This is the accessible text file for GAO report number GAO-06-234T 
entitled 'Defense Management: Foundational Steps Being Taken to Manage 
DOD Business Systems Modernization, but Much Remains to be Accomplished 
to Effect True Business Transformation' which was released on November 
9, 2005. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 

GAO: 

Testimony: 

Before the Subcommittee on Readiness and Management Support, Committee 
on Armed Services, U.S. Senate: 

For Release on Delivery: 

Expected at 2:00 p.m. EST Wednesday, November 9, 2005: 

Defense Management: 

Foundational Steps Being Taken to Manage DOD Business Systems 
Modernization, but Much Remains to be Accomplished to Effect True 
Business Transformation: 

Statement of Randolph C. Hite: 

Director: 
Information Technology Architecture and Systems: 

GAO-06-234T: 

GAO Highlights: 

Highlights of GAO-06-234T, a testimony before the Subcommittee on 
Readiness and Management Support, Committee on Armed Services, U.S. 
Senate: 

Why GAO Did This Study: 

For years, the Department of Defense (DOD) has embarked on a series of 
efforts to transform its business operations, including modernizing 
underlying information technology (business) systems. GAO has reported 
on inefficiencies and inadequate accountability across DOD’s major 
business areas, resulting in billions of dollars of wasted resources 
annually. Of the 25 areas on GAO’s 2005 list of high-risk federal 
programs and operations that are vulnerable to fraud, waste, abuse or 
mismanagement and in need of reform, 8 are DOD programs or operations, 
and 6 are government-wide high risk areas for which DOD shares 
responsibility. 

The Ronald W. Reagan National Defense Authorization Act for Fiscal Year 
2005 required DOD to satisfy several conditions relative to its 
approach to managing its business system modernization program, 
including developing an enterprise transition plan, which GAO is 
currently assessing. DOD also recently established a Business 
Transformation Agency intended to advance defense-wide business 
transformation. 

GAO was asked to testify on DOD’s business transformation, including 
its preliminary observations on 1) DOD’s efforts to satisfy fiscal year 
2005 defense authorization act requirements; 2) the Business 
Transformation Agency; and 3) DOD’s efforts to provide the leadership, 
structures, and plans needed to effect transformation. 

What GAO Found: 

GAO’s preliminary observation based on its ongoing work is that DOD has 
made progress in establishing needed business system modernization 
management capabilities and appears to have complied with some of the 
act’s provisions, but more needs to be done. To comply with the act’s 
requirement that it develop a business enterprise architecture and 
transition plan meeting certain requirements, DOD approved Version 3.0 
of its architecture and associated transition plan on September 28, 
2005. GAO’s work so far suggests that this version of the architecture 
may satisfy the conditions of the act to some extent, but not entirely. 
For example, while Version 3.0 includes a target architecture, as 
required, it does not include a current architecture. Without this 
element, DOD could not analyze the gaps between the two 
architectures—critical input to a comprehensive transition plan. In 
addition, the transition plan appears to include certain required 
information (such as milestones for major projects), but it appears to 
be inconsistent with the architecture in various ways, such as 
including some systems that are not in the target architecture and vice 
versa, and it does not include system performance metrics aligned with 
the plan’s strategic goals and objectives. Finally, GAO’s preliminary 
work suggests that DOD may have satisfied some of the act’s 
requirements regarding the review and approval of investments in 
business systems, but it either has not satisfied or is still in the 
process of satisfying others. For example, it has delegated authority 
and largely established review structures and processes as required. 
However, some of these structures do not yet appear to be in place, and 
some reviews and approvals to date may not have followed the criteria 
in the act. GAO expects to report on these issues shortly. 

DOD’s Business Transformation Agency offers potential benefits relative 
to the department’s business systems modernization efforts if the 
agency can be properly organized, resource, and empowered to 
effectively execute its roles and responsibilities and is held 
accountable for doing so. The agency faces several challenges, 
including standing up a functioning acquisition organization within a 
short period of time. As DOD moves forward with implementing this 
agency, it will be important for it to address these issues. 

DOD has taken several actions intended to advance transformation, such 
as establishing management structures like the Business Transformation 
Agency, and developing the enterprise transition plan. While these 
steps are positive, their primary focus appears to be on business 
system modernization. Business transformation is much broader and 
encompasses planning, management, structures, and processes related to 
all key business areas. As DOD continues to evolve its transformation 
efforts, critical to successful reform are sustained leadership, 
structures, and a clear strategic and integrated plan that encompass 
all major business areas. GAO believes a chief management official, 
responsible for business transformation, could provide the strong and 
sustained executive leadership needed in this area. 

www.gao.gov/cgi-bin/getrpt?GAO-06-234T. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Randy Hite at (202) 512-
3429 or hiter@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

I appreciate the opportunity to be here today to discuss business 
systems modernization and overall business transformation at the 
Department of Defense (DOD)--two areas that are on our high-risk list 
of federal programs and activities that are at risk of waste, fraud, 
abuse, or mismanagement and in need of broad-based 
transformation.[Footnote 1] At the onset, I would like to pass on 
Comptroller General Walker's gratitude to this Subcommittee for your 
continued oversight of key government operations and management issues, 
including DOD's business transformation activities. The active role of 
this Subcommittee is essential to ultimately assuring DOD's continued 
progress in business transformation, while enhancing public confidence 
in DOD's stewardship of the hundreds of billions of taxpayer funds it 
receives each year. 

