October 26, 2021

News

News Network

Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data

7 min read
<div>What GAO FoundAlthough FDIC had implemented numerous controls in its systems, it had not always implemented access and other controls to protect the confidentiality, integrity, and availability of its financial systems and information. FDIC has implemented controls to detect and change default user accounts and passwords in vendor-supplied software, restricted access to network management servers, developed and tested contingency plans for major systems, and improved mainframe logging controls. However, the corporation had not always (1) required strong passwords on financial systems and databases; (2) reviewed user access to financial information in its document sharing system in accordance with policy; (3) encrypted financial information transmitted over and stored on its network; and (4) protected powerful database accounts and privileges from unauthorized use. In addition, other weaknesses existed in FDIC’s controls that were intended to appropriately segregate incompatible duties, manage system configurations, and implement patches.An underlying reason for the information security weaknesses is that FDIC had not always implemented key information security program activities. To its credit, FDIC had developed and documented a security program and had completed actions to correct or mitigate 26 of the 33 information security weaknesses that were previously identified by GAO. However, the corporation had not assessed risks, documented security controls, or performed periodic testing on the programs and data used to support the estimates of losses and costs associated with the servicing and disposal of the assets of failed institutions. Additionally, FDIC had not always implemented its policies for restricting user access or for monitoring the progress of security patch installation.Because FDIC had made progress in correcting or mitigating previously reported weaknesses and had implemented compensating management and reconciliation controls during 2010, GAO concluded that FDIC had resolved the significant deficiency in internal control over financial reporting related to information security that was reported in GAO’s 2009 audit, and that the remaining unresolved issues and the new issues identified did not individually or collectively constitute a material weakness or significant deficiency in 2010. However, if left unaddressed, these issues will continue to increase FDIC’s risk that its sensitive and financial information will be subject to unauthorized disclosure, modification, or destruction.Why GAO Did This StudyThe Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC’s work, effective information security controls are essential to ensure that the corporation’s systems and information are adequately protected from inadvertent misuse, fraudulent use, or improper disclosure.As part of its audits of the 2010 financial statements of the Deposit Insurance Fund and the Federal Savings & Loan Insurance Corporation Resolution Fund administrated by FDIC, GAO assessed the effectiveness of the corporation’s controls in protecting the confidentiality, integrity, and availability of its financial systems and information. To perform the audit, GAO examined security policies, procedures, reports, and other documents; tested controls over key financial applications; and interviewed key FDIC personnel.</div>

What GAO Found

Although FDIC had implemented numerous controls in its systems, it had not always implemented access and other controls to protect the confidentiality, integrity, and availability of its financial systems and information. FDIC has implemented controls to detect and change default user accounts and passwords in vendor-supplied software, restricted access to network management servers, developed and tested contingency plans for major systems, and improved mainframe logging controls. However, the corporation had not always (1) required strong passwords on financial systems and databases; (2) reviewed user access to financial information in its document sharing system in accordance with policy; (3) encrypted financial information transmitted over and stored on its network; and (4) protected powerful database accounts and privileges from unauthorized use. In addition, other weaknesses existed in FDIC’s controls that were intended to appropriately segregate incompatible duties, manage system configurations, and implement patches.

An underlying reason for the information security weaknesses is that FDIC had not always implemented key information security program activities. To its credit, FDIC had developed and documented a security program and had completed actions to correct or mitigate 26 of the 33 information security weaknesses that were previously identified by GAO. However, the corporation had not assessed risks, documented security controls, or performed periodic testing on the programs and data used to support the estimates of losses and costs associated with the servicing and disposal of the assets of failed institutions. Additionally, FDIC had not always implemented its policies for restricting user access or for monitoring the progress of security patch installation.

Because FDIC had made progress in correcting or mitigating previously reported weaknesses and had implemented compensating management and reconciliation controls during 2010, GAO concluded that FDIC had resolved the significant deficiency in internal control over financial reporting related to information security that was reported in GAO’s 2009 audit, and that the remaining unresolved issues and the new issues identified did not individually or collectively constitute a material weakness or significant deficiency in 2010. However, if left unaddressed, these issues will continue to increase FDIC’s risk that its sensitive and financial information will be subject to unauthorized disclosure, modification, or destruction.

