The Government Accountability Office has urged the Department of Veterans Affairs to reevaluate and update its risk management policies to comply with prevailing security standards.
GAO said in a report published Thursday it also recommends VA to create an oversight strategy that can validate the effectiveness of risk management initiatives implemented at Veterans Health Administration locations.
The government watchdog agency discovered multiple VA risk management policies did not include all Interagency Security Committee-established elements of standards including some guidelines on facility security level measurement and facility assessment.
The report noted VA risk management oversight activities also failed to meet aspects of the Standards for Internal Control in the Federal Government and the Office of Management and Budget‘s Circular A-123 regulation which directs agencies to maintain the accountability and effectiveness of programs.
GAO said the lack of a system-wide oversight plan makes variations on medical center approaches unknown and such gaps will prevent VA from knowing if medical centers have enough protection or if opportunities to leverage resources are fulfilled.