[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]
VA IT INFRASTRUCTURE REORGANIZATION
REORGANIZATION AND THE ROLE
OF THE CIO
----------------------------------------------------------------------------
HEARING
before the
COMMITTEE ON
VETERANS' AFFAIRS
HOUSE OF REPRESENTATIVES
one hundred ninth congress
first session
-------
September 14, 2005
-------
Printed for the use of the Committee on Veterans' Affairs
Serial No. 109-22
U.S. GOVERNMENT PRINTING OFFICE
23-846 WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512091800
Fax: (202) 512 092250 Mail: Stop SSOP, Washington, DC 20402090001
VA IT Infrastructure reorganization and the role of the cio
Wednesday, September 14, 2005
U.S. House of Representatives,
Committee on Veterans' Affairs,
Washington, D.C.
The Committee met, pursuant to notice, at 10:08 a.m., in Room 334, Cannon
House Office Building, Hon. Steve Buyer [Chairman of the Committee] presiding.
Present: Representatives Buyer, Bilirakis, Evans & Michaud.
The Chairman. The VA's Information Technology (IT) infrastructure
reorganization hearing before the House Veterans' Affairs Full Committee will
come to order September 14, 2005.
This hearing will provide the Committee with an update on the Department
of Veterans' Affairs information technology infrastructure reorganization to
learn more about the role of the chief information officer within that
department.
VA's IT modernization efforts go back at least 29 years to 1985, when it
was the policy of the Veterans Administration to ``better serve the veteran
through modern technology. Despite 20 years of ``modernizing,'' this
Committee has authorized, and Congress has appropriated roughly $10 billion
over the last decade alone for VA IT spending.
This is probably a very conservative figure, as historically the VA has
included funding for IT in general administration accounts of the Veterans
Health Administration, the VA's Benefits Administration, and the National
Cemetery Administration.
Since coming to Congress in 1993, I have witnessed this Committee
struggle
with VA's inability to adequately manage its IT funding and IT modernization
efforts.
The Subcommittee on Oversight and Investigations has conducted six
separate hearings on VA IT and related issues since 2000, when I chaired the
Subcommittee.
Ms. Koontz, I see you so often, I feel like you're part of my family.
While there have been significant improvements in VA's IT
modernization
efforts, the improvements have come at a significant cost to our veterans and
the system:
$600 million plus for a decade of VETSNET, the automated compensation
and pension claims processing system that still has not been implemented in 10
years;
$342 million for CoreFLS -- the failed financial management system;
$300 million for HR Links, the failed automated personnel system;
$485 million annually to maintain VISTA, VA's 25-year-old medical
information system.
In fiscal year 2004 and fiscal year 2005, VA received $1.4 and $1.6
billion respectively for IT funding. For the fiscal year 2006, VA's projected
spending for IT will be approximately $2.2 billion.
This lack of accountability in VA IT spending, I believe must stop,
and that's the reason why there was such a reduction in your budget requests
for IT. Not only did I recommend it, it was supported then by the Budget
Committee, by the Appropriations Committee, and also by the Senate.
So somewhere in here, we need to come to a meeting of the minds and to
figure out how we're going to do this.
Last year, VA was able to testify before the Committee, that they were
``well under way with an enterprise architecture that aims to align the
business
with the information technology plans, goals, and efforts.'' However, I am
concerned that the structure in place lacks the authority to provide a better
service to the veteran.
Today, we will hear testimony from Gartner Consulting, VA's own
private IT
consultant, on what the VA needs to do more effectively to reorganize itself,
and at what cost would be of letting the bureaucracy maintain the status quo.
That's why myself, along with Ranking Member Lane Evans and other
distinguished members of this Committee, we will soon be introducing
legislation
that will mandate the Department of Veterans' Affairs to empower the chief
information officer with authority over resources, budget, and personnel
related to the information technology of the Department.
I'm holding this hearing, Lane and I are, because our legislation is
in draft form, we've not shared it with anyone.
We've come into a comfort zone where we are with the legislation, but
we're going to ask a series of questions today, because we want to make sure
that what we're about to do, we do correctly, because we also then want it to
be leveraged into other departments of the federal government; so we want to
walk cautiously and carefully as we do this correctly.
So I am really pleased that the GAO is here to testify. We have you
as the first panel for a reason, because you're experts in your field. Also,
CRS, with all your vast knowledge and expertise. Ms. Koontz, the survey that
you have done and also with an outside consultant of all the Chief Information
Officers (CIOs) and how things are looking out there, you've spoken to so
many, and so they've shared with you their successes and they've shared with
you their challenges, and from that we want to create the model that can be
leveraged.
With that, I'll yield to the Ranking Member for any comments that he
may have.
Mr. Evans. Thank you. Thank you, Mr. Chairman.
I also want to praise the VA workers and the crisis response team for
safely and swiftly evacuating so many veterans, staff, and their families out
of the Gulf Coast.
I also commend VA workers for their current efforts to keep veterans
out of the path of Ophelia.
I'm proud of the VA staff.
I have introduced three bills to help veterans and their families get
their medical needs and their shelter after the storm. I hope we can mark up
these three bills sometime in the near future.
As for information technology management, I think we see this issue in
the same way. It is nice to be on the same sheet of music on this.
For years major IT projects at the VA have failed or suffered costly
delays. This Committee and its Subcommittees have held a significant number
of hearings on VA's mismanagement of IT. We've got to change that need.
Mr. Chairman, we both have consistently pushed for accountability and
change. We now have an environment where any successes in the IT area are
overshadowed by some well-publicized failure in IT someplace else.
Let us hear testimony about the current status of IT management and
then facilitate any needed change.
Thank you, Mr. Chairman.
[The statement of Hon. Lane Evans appears on p. 44]
The Chairman. Thank you, Mr. Evans.
I join you in your spirit and compliments to the VA in their rapid
response. America doesn't get to hear about it, but Lane and I and members of
this Committee are very proud of the VA employees and your direction, and how
you responded to the crisis on the Gulf Coast, continue to respond, and help
as part of our national response.
Here on Capitol Hill also there are different Committees that are
examining Katrina, and so Secretary Mansfield, if you know of things that you
need to do within your agencies, that you cannot do right presently within
your executive authorities, let us know.
I'm not interested in doing theater or do something, that ``do
something'' stuff that we get here in Washington, that really is duplicative
or multiplicious.
So if it's outside that, please be in touch with Mr. Evans and I.
Mr. Bilirakis.
Mr. Bilirakis. Mr. Chairman, thank you.
I really appreciate both you and Mr. Evans giving accolades where
they're deserved.
The VA, certainly on this particular issue,is far from perfect.
There's
an awful lot of work that needs to be done and there are a lot of frustrations
in the sense that we haven't been able to get IT to the point that it should
be after all these many years.
But at the same time, they're probably heads over heels above most of
the departments in the government in terms of IT, and they've proven that time
and time again. They certainly proved it in New York City in 9/11. They
proved it certainly in Katrina. And so they've done really good work.
And what we want to do is to help you to improve upon that, so the
potential legislative solutions that the Chairman mentioned are very
important.
So we want to be here to help you, but we're not going to be able to
help you to really get this thing going the way it should be unless you're
cooperative and unless you're being frankly very frank and blunt with us in
terms of what needs to be done, in addition to money. It's always money, of
course, and that's the unfortunate thing.
Thanks, Mr. Chairman.
The Chairman. Mr. Bilirakis, we appreciate your leadership in the
continued work on IT from your Subcommittee.
Mr. Michaud, opening statement?
Mr. Michaud. Thank you very much, Mr. Chairman.
I too want to thank you, Mr. Chairman, and Ranking Member Evans for
having this hearing today.
Since this is our first hearing after Katrina, I, too, want to take
this opportunity to praise the VA employees who kept our veterans, staff, and
others safe during the storm.
I understand the staff did an amazing job in evacuating the very sick
veterans after the storm and flooding. I applaud the VA front-line workers
for
reaching out to the veterans to make sure that the storm will not disrupt the
delivery of needed medication and benefits.
Those employees and the others who have not yet been found, our
thoughts and prayers are definitely with them, and I hope that they are safe.
I understand that the crisis response team is making sure that the VA
IT system is working and the benefit files and medical data is secure, so I
look forward to hearing your testimony here today.
So thank you very much, Mr. Chairman.
The Chairman. Thank you, Mr. Michaud.
The first panel, I will now recognize Mr. Jeff Seifert, who is the
Analyst in Information, Science, and Technology Policy Resources, Science, and
Industry Division of the Congressional Research Service.
Next we'll hear from Ms. Linda Koontz. She is the Director,
Information Management Issues, U.S. Government Accountability Office.
Then we'll hear from Mr. Michael Pedersen, Managing Vice President of
Gartner Consulting.
Do each of you have a written statement?
All three have nodded their heads in the affirmative.
Your complete written statements will be made part of the official
hearing record.
I will ask members to hold all their questions until the panel has
testified. We will move under the five-minute rule.
And Mr. Seifert, you are now recognized.
STATEMENT OF MR. JEFFREY W. SEIFERT, ANALYST IN INFORMATION SCIENCE AND
TECHNOLOGY POLICY, CONGRESSIONAL RESEARCH SERVICE
Mr. Seifert. Thank you, Mr. Chairman and members of the Committee for
the
invitation to appear before you today to offer testimony on the background and
role of chief information officers in the federal government.
While the specific topic of today's hearing is on the responsibilities
and authority entrusted to the Office of the Chief Information Officer at the
Department of Veterans' Affairs, my comments today will focus on the
performance and challenges of federal CIOs more generally.
As you are aware, the Congressional Research Service does not take a
position on issues or legislation.
The federal government spends more than $60 billion annually on
information technology goods and services, reflecting how technology has
become integrated into nearly all government processes.
Federal CIOs are on the front lines in implementing a wide range of e-
government and homeland security initiatives. These include initiatives to
develop a federal enterprise architecture, improve information security, and
identify opportunities to facilitate information sharing.
While CIOs were once commonly thought of as ``technocrats,'' they are
now being called upon not only for their technological expertise, but also to
provide strategic leadership in the areas of policy, budget, and contract
oversight.
Federal CIOs serve as change agents for business modernization and
transformation. They must possess strong management, leadership, and
communication skills. The CIO's relationship with top-level department
decisionmakers can also be critical to successfully implementing IT and e-
government initiatives.
Inherent to the nature of their responsibilities, CIOs need to look at
the departments horizontally, across a department, rather than vertically,
such as at a single program or function.
Likewise, there is a need to be able to exercise control over
resources
horizontally, in part to break down the so-called ``stovepipes'' and ``islands
of automation'' that are created when resources and programs are developed
individually.