Why GAO Did This Study

The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC’s work, effective information security controls are essential to ensure that the corporation’s systems and information are adequately protected from inadvertent misuse, fraudulent use, or improper disclosure.

As part of its audits of the 2010 financial statements of the Deposit Insurance Fund and the Federal Savings & Loan Insurance Corporation Resolution Fund administrated by FDIC, GAO assessed the effectiveness of the corporation’s controls in protecting the confidentiality, integrity, and availability of its financial systems and information. To perform the audit, GAO examined security policies, procedures, reports, and other documents; tested controls over key financial applications; and interviewed key FDIC personnel.

More from:

News Network

  • Individual Pleads Guilty to Murder in Indian Country
    In Crime News
    An enrolled member of the Seminole Nation of Oklahoma and member of the Indian Brotherhood (IBH), a prison-based gang active in Oklahoma, pleaded guilty today to charges related to two separate homicides that took place in 2015 and 2017 within Indian Country in Oklahoma.
    [Read More…]
  • Justice Department Commends ASCAP and BMI’s Launch of SONGVIEW
    In Crime News
    On Dec. 21, 2020, The American Society of Composers (ASCAP) and Broadcast Music, Inc. (BMI), the two largest performance rights organizations (PROs) in the United States, announced the launch of SONGVIEW, a “comprehensive data platform that provides music users with an authoritative view of public performance copyright ownership and administration shares for the vast majority of music licensed in the United States.”[1]
    [Read More…]
  • Justice Department Warns About Fake Unemployment Benefit Websites
    In Crime News
    The Department of Justice has received reports that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, for the purpose of unlawfully capturing consumers’ personal information.
    [Read More…]
  • The United States Officially Rejoins the Paris Agreement
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • K-12 Education: Observations on States’ School Improvement Efforts
    In U.S GAO News
    Many states use flexibilities in the Elementary and Secondary Education Act (ESEA), as amended, in identifying low-performing schools and student subgroups (e.g., students from major racial and ethnic groups and low-income students) that need support and improvement. For example, states must identify all public high schools failing to graduate at least one-third of their students. According to GAO's state plan analysis, four states used ESEA's flexibilities to set higher graduation rates (i.e., 70-86 percent) for purposes of state accountability. Similarly, while ESEA requires states to identify schools in which students in certain subgroups are consistently underperforming, 12 states assess the performance of additional student subgroups. Although states are generally required to set aside a portion of their federal education funding for school improvement activities (see figure), states have some discretion in how they allocate these funds to school districts. According to GAO's survey, 27 states use a formula to allocate funds. GAO also found that in at least 34 states, all school districts that applied for federal funds received them in school year 2018-2019, but states had discretion regarding which schools within those districts to fund and at what level. Funding for School Improvement through the Elementary and Secondary Education Act (ESEA) Title I, Part A Note: For more details, see figure 2 in GAO-21-199. A majority of the 50 states and the District of Columbia responding to our survey reported having at least moderate capacity to support school districts' school improvement activities. Education provides various types of technical assistance to build local and state capacity such as webinars, in-person training, guidance, and peer networks. About one-half of states responding to GAO's survey sought at least one type of technical assistance from Education's program office and various initiatives, and almost all of those found it helpful. For example, Education's Regional Educational Laboratories (REL) help states use data and evidence, access high-quality research to inform decisions, identify opportunities to conduct original research, and track progress over time using high-quality data and methods. Several states most commonly reported finding the following assistance by RELs to be helpful: in-person training (26), webinars (28), and reviews of existing research studies to help select interventions (24). The Elementary and Secondary Education Act (ESEA) requires states to have statewide accountability systems to help provide all children significant opportunity to receive a fair, equitable, and high-quality education, and to close educational achievement gaps high-quality education. These systems must meet certain federal requirements, but states have some discretion in how they design them. For example, ESEA requires states to identify low-performing schools and student subgroups for support and improvement. Senate Report 115-289 accompanying the Departments of Labor, Health and Human Services, and Education, and Related Agencies Appropriations Bill, 2019, includes a provision for GAO to review states' school improvement activities. This report addresses (1) how states identify and allocate funds for schools identified for support and improvement; and (2) the extent to which states have capacity to support districts' school improvement activities and how helpful states find Education's technical assistance. GAO analyzed the most current approved state accountability plans from all 50 states and the District of Columbia as of September 2020. The information in these plans predates the COVID-19 pandemic and represents a baseline from which to compare school improvement activities going forward. GAO also surveyed and received responses from all 50 states and the District of Columbia. GAO also conducted follow-up interviews with officials in three states selected based on variation in reported capacity and geographic diversity. For more information, contact Jacqueline M. Nowicki at (617) 788-0580 or nowickij@gao.gov.