Given its size and mission, DOD is one of the largest and most complex 
organizations to effectively manage in the world. While DOD maintains 
military forces with significant capabilities, it continues to confront 
pervasive, decades-old management problems related to its business 
operations, including outdated and ineffective systems and processes 
that support these forces. At a time when DOD is challenged to maintain 
a high level of military operations while competing for resources in an 
increasingly fiscally constrained environment, DOD's business area 
weaknesses continue to result in reduced efficiencies and effectiveness 
that waste billions of dollars every year. Of the 25 areas on our 2005 
high-risk list, 8 are DOD programs or operations and 6 are 
governmentwide high-risk areas for which DOD shares some 
responsibility. These areas touch on all of DOD's major business 
operations. In some cases, such as DOD's financial management, weapons 
acquisition, and business systems modernization areas, we have been 
highlighting high-risk challenges for a decade or more. 

This year we added DOD's overall approach to business transformation to 
our list of high-risk areas because (1) DOD's business improvement 
initiatives and control over resources are fragmented; (2) DOD lacks a 
clear and integrated business transformation plan and investment 
strategy; and (3) DOD has not designated an appropriate level senior 
management official--such as a chief management official (CMO)--with 
the authority to be responsible and accountable for overall business 
transformation reform and related resources. In particular, GAO has 
suggested the need for a chief management official[Footnote 2] to 
provide the sustained top-level leadership and accountability needed by 
DOD to better leverage plans, processes, systems, people and tools to 
achieve the needed transformation. 

Many past administrations have tried to address the deficiencies we 
have identified at DOD, with the latest attempt being launched in 2001 
when Secretary Rumsfeld outlined a vision for transforming the 
department that called for dramatic changes in management, technology, 
and business practices. At that time, the Secretary established the 
Business Management Modernization Program, or BMMP, to effect this 
change. Since then, we have reported a litany of program weaknesses and 
made scores of recommendations. Our latest reports on this program, 
which were issued about the same time as this Subcommittee's last 
oversight hearing in April 2005 on DOD business transformation and 
financial accountability, were quite critical of the program, observing 
that after investing about 4 years and $318 million on the BMMP, the 
department had made very little progress. 

To its credit, the Congress, and this Subcommittee in particular, has 
become increasingly focused on improving DOD's business operations by 
holding several oversight hearings, such as this one, and enacting 
legislation. The recent requirements in the Ronald W. Reagan National 
Defense Authorization Act for Fiscal Year 2005 aimed at strengthening 
DOD's management of its business systems modernization efforts-- 
developing a business enterprise architecture and transition plan, and 
establishing system investment management structures and processes-- 
are particularly important ingredients to addressing DOD's business 
systems modernization high-risk area. The act requires GAO to review 
and report on this transition plan within 60 days of its approval by 
the Secretary of Defense. 

Senior administration leaders and advisors--including the Secretary of 
Defense, the Acting Deputy Secretary of Defense, the Deputy Director of 
the Office of Management and Budget (OMB), various senior level 
officials, and members of the Defense Business Board--have demonstrated 
a commitment to addressing DOD's business management weaknesses. OMB 
and DOD are working together to develop a plan to improve supply chain 
management that could place the department on the path toward removal 
of this area from our high-risk list. For example, OMB and DOD are also 
consulting GAO as they develop action plans for other high-risk areas 
as well as a business architecture and related enterprise transition 
plan. Further, DOD has taken actions intended to comply with the Act by 
establishing system investment review structures and processes, and it 
has also established a Business Transformation Agency to bring 
increased management focus to its business systems modernization area. 

Today, I would like to provide our preliminary perspectives on (1) 
DOD's efforts to satisfy the business systems modernization 
requirements in the fiscal year 2005 National Defense Authorization 
Act; (2) the Business Transformation Agency's potential to help 
strengthen business systems modernization; and (3) whether DOD efforts 
to establish management structures and its business enterprise 
transition plan provide the leadership and planning needed to effect 
business transformation. 