However, this difference in perspectives can frequently put the CIO at
odds with his/her counterparts, such as program managers, whose
responsibilities may foster a more vertical view of the department and its
assets.
For example, whereas CIOs may recommend adopting a standardized
software
platform for desktop computers, in order to facilitate interoperability and
lower costs, program managers may oppose this approach on the basis that it
reduces their decisionmaking authority to procure and develop assets used in
the delivery of services.
This clash of perspectives exemplifies why the biggest challenges
facing federal CIOs are not technical, but instead, organizational.
Decentralized organizations can be especially challenging for CIOs,
whose
primary role includes coordinating resources and personnel in an effort to
effect transformation of the organization.
While having access to or direct participation in decisions regarding
funding issues and allocation of resources is important, simply having a seat
at the management table may not be sufficient if other parts of the department
can act autonomously in areas that either undermine or mitigate attempts by
the CIO to develop enterprise-wide standards.
Consolidating authority over IT resources and clarifying who is
accountable for specific functions is one approach that some departments have
begun using to address these challenges.
For example, earlier this year, the Federal Bureau of Investigation
announced it was implementing a new strategic approach to information
technology.
Specifically, the strategy includes centralizing management of FBI IT
resources under the FBI's Office of the Chief Information Officer; creating
several IT governance bonds; implementing an IT investment strategy and an
enterprise architecture; and granting the CIO ``budgetary authority over all
FBI IT funds.''
However, efforts to consolidate IT investment management decisions can
be
hindered at the outset by a lack of comprehensive accounting of a department's
IT resources and responsibilities.
For example, in a March 2005 report, the inspector general at the
Department of Transportation found that the consolidation of department-wide
IT responsibilities, begun in fiscal year 2003, was not accompanied by a
comparable level of budgetary and contract services oversight.
Among the problems specifically identified in consolidating CIO
control over systems originally maintained by the DOT's 11 individual
operating
administrations was an incommensurate transfer of project management and
budget authority, as well as duplicative funding requests made by the CIO's
office and the operating administrations.
In closing, information technology management has been a longstanding
challenge for the federal government. The general problems facing the
Department of Veterans' Affairs are not unlike those facing CIOs in other
executive branch departments and agencies.
However, the challenges of harmonizing the acquisition, development,
and maintenance of information resources across the department, including its
three major subcomponents -- the Veterans Benefits Administration, the
Veterans Health
Administration, and the National Cemetery Administration -- are considerable.
By enhancing the authority of the department CIO, the Department of
Veterans' Affairs may be able to better address some of its information
technology management challenges in the future.
Thank you for your attention.
I welcome any questions.
[The statement of Jeffrey W. Seifert appears on p. 46]
The Chairman. Thank you, Mr. Seifert.
Ms. Koontz.
STATEMENT OF MS. LINDA D. KOONTZ, DIRECTOR, INFORMATION MANAGEMENT ISSUES,
U.S. GOVERNMENT ACCOUNTABILITY OFFICE
Ms. Koontz. Mr. Chairman and members of the Committee, I am pleased to
be here at today's hearing on reorganization of VA's CIO office.
At your request, I will be discussing our previous work on the role of
the CIOs in the federal government generally, and at VA in particular, to
provide background and perspective for your consideration.
As you know, the CIO position was established by the Clinger-Cohen Act
in 1996. Through this law and others, the Congress has expressed the view
that the
federal CIOs should play a central role in managing information and technology
within federal agencies.
In this way, the CIO can help ensure that agencies manage their
information functions in a coordinated and integrated fashion and thus improve
the efficiency and effectiveness of government programs and operations.
CIOs have a wide range of responsibilities. For a review of federal
CIOs that we reported on in 2004, we identified 13 major areas of CIO
responsibility
that were either statutory requirements or critical to effective information
and technology management.
Our review showed that CIOs were generally responsible for these key
areas, although not all CIOs were completely responsible for all areas.
To give a few examples, all the CIOs were responsible for enterprise
architecture and information security, and more than half were responsible for
systems acquisition and major e-government initiatives.
In certain areas such as system acquisition and statistical policy, it
was common for CIOs to share responsibilities with others.
We have also developed guidance on the effective use of CIOs in which
we describe characteristics of organizations that contribute to CIO success.
First, successful CIOs work with supportive senior executives who
embrace
the central role of technology in accomplishing mission objectives and include
the CIO as a full participant in senior executive decisionmaking.
Second, successful CIOs have legitimate and influential roles in
leading
top managers to apply IT to business problems and needs. Placement of the
position at an executive management level in the organization is important,
but in addition, CIOs earn credibility and produce results by establishing
effective working relationships with business unit heads.
Third, successful CIOs structure their organizations in ways that
reflect
a clear understanding of business and mission needs. Along with knowledge of
business processes, market trends, internal legacy structures, and available
IT skills, this understanding is necessary that the CIO's office is aligned to
best serve agency needs.
To achieve this kind of success, CIOs face a number of challenges.
In our 2004 review, CIOs most frequently cited two in particular:
First, implementing effective IT management practices.
A little over 80 percent of the CIOs reported that they face one or
more challenges related to this area. This is not surprising, given the
government's recognized difficulties in IT management.
We have issued numerous reports describing challenges in the specific
management areas that the CIOs cited most frequently: information security,
enterprise architecture, investment management, and e-government.
Second, obtaining sufficient and relevant resources.
Virtually all agency CIOs cited resources both in dollars and staff as
major challenges.
Two other commonly cited challenges were communication and
collaboration, both internal and external, and managing change.
CIOs cited the challenge of establishing effective communications with
the business part of their organizations as well as sharing information with
partners and influencing OMB and the Congress.
And of course implementing major IT changes can involve not only
technical risks but also risks associated with people and organizational
culture.
At VA, the CIO position and IT management have received increasing
attention in recent years.
The department went for two-and-a-half years after the passage of the
Clinger-Cohen Act without a CIO.
For two years after that, the CIO role was held by an executive who
also had other major responsibilities.
The department then had an acting CIO for a year, and in August 2001,
it appointed a full-time permanent CIO.
Since then, the department proposed further strengthening the CIO
position
and centralizing IT management, recognizing that aspects of the VA computing
environment were particularly challenging and required substantial management
attention.
In particular, the department information systems and services were
highly
decentralized and a huge proportion of the department IT budget was controlled
by the VA's administrations and staff office.
To address these challenges, the Secretary issued a memo in 2002
announcing that IT functions, programs, and funding would be centralized under
the department-level CIO.
In our view, this alignment held promise for improving IT
accountability
and enabling the department to accomplish its mission. The additional
oversight
afforded by the CIO could have a significant impact on the department's
ability
to more effectively account for and manage the approximately $2.1 billion in
planned IT spending.
Mr. Chairman, that completes my statement, and I would be happy to
answer questions at the appropriate time.
[The statement of Linda Koontz appears on p. 54]
The Chairman. Thank you, Ms. Koontz.
Mr. Pedersen.
STATEMENT OF MR. MICHAEL L. PEDERSEN, MANAGING
VICE PRESIDENT, GARTNER CONSULTING
Mr. Pedersen. Thank you, Mr. Chairman, and members of the Committee.
I appreciate the opportunity to participate in today's hearing
regarding the Department of Veterans' Affairs IT reorganization.
My name is Michael Pedersen. I'm the managing vice president within
the
consulting division at Gartner, a provider of research and analysis on the
global IT industry.
Unlike our competitors, we do not offer implementation services that
would compromise our independence and objectivity.
It is this objectivity that was the basis for us being selected to
assess
whether the VA's IT personnel assets are appropriately aligned to efficiently
deliver world-class IT program management, operational support, and systems
design and development services.
I was the lead consultant and subject matter expert on this assessment
and directed activities.
When looking at the VA today, we documented several issues that must
be
addressed for the VA to achieve its objective of efficiently delivering world-
class IT services in a veteran-centric model.
Our principal finding is there is excessive duplication of IT assets
-- defined as people, process, and technologies -- across the VA It
organizations.
This approach leads to inefficiencies in IT delivery and creates significant
barriers to improve performance at a VA-wide level.
Each IT group, and there are many, has its own unique, at times
competing, at times complementary approach to delivering IT services.
Different approaches to work means working together on common
objectives that much more difficult. It also costs more to operate such a
fragmented IT organization and has the potential to leave unmanaged risk
within its major programs.
There are few incentives or mechanisms in place for these multiple IT
groups to work together.
In fact, the culture fosters a go-it-alone approach which forces the
IT staff to engage their informal personal network when required to work
across organizational boundaries.
To resolve these issues, we recommended changes at the VA. We
recommended significant change in the underlying processes that make
organizations work, as noted in my written testimony.
As organizational structure is the most visible aspect of
organizations, it is worthy of additional discussion.
Several organizational structures were analyzed to resolve the issues
uncovered within the VA. Two organizational structures had the greatest
potential for application at the VA.
The first is an organizational structure where technology operations,
such as data centers and networks, are controlled by a single group with all
business applications developed and supported by each business line, whether
medical care, pension, housing, or finance. We call this the federated model.
The second is an organizational structure where all VA IT is organized
into a single entity reporting to a chief information officer. We call this
the centralized model.
Each has its own risks and benefits.
The primary benefit of the federated model is it allows business
leaders
to develop the applications unique to their missions while achieving economies
of scale by managing the VA infrastructure through the centralized function.
While we did not undertake a cost analysis, our organization does
extensive IT cost modeling regarding savings potential.
We estimate implementing the federated model will reduce the annual
run
rate by approximately $207 million within five years. However, this comes with
risk to the VA.
The VA will struggle to obtain in a timely manner its One VA mission
objectives, because of its culture, unaligned investment priorities between
and within administrations, and differences in technology and process, which
hinders efforts to create veteran-centric systems.
In contrast to this approach, the centralized organizational model
provides the greatest opportunity to successfully execute One VA mission
objectives in a timely manner.
Like the federated model, it achieves economies of scale, but will
also
allow for rapidly maturing the IT investment management process to better
deliver its major IT programs.
We estimate potential savings from the centralized option to be
approximately $345 million in annual run rate reduction within five years.
The potential risk from implementing the centralized option is
significant. It is the big bang.
But both the centralized and federated potions are viable
organizational structures to achieve One VA mission objectives.
However, it is our recommendation that the VA pursue the
centralization
option and aggressively manage the risk to maximize cost saving opportunity
and reduce program risk.
Let me clearly state the organizational change is hard work. If not
done properly, it places the entire organization at risk.
Many examples exist where change efforts were not conducted properly.
Whether a computerized position order entry system at Cedars Sinai or
a financial management system at the VA itself, organizational change requires
extensive planning, executive commitment, and a relentless focus on the
details.
The whole organization must see the need for change, understand how
change will occur, and participate in the change efforts.
