. GAO
concluded that use of the account was excessive and that it reflected
serious deficiencies in internal financial control that left VA vulnerable
to waste, fraud, and abuse. VA’s witness at the hearing acknowledged that
use of the account is excessive and concurred that with GAO’s findings.
“The fact that the VA is unable to identify how billions of dollars are
being spent underscores the urgent need to review and refine a process
that is clearly broken,” said Representative Brian Bilbray (R-Calif.).
“Stewardship of taxpayer dollars needs to be more than just a
‘miscellaneous obligation’. This gravely concerns me, as well as several
of my colleagues on both sides of the aisle, and I believe it is important
to get to the root of this problem.”
Steve Buyer (R-Ind.), the Ranking Member of the full Committee on Veterans
Affairs, also weighed in on the issue and expressed concern over use of
the account.
“GAO’s findings illustrate that VA’s overuse of the miscellaneous
obligations account to pay for services and products increases its
vulnerability to fraud, waste, and abuse,” Buyer said. “It also can be a
convenient ‘end-around’ to avoid the competitive process for procurement
contracts. VA should discontinue this risky process immediately and
implement safeguards against abuse. I can assure that this committee will
continue to conduct extensive oversight on this issue.”
-------------------------
posted by Larry
Scott
Founder and Editor
VA Watchdog dot Org
Don't forget to read all of today's VA
News Flashes (click here)
Click here to make VA Watchdog dot Org your homepage
email Larry
(go
back to VA Watchdog dot Org Home Page) |
Military
Medical Malpractice
Legal
Network
VA Watchdog Stuff...
cups, hats, shirts...
click on item to order
and support the site.
|
