Report Summary

Title: Program of Comprehensive Assistance for Family Caregivers: IT System Development Challenges Affect Expansion
Report Number: 20-00178-24 Download
Issue Date: 6/8/2021
VA Office: Veterans Health Administration (VHA)
Report Author: Office of Audits and Evaluations
Report Type: Audit
Release Type: Unrestricted

VA’s Program of Comprehensive Assistance for Family Caregivers provides benefits such as monthly stipends to approved caregivers of eligible veterans. The VA MISSION Act of 2018 expanded eligibility for the program from veterans injured on or after 9/11 to include veterans injured in any conflict. The prerequisites to expansion include an information technology (IT) system that fully supports the program. The OIG assessed VA’s efforts to implement this IT system and compliance with schedule and system performance requirements, as well as the development costs.

The OIG recognizes VA’s significant efforts and the challenges involved. Millions of veterans, if determined eligible, may be considered for participation in the program. However, the OIG found that VA did not meet the MISSION Act’s October 1, 2018, deadline for implementing an IT system, nor the October 1, 2019, reporting requirement. This was due in part to governance issues and lack of continuity in leadership when upgrading and replacing the legacy system.

The new IT system, the Caregiver Record Management Application (CARMA), was implemented on October 1, 2020, two years after the MISSION Act’s requirement.

VA informed the OIG on January 22, 2021, that CARMA now includes functionalities that meet MISSION Act requirements. However, the OIG found VA did not establish the appropriate security risk category and fully assess the system’s privacy vulnerabilities.

The OIG made four recommendations: (1) establish policies and procedures for joint governance on all IT projects to ensure efforts provide an adequate return on investment and achieve program objectives; (2) enforce an existing process to help IT projects deliver and sustain the intended outcomes, ensuring the Program and Acquisition Review Council evaluates underperforming projects; (3) reevaluate elevating the system’s risk category to better protect health information and other sensitive data; and (4) establish agency-wide policies and responsibilities for managing IT projects.