If it embarks on any change effort, the VA must have:
One, its entire leadership team dedicated to the effort, visible in
its executive, and held accountable for its results;
Two, fast-track budgeting and personnel change authority for its
leaders to act quickly; and
Three, use outside experts to guide, track, and report on its
performance against plan.
While it has risk, the payoff can be substantial improvement in IT
performance at the VA.
Mr. Chairman, this concludes my statement.
Thank you again for the opportunity to discuss an important matter
for our veterans.
I'll answer any questions at the appropriate time.
[The statement of Michael L. Pedersen appears on p. 77]
The Chairman. Thank you very much, the three of you, for your
testimony, your work, and that of your staffs, so please extend that to them.
Let me ask, Mr. Pedersen, the credibility that you bring to this,
being one of the top companies in the world in what you do, are you aware of
any organization in the private sector that's like how the VA is presently
operating its IT? Is there anyone out there?
Mr. Pedersen. There is no one out there, sir.
The profit motive of the commercial sector drives a natural cost
reduction
orientation and an investment oversight mentality, so I know of no other
organizations like that.
The Chairman. So as Congress has been asking the VA to act more like a
business, this effort to bring -- streamline or bring a centralization to the
CIO would place us in greater stead with modern business practices?
Mr. Pedersen. Yes, sir.
If I could add, there are -- the organization as a whole, the agencies
are
well operating. I want to make that clear. And there is a tremendous desire
for the staff to serve the veteran.
And is it our belief that there are efforts underway that have had
small pockets of success.
The Austin Automation Center was a good example that we found, where
they
had defined how they work in a very detailed way. They talked about the costs
of their services back through the franchise fund.
And we found that a very effective model. We applaud their efforts.
It's
the cost that they would -- the recovery or the price, if you will, that they
charged the administration are comparable to the outside services.
So there are efforts underway throughout the organization to drive
towards
that more business, more commercial-oriented practice. It's just not on it as
an organization as a whole.
The Chairman. All right.
Ms. Koontz, in your written statement, you indicated that the Clinger-
Cohen Act of 1996 mandated federal departments to establish the position of
CIO.
However, the VA did not appoint a permanent CIO position until August of 2001.
What other federal departments, if any, requested and received OMB
waivers for appointing a permanent CIO?
Ms. Koontz. I know of no department that has a waiver for establishing a CIO.
I don't know of any mechanism, either, that would allow an agency to
go without a CIO.
The law requires that they have a CIO, and that the CIO report to the
agency head.
The Chairman. Also, in your written statement, you indicated that GAO
conducted reviews of the relationships of CIOs and agency heads in 23
different agencies.
You further indicated the vast majority of these CIOs reported
directly to the agency head.
Of the five largest federal agencies in terms of budget outlays, what
is the reporting relationship for the CIO?
Ms. Koontz. Of the five largest agencies that we looked at, based on
discretionary spending -- and that would be Defense, Health and Human
Services,
Education, State, and VA -- four of the five, including VA, at the time we did
our review in early 2004, the CIO reported directly to the agency head. Only
HHS did not at that time.
The Chairman. Also, in your written statement you indicated that
virtually
all agency CIOs cite resources, both in dollars and in staff, as a major
challenge in effective IT management.
What specific challenges do you believe the VA's CIO must overcome in
order for this position to effectively manage VA IT?
Ms. Koontz. I think that the primary thing that the CIO needs --
there's
two things that I think that are most important for the CIO to have in order
to be successful.
And the first of that is, obviously, that the CIO has to have the
support
of the Secretary. Without management support, the CIO cannot be effective.
Secondly, I think that it's critical that the CIO have -- be a
participant
in an investment management process that's established and mature at the
agency,
that allows the senior management to come together and make decisions on
proposed investments and then oversee those investments over time.
And as part of that process, it's absolutely critical that the CIO be
able
to veto any proposed investment that is not consistent, for example, with
enterprise architecture, that's not consistent with standards, including network standards, or with other security requirements.
The Chairman. Mr. Seifert and Mr. Pedersen, do you have an opinion
based
on Ms. Koontz' statement that she just made?
Do you concur or non-concur?
Mr. Pedersen. I'd agree that investment management and that control is
critical for future investment planning and success.
Mr. Seifert. Well, as you know, CRS does not take a position on it or
express an opinion.
The Chairman. Do you have a personal opinion of what you just heard
Ms. Koontz say?
Mr. Seifert. Well, I'm not allowed to express a personal opinion, but
I would say that --
The Chairman. Hypothetical?
Mr. Seifert. -- evidence suggests that this is very important to the
successful functioning of the department.
The Chairman. That counts. That counts.
Mr. Evans and I and others on this Committee believe in line and
budget authority for the CIO position.
So I'm going to go right to the heart of the question.
If we're to deliver line and budget authority to the CIO, give us your
positives and negatives that you would foresee in that action being taken.
And then I'll yield to Mr. Evans.
All three of you can respond.
Mr. Seifert. Well, some potential positives are that the CIO would
gain
control over all the IT resources within the department and be able to
coordinate this in a better fashion, perhaps being able to execute an
enterprise architecture plan.
A potential drawback is that, a department of the VA's size is fairly
complex and it would be hard to imagine any one person being able to honestly
understand every nuance that's required for every department or every
function.
So it is possible that he or she may not be able to capture every
little piece of that and may inadvertently overlook something.
The Chairman. Ms. Koontz.
Ms. Koontz. Similarly, I think that if you centralize the funding
under
the CIO, certainly the CIO gains control over the expenditure of those funds,
and in that way can ensure that investments that are made are consistent with
the enterprise architecture and standards and security requirements, et
cetera, and that's an important thing.
My concern, in addition to the scope issue that I think that Mr.
Seifert
just mentioned, is that it removes the funds from the business areas, and its'
very important, if not critical, that information systems arise from
identified business needs, and that's critical to any successful systems
development effort.
So removing that money from the business does run its own set of
risks.
It also puts the business in a position where they have -- they don't have the
investment in the systems development effort anymore, because it's not their
money.
Mr. Pedersen. I'd agree with that.
The idea of bringing accountability is critical. What you want to
guard against -- and you'll have that if you bring that to the single point in
the CIO.
What you need to guard against is that budget flows for other purposes
manifest themselves back into IT. You need to guard against that. And you
need those executives, those business leaders, back at the table to guide
investment decisions.
It should not be the CIO deciding where investments go. All right.
They should manage it, get the business to decide where the money should go,
what the
requirements are, and acceptance of those systems they build. That's where
accountability lies on the business.
On the CIO side, it's build towards that spec, and that's where that
-- the investment management process can be very effective.
The Chairman. Mr. Pedersen, that's where we'd like to go.
Mr. Evans, you are recognized.
Mr. Evans. Mr. Pedersen, could you describe the safeguards necessary
to prevent a so-called federated adoption from just becoming what you
described as the status quo option, if there were a bureaucratic show of
resistance? Can you tell us what those safeguards would have to be?
Mr. Pedersen. There would be several that I could identify.
Clearly the idea of where money, people, and assets find themselves is
going to be one element.
Policy alone won't protect that, because the complexity of the
organization is so broad, the way money flows through the organization is so
complex, IT spend is very difficult right now to control.
So for the federated model to be successful, there must be all three
of those aspects, so the technology, the people, and the budget authority for
those assets must move, and that will prevent itself from at least the broad,
the very significant change back to the status quo.
But also, though, just good change management requires all members of
the organization to be bought into it and lead that effort.
This is not a strike-of-a-pen activity. This is -- we've laid out
that this is a long-term plan, it's hard work, it's hard work for the
executive team.
This is not something that's delegated. The executive team must be critically
involved with this and be held accountable for what progress is being made.
Sir, does that help?
Mr. Evans. Yes, sir.
Thank you, Mr. Chairman.
The Chairman. Mr. Bilirakis.
Mr. Bilirakis. Thank you, Mr. Chairman.
Mr. Chairman, I recently returned from a two-day visit to Estonia.
Now, here is a country which just a few years ago was behind the Iron
Curtain. Their IT is unbelievable.
Everybody in the country, I think, or virtually everybody in the
country -
- certainly there must be some exceptions, although I understand there
probably
aren't -- pay all their bills electronically. Everything is done
electronically there.
Their cabinets, if I can call them that -- they took us into a room
where
the cabinet sits, and they all have a computer right at their particular
location. Everything is done electronically.
A smaller country, to be sure, but in no time at all, they're well
past us when it comes to something like this.
You know, it seems to me what Ms. Koontz said in her testimony here,
that
certainly the VA did not take Clinger-Cohen seriously when they handled the
CIO
position the way they did, given the time that VA took to even put the
position
into place, and then it was a part-time job, and functions were divided. Then
VA went one year with an acting CIO, and finally in August of 2001, VA
appointed a full-time permanent CIO.
So we pass these laws up here, and maybe it's our fault that we don't
follow through adequately and have the proper oversight.
In my time remaining, Ms. Koontz, you mentioned the challenges and you
mentioned the lack, the implementing and practices -- I'm just paraphrasing.
You mentioned obtaining relevant resources. I guess there's always that. And
then the word ``collaboration,'' et cetera, everything related to
collaboration.
Why are these still challenges after so many years? When you research
something like this, the GAO does such a great job, you must have details,
specific instances which lead you to these conclusions.
Can you sort of expand upon that, go into these three challenges,
particular the top two that you've mentioned, the implementing and the
relevant resources, and sort of go into some details for us?
You know, we want to be able to picture this, I guess, is what I'm
saying.
Ms. Koontz. I understand.
I will confess, we have lots of details, because we're GAO, but I'm
not sure that I have all of them at my fingertips.
Mr. Bilirakis. Well, I don't want all of them.
Ms. Koontz. But I will -- I will provide what I can.
We have done an awful lot of work over the years about IT management
practices, and in fact, that's one of the main -- you know, our main lines of
work, and that's to look at things like, IT management practices, I mean
having enterprise architectures in place, I mean having a robust investment
management
process in place that will again, like I said before, bring together the right
people to make decisions about IT investments, and to not only make the right
decisions but then continue to follow them over time.
And also, we've done a huge body of work on security. As you know
from
the annual reporting of agencies, there are many, many, continue to be many,
many difficulties in these areas.
Many of our reports over the years point to the need to strengthen all
these management areas and we, you know, continue to work on that.
VA specifically I think, one of the things that has been a threat in
the
work that we have done, and I think you would find it's at those other
agencies
as well, it is not really the technology that is the big, insurmountable
problem, it's putting the right management practices in place to make things
successful.
Mr. Bilirakis. It's not the resources, the mechanical resources, if
you will, it's the --
Ms. Koontz. Exactly. It's a matter of having the right institutional
processes in place. It's a matter of having accountability. It's a matter of
following disciplined processes in terms of building your systems.
