Veterans agency missing millions in IT equipment

A government audit of four U.S. Department of Veterans Affairs (VA) centers found $6.4 million worth of missing or misplaced IT equipment, according to a report released Tuesday.

Inventories in fiscal years 2005 and 2006 found about 2,400 missing IT devices at the four VA locations, the U.S. Government Accountability Office (GAO) report said. Among the missing items were dozens of computers that could have stored personal information.

The GAO also found computer hard drives being disposed containing the names, Social Security numbers, or medical histories of hundreds of U.S. military veterans.

About 28 percent of the IT equipment at the VA medical center in Washington, D.C., was missing or misplaced, the GAO said.

The missing equipment in the new GAO report is in addition to an earlier audit showing more than 8,600 missing IT items, with a combined original cost of $13.2 million, from five other VA centers, the GAO said.

There is an "overall lack of accountability" for IT equipment at the VA locations, said McCoy Williams, director of financial management and assurance at GAO. The GAO found a "pervasive" lack of personal accountability at all four locations, he told the U.S. House of Representatives Veterans Affairs Committee's Subcommittee on Oversight and Investigations.

"Missing IT items were not reported for several months and, in some cases, for several years," Williams told the subcommittee.

In some cases, hard drives scheduled to be disposed of sat around for several years without being wiped clean, "creating an unnecessary risk that sensitive personal and medical information could be compromised," Williams added.

The VA's IT practices have been the target of frequent criticism by U.S. lawmakers in recent years. The agency, in May 2006, reported that a laptop and hard drive containing the personal records of 26.5 million military veterans and family members was stolen from an employee's home. Police later recovered the equipment, and the VA said the records did not appear to be compromised.

Subcommittee members called on the VA to improve its inventory management. "We know that VA has serious problems keeping track of its IT inventory," said Rep. Harry Mitchell, subcommittee chairman and Arizona Democrat. "This is not just a dollar issue. It is also a security and privacy issue."

The VA is implementing new IT equipment management procedures and, after a three-month process, has found about 90 percent of the missing equipment, said Robert Howard, the VA's assistant secretary for information and technology.

"The lack of accountability was clearly evident," said Howard, who became the agency's CIO in September 2006. "You shouldn't have to go through that to find your equipment."

The VA has issued a new equipment handbook, and employees now have to sign for equipment in their control, Howard said. The VA has concurred on all 12 GAO recommendations for inventory management, VA officials said.

The VA is also deploying network monitoring software that can scan for devices, Howard said.

"This is a critically important issue," Howard said. "This is a situation of utmost importance. It is a situation we are working hard to remedy."