Oversight and Funding Highlights for VA IT

Information Technology (IT) at VA has progressed from being an important component of program delivery to a mission- critical necessity for VA to proactively and effectively serve veterans and their families. The level of Congressional support for VA IT became starkly clear when the PACT Act of 2022  authorized not only “such sums as are necessary” for “any expenses incident to the delivery of veterans’ health care and benefits associated with exposure to environmental hazards” but also for “administrative expenses, such as information technology and claims processing and appeals.” Authority to use mandatory funds for IT, without limit, are ground-breaking. In the past, IT has scrambled for discretionary funds to support major new programs.

Congressional support for these missions is tempered by VA’s management experience with complex programs.

Oversight of VA programs and management is a critical function of Congress. The Government Accountability Office (GAO), an investigative arm of the Legislative Branch, evaluates VA continuously and has 29 open Priority Recommendations specific to VA this year. GAO’s May 30 report to Congress focuses on the “High Risk” areas: among those are VA’s Electronic Health Record Modernization (EHRM) program and its procurement of supply chain management solutions. GAO’s Director of Contracting and National Security Acquisitions, Shelby Oakley, testified to the House Veterans’ Affairs Subcommittee on Technology Modernization on May 24, 2023. Key IT-related GAO observations include:

• VA obligated over $25 billion for IT procurement from 2017 to 2021, one of the highest-spending Departments in the federal government
• VA has challenges in its ability to successfully execute acquisitions and continues to struggle with defining requirements
• From 2017 to 2021, VA’s total IT contract obligations increased by more than half while the number of contractors receiving awards dropped by more than 25%, likely due to the move to “category management” as a cost-reducing strategy.

Ms. Oakley stated: “VA’s IT obligations have been increasingly concentrated with a small group of contractors. Specifically, over half of VA’s IT obligations in 2021 went to only 10 contractors, up from 45 percent in 2017. More broadly, 30 contractors received about 75 percent of VA’s IT obligations over the same time period.” She added that over half of VA’s contract obligations in 2021 were through either VA’s Transformation Twenty-One Total Technology-Next Generation (T4NG) or NASA’s Solutions for Enterprise-Wide Procurement (SEWP) contracting vehicle.

IT BUDGETS

Turning to resources, VA’s IT budget is growing faster than VA’s overall budget with a new, more flexible funding stream. VA’s IT budget primarily flows through the CIO’s organization, the Office of Information and Technology (OIT), which receives a direct appropriation from Congress, unlike many other agencies. There is also significant IT investment through the Veterans Health Administration and to a lesser extent, the Veterans Benefits Administration, all of which are subject to CIO review. In total, OIT’s budget is set to increase to $7.6 billion (+19%) in FY24.

As seen in Chart I above, the $7.6 billion total includes $6.4 billion in discretionary appropriated funds, and $1.2 billion in IT-specific PACT Act funds, as specified in Biden’s FY24 budget. The debt limit deal (P.L. 118-5 — the Fiscal Responsibility Act (FRA)) gives OIT a “bird in the hand” for FY24. The FRA included PACT Act funding for FY24 and FY25 and made the funds available on the first day of each fiscal year. VA will get $20.3 billion in five-year FY24 funding on October 1, 2023. Of that amount, OIT is set to receive $1.2 billion, which will help OIT navigate the end of the federal fiscal year on September 30 and provide OIT with a significant funding cushion in an uncertain budget situation — something few other agencies have. Medical Services and other parts of VA have been funded one year in advance for a long time, so they have not been impacted by continuing resolutions or shutdowns as information technology, administrative functions, construction, and research have.

MODERNIZATION WITH LESS RISK

An overall theme in VA’s FY24 IT budget is “buy before build” to acquire business automation initiatives that have agile/ modernized IT platforms. VA seeks to reap the benefit of buying solutions that vendors are required to modernize. That approach reduces VA budgeting challenges for IT infrastructure readiness applied to “technical debt”, or outdated legacy systems, equipment, and platforms.

