Pursuant to a congressional request, GAO discussed the Department of Veterans Affairs' (VA) progress in implementing its information technology (IT) program, focusing on: (1) VA's efforts to address GAO's 1998 recommendations; (2) the status of VA's actions to develop and implement a Master Veteran Record (MVR); and (3) VA's steps to improve computer security across the department.

GAO noted that: (1) VA has made progress in addressing GAO's 1998 recommendations; (2) for example, compared with its fiscal year (FY) 1999 IT investment review process, VA's FY 2001 process provided decisionmakers with more detailed information on proposed projects; (3) however, the department has yet to fill the position of assistant secretary for information and technology, created in June 1998 and intended to serve as VA's chief information officer; (4) it also has not developed an overall strategy for reengineering its business processes to effectively function as "One VA," a vision VA has articulated, nor has it defined the integrated IT architecture needed to efficiently acquire and utilize information systems across VA; (5) VA likewise faces challenges in developing and implementing a MVR, the Veterans Service Network (VETSNET), and the Decision Support System (DSS); (6) its MVR has not been implemented by the Veterans Benefits Administration's (VBA) compensation and pension service line, although this project could help reduce overpayments through faster receipt of death notices; (7) VBA's VETSNET project has experienced many schedule delays, and VBA has not yet established a completion date for it; (8) the Veterans Health Administration's (VHA) DSS, while completed, is not being fully used by VHA for the purposes intended, including budget formulation and resource allocation; (9) regarding computer security, VA has begun to address weaknesses identified by GAO and by its Office of the Inspector General; and (10) it still needs to complete guidance on assessing VA's security risks and must develop appropriate policies and controls for accessing its computer systems.