VA Police Information Management System Needs Improvement

This report presents the findings of an audit that examined whether VA’s police information systems provided program leaders and the workforce with adequate information to manage operations and in turn support effective governance. It builds on a December 2018 Office of Inspector General (OIG) publication that recommended improvements to VA’s national governance of its police program. The OIG found that VA lacked an effective strategy or action plan to update its police information system. In September 2015, the VA Law Enforcement Training Center (LETC) acquired Report Exec, a replacement records management system, for police officers at all medical facilities. Inadequate planning and contract administration mismanagement caused the system implementation to stall for more than two years. LETC spent approximately $2.8 million on the system by fiscal year 2019, but police officers experienced frequent performance issues and had to use different systems that did not share information. As of April 2019, only 63 percent of medical facility police units were reportedly using the Report Exec system, while 37 percent were still using an incompatible legacy system. As a result, administrators and law enforcement personnel at multiple levels could not adequately track and oversee facility incidents involving VA police or make informed decisions on risks and resource allocations. The audit also revealed that information security controls were not in place for the Report Exec system that put individuals’ sensitive personal information at risk. The OIG made seven recommendations that included evaluating which entity should oversee the records management systems for VA police, establishing a working group to assess whether the Report Exec system meets the needs of VA police, and developing a strategy to fully implement the system or its replacement. The OIG also recommended that an information security officer be consistently responsible for the Report Exec system.