VA “buy” solutions have been increasing. They reached 95 in 2022. OIT is projecting purchase of 125 net new Software as a Service/Platform as a Service (SaaS/PaaS) solutions in 2023. For more detailed IT project level information, a new resource in the OIT budget is a prioritized 1:N list of $4.8 billion in IT projects across VA portfolios. Overall, the list shows the top three priority categories are cybersecurity operations projects, privacy, and the Infrastructure Readiness Program/technical debt.

SUPPLY CHAIN CHALLENGE

A massive VA IT procurement on the near horizon is VA’s enterprise-wide supply chain system modernization (SCM) project, likely to be finalized this summer, with evaluation in early FY24. VA published a draft Request for Proposal (RFP) for an SCM solution on May 30. Supporting documents stated that the government would release the RFP “soon,” that requirements in the draft document are very close to final, and that no funds have yet been authorized or appropriated for the SCM project. The enterprise-wide SCM acquisition was halted and reset due to a court case, so it received a lot of Congressional attention, including multiple oversight hearings and a 2021 GAO study. GAO found that “VA needs to develop a comprehensive supply chain management strategy that addresses the interrelationships between its various modernization relationships and reflects key practices of organizational transformations, including an implementation plan with key milestones.”

Last month, GAO officials testified that VA intends to employ principles of a new acquisition lifecycle framework for the supply chain solution. It is difficult to discern what the framework entails from the draft RFP and the Performance Work Statement. However, what is clearer is VA’s process of evaluation and down-selection. VA will assess all Offerors in the first technical factor, Corporate Expertise, and then down-select to five competitors that will be allowed to reply to detailed technical requirements (specifics are only provided to the five that are selected) including their teaming plans. The field will be winnowed down again once VA determines a “competitive range” and the remaining companies provide a technical demonstration that covers all evaluation factors. The draft RFP has no information on the dollar amount of the contract, but VA does expect a single IDIQ over 10 years.

Looking ahead, expect SCM oversight to be informed by the ongoing and frustrating EHRM experience which has frozen its deployments. Congress, VA, veterans groups, and industry stakeholders are all concerned about VA management of large IT projects—especially those that need to integrate with many different VA functions. Both EHRM and SCM fit that profile—and also must work together.

VA CIO Kurt DelBene seems to be listening to the criticism and planning ahead for a smoother path for the SCM acquisition. He is looking at VA’s IT acquisition from two perspectives: what can be incrementally modernized vs. what functions (such as the VA financial system) require a full-scale replacement.

At a June 6 event, DelBene talked about transparency, accountability, and balancing VA’s different acquisition approaches. He stated that VA needs to give Congress “line of sight” into projects and information such as total lifecycle costs. Further, he noted that OIT is moving from “big bang” development projects in which a single vendor gets a large contract. DelBene stated there was an inclination to seek a “minimum viable product” as the initial deliverable, so that VA can evaluate performance and then make plans to scale up before committing a lot of funding.

This preference seems at odds with the SCM draft RFP, which indicates a single large IDIQ contract, but there could be surprises further along the process or in the contract terms. Mr. DelBene opined that, even for projects that may need a wholesale single solution, “even there, it’s not always a great idea to say ‘We’re going to buy the whole thing at one time and then just deploy everything.’”

WHAT’S AHEAD

As the summer heats up, VA will be focused on PACT Act implementation, including registering veterans before the one-year August 10, 2023 statutory deadline. VA IT will be heavily supporting registration, intake, outreach by electronics, hotlines, and VHA and VBA as large numbers of veterans newly register for benefits and health care. VA will remain under scrutiny for a new deployment schedule for EHRM, and may be pressed for a backup plan. Before September, we anticipate that the RFP for supply chain modernization will drop. On the Hill, the House Appropriations Committee will try to bring the Military Construction-VA bill to the floor. The Senate appropriators, are expected to mark up the Milcon/VA June 22 and move to Full Committee in July.

The end of the fiscal year is likely to be chaotic for all of government, given the challenges we saw over the past month. Even a basic continuing resolution (CR) may face challenges on the House floor, possibly resulting in a shutdown. Although the budget deal is a cornerstone for FY24 appropriations, CRs into December appear to be the most likely outcome. Full-year appropriations will probably not be completed until December. Even with its advance appropriations and PACT Act funding, VA will be affected by a CR or a shutdown — those funds don’t cover all activities and CRs generally prohibit new contract starts.