My statement is based upon our ongoing assessment of DOD's efforts to 
comply with the 2005 defense authorization act, as required under the 
act. As such, the statement provides our preliminary views on DOD's 
efforts. It is also based on our analysis of DOD's enterprise 
transition plan relative to our published work on successful 
organizational transformation efforts and each of DOD's high risk 
areas, as well as analysis of DOD's directives establishing the Defense 
Business Transformation Agency, our previous reports and testimonies, 
and discussions with DOD senior executives. Our work was performed in 
accordance with U.S. generally accepted government auditing standards. 

Summary: 

In summary, let me reiterate what Comptroller General Walker has stated 
on many occasions-transforming the department's business operations is 
an absolute necessity given the long-term fiscal outlook, and 
accomplishing this transformation will require sustained and persistent 
leadership for at least 5 to 7 years. The department, under the 
leadership of Acting Deputy Secretary England, recently began taking 
some positive steps in this direction, particularly with respect to the 
business systems modernization management changes called for in the 
fiscal year 2005 National Defense Authorization Act, as well as with 
certain other DOD high-risk areas. As of today, our preliminary work 
suggests that progress has been made in complying with the provisions 
in the act, but more needs to be done. DOD agrees, and it intends to do 
more. With respect to DOD's compliance with the authorization act's 
requirements, we will be issuing a full report to this and other 
defense congressional committees by November 25, 2005. 

In addition, DOD's Business Transformation Agency offers potential 
benefits relative to the department's business systems modernization 
efforts if the agency can be properly organized, resource, and 
empowered to effectively execute its roles and responsibilities and is 
held accountable for doing so. The agency faces several challenges, 
including standing up a functioning acquisition organization within a 
short period of time. As DOD moves forward with implementing this 
agency, it will be important for it to address these issues. 

Furthermore, DOD has taken several actions intended to advance 
transformation, such as establishing management structures like the 
Business Transformation Agency, and developing the enterprise 
transition plan. While these steps are positive, their primary focus 
appears to be on business system modernization. Business transformation 
is much broader and encompasses planning, management, structures, and 
processes related to all key business areas. As DOD continues to evolve 
its transformation efforts, critical to successful reform are sustained 
leadership, structures, and a clear strategic and integrated plan that 
encompass all major business areas. We, therefore, continue to believe 
that a CMO position along with an integrated strategic plan for the 
overall business transformation effort, remain essential ingredients 
for better ensuring that overall business transformation is 
successfully implemented and sustained. 

Background: 

DOD is one of the largest and most complex organizations in the world 
to manage effectively. While DOD maintains military forces with 
unparalleled capabilities, it continues to confront pervasive, decades- 
old management problems related to its business operations--which 
include outdated systems and processes--that support these forces. 
These management weaknesses cut across all of DOD's major business 
areas, such as human capital management; the personnel security 
clearance program; support infrastructure management; financial 
management; weapon systems acquisition; contract management; supply 
chain management; and last, but not least, business systems 
modernization. All of these DOD areas are on our high-risk list. 

For years, DOD has attempted to modernize its business systems, and we 
have provided numerous recommendations to help guide its efforts, 
including a set of recommendations to help DOD develop and implement an 
enterprise architecture (or modernization blueprint) and establish 
effective management controls. To achieve successful transformation, we 
have also recommended the need for a CMO, and a strategic integrated 
action plan for the overall business transformation effort. 

Enterprise Architecture and Information Technology Investment 
Management Are Critical to Achieving Successful Systems Modernization: 

Effective use of an enterprise architecture, or modernization 
blueprint, is a hallmark of successful public and private 
organizations. For more than a decade, we have promoted the use of 
architectures to guide and constrain systems modernization, recognizing 
them as a crucial means to a challenging goal: agency operational 
structures that are optimally defined in both the business and 
technological environments. The Congress has also recognized the 
importance of an architecture-centric approach to modernization: the E- 
Government Act of 2002,[Footnote 3] for example, requires OMB to 
oversee the development of enterprise architectures within and across 
agencies. 

In brief, an enterprise architecture provides a clear and comprehensive 
picture of an entity, whether it is an organization (e.g., a federal 
department) or a functional or mission area that cuts across more than 
one organization (e.g., financial management). This picture consists of 
snapshots of both the enterprise's current or "As Is" environment and 
its target or "To Be" environment. These snapshots consist of "views," 
which are one or more architecture products (models, diagrams, 
matrices, text, etc.) that provide logical or technical representations 
of the enterprise. The architecture also includes a transition or 
sequencing plan, based on an analysis of the gaps between the "As Is" 
and "To Be" environments; this plan provides a temporal roadmap for 
moving between the two that incorporates such considerations as 
technology opportunities, marketplace trends, fiscal and budgetary 
constraints, institutional system development and acquisition 
capabilities, the dependencies and life expectancies of both new and 
"legacy" (existing) systems, and the projected value of competing 
investments. Our experience with federal agencies has shown that 
investing in information technology (IT) without defining these 
investments in the context of an architecture often results in systems 
that are duplicative, not well integrated, and unnecessarily costly to 
maintain and interface.[Footnote 4] 