And that does sound very simple, but yes, those are challenges. They
have
been challenges for a long time. This is very difficult. Much of what
they're
doing -- much of what's being done at the VA is very difficult. I think we
can't --
Mr. Bilirakis. So it's people.
Ms. Koontz. -- we can't ignore that.
Mr. Bilirakis. It comes down to people and personalities, and yeah,
the
thing -- the big problem in government, maybe in life in general, I guess, is
what turf, jurisdiction, power, that sort of thing.
Is that what we're really talking about?
Ms. Koontz. I think that may be an issue. I can't say as I've studied
it for sure, but the reason that we support the idea of having these
institutional
processes in place is that if you have these strong institutional processes,
they sort of transcend all those kinds of issues.
They transcend changes in personnel which happen all the time. They
transcend personalities. They transcend turf. And that's why we continue to
try to underscore the importance of having them.
Mr. Bilirakis. Well, and it's critical, obviously, that we not do
anything
here in this legislation that's being talked about, and really heavily thought
out, to hurt things.
Ms. Koontz. Mm-hmm.
Mr. Bilirakis. We don't want to make things worse.
And I'm not really sure, and I haven't even talked to the staff about
it, what kind of cooperation they're getting from the VA, how much they've
even gone to the VA for their inputs on it, and that sort of thing, and that's
something, of course, that we should be concerned with here.
It's frustrating. We had a round robin in this room here a while back
where we're trying to get the VA to cooperate with the DoD in terms of
exchange of medical information, interoperability. And it's just frustrating.
The VA has gone, I think, a lot further, obviously, and they have
already
been commended by us, and well they should be, but if we can't get it done in
the VA, which is just one department, I don't know where we're going to be
thinking about transferring it over and working with DoD, which is so very,
very
-- well, particularly in a war such as we're going through right now, where
these people, you know, will -- you know, the transition, if you will, from
DoD
into the VA and the transfer of records that should take place adequately, and
things of that nature.
It's frustrating. The bill was passed back in 1997, I believe,
something like that, and here we are in 2005 and we're still not there.
I don't know. I know we change. You know, there's changes up here
all
the time, and so you have a lack of stability maybe, and then obviously in the
departments and in the agencies they have big changes and whatnot, so you have
a lack of stability, so it's a little more difficult, Mr. Pedersen, than it
would be, I guess, in the private sector, mainly for those reasons.
But when it comes to the things like turf and whatnot, which stick
their ugly, ugly head in the way, that upsets the hell out of me.
Thanks, Mr. Chairman.
The Chairman. Thank you.
Mr. Michaud.
Mr. Michaud. Thank you very much, Mr. Chairman.
Many of the problems, when you look at the IT system at VHA, can be
linked, I think, to the failure to involve front-line workers.
In some cases, I've been told about, for example, the CoreFLS system
failed to adequately understand the needs to supply staff and others in
ordering
basic hospital resources, and as a result, you know, surgeries had to be
postponed due to lack of surgical kits; and there are other situations, such
as this.
My question is, under the different IT reorganization options, how can
the
VA best ensure that the end user, the front-line nurse, doctor, medical
technician, and others, will have a meaningful involvement in identifying and
selecting the IT system that will help them deliver the high quality care that
they have to deliver.
It's one thing to sit in an office and see what might be good for a
system, but it's another thing to actually be out there having to use that
system and knowing what they need.
So what involvement is being done to ensure that end users have a say
in this?
Mr. Pedersen. Clearly, sir, defining the requirement, defining that
need is the critical element for that whole investment process.
This is not a central -- you know, there's no effort or desire to say,
``We will build it and they will come.'' It is clearly the role for the
practitioners themselves, the consumer of those services to define what they
need with the sufficient clarity that people can build it, but also be have to
accept what comes back, and if it's not accepted, they have to say why it's
not
accepted, and that's how the business and the technology work well together to
define that.
Where those problems emerge, they typically hadn't defined
requirements
sufficiently in detail. They hadn't set up the change process of when it is a
change, how will the new organization absorb that new system. The work, will
they be doing things differently? How differently? And has the business
leader helped lead that effort? If it comes from the technology group, these
typically fail.
Mr. Michaud. In what process do you envision that happening? Clearly,
you know, you might go to one area and just ask one or two, or it might be
different in different regions, you know, around the country.
I mean, how are you going to ensure that the end users will have, you
know, adequate input into the process?
Mr. Pedersen. As large organizations have defined it -- I go back to
earlier when I said a principal challenge for the organization is defining how
they work. They haven't sat down to say how those interactions should occur
so that you can capture and manage that risk.
If there are differences for the health care system within each VISN,
or within each hospital, we need to define that, or we need to understand it.
That
would be a cost to the system implementation and how the system will be built.
But if that isn't well established up front, how it gets delivered in
the back, that will create a huge problem.
Mr. Michaud. Thank you.
Thank you, Mr. Chairman.
The Chairman. Mr. Pedersen, who are some of Gartner Consulting's
private clients, if you're willing to tell me?
Mr. Pedersen. We predominantly -- we have seven to ten thousand
clients
worldwide. Predominantly, it is the largest commercial organizations in the
world, so names -- household names.
Bank of America, Abbott Laboratories, Office Depot, these are our
clients, in addition to most states and large federal governments.
The Chairman. So is it fair to say that you are the leader of your
field?
Mr. Pedersen. We are the leading provider of research services, yes,
sir.
The Chairman. Mr. Seifert, in your testimony when you mentioned
Clinger-Cohen, and although the act is specifically -- strike the word
``specifically''
-- does not explicitly identify federal CIOs as having any form of budgetary
control or authority over IT resources, do you know if any federal CIOs that
have explicit control over that budget authority?
Mr. Seifert. As I mentioned in the testimony, the FBI recently granted
that authority, and also in the budget proposal for fiscal year 2006, it was
proposed, although I don't believe it has been formally approved, that the
Department of Justice CIO have budgetary authority over IT related just to
information sharing, as compared to the whole department.
Otherwise, I would have to look at the different departments o see,
but so far, most do not appear to.
The Chairman. Are you familiar with HHS and in particular NIH?
Mr. Seifert. To some degree, yes.
The Chairman. They're making strides, are they not, in the same
fashion
where we're going, they just haven't gotten there yet? Is that fair?
Mr. Seifert. That would be a fair assessment.
The Chairman. Ms. Koontz, I couldn't help but think that I could get
this wrong, but it's probably pretty close.
I almost feel like I'm having a flashback here.
Five years ago, we sat just like this and at the time I believe it was
Secretary Goss who had just testified. He testified after you, but I remember
-- it was before you -- and I was asking him, ``What kind of authority and
powers do you need, you know, now that you've finally got this?''
And he said, ``You know, I really don't -- I don't need any, because
the Secretary is going to give me what I need to get this done'' -- five years
ago.
And then when I look at these systems that we have here, this
Committee,
has funded, that have failed, and that were even outside of his ability to
control, it pains me. It -- I just want to say personally -- it pains me.
Because five years ago is where I came up with this, to give this line
of budget authority, and I've been really patient, and you've been, too.
But we are -- I think the Committee is finally about there, we really
are, to actually do this. But I want to make sure we do it smartly and
correctly.
So I hate to be redundant, but I have to come back to this.
If we're to give the CIO budget and line authority and say, then, to
the CIO that these are your CIOs that serve for the three under secretaries
-- they don't work for the under secretary. They work for the CIO.
And then those regional CIOs report to each CIO, right? So we've got
them in a control function?
At the same time, we want business practices to continue, okay?
So whatever system is being created, whether it's -- you know, we have
in the works this competition going on with regard to our claims recovery. So
we're going to find out which two pilots we'll do for a national rollout. But
those are business practices.
But help me here, give me your counsel, give the Committee counsel on
how we deliver line and budget authority to the CIO and how then we're going
to have proper interface with the business office.
Tell me what your thoughts are.
Ms. Koontz. I think that's precisely the question.
And one thing that I would like to emphasize developing about
investing in and developing systems, the importance of collaboration between
the CIO and the business units.
It's not necessarily that it's one or the other. It's really that it
has to be a collaborative type of relationship.
The business is -- the business units are definitely the ones who have
to identify the needs. They know what they want. And then the CIO has to be
involved to make sure that this fits with the rest of the enterprise, make
sure
that -- advises them on different technological solutions, and sort of guides
the implementation from an IT perspective.
I think that what is more important than who precisely controls the
funds is that you have that investment process, that you have a strong
institutionalized investment process that brings together the right people to
the table to make these decisions, and of course that has to be supported by
the
head of the agency. The head of the agency has to be committed to making this
process work.
The Chairman. All right.
Mr. Pedersen, in your counsel, now to me, take the private sector, how
they control the enterprise architecture, interfaced with business, and your
counsel is to say, this is how we can do it in the VA.
Mr. Pedersen. I agree heartily with the comments you just heard.
The idea of transparency of the budget, of the money, of how it's
being
spent, where it's being spent is critical for this. That's the first item
that would come to mind.
The second is again, it is not -- well, the chain of command needs to
clearly understand the change. They have to be very active in this. This is
a very large, complex organization. I don't need to tell you all that.
But how IT currently is structured is very complex today. There isn't
a well-defined chain of command. It reports to different people.
So bringing that together is itself an effort, so that all of those
individuals need to be involved and have that ability to change.
So that quick change needs to be managed. That is a risk you'll have
to manage as you go to that new operating model.
The Chairman. All right.
Mr. Michaud, do you have anything?
Mr. Michaud. No, sir.
The Chairman. All right.
I'd like to thank all of you for your written testimony, and we may
have follow-on, not today, but as we proceed, and if we can call on you, I'd
appreciate that.
As I said earlier, we're trying to build a model that we want to
leverage into the rest of the departments in the federal government, and more
importantly, how do we do it first in the VA, and then others can examine what
we do right and what we do wrong.
And I appreciate your counsel.
Thank you.
The first panel is now dismissed.
The second panel I would like to introduce is The Honorable Gordon H.
Mansfield, Deputy Secretary of the Department of Veterans Affairs.
He is accompanied by the Honorable Daniel Cooper, the Under Secretary
for
Benefits, Veterans Benefits Administration; the Honorable Jonathan B. Perlin,
Under Secretary for Health, Veterans Health Administration; and Richard A.
Wannemacher, Jr., Acting Secretary for Memorial Affairs, National Cemetery
Administration.
Also at the table is the Honorable Robert N. McFarland, the Assistant
Secretary for Information Technology and Chief Information Officer, Department
of Veterans Affairs.
We also have Pedro Cadenas, the Associate Deputy Assistant Secretary
for Cyber and Information Security, Department of Veterans Affairs.