    [Read More…]
  • Nevada Woman Charged with COVID-Relief Fraud
    In Crime News
    A Nevada woman was charged in a criminal complaint unsealed Wednesday with fraudulently seeking over $1 million in Paycheck Protection Program (PPP) loans, announced Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division and U.S. Attorney Nicholas A. Trutanich of the U.S. Attorney’s Office for the District of Nevada.
    [Read More…]
  • Secretary Antony J. Blinken, Secretary of Defense Lloyd Austin, Australian Foreign Minister Marise Payne, and Australian Defence Minister Peter Dutton At a Joint Press Availability
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • DHS Office of Inspector General: Actions Needed to Address Long-Standing Management Weaknesses
    In U.S GAO News
    What GAO Found Since fiscal year 2015, the Department of Homeland Security (DHS) Office of Inspector General (OIG) has not adhered to a number of professional standards for federal OIGs and key practices for effective management. Frequent leadership turnover and associated shifts in leadership priorities have contributed to DHS OIG's long-standing management and operational weaknesses and impeded efforts to address them. DHS OIG senior leaders acknowledge that various challenges have contributed to these weaknesses, and have taken steps to begin to address some of them, as follows: Organizational performance management: DHS OIG has operated for 4 of the past 6 years without a strategic plan. This limits its ability to implement other organizational performance management activities, such as annual planning and performance assessment. In the absence of a strategic plan, GAO found that DHS OIG staff may not understand its oversight priorities and goals, which can negatively affect operations and staff performance. In 2020, DHS OIG contracted with a nonprofit academy of government experts to develop a strategic plan for fiscal years 2021–2025, with expected completion in June 2021. Quality assurance: DHS OIG has not developed or implemented organization-wide roles and responsibilities for quality assurance. DHS OIG retracted some reports in recent years because they did not adhere to professional standards. Because there is no overarching system of internal quality assurance for audit, inspection, evaluation, and other work, DHS OIG cannot know if its internal processes ensure that its work (1) adheres to its policies and (2) meets established standards of performance. Report timeliness: Project time frames have increased in recent years, and DHS OIG has not taken steps to understand the causes of such increases or determine how to address them. For example, in the Office of Audits, eight of 102 projects completed in fiscal year 2017 took more than 18 months, compared to more than half (35 of 67) of projects completed in fiscal year 2020. Without timely DHS OIG reports, DHS's ability to respond to such oversight efforts and Congress's ability to conduct effective oversight of DHS operations are limited. Coordination with DHS: DHS OIG does not have a consistent process for coordinating with DHS components to receive and respond to technical and management comments on DHS OIG audit, inspection, and evaluation work. Further, DHS officials do not have confidence in DHS OIG's processes to (1) correct factual errors before finalizing reports and (2) redact sensitive but unclassified information before publicly issuing reports. As a result, the process by which DHS OIG resolves DHS's comments is at risk of miscommunication and misunderstandings. These and additional weaknesses GAO identified are of particular concern given that OIGs need to maintain high standards of professionalism and integrity in light of their mission, according to quality standards for federal OIGs. Without addressing these and other long-standing management and operational weaknesses, DHS OIG is not well positioned to fulfill its oversight mission. Why GAO Did This Study DHS OIG plays a critical role in overseeing DHS, which encompasses multiple components and programs and has tens of billions of dollars in annual budgetary resources. However, DHS OIG has faced a number of long-standing management and operational challenges that have affected its ability to carry out its oversight mission effectively. GAO was asked to review DHS OIG's management and operations. This report addresses the extent to which DHS OIG adheres to professional standards and key practices in its management and operations, among other objectives. GAO reviewed DHS OIG management and operations from fiscal year 2015 through fiscal year 2020. GAO evaluated DHS OIG's processes against quality standards for federal OIGs, relevant federal standards for internal control, and human capital and organizational change leading practices. To do so, GAO reviewed DHS OIG documents, interviewed officials, and analyzed DHS OIG data and published reports.
