Recommendations
617
| ID | Report Number | Report Title | Type | |
|---|---|---|---|---|
| 12-04456-232 | Inspection of VA Regional Office Roanoke, Virginia | Review | ||
1 We recommend the Roanoke VA Regional Office Director develop and implement a plan to ensure claims processing staff input suspense diaries in the electronic record as required.
Closure Date:
2 We recommend the Roanoke VA Regional Office Director develop and implement a plan to ensure claims processing staff timely schedule medical reexaminations when the reminder notifications are received.
Closure Date:
3 We recommend the Roanoke VA Regional Office Director develop and implement a plan to ensure claims processing staff take timely actions to finalize reductions in benefits.
Closure Date:
4 We recommend the Roanoke VA Regional Office Director develop and implement a plan to review for accuracy the 709 temporary 100 percent disability evaluations remaining from our inspection universe and take appropriate actions.
Closure Date:
5 We recommend the Roanoke VA Regional Office Director develop and implement a plan to ensure effective second signature reviews of traumatic brain injury claims decisions.
Closure Date:
6 We recommend the Roanoke VA Regional Office Director develop and implement a plan to ensure staff update the resource directory and regularly contact and provide outreach to homeless shelters and service providers within the VA Regional Office's jurisdiction.
Closure Date:
| ||||
| 13-01846-235 | Review of VA's Programs for Addressing Climate Change | Audit | ||
1 We recommend the Executive in Charge for the Office of Management and Chief Financial Officer coordinate with the Acting Assistant Secretary of the Office of Human Resources and Administration to implement existing telework expansion plans for reducing greenhouse gas emissions and to encourage VA employees to use alternative forms of commuting.
Closure Date:
2 We recommend the Executive in Charge for the Office of Management and Chief Financial Officer identify additional strategies for meeting requirements to reduce greenhouse gas emissions.
Closure Date:
3 We recommend the Executive in Charge for the Office of Management and Chief Financial Officer identify additional strategies for meeting requirements to reduce fleet petroleum consumption.
Closure Date:
| ||||
| 12-01712-229 | VA's Federal Information Security Management Act Audit for Fiscal Year 2012 | Audit | ||
1 We recommend the Acting Assistant Secretary for Information and Technology fully develop and implement an agency-wide risk management governance structure, along with mechanisms to identify, monitor, and manage risks across the enterprise. (This is a repeat recommendation from last year.)
Closure Date:
2 We recommend the Acting Assistant Secretary for Information and Technology implement mechanisms to ensure sufficient supporting documentation is captured in the central database to justify closure of Plans of Action and Milestones. (This is a repeat recommendation from last year.)
Closure Date:
3 We recommend the Acting Assistant Secretary for Information and Technology define and implement clear roles and responsibilities for developing, maintaining, completing, and reporting Plans of Action and Milestones. (This is a repeat recommendation from last year.)
Closure Date:
4 We recommend the Acting Assistant Secretary for Information and Technology implement mechanisms to ensure Plans of Action and Milestones are updated to accurately reflect current status information. (This is a repeat recommendation from last year.)
Closure Date:
5 We recommend the Acting Assistant Secretary for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, including accurate system interconnection and ownership information. (This is a repeat recommendation from last year.)
Closure Date:
6 We recommend the Acting Assistant Secretary for Information and Technology implement improved processes for updating key security documents such as risk assessments, security impact analyses, and security self assessments on at least an annual basis and ensure all required information accurately reflects the current environment and new risks in accordance with Federal standards. (This is a new recommendation.)
Closure Date:
7 We recommend the Acting Assistant Secretary for Information and Technology implement mechanisms to enforce VA password policies and standards on all operating systems, databases, applications, and network devices. (This is a repeat recommendation from last year.)
Closure Date:
8 We recommend the Acting Assistant Secretary for Information and Technology implement periodic access reviews to minimize access by system users with incompatible roles, permissions in excess of required functional responsibilities, and unauthorized accounts.