I have a name that a lot of people butcher, and I think I just
butchered somebody else's name.
Mr. Cadenas. Yes, sir. Cadenas.
The Chairman. Cadenas? I apologize. You can call me Buyer.
Mr. Secretary, your complete written statement will be made part of
the official record, and you are now recognized for an opening statement.
STATEMENT OF HON. GORDON H. MANSFIELD, DEPUTY SECRETARY, DEPARTMENT OF
VETERANS AFFAIRS ACCOMPANIED BY HON. DANIEL L. COOPER, UNDER SECRETARY FOR
BENEFITS, VETERANS BENEFITS ADMINISTRATION; HON. JONATHAN B. PERLIN, UNDER
SECRETARY FOR HEALTH, VETERANS HEALTH ADMINISTRATION; HON. RICHARD A.
ANNEMACHER, JR., ACTING UNDER SECRETARY FOR MEMORIAL AFFAIRS, NATIONAL
CEMETERY ADMINISTRATION; HON. ROBERT N. MCFARLAND, ASSISTANT SECRETARY FOR
INFORMATION TECHNOLOGY AND CHIEF INFORMATION OFFICER, DEPARTMENT OF VETERANS
AFFAIRS; AND HON. PEDROCADENAS, ASSOCIATE DEPUTY ASSISTANT SECRETARY
FOR CYBER AND INFORMATION SECURITY, DEPARTMENT OF VETERANS AFFAIRS
Mr. Mansfield. Mr. Chairman and members of the Committee, I'm pleased
to
be here this morning to discuss the Department of Veterans' Affairs' ongoing
activities in the reorganization of our information technology programs.
I would request also, sir, that the articles noted in the full
statement also be included in the record.
Mr. Chairman, I wish to acknowledge your continued interest in this
area and thank you for your efforts --
The Chairman. Hold just a second.
Which articles are you referring to? Which articles are you referring
to that you're asking be incorporated in the record?
Mr. Mansfield. The ones that are mentioned in my full statement, sir,
that are summarized, I would ask that the full articles be included.
These are the ones that deal with our medical records, and they've
been presented to the recorder, sir.
The Chairman. All right. Hold on just a second right here.
Mr. Mansfield. If that creates a problem, we will withdraw the
request, sir.
The Chairman. Well, let me just share this with you, Mr. Secretary.
What I'm going to try to get a control on here is the incorporation of
so many outside journals and articles.
I just learned that one of our members on this Committee asked that
the Independent Budget be made part of an official record, and we exploded the
cost of the production of a record because of how large it is, and it really
wasn't something that really was necessary.
So let me just --
Mr. Mansfield. Sir, as a compromise, I would propose that I would
withdraw
that request and that, with your permission, copies of those articles will be
sent to the members of the Committee.
The Chairman. That sounds like a wonderful -- thank you -- request.
You may proceed.
Mr. Mansfield. Yes, sir, and my apologies for the problem.
As I've said, sir, I wish to acknowledge your continued interest in
this
area and thank you for your efforts to aid our evolution in this important
arena.
In fact, I would say that this truly has been a bipartisan effort by
this
Committee, and an effort to move us forward in the area of IT technology for
the VA.
The size and scope of VA's mission demands a judicious use of all
means at
our disposal. Information technology has proven to be a valuable tool in a
number of important aspects of our business and it holds great promise for
increasing our capacity to perform for America's veterans.
I want to emphasize that IT is a tool to be utilized as an important
aid
to allow us to carry out the department's reason for existence, to deliver
services and benefits to our nation's veterans.
Today, we are nearing the end of a fiscal year in which we will
provide
health care to 5.2 million veterans out of 7.1 million who are enrolled in our
system.
We will provide monthly compensation and pension benefits to over 3.5
million veterans and beneficiaries.
Also, we will work with over 500,000 veterans or family members to
provide
education benefits and 95,000 service disabled veterans through our voc rehab
programs.
We are also approaching 100,000 burials in our National Cemetery
Administration facilities.
These large numbers are made up of individuals who have earned the
benefits we are charged with delivering.
One of the first considerations I believe we have to these millions of
veterans is to do no harm.
By that, I mean we must recognize that our current IT system is
working and we are performing and providing those benefits.
One of the reasons we are performing is because over the past decades
plus
we have decentralized our system, as I explained in my submitted testimony.
One result of that decision was that we did gain an effectiveness.
However, I recognize that that effectiveness has come with a loss of many
efficiencies, and I agree that they must be regained.
As a part of the need to regain some efficiency, the VA must also
recognize that we have reached the point in time where we must move, we must
move towards standardization in these activities.
Dr. John Gauss, the first IT Assistant Secretary and CIO, started to
move towards reorganization.
His efforts resulted in some progress towards a One-VA enterprise
architecture, effective project review and approval process, modernization of
the telecommunications infrastructure, implementation of an effective cyber-
security program for the VA, and a move towards consolidating control over IT
budgets, expenditures, and personnel.
When Mr. McFarland came to the VA in 2004, he recommended, and I
approved,
that we needed an outside consultant to review the VA IT organization and
activities with a goal of giving us an ``as is,'' that is an existing view of
the organization, and some proposals on recommendations for change.
That activity was performed by Gartner Consulting, whose testimony has
been presented by Mr. Michael Pedersen, the managing vice president.
This assessment was to help us enhance the effectiveness of VA's IT by
first baselining how it operates today, then developing organizational models
that increase VA's IT value in terms of greater efficiencies, economies of
scale, and added business value, and finally, charting the path VA IT can
follow to deploy its new organizational model to truly deliver value.
This assessment, as you noted, was completed in May of 2005. We are
currently assessing alternative management structures and a recent
organizational assessment has provided important input.
We understand that any changes must serve to increase our performance
on behalf of veterans, in a way ensuring no interruption of services to them.
We are committed to organizing and managing our IT resources wisely
and prudently, and look forward to this Committee's continued support.
Basically, Secretary Nicholson, after the briefing from Mr. Pedersen,
asked me to review recommendations with the CIO and the under secretaries of
the administrations, and come up with a recommended model for him to make the
final decision.
I believe that the federated model is the best answer for VA at this
point, in that it will produce the quickest return on investment.
VA's size and the scale of its mission make it unique. While
centralization of IT application and system development should be the long-term
goal, it is not a prudent near-term solution based on the current culture and
the ability to manage significant change.
The federated approach includes high-level management, budget control,
and
comprehensive oversight of application and systems development within the
CIOs's
office. This will significantly strengthen the VA's ability to deliver high-
risk, high-value application development projects.
This is the first step, and will start breaking down the stovepipes,
moving us closer towards One-VA.
And finally, I have directed each administration to realign and
reorganize
the methods by which they do application and systems development and reorient
those activities based on industry standard best practices.
This will ensure proper planning, design, integration and
standardization
requirements are followed throughout the department as we build our next
generation systems and applications as One-VA systems to better serve our
veterans.
I might note in closing that the CIO will have management oversight
and budget decision authority.
Two issues I would like to address include, number one, resources.
That issue has been brought up.
But I would say that this Congress and the administration have been
generous with the VA for funding IT projects, and I believe that it's not an
issue of dollar resources as much as it is qualified personnel that we need to
be able to get into this organization and help us design, manage, and run
these programs.
We also recognize that right now we cannot do it from inside, and as
we
move forward towards a change, we're going to need outside help, and we're
planning on that. And the last point I would make is one that's mentioned in
the Gartner report. And that is that we do have a highly motivated workforce
in
the administrations that want to deliver services to veterans and will get in
line with a proper plan that's properly explained and that they have a part in
designing and moving forward.
Thank you very much for this opportunity, Mr. Chairman, and I look
forward to answering your questions.
[The statement of Hon. Gordon H. Mansfield appears on p. 90]
The Chairman. Thank you, Mr. Secretary.
I can choose one word to describe the mission when I took over this
job as
Chairman of the Committee: accountability -- accountability, accountability,
accountability.
People will demand it on this Committee, will demand it equally of the
administration or any of the advocates on behalf of veterans.
Why did you hire Gartner Consulting?
Mr. Mansfield. At the point in time we made the decision to hire them,
we
decided that, with Mr. McFarland as a brand new assistant secretary for
information technology, and I as a brand new deputy secretary, looking at the
situation we had in hand and in discussions with the then Secretary,
acknowledged that we needed to look at this total IT structure, what it was
doing, what it was not doing, and make decisions to make changes in its
operations.
We wanted to bring in somebody from the outside that could take an
outside
view of it, and give us some information on where they saw the ``as is''
picture, and also make some recommendations where they thought we might want
to go.
And Mr. McFarland is the person that was put in charge of that, and
followed up on that mission.
The Chairman. And why that specific consulting firm?
Mr. Mansfield. I'll turn that over to Mr. McFarland, since he's the
expert in this area.
Mr. McFarland. Well, sir, Gartner and the firm which they acquired,
which was META, is known throughout the industry as having a unique set of
qualifications.
Primarily, I was interested in someone that didn't have a vested
interest in what we did and how we organized ourselves and what the outcome
was.
Gartner nor META had any businesses that are related to integration of
products or selection of products and tools, so I was interested in an
independent attitude.
I also wanted a fresh set of eyes. Everybody in the VA has an opinion
about IT. I wanted a fresh set of eyes, and that was the best fresh set of
eyes I could find at the time, and I --
The Chairman. What was the cost of the contract?
Mr. McFarland. The contract was, I believe, sir, somewhere between
$4.5 and $5 million, I believe, to the best of my recollection.
The Chairman. Secretary Mansfield, what makes an effective CIO?
Mr. Mansfield. Someone that, number one, is knowledgeable and
understands
information technology, understands what it can do as a tool, somebody who is
able to look to the future, and in this fast-changing arena, be able to
anticipate some of the changes or be able to move with the changes, and then
somebody who is dedicated to ensuring that these activities go forward in the
best way possible.
The Chairman. You would concur with this statement, that this is the
101, that IT is an enabler for you to accomplish your mission in an effective
manner, correct?
Mr. Mansfield. Yes.
The Chairman. In order to have a good enabler, you have to have one
architecture; would you concur with that?
Mr. Mansfield. Yes.
The Chairman. So it is extremely important, whether you choose a
centralized approach or a federated approach, that we maintain one
architecture, correct?
Mr. Mansfield. Yes, sir.
The Chairman. Okay.
Let me -- Mr. Secretary, may I turn to your three under secretaries
for a moment?
Mr. Mansfield. Pardon me, sir?
The Chairman. May I turn to your three under secretaries for a moment
for questions?
Mr. Mansfield. Yes, sir. That's what they're here for.
The Chairman. What would be the concern of the three of you of a
centralized approach, whereby we give a line of budget authority to the CIO?