A corporate approach to IT investment management is also characteristic 
of successful public and private organizations. Recognizing this, the 
Congress developed and enacted the Clinger-Cohen Act in 1996,[Footnote 
5] which requires OMB to establish processes to analyze, track, and 
evaluate the risks and results of major capital investments in 
information systems made by executive agencies.[Footnote 6] In response 
to the Clinger-Cohen Act and other statutes, OMB developed policy for 
planning, budgeting, acquisition, and management of federal capital 
assets and issued guidance.[Footnote 7] We have also issued guidance in 
this area,[Footnote 8] in the form of a framework that lays out a 
coherent collection of key practices that, when implemented in a 
coordinated manner, can lead an agency through a robust set of analyses 
and decision points that support effective IT investment management. 
This framework defines institutional structures, such as investment 
review boards, and associated processes, such as common investment 
criteria. Further, our investment management framework recognizes the 
importance of an enterprise architecture as a critical frame of 
reference for organizations making IT investment decisions: 
specifically, it states that only investments that move the 
organization toward its target architecture, as defined by its 
sequencing plan, should be approved (unless a waiver is provided or a 
decision is made to modify the architecture). Moreover, it states that 
an organization's policies and procedures should describe the 
relationship between its architecture and its investment decision- 
making authority. Our experience has shown that mature and effective 
management of IT investments can vastly improve government performance 
and accountability, and can help to avoid wasteful IT spending and lost 
opportunities for improvements. 

Recent Reviews of DOD's Business System Modernization Efforts Have 
Raised Concerns: 

Since 2001, we have regularly reported[Footnote 9] on DOD's efforts to 
(among other things) develop an architecture and to establish and 
implement effective investment management structures and processes. Our 
reports have continued to raise concerns about the department's 
architecture program, the quality of the architecture and the 
transition plan, and the lack of an investment management structure and 
controls to implement the architecture. Our most recent reports, which 
were issued in the third and fourth quarters of fiscal year 
2005,[Footnote 10] made the following points: 

* DOD had not established effective structures and processes for 
managing the development of its architecture. 

* DOD had not developed a well-defined architecture. The products that 
it had produced did not provide sufficient content and utility to 
effectively guide and constrain ongoing and planned system investments. 

* DOD had not developed a plan for transitioning from the "As Is" to 
the "To Be" architectures. 

* DOD did not have an effective departmentwide management structure for 
controlling its business investments. 

* DOD had not established common investment criteria for system 
reviews. 

* DOD had not included all reported systems in its fiscal year 2005 IT 
budget request. 

* The Under Secretary of Defense (Comptroller) had not certified all 
systems investments with reported obligations exceeding $1 million, as 
required by the fiscal year 2003 National Defense Authorization 
Act.[Footnote 11] 

Our recommendations to DOD provide a comprehensive roadmap for 
addressing these problems. DOD has largely agreed with the 
recommendations and as we recently reported, has defined a framework 
intended to do so. 

Successful Business Transformation Requires Sound Strategic Planning 
and Sustained Leadership: 

In testimony before this Subcommittee earlier this year, Comptroller 
General Walker emphasized that there are three key elements that DOD 
must incorporate into its business transformation efforts to 
successfully address its systemic business challenges.[Footnote 12] 
First, these efforts must include an integrated strategic business 
transformation plan, including an enterprise architecture to guide and 
constrain implementation of such a plan. Second, control of system 
investments is crucial for successful business transformation. Finally, 
a CMO is essential for providing the sustained leadership needed to 
achieve a successful and lasting transformation effort. The CMO would 
not assume the day-to-day management responsibilities of other DOD 
officials nor represent an additional hierarchical layer of management 
but would lead DOD's overall business transformation efforts. 
Additionally, a 7-year term would also enable the CMO to work with DOD 
leadership across administrations to sustain the overall business 
transformation effort. 

DOD's Efforts to Comply with National Defense Authorization Act for 
Fiscal Year 2005 Indicate Progress and a Foundation Upon Which to 
Build: 

As defined in Section 332 of the defense authorization act for fiscal 
year 2005,[Footnote 13] DOD is required to satisfy several conditions 
relative to its approach to managing its business systems modernization 
program. Generally speaking, DOD is required to do the following: 

1. By September 30, 2005, develop a business enterprise architecture 
that meets certain requirements. 

2. By September 30, 2005, develop a transition plan for implementing 
the architecture that meets certain requirements. 

3. Identify each defense business system proposed for funding in the 
budget submissions for fiscal year 2006 and subsequent years, and for 
each system, among other things, identify whether funding is for 
current services or business systems modernization. 