    [Read More…]
  • Death of Former Algerian President Bouteflika
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • United States Takes Action Against Violators of Religious Freedom
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Economic Adjustment Assistance: Experts’ Proposed Reform Options to Better Serve Workers Experiencing Economic Disruption
    In U.S GAO News
    What GAO Found U.S. workers have faced considerable changes in how they work and in the skills they need because of economic changes created by emerging technologies, disruptive business models, and other economic forces. Federal economic adjustment assistance (EAA) programs were established, in part, to help workers adjust to these economic disruptions. Consistent with GAO's prior work on EAA programs, experts in GAO's roundtable identified a range of challenges to using EAA programs to effectively respond to economic disruptions workers might experience. In light of these challenges, experts identified reform actions that could better serve workers (see table). The actions fell into six interrelated reform areas. Examples of Potential Reform Actions That Could Better Serve Workers Who Experience Economic Disruption, as Identified by Experts in GAO's Roundtable Reform area Examples of potential reform actions identified by experts Proactive efforts to address disruption Establish lifelong learning accounts for workers through contributions of individual workers, employers, and government agencies to fund continuous education and training opportunities. Establish a tax credit to help incentivize employers to retrain rather than lay off employees. Access to Economic Adjustment Assistance (EAA) programs Use the existing unemployment insurance system to better inform dislocated workers about the availability of and their eligibility for EAA programs. Worker training Expand the number of short-term, high-demand skills-based training opportunities. Prompt employers to develop apprenticeship programs. For example, require employers to operate apprenticeship programs of their own or pay a tax to fund the creation of apprenticeship programs. Income and other supports Create more opportunities for workers to co-enroll in training and financial safety-net programs. Develop supportive services programs for dislocated workers at the community colleges in which they are enrolled. EAA service delivery Provide dislocated workers ready access to easy-to-navigate data on high-demand skills, earnings in various occupations, and the number of available jobs in those occupations in their area. Provide community colleges with additional state or federal resources to deliver more career guidance to dislocated workers. Structure of the EAA system Invest in training infrastructure, such as publicly funded regional universities, community colleges, and other institutions. Reduce barriers to accessing existing national datasets to facilitate the evaluation of EAA program effectiveness. Source: GAO analysis of expert statements. | GAO-21-324 Note: These potential reform actions are not listed in any specific rank or order and their inclusion in this report should not be interpreted as GAO endorsing any of them. GAO did not assess how effective the potential reform actions may be or the extent to which program design modifications, legal changes, and federal financial support would be needed to implement any given reform action or combination of reform actions. Why GAO Did This Study Various economic disruptions, such as policy changes that affect global trade or the defense or energy industries and shifts in immigration, globalization, or automation, can lead to widespread job loss among workers within an entire region, industry, or occupation. GAO was asked about options for reforming the current policies and programs for helping workers weather economic disruption. This report describes a range of options, identified by experts, to reform the current policies and programs for helping workers weather economic disruption. With the assistance of the National Academies of Sciences, Engineering, and Medicine, GAO convened a 2-day, virtual roundtable in August 2020 with 12 experts, selected to represent a broad spectrum of views and expertise and a variety of professional and academic fields. They included academic researchers, program evaluators, labor economists, former federal agency officials, and state and local practitioners. GAO also reviewed relevant federal laws, prior GAO reports, and other research. For more information, contact Cindy S. Brown Barnes at (202) 512-7215 or brownbarnesc@gao.gov.