(This is a repeat recommendation from last year.)
Closure Date:
9 We recommend the Acting Assistant Secretary for Information and Technology enable system audit logs and conduct centralized reviews of security violations on mission-critical systems. (This is a repeat recommendation from last year.)
Closure Date:
10 We recommend the Acting Assistant Secretary for Information and Technology implement mechanisms to ensure all remote access computers have updated security patches and antivirus definitions prior to connecting to VA information systems. (This is a repeat recommendation from last year.)
Closure Date:
11 We recommend the Acting Assistant Secretary for Information and Technology implement two-factor authentication for remote access throughout the agency. (This is a new recommendation.)
Closure Date:
12 We recommend the Acting Assistant Secretary for Information and Technology implement effective automated mechanisms to continuously identify and remediate security deficiencies on VA's network infrastructure, database platforms, and Web application servers. (This is a modified repeat recommendation from last year.)
Closure Date:
13 We recommend the Acting Assistant Secretary for Information and Technology implement a patch and vulnerability management program to address security deficiencies identified during our assessments of VA's Web applications, database platforms, network infrastructure, and work stations. (This is a modified repeat recommendation from last year.)
Closure Date:
14 We recommend the Acting Assistant Secretary for Information and Technology implement standard security configuration baselines for all VA operating systems, databases, applications, and network devices. (This is a repeat recommendation from last year.)
Closure Date:
15 We recommend the Acting Assistant Secretary for Information and Technology implement procedures to enforce a system development and change control framework that integrates information security throughout the life cycle of each system. (This is a repeat recommendation from last year.)
Closure Date:
16 We recommend the Acting Assistant Secretary for Information and Technology implement processes to ensure information system contingency plans are updated with the required information and lessons learned are communicated to senior management. (This is a modified repeat recommendation from last year.)
Closure Date:
17 We recommend the Acting Assistant Secretary for Information and Technology develop and implement a process for ensuring the encryption of backup data prior to transferring the data offsite
Closure Date:
18 We recommend the Acting Assistant Secretary for Information and Technology ensure that agreements for alternate processing sites have been established that define the roles and responsibilities for alternate locations in the event of a disaster. (This is a new recommendation.)
Closure Date:
19 We recommend the Acting Assistant Secretary for Information and Technology fully implement an automated 24-hour security event and incident correlation solution to monitor security for all systems interconnections, database security events, and mission-critical platforms supporting VA programs and operations. (This is a modified repeat recommendation from last year.)
Closure Date:
20 We recommend the Acting Assistant Secretary for Information and Technology identify all external network interconnections and ensure appropriate Interconnection Security Agreements and Memoranda of Understanding are in place to govern them. (This is a repeat recommendation from last year.)
Closure Date:
21 We recommend the Acting Assistant Secretary for Information and Technology implement more effective agency-wide incident response procedures to ensure timely resolution of computer security incidents in accordance with VA set standards. (This is a modified repeat recommendation.)
Closure Date:
22 We recommend the Acting Assistant Secretary for Information and Technology implement effective continuous monitoring processes to identify and prevent the use of unauthorized application software, hardware (including personal storage devices), and system configurations on its networks. (This is a repeat recommendation from last year.)
Closure Date:
23 We recommend the Acting Assistant Secretary for Information and Technology develop a comprehensive software inventory process to identify major and minor software applications used to support VA programs and operations. (This is a repeat recommendation from last year.)
Closure Date:
24 We recommend the Acting Assistant Secretary for Information and Technology develop procedures to integrate information security costs into the capital planning process while ensuring traceability of Plans of Action and Milestones remediation costs to appropriate capital planning budget documents. (This is a repeat recommendation from last year.)
Closure Date:
25 We recommend the Acting Assistant Secretary for Information and Technology implement procedures for overseeing contractor-managed systems and ensuring information security controls adequately protect VA sensitive systems and data. (This is a repeat recommendation from last year.)