What are the positives of that approach, and what are the negatives of
that approach with regard to centralized, let me just say this, recognizing
that testimony we just had before you took to this table, the testimony was
what you presently do is not mirrored anywhere, not anywhere.
So give me your counsel. Whoever wants to go first.
Mr. Mansfield. Dr. Perlin, do you want to go first?
Dr. Perlin. Thank you, Mr. Chairman for the opportunity to comment on
that.
First, let me acknowledge the positives of either centralization or a
federated approach.
We are One-VA. We should have seamless interoperability between
benefits
and health and commemoration of veterans, period. We should have an
architecture that supports and facilitates that.
Some might actually agree that the control of funds within the Office of
Information Technology will allow us to coordinate our projects and realize an
enterprise architecture that delivers that.
My concern about centralization really relates to our history, as well
as the experience of health information technology in the United States.
Health information technology is not pervasive. Less than 20 percent
of health care providers, certainly hospitals, have health information
systems, and
certainly VA has been hailed for its exceptional performance in delivery of
high-quality health care facilitated by health information technologies.
In fact, this month's issue of Healthcare Papers in Canada, (an entire
issue) was dedicated to understanding the improvement and the transformation
of VA. It recognized the health information technology as a supporting
technology,
and it recognized further the performance measurement and the accountability.
Sir, you asked about accountability. Our performance is our
accountability. Our performance is the fulfillment of our mission of high-
quality health care services.
We've had a history of a centralized health information before. In
fact,
before this very Committee, the Inspector General testified he did a
``flyoff''
between one centralized and one decentralized program. Ultimately it was the
centralized one that had failed.
It failed because it had characteristics that were similar to some of
the shortcomings of CoreFLS. It didn't engage the end user.
So with all due respect to what I've just heard in terms of testimony
and
with absolute cognizance of health information in the United States and the
experience of health care executives and chief information officers in health
care, I support the consolidation of the infrastructure, the generic
architecture, the enterprise architecture, but the attachment of development
to
the clinicians, to the end users is the defining characteristic and has been
reported in Healthcare Papers, among other journals, as the key feature of the
success of the health information system in VA.
So in the federated model, I think we gain the efficiencies but
preserve
that unique aspect of the information system that allows and has demonstrated
VA's ability to deliver high-quality care to veterans.
The Chairman. Admiral Cooper.
Admiral Cooper. Essentially, I would say that the devil is in the
details.
In my organization, VBA, we essentially have a centralized process.
In my opinion, I could acclimate to whatever decision is made.
The whole execution of the IT reorganization is dependent upon the
agreements that we have and how we execute them. My concern is that because
such a large portion of VBA's budget goes to paying people, if at times I have
to use money, I do not having full control of the budget. However, that is
something that can be worked out.
The Chairman. Mr. Wannemacher.
Mr. Wannemacher. The National Cemetery Administration supports the VA
CIO
by working within federated model. This insures we adapt and adhere to
Department goals which promote synergy and efficiency of business processes.
With the smallest of the three VA administrations IT budget, NCA has
operated with an internalized centralized system for the past 10 years in
order
to enhance memorial benefits and service delivery to our Nation's veterans and
their families.
Mr. Mansfield. Mr. Chairman, Dr. Perlin would like to add another
point, if he may.
Dr. Perlin. I think you asked for the pros and cons of the two models,
so
I was very taken by the testimony where it supported the thesis that I just
offered.
It was said that one of the risks is a lack of intellectual investment
in the activity.
That singularly has been the disconnect in the clinical community in
terms
of getting health information technologies to work. Maintaining that
connectivity with clinicians, is one of the key features. That is why I
recommend the federated model.
The Chairman. Secretary McFarland, if we were to give you line and
budget
authority, how do you place at ease the three under secretaries that you're
not going to stymie innovation, and their ideas?
There's a budget. There's only so many dollars. But you're part of a
team, and when we're now going to heed counsel that you paid a lot of money
for,
and he talked about the importance of collaboration between the business and
the CIO, how do we achieve a central model?
Mr. McFarland. Well, I believe in no matter which model you choose, a
key factor has to take place, and that is a customer orientation.
I've spent 33 years in the information technology sector, and I am a
full believer and have seen this environment be successful, where you have a
customer mentality.
IT is a tool. It's a business enabler. It serves its customers. It
should first serve the veteran in this organization and it should second serve
the employees, and the employees of the administrations.
If the users are not served, then IT fails.
So any IT organization that I've ever headed up or will ever head up
will
have a customer mentality that says that the people we serve every day and
supply power to, supply technology to, are the customers. They are the people
that we have to deliver services and technology that make their business
applications work.
We have to take input from them on what's required. They are the
experts.
IT itself is not a business application. IT is a tool. And it can
only be enabled if you're able to serve the customer.
Candidly, I haven't always seen a customer mentality in VA in the 18
months I've been here, and I believe we have to first and foremost take 6,000
IT
people out there, no matter what they're doing or where they're serving, and
get them to understand that IT and their participation is about serving the
customers -- the veterans and the employees.
The Chairman. All right. That was pretty hard.
We're well aware of, as we roll out in more areas the patient medical
records issues, that those words are all meant to be customer friendly and
help deliver and improve quality care.
So as Dr. Perlin would come up with an idea, all right, or roll out
into
another VISN, your job would be to make sure that it fits the architecture,
right, and hardware and software, right?
So you got to put a check in the box for that, under a centralized
approach?
Mr. McFarland. Yes, sir.
The Chairman. All right? Not that you're the guy that's to tell him,
``No, it cannot be done,'' or if you say it can't be done, then it's a real
issue that's got to be resolved then between Secretary Mansfield and the
Secretary, right?
Mr. McFarland. Well, under either model you have to be able to do
this.
Under either model, you have to be able to agree that anything the
user wants you to build or wants you to run has to be able to meet the
enterprise
architecture. It has to be able to fit within the One-VA approach to
delivering services.
Our job, in either model, is to advise the administrations and their
constituents exactly what will fit and what won't fit --
The Chairman. Okay.
Mr. McFarland. -- and then sit down and negotiate how we change a
specification, how do we move a design to make it fit. That's a collaborative
effort. It has to be done that way.
The Chairman. All right.
Mr. Michaud,.
Mr. Michaud. Thank you, Mr. Chairman.
I have one question for Mr. Mansfield.
I realize that the VA is still in the process of securing IT assets
and
restoring information systems and communication in the Katrina-affected area,
and this may be too early for the question.
But do you have any preliminary lessons learned on improving the IT
system
at VA, and how would IT reorganization have improved or hindered efforts
during this disaster?
Mr. Mansfield. Thank you for that question, sir.
I would make a couple of introductory comments, and then turn it over
to the experts here.
But I do know the one lesson -- and we do have a lessons learned group
out
of our readiness operations center that is currently in the process of coming
up
with a total lessons learned for everything in this operation, as we do every
time we go through one of these exercises.
One lesson learned is that our backup communications systems were not
able
to do the job, and we need to go forward and find something better than we had
and get that on site and be able to use that so we can maintain
communications.
One of the aspects of our system, though, is fortunately, because of
our
planning, because of our training, we have folks out there that have been
through this, and were able to operate on their own even if communications was
interrupted from a certain point.
The other part of it is dealing with records, and I'll turn that over
to
Dr. Perlin, is that in general, we were able to make the move in time to be
sure
that any of the veterans in that affected area, no matter where they moved to,
the practitioners were able to get access to those records.
However, it does raise one issue that is a problem in our system, and
that
is that it oftentimes, again in these, as I say, decentralized operations,
each
one doesn't fit across the whole system, and that's where we need to go, where
instead of having to work a special fix each time, we can ensure that across
the
total system, those records are interoperable.
And I would ask Dr. Perlin to comment on that, and then Mr. McFarland.
Dr. Perlin. Thank you, Secretary Mansfield.
Congressman Michaud, thank you for the question.
I actually have in front of me two articles from today.
One: ``Katrina Shows Need to Computerize Records,'' Orlando Sentinel,
talking about how effective having electronic health records were.
And a similar article from Government Computer notes, ``Agency IT
Provides Relief After Katrina.''
Both comment on VA's effectiveness in meeting the mission: That's
serving
veterans - ultimately our mission, not an IT mission - a mission of patient
care, because those records could be made available to the entire system,
being hosted at another facility, even after New Orleans came off-line.
The deputy had mentioned one important improvement, that backup
communications henceforth will have satellite uplinks, and we appreciate the
collaboration with the Office of Information Technology in establishing those
at Biloxi and Jackson in the middle of the crisis to provide broadband
communications.
The second is that --
The Chairman. Can I interrupt a second?
I want you to correct me if I'm wrong.
There's no single data repository for all of these records. Would
that not be correct? That's correct, is it not?
Dr. Perlin. That is correct.
The Chairman. Okay. So when a patient was transferred directly from,
whether it's New Orleans to Houston, or Biloxi to Jackson, somebody had to
back up a tape.
So when that patient was taken directly to Houston, Houston couldn't
come on line, show a doctor, ``Here's what the medical record is,'' that it
had to be backed up and inserted?
Dr. Perlin. No, that record would have been, Sir, available had there
been connectivity between New Orleans and Houston.
Under the circumstance, the latest footprint, the most recent data was
acquired in fact, during the storm. In fact, that's one of the take-home
lessons: that the facility could continue to operate independently!
Let me turn to Mr. McFarland in terms of our corporate repository.
Mr. McFarland. It is true that, in order to get the records from New
Orleans to Houston, we did have to take a tape from New Orleans bring it to
Houston, install a configuration that was equal to the New Orleans
configuration, and then bring it up.
One of the initiatives that Dr. Perlin's people and myself have been
working on some two months now, two-and-a-half, three months now, is the
concept
of regional data processing centers, so that we can get to a point where these
records will not have to be moved by tape, that they would be accessible
anywhere within a region that a veteran would be able to go.
But, yes, currently today, they are different instances, different
configurations based on medical centers, but there is a process in place to
change that.
The Chairman. All right.
Mr. Michaud, I want to thank you for yielding to me, because that's a
fine
example of why I'm hesitant on a federated approach, because we think that
this is all out there, but it's really not if you don't have the word,
``connectivity.''
I yield back to the gentleman.
Mr. Michaud. That's a good point, Mr. Chairman.
Actually, that was going to be my follow-up question. Is there a
central
place where there is a backup, and if so, where is that, or do you envision
that being so?
Dr. Perlin. Sir, there is backup of corporate data nationally. It
doesn't integrate as one seamless record at this moment.
The project Mr. McFarland described, the health data repository, will
allow it to operate as one seamless health record.