    [Read More…]
  • FEMA Flood Maps: Better Planning and Analysis Needed to Address Current and Future Flood Hazards
    In U.S GAO News
    What GAO Found The Federal Emergency Management Agency's (FEMA) Risk Mapping, Assessment, and Planning (Risk MAP) program has increased its development of flood maps and other flood risk products, but faces challenges ensuring they comprehensively reflect current and future flood hazards. For example, its flood risk products do not reflect hazards such as heavy rainfall and the best available climate science. These products include maps—known as Flood Insurance Rate Maps—and nonregulatory flood risk products such as estimates of flood damage in an area. FEMA's Risk MAP program is addressing some of these challenges, but many may require years to address. However, Risk MAP has been operating under an out-of-date plan that does not reflect new goals, objectives, activities, performance measures, and associated timeframes. Updating its program plan to include these elements could help FEMA effectively manage and coordinate its efforts to incorporate current and future flood hazards in a timely way. Example of River Flooding FEMA does not periodically assess the usefulness of its nonregulatory flood risk products, which are intended to help communities increase their resilience to floods. According to FEMA, it has invested millions of dollars in developing Risk MAP nonregulatory products; however, the agency has not assessed the usefulness of these products in increasing community resilience since 2016. Establishing mechanisms for periodically assessing the usefulness of its nonregulatory products could help FEMA ensure it is investing in products that address community need and have a meaningful impact on enhancing flood resilience. FEMA prioritizes mapping projects with input from all levels of government and FEMA regional offices, but could better use available data to inform its mapping efforts. FEMA's decision-making process has emphasized directing resources to areas with greatest flood risks. Additionally, in 2020, FEMA established a strategic priority for considering socially-vulnerable populations as part of disaster resilience. According to GAO's statistical analyses of data from the Risk MAP program and FEMA's publicly available disaster risk assessment tools, FEMA's mapping investments for fiscal years 2012 to 2020 were greater where flood risks were higher, but were lower for areas of higher socially-vulnerable populations. By considering ways to leverage available data into its annual process for prioritizing its flood mapping investments, FEMA could enhance its ability to make well-informed decisions that meet agency and federal priorities and disaster resilience goals. Why GAO Did This Study FEMA is responsible for producing and updating Flood Insurance Rate Maps and nonregulatory products to show areas of greatest flood hazards and help guide floodplain management actions under the National Flood Insurance Program. While FEMA has mapped millions of miles of the nation's streams and coastlines, questions have been raised about whether its flood risk products provide a comprehensive picture of flood risk. The Additional Supplemental Appropriations for Disaster Relief Act of 2019 required GAO to review issues related to 2018 disasters. As part of this body of work, this report addresses (1) the extent FEMA has developed Flood Insurance Rate Maps and nonregulatory products that reflect current and future flood hazards, (2) the extent FEMA has assessed its efforts to enhance flood resilience, and (3) how FEMA prioritizes its mapping resources to create and update Flood Insurance Rate Maps. GAO reviewed agency documents and strategic plans; analyzed FEMA data; and interviewed FEMA, selected states and localities, and flood mapping experts.
    [Read More…]
  • SavaSeniorCare LLC Agrees to Pay $11.2 Million to Resolve False Claims Act Allegations
    In Crime News
    SavaSeniorCare LLC and related entities (Sava), based in Georgia, have agreed to pay $11.2 million, plus additional amounts if certain financial contingencies occur, to resolve allegations that Sava violated the False Claims Act by causing its skilled nursing facilities (SNFs) to bill the Medicare program for rehabilitation therapy services that were not reasonable, necessary or skilled, and to resolve allegations that Sava billed the Medicare and Medicaid programs for grossly substandard skilled nursing services. Sava currently owns and operates SNFs across the country.