4. Take a number of actions regarding the review and approval of 
investments, including delegating responsibility for business system 
review and decision making to designated approval authorities,[Footnote 
14] establishing investment review boards and supporting process that 
employ common steps and criteria, and obligating funds for Defense 
Business System Modernizations after October 1, 2005, only for systems 
that have been certified and approved. 

The act also requires us to assess DOD's efforts to comply with the act 
within 60 days after approval of the business enterprise architecture 
and transition plan. On September 28, 2005, the Acting Deputy Secretary 
of Defense approved Version 3.0 of the business enterprise architecture 
and approved the associated enterprise transition plan. Accordingly, we 
are currently in the process of conducting our assessment, and we plan 
by November 25, 2005, to issue a report containing the results of our 
assessment to defense congressional committees, as specified in the 
act. As agreed, this statement contains only preliminary observations 
based on our ongoing work, meaning that these observations may change 
as we conclude our ongoing assessment. 

For purposes of this statement, we have grouped the act's requirements, 
and our preliminary observations, into four categories: business 
enterprise architecture, enterprise transition plan, fiscal year 2006 
budget submission, and investment review and approval. 

Business Enterprise Architecture Requirements: 

The act requires that DOD develop, by September 30, 2005,[Footnote 15] 
a business enterprise architecture. According to the act, this 
architecture must satisfy three major requirements: 

5. Include an information infrastructure that, at a minimum, would 
enable DOD to: 

* comply with all federal accounting, financial management, and 
reporting requirements; 

* routinely produce timely, accurate, and reliable financial 
information for management purposes; 

* integrate budget, accounting, and program information and systems; 
and: 

* provide for the systematic measurement of performance, including the 
ability to produce timely, relevant, and reliable cost information. 

6. Include policies, procedures, data standards, and system interface 
requirements that are to be applied uniformly throughout the 
department. 

7. Be consistent with OMB policies and procedures. 

According to DOD, this version is intended to provide a blueprint to 
help ensure near-term delivery of needed capabilities, resources, and 
materiel to the warfighter. To do so, this version focused on six 
Business Enterprise Priorities (see table 1), which DOD states are 
short-term objectives to achieve immediate results. According to the 
department, these priorities will evolve and expand in future versions 
of the architecture. 

Table 1: Business Enterprise Priorities: 

Business Enterprise Priority: Personnel Visibility; 
Description: Providing access to reliable, timely, and accurate 
personnel information for warfighter mission planning. 

Business Enterprise Priority: Acquisition Visibility; 
Description: Providing transparency and access to acquisition 
information that is critical to supporting life-cycle management of the 
department's processes for delivering weapon systems and automated 
information systems. 

Business Enterprise Priority: Common Supplier Engagement; 
Description: Aligning and integrating policies, processes, data, 
technology, and people to simplify and standardize the methods that DOD 
uses to interact with commercial and government suppliers. 

Business Enterprise Priority: Materiel Visibility; 
Description: Improving supply chain performance. 

Business Enterprise Priority: Real Property Accountability; 
Description: Acquiring access to real-time information on DOD real 
property assets. 

Business Enterprise Priority: Financial Visibility; 
Description: Providing immediate access to accurate and reliable 
financial information that will enhance efficient and effective 
decision making. 

Source: DOD. 

[End of table] 

In addition to focusing version 3.0 on these priorities, according to 
DOD, the department also limited the extent to which the architecture 
was to address each priority, focusing on four questions: 

* Who are our people, what are their skills, and where are they 
located? 

* Who are our industry partners, and what is the state of our 
relationship with them? 

* What assets are we providing to support the warfighter, and where are 
these assets deployed? 

* How are we investing our funds to best enable the warfighting 
mission? 

To produce a version of the architecture within the above scope, DOD 
created 12 of the 23 recommended products included in the DOD 
Architecture Framework--the structural guide that the department has 
established for developing an architecture.[Footnote 16] These 12 
products included all 7 products that the framework designates as 
essential.[Footnote 17] For example, one essential product is the 
Operational Node Connectivity Description, which is a graphic showing 
"operational nodes" (organizations) and including a depiction of each 
node's information exchange needs. 

Our preliminary work suggests that Version 3.0 of DOD's business 
enterprise architecture may partially satisfy the major conditions 
specified in the act. For example, Version 3.0 could enable DOD's 
compliance with many but not all federal accounting, financial 
management, and reporting requirements. To this end, the architecture 
includes the Standard Financial Information Structure (SFIS) and the 
Standard Accounting Classification Structure (SACS), which together 
could allow DOD to standardize financial data elements necessary to 
support budgeting, accounting, cost/performance management, and 
external reporting. Both SFIS and SACS are based upon mandated 
requirements defined by external regulatory entities, such as the 
Treasury, OMB, the Federal Accounting Standards Advisory Board, and the 
Joint Financial Management Improvement Program.[Footnote 18] Moreover, 
SFIS has in turn been used to develop and incorporate business rules in 
the architecture for such areas as managerial cost accounting, general 
ledger, and federally owned property. Business rules are important 
because they explicitly translate important business policies and 
procedures into specific and unambiguous rules that govern what can and 
cannot be done. 

