Oversight Report
Interim Summary Report - Healthcare Inspection - Patient Safety Concerns at the Washington DC VA Medical Center, Washington, DC
On March 21, 2017, a confidential complainant forwarded to the Office of Inspector General (OIG) documents describing equipment and supply issues at the Washington D.C. VA Medical Center (the Medical Center) sufficient to potentially compromise patient safety. OIG promptly reviewed the documentation. On March 29, 2017, OIG deployed a Rapid Response Team to assess the allegations. OIG’s team conducted interviews, collected documents, and conducted a physical inspection of the Medical Center’s satellite storage areas on March 29–30, 2017. The team returned for an additional site visit on April 4–6, 2017, and is on-site for a third inspection at the time of this report’s publication. OIG has preliminarily identified a number of serious and troubling deficiencies at the Medical Center that place patients at unnecessary risk. Although we have not identified at this time any adverse patient outcomes, we have found other issues. At least some of these issues have been known to the Veterans Health Administration (VHA) senior management for some time without effective remediation. Although our work is continuing, we believed it appropriate to publish this Interim Summary Report given the exigent nature of the issues we have preliminarily identified and the lack of confidence in VHA adequately and timely fixing the root causes of these issues. We are also including recommendations for immediate implementation.
Special Publication
OIG Monthly Highlights
CONGRESSIONAL TESTIMONY Deputy Assistant Inspector General for Audits and Evaluations Testifies Before the House Committee on Veterans Affairs Subcommittee on Oversight and Investigations on VA Financial Management Mr. Nick Dahl, Deputy Assistant Inspector General for Audits and Evaluations, Department of Veterans Affairs (VA), Office of Inspector General (OIG), testified before the House Committee on Veterans’ Affairs Subcommittee on Oversight and Investigations on the results of the audit of VA’s consolidated financial statements and its progress on reducing improper payments. Mr. Dahl focused on the increase in material weaknesses from fiscal year (FY) 2015 to FY 2016 and the elevation of a significant deficiency to a material weakness. The new material weaknesses relate to (1) education benefits accrued liability and (2) actuarial estimates for compensation, pension, and burial benefits. The issue of the relationship between VA’s Chief Financial Officer (CFO) and Veterans Health Administration’s (VHA) CFO was elevated from a significant deficiency. The Subcommittee and the hearing witnesses also discussed the definition of improper payments and efforts to reduce them. Mr. Dahl was accompanied by Ms. Sue Schwendiman, Director, OIG Financial Audits Division.
Oversight Report
Review of Alleged Misuse of Resources by VHA’s Strategic Investment Management, Business Architecture Division
In February 2015, the Office of Inspector General received an anonymous Hotline complaint stating that the Veterans Health Administration’s (VHA) Strategic Investment Management, Business Architecture Division misused Government funds when it purchased Troux Technologies’ Architect software. The complainant also stated that VA had project management and architecture tools available; and therefore the purchase of this software was a duplication of existing software functionality. The OIG conducted this review to determine the merits of the allegations. We did not substantiate the allegation that VHA acquired Troux Technologies’ Architect software. However, VHA procured other Troux Enterprise Portfolio Management (EPM) tools, including Troux Navigate for a report-creation capability and Troux Insight as a business analysis engine. We did not substantiate the allegation that the purchase of other Troux services was a duplication of existing VA project management and architecture software functionality. At the time of the allegation, VHA was developing EPM capabilities through a contract with Troux Technologies, Inc. Prior to awarding the contract to Troux Technologies, Inc., VHA conducted a review of business activities and identified functionality gaps for portfolio management. VHA’s “Alternatives Analysis Review,” provided several possible vendor solutions to address the gaps, one of which was Troux EPM software. The analysis identified weaknesses within VA existing systems inventory and noted that the current toolset could not provide portfolio management functionality without extensive modification. We conducted a review of VA’s systems inventory and found no EPM capability that met VHA’s requirements. We did not substantiate the allegations. Accordingly, we have no recommendations for improvement. Management concurred with our report and did not provide any comments.