    [Read More…]
  • Military Personnel: DOD’s Transition Assistance Program at Small or Remote Installations
    In U.S GAO News
    What GAO Found The Transition Assistance Program (TAP) provides counseling, employment assistance, and information on federal veterans benefits, among other support, to transitioning servicemembers who are separating from the military. From fiscal years 2018 through 2020, seven of the nine selected small or remote installations exceeded, on average, DOD's TAP compliance target of 85 percent of separated servicemembers completing all TAP requirements. The information delivered during TAP and the components of the program are standard across all military installations, regardless of the size or location of the installation. Prior to the COVID-19 pandemic, only certain servicemembers were eligible to participate in TAP virtually, including those servicemembers in remote or geographically isolated locations. According to officials of the Military-Civilian Transition Office (MCTO), servicemembers who attended TAP sessions virtually prior to the pandemic received the same transition information as those who attended TAP sessions in person. At the start of the COVID-19 pandemic, all nine of the small or remote installations in GAO's review shifted to virtual delivery of TAP sessions for all servicemembers, according to officials at those installations. DOD monitors TAP across all installations, regardless of size or geographic location, through a standard form used by all four military services and by conducting course surveys. DOD officials told GAO that there are no additional monitoring activities or metrics specific to small or remote installations. Officials whom GAO interviewed—including those of the military services and at the nine selected small or remote installations—discussed common challenges with TAP delivery and participation, as well as ways they were mitigating these challenges where possible. For example, TAP officials at several remote installations stated there were limited local employment opportunities available to servicemembers post-separation. However, a few officials stated that they had built relationships with local employers to provide networking opportunities to servicemembers. Also, Army officials stated that they provide virtual career fairs that are available to all servicemembers regardless of location. The shift to fully virtual delivery of TAP support at the start of the pandemic also presented common challenges among the installations in GAO's review, including not having a live virtual option for the Department of Veterans Affairs (VA) benefits briefing and having caps on the number of servicemembers in virtual classes. An official at one installation said the installation was able to provide servicemembers access to informal VA information sessions with their local VA office to supplement the self-paced virtual VA briefing. Why GAO Did This Study Approximately 200,000 servicemembers each year leave the military and transition to civilian life. To help servicemembers with potential challenges they may face during this transition, such as finding and maintaining employment, DOD is mandated by law to require that eligible separating servicemembers participate in TAP. House Report 116-442, accompanying a bill for the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, directed GAO to review servicemember participation in formal Transition Assistance Programs at small and remote military installations in the United States. This report describes: (1) the extent to which active-duty servicemembers at selected small or remote military installations within the United States are receiving required transition services; (2) the extent to which DOD is monitoring TAP at small or remote military installations; and (3) challenges that exist in implementing TAP at selected small or remote military installations. GAO reviewed relevant laws and guidance documents, and analyzed data provided by the Military-Civilian Transition Office (MCTO) and the military services. GAO also interviewed officials from MCTO, the military services, and TAP staff at nine small or remote installations in the United States selected to achieve at least two installations for each military service and for variation in geographic location. GAO identified remote military installations as those 50 or more miles from a city of 50,000 people or more, and small installations as those with 350 or fewer projected servicemember separations for fiscal year 2021.