However, it is not apparent that the architecture provides for 
compliance with all federal accounting, financial, and reporting 
requirements. For example, it may not contain the information needed to 
achieve compliance with the Treasury's United States Standard General 
Ledger[Footnote 19] or a strategy for achieving this compliance. 

As another example, Version 3.0 may partially enable DOD to produce 
timely, accurate, and reliable financial information for management 
purposes. Specifically, according to the architecture, financial 
information is to be produced through (1) SFIS, which can support data 
accuracy, reliability, and integrity requirements for budgeting, 
financial accounting, cost and performance management, and external 
reporting across DOD, and (2) a "Manage Business Enterprise Reporting" 
system function, which is intended to support the reporting of 
financial management and program performance information, including 
agency financial statements. 

However, timely, accurate and reliable information depends, in part, on 
using standard definitions of key terms, which the architecture does 
not appear to include in all cases. For example, in Version 3.0 of the 
architecture, terms such as "balance forwarded" and "receipt balances" 
were not defined in the integrated dictionary although these terms were 
used in process descriptions. In the absence of standardized 
definitions, components (military services, defense agencies, and field 
activities) may use terms and definitions that are locally meaningful 
but which cannot be reliably and accurately aggregated to permit DOD- 
wide visibility, which is critical to achieving DOD's stated business 
enterprise priorities. This inability to aggregate has historically 
required DOD to create information for management purposes using 
inefficient methods, such as data calls and data conversions, that have 
limited the information's reliability and timeliness. 

Our preliminary work also suggests that Version 3.0 may partially 
satisfy the act's requirement that it be consistent with OMB policies 
and procedures. For example, Version 3.0 appears to include information 
flows and relationships, as required by OMB guidance. OMB guidance also 
requires the architecture to describe the "As Is" and "To Be" 
environments and a transition plan; however, Version 3.0 does not 
include an "As Is" environment. Without this element, DOD would not be 
able to develop a gap analysis identifying performance shortfalls, 
which as discussed in the next section, is a critical input to a 
comprehensive transition plan. In addition, OMB guidance requires that 
the architecture include, among other things, a description of the 
technology infrastructure; such a description is not apparent in 
Version 3.0, in that it does not identify such needed technology 
components as wide-area networks, databases, and telecommunications. 
Similarly, Version 3.0 does not appear to include a security 
architecture, although OMB guidance requires agencies to incorporate 
security into the architecture of their information and systems to 
ensure the security of agency business operations. 

Version 3.0 may also contain other limitations. For example, it may not 
yet be fully integrated with the enterprise transition plan. In 
particular, we are currently attempting to determine why 21 systems 
identified in the architecture are not included in the "Master List of 
Systems and Initiatives" in the transition plan (the master list serves 
as the baseline of currently planned--"To Be"--systems that begin to 
address the transformational objectives of the program). In addition, 
DOD has itself disclosed certain limitations. For example, it reported 
that the architecture is not adequately linked to the 
component[Footnote 20] architectures and transition plans. This 
omission is particularly important given the department's newly adopted 
federated approach to developing and implementing the architecture. In 
addition, according to DOD, the architecture must be improved to better 
designate enterprise data sources, business services, and IT 
infrastructure services, such as enterprise data storage. This is 
important because each of these greatly affects the scope and design of 
specific systems. 

According to DOD officials, the department is taking an incremental 
approach to developing the architecture and meeting the act's 
requirements. Accordingly, they said that Version 3.0 was appropriately 
scoped to provide for that content which could be produced in the time 
available to both lay the foundation for fully meeting the act's 
requirements and provide a blueprint for delivering near-term 
capabilities and systems to meet near-term business enterprise 
priorities. Based on these considerations, they asserted that Version 
3.0 fully satisfies the intent of the act. 

We support DOD's taking an incremental approach to developing the 
business enterprise architecture, as we recognize that adopting such an 
approach is both a best practice and a prior GAO recommendation. In 
addition, our preliminary work suggests that Version 3.0 may provide a 
foundation upon which to build a more complete architecture. 
Nevertheless, the real question that remains is whether this version 
contains sufficient scope, detail, integration, and consistency to 
serve as a sufficient frame of reference for defining a common vision 
and transition plan to guide and constrain system investments. 

Enterprise Transition Plan: 

The act requires that DOD develop, by September 30, 2005, a transition 
plan for implementing its business enterprise architecture. According 
to the act, this plan must meet three conditions: 

8. Include an acquisition strategy for new systems that are expected to 
be needed to complete the defense business enterprise architecture. 