The reason it does not is not because we willfully wanted to have
different instances of VISTA. The reason it is as it is now is entirely an
artifact of history.
Even ten years ago, let alone 20 years ago, one didn't think in
terabytes
of data or national data files. It was really quite miraculous to stand up
one hospital on one system.
In fact, as they evolved over time, there was differentiation.
The task before us, and Mr. McFarland and I are absolutely in lockstep
agreement on this, is that there be one consistent instance of the system of
the
electronic health record, and it's that which allows in this really imminent
next generation of the health data repository one seamless record across the
United States.
Mr. Mansfield. Sir, if I may add a follow-up to that, to the
Chairman's
point, it's my belief in the federated model that we're talking about and
recommending to go forward with, that the issue you brought up would be solved
because there would be one operational system that would be under the control
of
the CIO, across the whole VA, and that would take care of not only the problem
with VHA, but it would, when we get to the final point, also give us One-VA
where the veterans' records would be accessible across the system.
So in the model that I'm looking at and proposing, we would have that
solution, sir.
Mr. Michaud. I want to follow up on that question.
So what would happen if we had a terrorist attack and it took out that
system? What would happen as far as the records?
The Chairman. The national system or the local system?
Mr. Michaud. Yes, the national system.
Mr. McFarland. Well, first off, sir, we would never have a single
instance of any system.
I believe we will be able to put those records, that national system
in
multiple locations, and have a mirror image of those at all times, so that no
matter whether we lose any specific site, we will be able to recover
immediately
from the backup site, and that's a mirroring effect. You don't want it to be
anything except a mirrored image.
Mr. Michaud. Thank you very much.
And Mr. Chairman, Dr. Perlin had mentioned a couple of articles. We
do
not need them for the record, but if he could provide the Committee with those
articles, I'd appreciate it.
The material was provided to the Committee, and is maintained in the
Committee files.]
The Chairman. Thank you, Mr. Michaud.
Mr. Michaud. Thank you.
The Chairman. Mr. Bilirakis.
Mr. Bilirakis. This is not, I guess, considered a very sexy subject,
high-profile, et cetera, and yet we've got a room full of people here.
I mean, to me that's very meaningful. There's concern in this area.
There's a lot of interest in this area. And I'd like to say there's a lot of
frustration in this area.
Mr. McFarland, Mr. Secretary McFarland -- I guess you're Secretary,
right?
Mr. McFarland. Assistant Secretary.
Mr. Bilirakis. Under the federated model that Mr. Mansfield and others
have talked about putting that into effect, you would be in charge, I guess.
Would you have the adequate authority to be able to do what is
necessary
to be done, referring now again -- I don't know whether Ms. Koontz is still in
the room -- referring again to the challenges that she mentioned, the
implementation practices, the obtaining relevant resources, the collaboration.
Would you have the adequate authority?
Now, I know you guys work next to each other and you probably go to
lunch together and you're friends, as well you should be.
But can you be honest with us?
Mr. McFarland. As long as I have what I would consider, and this may
not
be the right government word, but I'll use it anyway, as long as I have veto
power over the way money is spent on IT infrastructure and IT projects --
Mr. Bilirakis. How about if money is spent for -- money which may be
allocated to IT, but is not being proposed to be spent for IT, is being used
for any other purposes?
Mr. McFarland. Well, then, would that be the case, then I would not
have the control, no.
But I don't believe that is the intent of either model, If I
understand what we're working --
Mr. Bilirakis. I'm sure it's not the intent, officially the intent.
What happens now? You have money allocated to IT, and is all of it
being spent on IT?
Mr. McFarland. I daresay, according to what staff tells me, it is not.
I do not have visibility into all of the money being spent today, and
as to whether it is completely spent on IT --
Mr. Bilirakis. Should you not have that authority?
Mr. McFarland. I definitely should have.
Mr. Bilirakis. You should have that authority, and you would not have
under the model that is proposed by the VA, would you?
Mr. McFarland. No, I believe I could have it under either model. I
don't have it today, but I could have it under either of the models that are
proposed here.
Mr. Bilirakis. Well, I should think that it's not a matter of could
have.
I think it should be a matter of should have or will have based on the way
legislation is crafted.
The VA has spent, what is it, half a billion dollars, whatever, what
the figure was for the consultant that we talked about earlier.
They disagree, the VA disagrees with the consultant's recommendations.
As I understand it the piece of legislation which the Committee is crafting is
consistent with the consultant's recommendations.
How do you feel about that?
Mr. Mansfield. Sir, I would say that --
Mr. Bilirakis. I was asking Mr. McFarland, but I would like to hear
from you, too, Gordon.
Mr. Mansfield. Sir, I would say that we have agreed with one of the
options, and the consultant, as requested, came up with a number of options,
and
we believe that, based on his input plus other input, that the one that we've
chosen is the best one for the organization.
Mr. Bilirakis. Are you saying the consultant --
Mr. Mansfield. We didn't say that ``You have complete control and
you'll run this.'' We said, ``We want you to make recommendations.''
We've taken those recommendations inside the Department, and as I
mentioned, at the Secretary's direction, we've had numerous discussions with
the CIO and the administrations and come up with what we have --
Mr. Bilirakis. So the consultant suggested a number of options and the
centralized model which is going into the legislation is one of them, but the
federalist -- the federated model --
Mr. Mansfield. Yes, sir. And I believe his testimony that he
presented
here indicates that those two are the preferred -- those two are the preferred
models.
Mr. Bilirakis. Mr. McFarland, what say you?
Mr. McFarland. I believe that I can support a federated model based on
the concept that the very first thing we need to do is get our arms around the
infrastructure.
The reason we have stovepipes today is because the infrastructure is
divided among the administrations. There is no collaboration. There is no
joint use. There is none of that today. And that is the primary reason for
the stovepipes. And I also --
Mr. Bilirakis. Would the federated model be consistent with that
particular status quo?
Mr. McFarland. The federated model would solve that. Both the
centralized and the federated model would solve that issue.
The other thing, candidly, that I have to look at as a political
appointee
is, I have a limited amount of time to pour what I call concrete with good
rebar, and that is that what can I do quickly in my three years left here that
I can do to make sure that we make change that stays here; and certainly, the
infrastructure is the quickest return on investment.
Mr. Bilirakis. Which model would you prefer, sir? You, our political
appointee?
The Chairman. In your personal opinion.
Mr. McFarland. In my professional opinion --
Mr. Bilirakis. Personal, professional, any kind of opinion.
Mr. McFarland. -- I support what the consultant said.
That being said, it is the big bang, and the big bang has a great
amount of risk to it.
And at the direction of the Secretary and the deputy --
Mr. Bilirakis. Are you a lawyer, Mr. McFarland?
Mr. McFarland. Pardon me, sir?
Mr. Bilirakis. Are you a lawyer?
Mr. McFarland. No, sir, I am not a lawyer.
Mr. Bilirakis. Well, you know how to dance around these questions.
Mr. McFarland. I'm not trying to dance, sir.
I'll be honest and tell you, in my professional opinion and my
personal
opinion, the centralized option is the best thing in the long run for the VA.
Mr. Bilirakis. Okay.
Mr. McFarland. I'm also a realist and know that we have to take this
thing a step at a time. There are no --
Mr. Bilirakis. Okay, and that's good. I really appreciate your adding
those additional words. We have to take it a step at a time and what not.
And I think it's important that the Committee understand, I know that
the Chairman understands, that we don't want to do any harm here. We don't
want to cause more problems.
And we understand also, or we should understand, hopefully we
understand
correctly that you're on the line and you know this stuff better than we do.
But, you know, we have concerns. The major VA IT investments that
have
failed in the past, who was -- you know, the questions, who was in charge of
the
following programs: VETSNET, CoreFLS, VISTA, two billion dollars down the
drain, that could have gone to health care, Mr. Secretary.
I understand the CIO was not in charge. Who was in charge? Who is
currently in charge of management of these programs?
We can get answers from you, but these things have happened.
Now, there's a level. We've already said great things about the VA.
We've commended you. Frankly, I felt like standing up and applauding you on
the
work that you have done on Katrina and your help with 9/11 back in 2001, et
cetera.
But there are a lot of failures here, and so there's a lack of
credibility, I would say.
And Dr. Perlin -- you know, you want to put up your hand -- you're a
doctor, and you care about health care, and you don't mind my concern. I've
chaired the Health Subcommittee on the Energy and Commerce Committee for 10
years on health care, and I'm very much concerned with it all.
By God, the question that Mr. Michaud asked, about why the Houston
computers had to be reconfigured in order to be able to use that tape? What's
wrong? Something is wrong with that scenario.
And I'm going to ask, on behalf of -- I'm vice Chairman of the
Committee. I've already cosponsored the legislation.
But I'm going to ask that we sit down with you all and that you'll be
yielding, that you'll be yielding, that you're not going to be stubborn and
say, ``Hey, our model is the model that we want to go to and we don't want to
cooperate as far as a centralized model is concerned.''
But Mr. McFarland, who I think can see the forest for the trees
hopefully,
has said that the centralized model is clearly the preferred one. He said he
can work with both of them, I think, as I understand his paraphrasing his
statements, but that's the better model.
Now, should that model be twisted a little bit and whatnot to make
sure
that no harm is done? I suppose so. But we've all got to be open minded.
I've taken a lot of time, Mr. Chairman. I apologize for it. But I've
sat in these meetings all through the years. We had our roundtable the other
day. I
just can't get over how little Estonia can do what they've done and how we
can't even do it within one of our departments.
Thanks, Mr. Chairman.
The Chairman. Mr. Michaud.
Mr. Michaud. Thank you, Mr. Chairman.
I'm reading the GAO Report, and I have one question, Mr. Chairman.
According to a memorandum dated back in August of 2002 from Secretary
Principi, in that memorandum, he talked about realigning to a central IT
system. That was back in 2002.
The GAO reported in September of 2002 that it would build credibility,
it
would achieve a One-VA, it was bold, it was innovative, and that memorandum
was
signed in 2002.
My question is, why hasn't it happened? That was for a centralized
system.
Mr. McFarland. I've only been here 18 months, so I didn't have the
benefit of being here at that time, but I've done my best to look into the
history.
I believe the intent was there. With all due respect to my
predecessor, I
do not believe it was executed on. It's as simple as that.
Mr. Michaud. I guess from the VA side this was signed by the former
Secretary.
What has been done to move it to a centralized system?
And I realize, Mr. Mansfield, you've only been there for a short time,
as well. I don't know if Dr. Perlin or --
Mr. Mansfield. Sir, the effect of that memo was carried out with a
change, I believe, of 97 personnel being in effect dual-lined, reporting both
to the CIO and to the administration head, and then further down the line.