Closure Date:
26 We recommend the Acting Assistant Secretary for Information and Technology implement mechanisms for updating the Federal Information Security Management Act systems inventory, including interfaces with contractor-managed systems, and annually review the systems inventory for accuracy. (This is a repeat recommendation from last year.)
Closure Date:
27 We recommend the Acting Assistant Secretary for Information and Technology implement mechanisms to ensure all users with VA network access participate in and complete required VA-sponsored security awareness training. (This is a modified repeat recommendation from last year.)
Closure Date:
28 We recommend the Assistant Secretary for Information and Technology develop mechanisms to ensure risk assessments accurately reflect the current control environment, compensating controls, and the characteristics of the relevant VA facilities.
Closure Date:
29 We recommend the Assistant Secretary for Information and Technology review and update all applicable position descriptions to better describe sensitivity ratings and better document employee personnel records and contractor files, including 'Rules of Behavior' instructions, annual privacy and Health Insurance Portability and Accountability Act of 1996 training certifications, and position sensitivity level designations.
Closure Date:
30 We recommend the Assistant Secretary for Information and Technology ensure appropriate levels of background investigations be completed for all applicable VA employees and contractors in a timely manner, implement processes to monitor and ensure timely reinvestigations on all applicable employees and contractors, and monitor the status of the requested investigations.
Closure Date:
31 We recommend the Assistant Secretary for Information and Technology reduce wireless security vulnerabilities by ensuring sites have an effective and up-to-date methodology to protect against the interception of wireless signals and unauthorized access to the network and ensure the wireless network is segmented and protected from the wired network.
Closure Date:
32 We recommend the Assistant Secretary for Information and Technology identify and deploy solutions to encrypt sensitive data and resolve clear text protocol vulnerabilities.
Closure Date:
| ||||
| 12-02186-227 | Healthcare Inspection – Nursing Care in the Community Living Center for Spinal Cord Injury, Louis Stokes VA Medical Center, Cleveland, OH | Hotline Healthcare Inspection | ||
1 We recommended that the Facility Director ensure that the staffing levels on the Long-Term Care Spinal Cord Injury unit be consistent with Veterans Health Administration's requirements and the facility's spinal cord injury Master Nurse Staffing Plan.
Closure Date:
2 We recommended that the Facility Director ensure that Long-Term Care Spinal Cord Injury nursing staff consistently provide and document resident care.
Closure Date:
3 We recommended that the Facility Director ensure that Long-Term Care Spinal Cord Injury nurse managers take action to investigate and address staff conduct related issues.
Closure Date:
4 We recommended that the Facility Director ensure that float staff assigned to the Long-Term Care Spinal Cord Injury unit have the training and competencies required for the unit.
Closure Date:
| ||||
| 13-00235-225 | Administrative Investigation, Conduct Prejudicial to the Government, Veteran Employment Services Office, Office of Human Resources and Administration, Washington, DC | Administrative Investigation | ||
| 13-00644-231 | Review of VA's Acquisitions Supporting the Veteran Employment Services Office | Audit | ||
1 We recommend the Acting Assistant Secretary for Human Resources and Administration improve the development and management of ADVANCE-funded acquisitions by strengthening the Strategic Management Group's process to fully assess program offices' procurement requests against VA's existing internal capacities.
Closure Date:
2 We recommend the Acting Assistant Secretary for Human Resources and Administration take immediate action to assess veteran demand for call center services and modify the terms of its interagency agreement with the Office of Personnel Management to reflect anappropriate level of call center operations and related costs, including staffing resources.
Closure Date:
3 We recommend the Acting Assistant Secretary for Human Resources and Administration modify the Veteran Employment Services Office's interagency agreement with the Office of Personnel Management to require routine data reports on call centers' performance that include call volume, length of calls, blocked calls, wait times, and the overall accuracy of information provided to callers.