9. Include listings of the legacy systems that will and will not be 
part of the target business systems environment, and a strategy for 
making modifications to those systems that will be included. 

10. Include specific time-phased milestones, performance metrics, and a 
statement of the financial and nonfinancial resource needs. 

On September 28, 2005, the Acting Deputy Secretary of Defense approved 
the transition plan. Our preliminary work on this plan suggests that it 
may partially satisfy each condition. For example, the plan appears to 
include elements of an acquisition strategy for new systems and 
describe a high-level approach for modernizing the department's 
business operations and systems. Further, it includes detailed 
information on about 60 business systems (ongoing programs) that are to 
be part of the "To Be" architectural environment, as well as an 
acquisition strategy for each system. However, the plan does not appear 
to be based on a top-down capability gap analysis between the "As Is" 
and "To Be" architectures that describes capability and performance 
shortfalls and clearly identifies which system investments (such as the 
60 identified programs) are to address these shortfalls. This is 
important because a transition plan is to be an acquisition strategy 
that recognizes timing and technological dependencies among planned 
systems investments, as well as such other considerations as market 
trends and return on investment. 

Similarly, our preliminary work suggests that the plan identifies some 
of the legacy systems that are to be replaced by ongoing programs (for 
example, it identifies the Defense Cash Accountability System as a 
target system and lists several legacy systems that it would replace), 
and it provides a list of legacy systems that will be modified to 
provide capabilities associated with the target architecture 
environment. However, the plan's listings of legacy systems that will 
and will not be part of the target architecture do not appear to be 
complete. For example, the plan identified 145 legacy systems that 
would be migrating to one target system (the Expeditionary Combat 
Support System), but other DOD documentation[Footnote 21] shows that 
this target system includes over 659 legacy systems, suggesting that 
514 systems may not be accounted for. 

Finally, the plan appears to include some of the required information 
on milestones, performance metrics, and resource needs. The plan 
includes key milestone dates for the 60 systems/programs identified 
(such as the Defense Travel System), but it does not show specific 
dates for terminating or migrating many legacy systems (such as the 
Cash Reconciliation System), and it does not include milestone dates 
for some ongoing programs (such as the Navy Tactical Command Support 
System). Similarly, although the plan includes performance metrics for 
some systems,[Footnote 22] it does not include for each system measures 
and metrics, focused on benefits or mission outcomes that can be linked 
to the plan's strategic goals. In addition, according to program 
officials, the resource needs in the transition plan for some programs 
are not current, as these needs are reflective of the fiscal year 2006 
budget, which was developed before a recent reevaluation of how these 
programs will fit into the "To Be" environment. 

Our preliminary work also suggests that in addition to the limitations 
just described, the plan may be missing relevant context and be 
inconsistent with the architecture in various ways. For example, it 
identifies 60 systems as target systems (for example, the Defense Cash 
Accountability System), but the "To Be" architecture appears to include 
only 23 of these. In addition, the plan includes a list of 66 systems 
that are characterized as nonpriority enterprise or component programs 
that will be part of the target architecture, but the target 
architecture does not appear to identify all these systems. 

According to DOD officials, the transition plan is evolving, and any 
limitations will be addressed in future iterations of the plan. They 
also stated that the department has taken an incremental approach to 
developing a transition plan, and that the plan, as constrained by the 
scope of Version 3.0 of the architecture, satisfies the intent of the 
act's requirements. 

As with the architecture, we support an incremental development 
approach. Moreover, this plan represents DOD's first ever enterprise 
transition plan, and thus constitutes progress. However, questions 
remain as to whether it is of sufficient scope and content to 
effectively and efficiently manage the disposition of the department's 
existing inventory of systems or to sequence the introduction of 
modernized business operations and supporting systems. 

Fiscal Year 2006 IT Budget Submission: 

The fiscal year 2005 defense authorization act specifies information 
that the department is to incorporate in its IT budget request for 
fiscal year 2006 and each fiscal year thereafter. Generally, the act 
states that each budget request for business systems must: 

11. Identify each defense business system for which funding is being 
requested. 

12. Provide information on all funds, by appropriation, for each 
business system, including funds by appropriation specifically for 
current services (Operation and Maintenance) and systems modernization 
(Procurement; Research, Development, Test and Evaluation; and Defense 
Working Capital Fund). 

13. Identify the designated approval authority for each business 
system. 

On the basis of our preliminary work, it appears that DOD's fiscal year 
2006 IT budget submission may partially satisfy these conditions. For 
example, although the fiscal year 2006 budget may not identify each 
business system for which funding is requested, DOD is taking steps to 
ensure that subsequent fiscal year budget requests are more 
comprehensive. This situation arose because DOD's fiscal year 2006 
budget submission was submitted in February 2005, when the department 
did not yet have a single inventory of all of its business systems. As 
a result, DOD officials could not guarantee that all business systems 
were included in the submission. Currently, the department is updating 
its single database for its inventory of business systems, as we had 
recommended,[Footnote 23] which is scheduled to be completed by 
September 30, 2006. Finally, DOD officials stated that the fiscal year 
2007 IT budget submission will be derived from a separate DOD 
authoritative IT budget database. 

