The Veterans Affairs Department doesn’t have solid controls over its own financial reporting or computer data, leading to the possibility that the agency could leak information or mistake just how much it is spending, an investigation found.
While the VA has been working to improve its computer systems, it still has large problems that “could jeopardize the data integrity and confidentiality of VA’s financial and sensitive information,” said an annual audit of the agency’s internal finances from an independent auditor working with the department’s Inspector General.
The auditor, CliftonLarsonAllen, labeled the problems a “material weakness,” the highest level the government uses to critique problems. It means mistakes are likely and possibly imminent.
The review found a list of problems including a lack of updates for security software, no monitoring of what programs were being installed on agency computers and little tracking of which personnel were accessing which systems.
Investigators also found that background checks weren’t timely, and that “personnel were not receiving the proper level of investigation for their position sensitivity level.”
As a result, “there is an increased risk that financial and personally identifiable information may be inadvertently or deliberately misused and may result in improper disclosure or theft,” the auditor said.
Investigators also found that backup information was not encrypted and that “a significant loss of records occurred due to inadequate backup.”
A response from the VA’s chief financial office said the agency was working to fix the problems.
“As a result of the dedicated efforts of staff throughout the Department, only one material weakness remains. We will continue to focus on completing corrective actions,” the VA said. “The annual financial audit serves as an on-going catalyst to improving our processes and always helps us improve our internal controls.”
The auditor said computers remain central to the VA’s accounting.
“The VA relies extensively on Information Technology (IT) system controls to initiate, authorize, record, process, summarize and report financial transactions in the preparation of its financial statements,” the audit office said. “Internal controls over these operations are essential to ensure the integrity, confidentiality, and reliability of critical data while reducing the risk of errors, fraud, and other illegal acts.”