    [Read More…]
  • The United States Welcomes the Appointment of Hans Grundberg as the New UN Special Envoy for Yemen
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Dominica Travel Advisory
    In Travel
    Exercise increased [Read More…]
  • The Expected Parole of Hampig “Harry” Sassounian
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Blinken’s Call with German Foreign Minister Maas
    In Crime Control and Security News
    Office of the [Read More…]
  • VA Health Care: Better Data Needed to Assess the Health Outcomes of Lesbian, Gay, Bisexual, and Transgender Veterans
    In U.S GAO News
    The Department of Veterans Affairs' (VA) Veterans Health Administration (VHA) analyzes national-level data by birth sex to assess health outcomes for women veterans. For example, it analyzes frequency data to identify their most common health conditions. However, VHA is limited in its assessment of health outcomes for the lesbian, gay, bisexual, and transgender (LGBT) veteran population because it does not consistently collect sexual orientation or self-identified gender identity (SIGI) data. VHA officials stated that providers may record veterans' sexual orientation—which can be used to identify lesbian, gay, and bisexual veterans—in non-standardized clinical notes in electronic health records. However, without a standardized field, providers may not be consistently collecting these data, and VHA does not know the total number of these veterans in its system. VHA officials recognize the importance of consistently collecting these data, but have yet to develop and implement a field for doing so. VHA collects SIGI data—which can be used in part to identify transgender veterans—in enrollment, administrative, and electronic health record systems. Although VHA has worked to improve the collection of these data, GAO found inconsistencies in how VHA records SIGI and, according to VA, 89 percent of veterans' records lack SIGI information. VHA added a field to collect this information in the administrative system; however, these data are not linked to electronic health records. As such, VHA providers cannot see the data during clinical visits when determining the appropriate services for transgender veterans, such as screening certain transgender men for breast and cervical cancers, as required by VHA policy. VHA's plan to link SIGI data across both systems has been postponed several times, and the data remain unlinked. VHA Sexual Orientation and Self-Identified Gender Identity (SIGI) Data Collection Limitations, Fiscal Year 2020 Until VHA can more consistently collect and analyze sexual orientation and SIGI data for the veteran population served, it will have a limited understanding of the health care needs of LGBT veterans, including any disparities they may face. VHA provides care to a diverse population of veterans, including women and LGBT veterans. These veterans may experience differences in health outcomes that are closely linked with social or economic disadvantage, and VA considers it important to analyze the services they receive as well as their health outcomes to improve health equity. House Report 115-188 included a provision for GAO to review VA's data collection and reporting procedures for information on veterans' gender and sexual orientation. This report describes how VHA assesses health outcomes for women veterans and examines the extent to which VHA assesses health outcomes for LGBT veterans. GAO reviewed VHA directives and VHA's Health Equity Action Plan. GAO interviewed officials from VHA's Women's Health Services and LGBT Health Program, VHA researchers who focus on women and LGBT veterans, and representatives from other health care systems with experience collecting gender and sexual orientation information. GAO is making four recommendations to VA to consistently collect sexual orientation and SIGI data, and analyze these data to assess health outcomes for LGBT veterans. VA concurred with GAO's recommendations and identified actions it is taking to address them. For more information, contact Debra A. Draper at (202) 512-7114 or draperd@gao.gov.
    [Read More…]
  • DOD Systems Modernization: Maintaining Effective Communication Is Needed to Help Ensure the Army’s Successful Deployment of the Defense Integrated Military Human Resources System
    In U.S GAO News
    The Department of Defense (DOD) has had long-standing, serious problems with its numerous military component-unique personnel and pay systems, including accurately paying its military personnel on time and monitoring and tracking them to, from, and within their duty stations. For example, in the early 1990s, Army Reserve and National Guard troops received inaccurate or late pay and benefits after serving in Operations Desert Shield and Desert Storm. We previously reported that the lack of integration among DOD's multiple military personnel and pay systems, among other things, caused these and similar errors. To address these and other problems, in February 1998, DOD initiated a program to design and implement the Defense Integrated Military Human Resources System (DIMHRS). DIMHRS is intended to provide a joint, integrated, standardized personnel and pay system for all military components (including active and reserve components). In November 2004, DOD accepted the design of the first phase of DIMHRS for personnel and pay functions and then proceeded with development of the system. Meanwhile, as