Report Summary

The OIG contracted with the independent public accounting firm CliftonLarsonAllen LLP (CLA) to audit VA’s financial statements. This audit is an annual legislative requirement. CLA provided an unmodified opinion on VA’s financial statements for FY 2021 and FY 2020. It identified three material weaknesses in internal control in the following areas: (1) controls over significant accounting estimates; (2) financial systems and reporting; and (3) IT security controls. The material weakness involving information technology security controls has been reported for more than 10 years. CLA made recommendations for addressing each of the material weaknesses. CLA also identified two significant deficiencies, previously reported as material weaknesses in FY2020, in the following areas: 1) obligations, undelivered orders, and accrued expenses; and 2) entity-level controls including chief financial officer organizational structure. The firm is responsible for its audit report dated November 15, 2021, and the conclusions expressed in it.

CLA also reported instances of noncompliance with laws and regulations. Among these, VA did not substantially comply with federal financial management systems requirements and the United States Standard General Ledger at the transaction level, as required by the Federal Financial Management Improvement Act. The auditors attributed this to VA’s complex, disjointed, and legacy financial management system architecture, which no longer supports stringent and demanding financial management and reporting requirements. VA continued to be challenged in consistently enforcing established policies and procedures throughout its geographically dispersed portfolio of outdated applications and systems.