And as I mentioned in my oral statement, there was work done on a
One-VA
enterprise architecture. There was a move towards project review that got the
Office of the CIO the ability to sign off before money could be authorized.
There was a modernization of the telecommunications infrastructure
that
Mr. McFarland finished, which is saving us millions of dollars, the
implementation of an effective cyber security program -- for the first time in
history, VA has completed that and is certified -- and a move towards, only a
move towards, consolidating control over IT budgets, expenditures, and
personnel.
And as I indicated, what Mr. McFarland and I were looking for when we
asked for the outside consultant to come in was to look at, based on that
change, where we were and what did we need to do to go forward so that we
would
have a plan, and then we could, inside the Department, make a decision or make
a recommendation to the Secretary, based on his final decision then, as you
said, sir, assume the responsibility and move forward.
Mr. Michaud. If I might, Mr. Chairman, just follow up.
Mr. McFarland, you said you've only been there 18 months. That's a
year-and-a-half.
Did you make any attempt to try to move forward on this memorandum?
Mr. McFarland. Well, as soon as I got my hands on the memorandums and
the
history is when I sat down with the new deputy and said, ``We are not where
this
says we were supposed to go. I think we need to get an understanding of where
we are and then figure out how we get to go where we're supposed to go.'' And
that's what generated the Gartner study.
And, you know, it took me some time to get that contract awarded. We
have
our share of issues in the area of getting contracts, so it took some matter
of months before I could actually get a contract out.
So I apologize for having been here 18 months and not getting it done
sooner, but I moved about as fast as I was able to, sir, candidly.
Mr. Michaud. Okay. Thank you very much.
Thank you, Mr. Chairman.
The Chairman. You know, Mr. Michaud, when you talked about what's been
done in moving toward that direction of centralization, I couldn't help but
think there's also been a trip, a stumble, and a fall.
And I recall the trip, the stumble, and the fall: CoreFLS, VETSNET,
and VISTA, and some of that was outside of control and responsibility.
And so what I'm hopeful, I think, as we move toward this
centralization,
that there's not going to be a lot of fingerpointing. We're going to know how
we're going to make the system accountable.
At this moment, I want to pause, and I think we need to get some input
here from the chief information security officer.
We've heard from the other three under secretaries, and you work
directly
for McFarland. Now, we know that the Federal Information Systems Management
Act
gave an F on the report with regard to cyber security, and so we've got some
pretty strong concerns here.
And so if Congress were to move toward a centralized approach and
follow
the counsel of Gartner Consulting, as opposed to a federated approach -- so
take
federated approach and flush it out of your mind at the moment -- how do we
improve the cyber security under a centralized approach?
Mr. Cadenas. Thank you for the opportunity to be here, sir.
Tremendous opportunities in regards to a centralized approach, as
you've been talking about, sir.
With me working for Mr. McFarland, it allows me to go out there with
my
teams, established a more formalized process, applying hardening systems to
ensure configuration baseline, change control boards, everything, and bringing
in what I would call good systems engineering from a security point of view,
to out there and do that to the systems out there, to ensure hardening --
perimeter in depth, defense in depth approach.
The Chairman. So if we're under the centralized approach, the CIO,
your
boss, now owns the people for the three under secretaries, and then owns those
CIOs that go down regionally, right, and it continues to go down.
Do you believe that the centralized approach will regain control, or
could take this control away from these autonomous networks?
Mr. Cadenas. Well, sir, I've been there -- I'm a newbie, as well. I
will have my third anniversary here in November.
Yes, it will help in those areas, but what we have been doing is, we
have
developed a tremendous collaboration effort with the community in working with
us. The result of worms that we've experienced in the past have only applied
or reinforced the need for that strong collaboration.
The control that you're talking about, sir, that it will allow us to
have,
will allow us to act much quicker. A great deal of our success has been on
KOOMBAYA's, shared accountability working groups with the various communities
out there. Versus having that control, I can immediately engage and move out.
The Chairman. Well, if the Federal Information Systems Management Act
Report gave you an F --
Mr. Cadenas. Yes, sir.
The Chairman. -- I mean, come on. We need to move out swiftly here.
Mr. Mansfield. Sir, if I may, I believe that the federated model that
I'm
proposing would give him exactly the same capability. He would be able to do
it.
The Chairman. Well, I asked my particular question because I think
we're about to follow the centralized approach that you paid $5 million to a
consultant that's giving us counsel here.
And I know, Mr. Secretary, you're under tremendous pressures. You
have
three under secretaries that you also have to work with, and you've developed
relationships with.
And to be very frank with you, I don't have much patience, because
I've
been doing this for six years -- six years -- and I've watched the system, and
all along, it's been, ``Steve, let this mature, let it massage, we'll move in
that direction, incremental approaches.'' I'm pretty exhausted, Mr.
Secretary.
Mr. Bilirakis. Well, Mr. Chairman, sorry to hitchhiked upon your
comments.
This trying to set up an IT system that will be able to accomplish all
of
these things the way it should in today's high-powered electronic and
mechanical
world is significant, but it's even more so now because of the threat of
terrorism, because of natural disasters, and everything of that nature.
So, boy, we should all have lost our patience, not knowing what may
happen tomorrow.
But you seem to be intent on the federated model. The Committee seems
to be intent on the centralized model. Hopefully, there will be something in
between or at least some of your ideas certainly should be used to be part of
any legislation that comes up.
But what I'm wondering, Mr. Chairman, is if they're working towards a
federated model with their full speed ahead on the federated model, and we in
the meantime are thinking another way, and the time that it takes, of course,
to
get through the process, through this very unwieldy republic system of ours, it
becomes legislation, are they going to be expending dollars on a system that
will not -- that will be moot, basically, once we finally have --
The Chairman. That's a good question, and I think that's one that we
can also entertain off line, but just playing this out, my counsel to the
Secretary would be to be cautious, in how you proceed.
Because there is such strong bipartisan support on this Committee for
a centralized approach, we will immediately go to conference with the Senate,
where we also know that House Appropriations staff along the Senate
Appropriations staff is also embracing, I believe, a centralized approach.
So there is time between now and when we leave, potentially, on
November 18th, that we could actually send this to the President.
So, Mr. Bilirakis, your point is well made, and I think Mr. Mansfield
has heard the response.
I yield back to Mr. Bilirakis.
Mr. Bilirakis. Well, thank you, sir.
I would just hope, Mr. Mansfield, that you would -- you know, let's be
logical and reasonable and all this, knowing that this may be coming down the
pike, with hopefully suggestions from you all, which might sort of squirm it a
little bit, you know and change it a little bit and that sort of thing.
I don't know where it might be needed and acceptable that in the
process
of what you're doing with your federated model, you take all that into
consideration.
As I understand the federated model, it probably would be right on the
same path as the centralized model, anyhow, so hopefully, we're not talking
about any waste of dollars or waste of effort that would then have to be
undone later on.
Mr. Mansfield. Yes, sir. In fact, the Gartner report makes the point
for
the centralized model that it cannot be done in one step, that it will require
multiple steps, and the federated model is a part of that process, I would
believe, or can be made so.
Mr. Bilirakis. Okay. That's good. Thank you, sir.
The Chairman. Thank you.
Mr. Michaud.
Mr. Michaud. Just a comment, Mr. Chairman.
My question to Mr. McFarland wasn't to point fingers. It was more or
less
to find out why they have not moved in that direction, because having been
involved for a number of years at the state level, if sometimes individuals
who
are running programs, if they do not like the particular program, they'll do
everything they can to make sure that it doesn't happen, so that was my
questioning.
And I agree with you 100 percent on the accountability, and we
definitely
have to have accountability and make sure that the end users are involved in
doing it, because they're the ones that are going to have to use the system.
And I know that you will hold them accountable, and actually, in
Maine,
Mr. Chairman, we have a saying, and hopefully you don't take it
disrespectfully,
but knowing you just the short time I have known you, you're like a pit bull.
When you get something, you hold onto it, and you hold that accountability.
And I think we definitely will get that accountability. Looking
forward
to working with you, making sure that we have a system that everyone can live
with and will be accountable not only to the taxpayers but also to members of
Congress.
Thank you, Mr. Chairman.
The Chairman. Thank you, Mr. Michaud.
I appreciated the candor of the gentleman from Gartner Consulting in
that
it's almost like, well, of course, this isn't going to be out in the private
sector, because there it is for profit. Right? And if you're a government
enterprise, you don't have to worry about it. You do budget submissions. Who
wants to be against spending in the veterans' arena? Right?
And so trying to bring efficiencies to these processes, I mean, it is
our responsibility.
You know, there are a couple of really large procurement contracts
with
regard to IT that are sitting out there -- PAIRS and PCHS. PCHS and PAIRS.
So if we're about to move into this, tell me where we are on these two
larger procurement contracts that could involve billions of dollars. What are
we doing?
Mr. McFarland. Well, sir, we are currently operating under what's
called
PCHS II, which is a common hardware and software procurement vehicle that we
use
to buy all of our hardware and software throughout the VA. It's based on a
set of standards.
It has served us reasonably well, but it's due to be redone, because
it's
about to hit its cap, and we'll have to implement anew what I call PCHS III
next year.
I've been intimately involved with procurement and have made it clear
what I want out of PCHS III, which is different than what we've had in PCHS
II.
I want to get a lot more standardization, because it appeared as PCHS
II evolved, just about anyone could select something and get it on PCHS, and
that allowed them to buy it, and that did not serve us as well as I would have
hoped in our standardization efforts.
So PCHS III will produce a much stronger standardized environment.
Under any move that we make from an IT reorg, I will control that
hardware
and software buy, and I will see that we get standardization and that we get
common configurations out there through this contract.
The Chairman. I don't know where you are in the letting of these
contracts.
Mr. McFarland, should we not let these contracts until this
legislation is
in place, so that you've got this line of budget authority?
Mr. McFarland. We are still working under PCHS II, and will through a
part of next year.
I believe PCHS III isn't due to come online or be let, if you will,
the contract be let until about the middle of next year.
So we're at a point where nothing that you would do between now and
then would get in the way of any aspect of trying to modernize that
procurement vehicle.
The Chairman. All right.
Admiral Cooper, the Navy uses a process where the Fleet expresses a
need
for a new system, provides requirements, and the systems commands work with
the
Pentagon and the Fleet users to build a system that meets the Fleet's needs.
The process is very structured and has rigorous reviews at many levels
in the acquisition chain of command, does it not?
Admiral Cooper. That's correct. Yes, sir.
The Chairman. Do you similarly see a structure and would you like to
see a
system very similar to that within the systems that you presently control?
Admiral Cooper. Yes, sir.
The Chairman. I'm going to give it to you.
This hearing is now concluded.
[Whereupon, at 12:08 p.m., the Committee was adjourned.]
