VA OIG: Poor IT security puts VA's financial info at risk

The Department of Veterans Affairs' financial information may not be secure, according to an audit by the VA Office of Inspector General.

VA OIG Deputy Assistant Inspector General Nicholas Dahl on May 24 discussed the audit at a House Committee on VA financial management hearing. VA OIG contracted with an independent public accounting firm, CliftonLarsonAllen, to audit VA's consolidated financial statements for fiscal year 2016.

The firm identified numerous weaknesses in the VA's financial management processes that made it more difficult to audit and ensure the accuracy of VA financial statements.

One of the weaknesses the firm identified was IT security controls — which has been a "repeat finding" since 2000, according to Mr. Dahl. This shortcoming related to untimely patching of security vulnerabilities, inconsistent enforcement of password standards and overall inadequate security management and contingency planning.

"Without good information technology security controls, VA’s financial information may not be safe in terms of confidentiality, integrity and availability," according to Mr. Dahl.

Click here to view Mr. Dahl's statement.

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.