we reported in 2006, some Army Reserve and National Guard troops continued to receive inaccurate pay resulting in part from a lack of integration in Army personnel and pay systems. Furthermore, personnel and pay problems have been exacerbated by the hundreds of thousands of military personnel deployed to Iraq and Afghanistan, whose families depend on receiving accurate and timely pay, in addition to DOD's need to track military personnel in and out of theater. DOD is concurrently working with the Army, Air Force, and Navy, but the Army is to be the first to deploy DIMHRS. Therefore, we focused our review on DOD's plans to deliver the system to the Army for deployment. DOD has planned five DIMHRS deployment dates for the Army with the most recent one scheduled in March 2009. Four of the deployment dates were postponed--April 2006, April 2008, July 2008, and October 2008. As of April 2008, DOD moved the October date to March 2009. DIMHRS uses software referred to as a commercial-off-the-shelf product. According to DIMHRS program officials, including the Deputy Director of the Business Transformation Agency, the product will address all military component requirements. In February 2005, we reported that because DOD was not managing the DIMHRS program effectively, including its requirements, it was at increased risk of not delivering promised system capabilities and benefits on time. Since our 2005 report, we have monitored DOD's progress in managing the DIMHRS program under the authority of the Comptroller General to conduct evaluations on his own initiative. Specifically for this report, our objective was to determine to what extent DOD has effectively communicated the DIMHRS's capabilities to the Army in order for the Army to prepare for deployment of the system in March 2009.DOD has taken some recent steps to improve communications with the Army about DIMHRS's capabilities in an effort to better prepare the Army for deployment of the system in March 2009. However, Army officials still have some concerns about the extent to which Army requirements are being incorporated into DIMHRS. In addition, DOD has not established a clear, well-defined process for maintaining effective communications to better prepare the Army to deploy DIMHRS. Effective communication is a key federal internal control standard that calls for communications to constantly flow down, across, and up the organization to help it achieve all of its objectives. Such communication would improve the Army's understanding of what the system will deliver thus enabling the Army to better design and implement effective business processes to work with DIMHRS. The Army has had problems receiving assurance from DOD about the extent to which its requirements would be included in DIMHRS. For example, in September 2007, when the Army compared versions 3.0 and 3.1 of the system requirements document, it noted that DOD's DIMHRS program office had not effectively communicated with the Army the rationale or negotiated the acceptance of the Army's requirements that were dropped, changed, or both, which were agreed upon in version 3.0. During the Army's review of version 3.1, it identified and submitted 717 issues for DOD to resolve. Furthermore, when communicating changes for version 3.1, the format made it difficult for the Army to perform its comparative analysis. Army officials said that when the DIMHRS program office does not effectively communicate to them the differences between its requirements and the system, they have difficulty conducting a gap analysis between the system's planned capabilities and their own requirements. The gap analysis forms the basis upon which the Army can determine whether it needs to develop or adjust its business processes prior to deploying DIMHRS. DOD recently took steps to improve its communications with the Army about DIMHRS's capabilities and its impact on Army requirements. For example, in May 2008, the DIMHRS program office began to meet with Army officials to discuss the development of a formal process of delivering and adjudicating the documented updates to the design; this includes the differences between the Army's requirements--documented need of what a particular product or service should be or do--and the DIMHRS's requirements, which are documented in the system requirements document. According to Army officials, with respect to version 3.2, they identified 311 issues with 98 issues remaining in July 2008, which the DIMHRS program office is working to resolve. Additionally, in April 2008, the DIMHRS program office shared more detailed information about DIMHRS's capabilities through activities, such as demonstrations of the system capabilities. Moreover, the Deputy Director of the Business Transformation Agency stated that moving the deployment date to March 2009 allowed the DIMHRS program office and the Army the time to communicate about DIMHRS's capabilities. Although these steps have been taken, DOD has not developed and documented a clearly defined process for maintaining effective communications of the differences between DIMHRS's capabilities and Army requirements. Without a clearly defined process for maintaining effective communications, the Army may not be effectively prepared to deploy the system when scheduled, and DOD may deliver a system that will require extensive and expensive investments.
    [Read More…]
Network News © 2005 Area.Control.Network™ All rights reserved.