Oversight Report
Review of Alleged Irregular Use of Purchase Cards by VHA’s Engineering Service at the Carl Vinson VA Medical Center in Dublin, Georgia
The Office of Inspector General conducted this review in response to allegations that Dublin VA Medical Center (VAMC) purchase cardholders split purchases and made duplicate payments to Ryland Contracting Incorporated and Sterilizer Technical Specialists. We substantiated the allegation that VAMC Dublin cardholders in Engineering Service made unauthorized commitments by splitting purchases and exceeding micro purchase limits. Of 130 sampled purchases made from October 2012 through March 2015, 23 were split purchases that avoided the $3,000 limit for supplies and 14 were purchases that exceeded the $2,500 limit for services. This was not prevented because approving officials did not adequately monitor cardholders to ensure compliance with VA policy. As a result, of 5,100 purchase card transactions totaling about $7.1 million, we estimated about 100 transactions totaling about $240,000 (3.4 percent) were unauthorized commitments and improper payments. We did not substantiate the allegation that cardholders made duplicate payments to Ryland Contracting Incorporated and Sterilizer Technical Specialists. However, we found cardholders inappropriately made 91 micro purchases for services received from these vendors without establishing contracts. This was not prevented because approving officials did not adequately review cardholder transactions to identify service purchases exceeding Veterans Health Administration’s (VHA) $5,000 threshold for establishing contracts during a fiscal year. As a result, cardholders purchased and received services totaling about $218,000 that avoided Federal competition requirements. We recommended the Veterans Integrated Service Network 7 Director review transactions for unauthorized commitments, submit ratification requests, emphasize the importance of monitoring cardholders, provide training, and ensure approving officials do not exceed the limit of assigned cardholders. In addition, we recommended the Director ensure contracts are established in accordance with VHA policy and take appropriate administrative action for each cardholder who made unauthorized commitments.
Press Release
Owner Of Computer School Admits $2.8 Million Veterans’ Retraining Assistance Program Education Fraud
The owner of a computer training company pleads guilty to defrauding the VA of over $2.8 million in education benefits.
Oversight Report
Review of Alleged Mismanagement of VHA's Patient Transportation Service Contract for the Jesse Brown VAMC in Chicago, IL
In March 2015, the Office of Inspector General received an allegation of mismanagement of the patient transportation service contract for the Jesse Brown VA Medical Center, Chicago, IL, which resulted in a waste of funds. We substantiated the allegation of contract mismanagement. Specifically, the Great Lakes Acquisition Center (GLAC) contracting officer (CO) did not adequately validate performance requirements to determine the required quantity of transportation trips. The CO did not adequately determine price reasonableness or fully fund the contract prior to obligating the Government. Finally, the CO did not document required contract information in VA’s Electronic Contract Management System (eCMS). This occurred because the GLAC CO did not ensure required reviews were performed for the awarded contract and for four modifications that either funded or extended the contract, increasing its value from about $885,000 to more than $6 million. Also, VA did not solicit competition to ensure fair and reasonable pricing. As a result, VA lacks assurance that the amount paid was the best value to the Government. In addition, VA potentially violated the Antideficiency Act (ADA) if funds were not available at the time VA incurred obligations for the services performed. We recommended that the Veterans Health Administration (VHA) ensure compliance with policies to perform required oversight reviews and ensure eCMS includes complete contract information. We also recommended that VA compete future patient transportation service contracts. Lastly, we recommended that VHA determine if an ADA violation occurred. The Acting Under Secretary for Health concurred with our report and recommendations, and provided a plan for corrective action. We considered the plan acceptable and will follow up on its implementation.
Oversight Report
VA's Federal Information Security Modernization Act Audit for Fiscal Year 2016
The Federal Information Security Modernization Act (FISMA) of 2014 requires agency Inspectors General to annually assess the effectiveness of agency information security programs and practices. Our FY 2016 audit determined whether VA’s information security program complied with FISMA requirements and applicable National Institute for Standards and Technology guidelines. We contracted with the independent accounting firm CliftonLarsonAllen LLP to perform this audit. VA has made progress developing policies and procedures but still faces challenges implementing components of its agency-wide information security continuous monitoring and risk management program to meet FISMA requirements. While some improvements were noted, this audit identified continuing significant deficiencies related to access controls, configuration management controls, continuous monitoring controls, and service continuity practices designed to protect mission-critical systems. Weaknesses in access and configuration management controls resulted from VA not fully implementing security standards on all servers, databases, and network devices. VA also has not effectively implemented procedures to identify and remediate system security vulnerabilities on network devices, databases, and server platforms VA-wide. Further, VA has not remediated approximately 7,200 outstanding system security risks in its corresponding Plans of Action and Milestones to improve its information security posture. As a result, the FY 2016 Consolidated Financial Statement audit concluded that a material weakness still exists in connection with VA’s information security program. This report contains 33 recommendations for improving VA’s information security program. We recommended the Acting Assistant Secretary for Information and Technology implement comprehensive measures to mitigate security vulnerabilities affecting VA’s mission-critical systems. The Acting Assistant Secretary for Information and Technology agreed with our findings and recommendations. We will monitor the implementation of corrective action plans.