Closure Date:
4 We recommend the Acting Assistant Secretary for Human Resources and Administration develop a process to independently assess the performance of the Veteran Employment Services Office's employment call centers by establishing metrics such as call volume, call wait times, hang-ups, and accuracy of information.
Closure Date:
5 We recommend the Acting Assistant Secretary for Human Resources and Administration develop policy that prohibits the approval of modifications to interagency agreement terms that combine the costs and terms of distinct deliverables into one deliverable.
Closure Date:
6 We recommend the Acting Assistant Secretary for Human Resources and Administration develop requirements to test and assess functions to be contracted to determine if these functions are inherently governmental as part of the acquisition planning process for all future contracts awarded to support the Veteran Employment Services Office's operations and initiatives.
Closure Date:
| ||||
| 13-00026-223 | Community Based Outpatient Clinic Reviews at VA Pacific Islands Health Care System, Honolulu, HI | Comprehensive Healthcare Inspection Program | ||
| 13-00367-226 | Inspection of VA Regional Office Houston, Texas | Review | ||
1 We recommend the Houston VA Regional Office Director implement a plan to ensure staff timely follow Veterans Benefits Administration policy to reduce temporary 100 percent disability evaluations when required.
Closure Date:
2 We recommend the Houston VA Regional Office Director develop and implement a plan to follow up on hearing requests associated with proposed reductions.
Closure Date:
3 We recommend the Houston VA Regional Office Director conduct a review of the 689 temporary 100 percent disability evaluations remaining from the data we used to perform the inspection and take appropriate action.
Closure Date:
4 We recommend the Houston VA Regional Office Director implement a plan to assess the effectiveness of training and provide refresher training on the proper processing of traumatic brain injury claims.
Closure Date:
5 We recommend the Houston VA Regional Office Director develop and implement a plan to ensure accurate second-signature reviews of traumatic brain injury claims.
Closure Date:
6 We recommend the Houston VA Regional Office Director ensure Veterans Service Center management amends the Systematic Analyses of Operations checklist to address all elements currently required by Veterans Benefits Administration policy and provide refresher training.
Closure Date:
| ||||
| 13-00890-220 | Combined Assessment Program Review of the Alaska VA Healthcare System, Anchorage, Alaska | Comprehensive Healthcare Inspection Program | ||
1 We recommended that processes be strengthened to ensure that actions from peer reviews are completed and reported to the PRC.
Closure Date:
2 We recommended that processes be strengthened to ensure that FPPEs for newly hired licensed independent practitioners are consistently initiated and that results are consistently reported to the MEC.
Closure Date:
3 We recommended that processes be strengthened to ensure that the quality of entries in the EHR is reviewed.
Closure Date:
4 We recommended that processes be strengthened to ensure that quarterly trend reports summarize any discrepancies and problematic trends and identify potential areas for improvement.
Closure Date:
5 We recommended that processes be strengthened to ensure that CS inspectors receive annual updates and refresher training regarding problematic issues identified through external survey findings and other quality control measures.
Closure Date:
6 We recommended that processes be strengthened to ensure that local policy related to the return of Green Sheets to the pharmacy is adhered to and that all elements required for the processing of prescriptions are present.
Closure Date:
7 We recommended that processes be strengthened to ensure that documentation of CS inspector orientation, training, annual updates, and annual competency assessments are maintained.
Closure Date:
8 We recommended that processes be strengthened to ensure that CS inspectors initial and date CS Inspecting Official Checklists, VA CS forms, and pharmacy activity logs.
Closure Date:
9 We recommended that a process be established to track HPC consults that are not acted upon within 7 days of the request.
Closure Date:
10 We recommended that processes be strengthened to ensure that the COS reviews HRCP activities in a timely manner.
Closure Date:
11 We recommended that processes be strengthened to ensure that high-risk home oxygen patients are identified.
Closure Date:
| ||||
| 13-00274-224 | Combined Assessment Program Review of the VA Pacific Islands Health Care System, Honolulu, Hawaii | Comprehensive Healthcare Inspection Program | ||
11259