Veterans Affairs runs fault-ridden feedback system

Powered by SC Magazine

Audit reveals privacy risks in legacy Access system.

Legacy database technology and processes at the Department of Veterans Affairs (DVA) could leave the department open to privacy breaches and reporting errors, an audit has found.

According to the Australian National Audit Office (ANAO), 53 percent of records in DVA's client feedbank management system (CFMS) contained errors such as inaccurate registration details and client satisfaction ratings.

ANAO reported (pdf) that DVA's internal reporting did not address the reason for errors in CFMS records, nor was there an audit trail to identify staff who accessed the Microsoft Access system.

Although DVA had educated staff on "the importance of privacy protection and the need for a legitimate business reason to access" CFMS records, auditors said there was scope to improve how it protected complaints records.

Auditors noted that the DVA had considered including an audit trail in the CFMS before implementing a new complaints handling policy in mid-2010.

But such an audit trail would have cost about $17,500, and the DVA deemed the risks associated with not having such an audit capability as "low".

ANAO recommended that the DVA review the merits of including an audit trail, improve search and reporting functionality and implement input controls to improve data quality.

DVA contended that there was some audit functionality its central record storage system, TRIM, which records any changes to individual CFMS records.

It added that the CFMS was a "legacy Access database" that was "constrained by technical limitations".

“Further enhancements or re‐developments of CFMS that address the identified functionality improvements may be possible and will certainly be considered in the future.”

Reporting errors

DVA recorded 2167 complaints in its CFMS in 2010-11, some 25 percent lower than what ANAO expected based on benchmarking against Department of Human Services and Australian Taxation Office figures.

CFMS records indicated that 61 percent of complainants were satisfied and two percent were dissatisfied with the handling and outcome of their complaints in 2010-11.

DVA could not determine whether complainents were satisfied with the handling of their complaints, or the outcome of their complaints, or both.

It was unclear in CFMS records whether the remaining 37 percent of complainants were satisfied or dissatisfied with their experiences.

ANAO's analysis indicated that only 52 percent of records contained evidence to support the recorded satisfaction rating.

Furthermore, auditors said DVA had undertaken little analysis of CFMS data to identify ways of improving its services.

"There would be benefit in DVA considering amendments to its complaints and feedback management policy  and  processes  to  include  such  suggestions  for improvement in the CFMS,” ANAO reported.

DVA said all future staff training sessions would "continue to emphasise the need to complete all relevant fields in a CFMS record, as well as the need to update the record as required, attaching all relevant documentation and supporting evidence".

Copyright © . All rights reserved.

Veterans Affairs runs fault-ridden feedback system
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx