Veterans Affairs banner with U.S. FlagVeterans Affairs banner with U.S. Flag

Office of Budget

Fiscal Year 2005 Performance and Accountability Report
Published November 15, 2005

Back to Table of Contents

Enabling Goal: Applying Sound Business Principles

Enabling Objective E-3: Reliable and Secure Information Technology

Implement a One VA information technology framework that supports the integration of information across business lines and that provides a source of consistent, reliable, accurate, and secure information to veterans and their families, employees, and stakeholders.

FY 2005 Performance Results

Supporting Performance Measure

The number of business lines transformed to achieve a secure veteran-centric delivery process that would enable veterans and their families to register and update information, submit claims or inquiries, and obtain status

Performance Results

Transformation of business lines is a multi-year effort. As such, VA did not expect to transform any business lines in 2005. Although no business lines were completely transformed in 2005, VA made significant progress in this area as described below:

  • Established an office dedicated to executing the E-Gov program. This office is implementing 16 E-Gov Initiatives and transforming 5 E-Gov lines of business to comply with the governmentwide E-Gov architecture. This effort will provide veterans with electronic access to VA services conveniently and efficiently, as well as create operating synergies and reduce costs.
  • Developed version 4.0 of the Enterprise Architecture, which establishes the framework under which all IT projects will support the One VA strategy. Version 4.0 received a passing score from OMB.
  • Completed planning and development of a shared data schema and exchange architecture with DoD that enables enhanced access to more timely and accurate military service personnel data, thus expediting a veteran's access to VA benefits. For example, DD-214 separation data are now available to VA in 3 days versus the previous 90 days, which expedites VA outreach and provides much more timely information upon which enrollment and eligibility decisions can be made.

Two key programs supporting the One VA business line transformation are as follows:

  • Aggressively executing the Contact Management program, which will provide a single portal for veterans and their families to access and update personal information and obtain status.
  • Establishing detailed requirements for the Registration and Eligibility program that will provide a single point of registration and eligibility for veterans, thus eliminating the multiple instances of registration that exist today.

Related Information

Major Management Challenges

The following major management challenges have been identified for this strategic objective:

OIG
GAO
  • Financial Management Weaknesses: Information Systems Security and Financial Management System Integration (more details)
  • Enterprise Architecture Documentation (more details)
  • Performance Measures (OIT) (more details)
  • Protecting The Federal Government's Information Systems and the Nation's Critical Infrastructures: A High-Risk Area (more details)
  • Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security: A High-Risk Area (more details)

Program Evaluations

No independent program evaluations have been conducted that specifically address this objective.

Program Assessment Rating Tool (PART) Evaluation

No PART evaluations have been completed that specifically address this objective.

New Policies and Procedures

In an effort to improve project planning and monitor execution, VA successfully began the process of implementing Earned Value Management (EVM) on VA's entire major IT program. EVM is a set of business practices and processes used to measure actual project performance, which may be used to forecast completion schedule and cost variance. All work is planned, budgeted, and scheduled in time-phased "planned value" increments constituting a cost and schedule measurement baseline. EVM is widely considered an industry best practice, and it is mandated by the President's Management Agenda and OMB. VA is using the Telecommunications Modernization Project (TMP) to move from loosely federated independent networks to a single, high performance wide-area data network capable of supporting enterprise-wide applications. TMP will offer service level agreements for performance and reliability at every service delivery node on the network. E-Authentication, an E-Gov initiative, will positively impact the veteran by allowing the application for benefits through the Internet.

Other Important Results

As of August 31, 2005, VA certified and accredited all operational information technology systems. All known risks have been assessed, and system owners are now working on mitigating those risks. OIT provided VA field facilities with a vulnerability scanner and automated patch installation system to minimize risk to the VA network and deployed the Host Intrusion Prevention System, which blocked thousands of infection attempts across the VA network. OIT provided analytical incident support through a functional Security Operations Center, which was a significant factor in successfully mitigating the impact of several major computer viruses and worms infecting VA systems and networks in 2005. Through the security training program, VA increased the number of Certified Information System Security Professionals from 82 to 102 and the number of Certified Security Practitioners from 405 to 735. Additionally, 798 VA security and privacy professionals obtained advanced training at VA's annual cyber security conference.

Recognizing that standardization of project management guidelines and procedures is critical to the success of the One VA IT enterprise, VA aggressively implemented a training program that provides a clear understanding of the processes and knowledge areas common to all projects. Individuals completing the seven-course curriculum receive a master's certificate in project management and VA project manager certification. VA's training and certification program has been recognized as a model for agencies throughout the federal government.

VA's information security program, designed to protect the confidentiality, integrity, and availability of veterans' private information, provides assurance that cost-effective cyber security controls are in place to protect automated information systems from financial fraud, waste, and abuse. Within the Department, all employees, volunteers, and contractors completed annual privacy training as required by the Health Information Portability and Accountability Act (HIPAA) and VA policy. VA achieved HIPAA Security Rule compliance after extensive review of VA regulations, operations, and policy. VA conducted several employee focus groups and veteran feedback sessions to better understand employee and veteran privacy concerns. In addition VA conducted a privacy risk assessment in December 2004 and has scheduled quarterly risk assessments for 2006 to ensure that VA discovers and mitigates any privacy risks.

The One VA Enterprise Program Management Office initiative is charged with developing a standard set of portfolio and project management policies, processes, procedures, tools, and training and certification requirements across the Department. The program ensures a greater probability of achieving consistent, repeatable project results in support of VA's mission and goals.