There may be additional areas of uncertainty regarding the completeness 
of DOD's IT budget submission. One source of uncertainty is 
inconsistencies in the way that DOD classifies systems: as business 
systems or as national security systems.[Footnote 24] For example, as 
we previously reported,[Footnote 25] DOD reclassified 56 systems in its 
fiscal year 2005 budget request from business systems to national 
security systems, resulting in a decrease of approximately $6 billion 
in the fiscal year 2005 budget request for business systems and related 
infrastructure. Similarly, in the fiscal year 2006 submission, 13 
systems previously classified as business systems were reclassified as 
national security systems, and 10 systems previously classified as 
national security systems were reclassified as business systems. We 
understand that DOD is currently reviewing its reclassifications. 

Our preliminary work also indicates that DOD may not have ensured that 
budget requests for all business systems identify the type of funding-
-by appropriation--being requested and whether the funding was for 
current services or modernization. In the fiscal year 2006 budget 
submission, systems identified are categorized by the type of funding 
(appropriation) being requested and whether the funding is for current 
services or modernization; however, not all systems may be 
identifiable. In particular, it is not clear what is covered by one 
funding type or category referred to as "All Other." For fiscal year 
2006, this category totaled about $1.2 billion and included, for 
example, about $22.6 million specifically for financial management. 
According to DOD officials,[Footnote 26] this category in the IT budget 
includes system projects that do not have to be identified by name 
because they fall below the $2 million reporting threshold for 
budgetary purposes. 

Finally, our preliminary work indicates that DOD's fiscal year 2006 IT 
budget submission identifies the designated approval authority for most 
systems, but not all. In particular, the approval authorities for 57 
systems in the submission were not apparent. For example, the Navy's C2 
On-the-Move Network Digital Over-the-Horizon Relay system and the 
Defense Commissary Agency's Enterprise Business System have a 
designated approval authority of "Other." 

Full compliance with the act's conditions relative to budgetary 
disclosure is an important enabler of informed budgetary decision 
making and oversight. Without such disclosure, whether incorrect system 
classification, or mere oversights, the department's efforts to improve 
its control and accountability over its business systems investments 
are hindered, and the department and the Congress are constrained in 
their ability to effectively monitor and oversee the billions of 
dollars spent annually to maintain, operate, and modernize DOD's 
business systems. 

Investment Review and Approval Requirements: 

The fiscal year 2005 defense authorization act specifies actions that 
the department is to take regarding the review and approval of 
investments in business systems. Generally, the act sets up three 
requirements for the department: 

* Delegate the authority and accountability for defense business 
systems to designated approval authorities within the Office of the 
Secretary of Defense. 

* By March 15, 2005, require each approval authority to establish an 
investment review process to review the planning, design, acquisition, 
development, deployment, operation, maintenance, modernization, and 
project cost benefits and risks of all defense business systems for 
which the approval authority is responsible. 

* Effective October 1, 2005, obligate funds for a defense business 
system modernization project with total cost exceeding $1 million after 
the approval authority designated for that system certifies to the 
Defense Business Systems Management Committee (DBMSC) that the system 
project meets specific conditions that are called for in the act, and 
the certification by the approval authority is approved by the DBSMC. 

On the basis of our preliminary work, it appears that DOD has satisfied 
some aspects of these conditions, and is potentially in the process of 
satisfying other aspects. First, on March 19, 2005, the Acting Deputy 
Secretary of Defense issued a memorandum that delegated the authority 
for the review, approval, and oversight of planning, design, 
acquisition, deployment, operation, maintenance, and modernization of 
the department's business systems. Designation of these approval 
authorities is consistent with the act. Further, our research and 
evaluations, as reflected in the guidance that we have issued, shows 
that clear assignment of senior executive investment management 
responsibilities and accountabilities are key aspects of having an 
effective institutional approach to IT investment management. 

Second, DOD has established investment review structures and processes, 
including a hierarchy of investment review boards with representation 
from across the department, as well as a standard set of investment 
review and decision-making criteria for these boards to use to ensure 
compliance and consistency with the business enterprise architecture. 
Further, the DBSMC was chartered in February 2005 as the highest 
ranking system modernization governance body, as required by the 
act.[Footnote 27] Further, DOD has designated the chair and membership 
of the boards consistent with the act, and all but one of designated 
approval authorities have established investment review boards for 
their areas of responsibility, which the act requires each to do. The 
one approval authority that does not appear to have established a 
review process is the Assistant Secretary of Defense (Networks and 
Information Integration)/Chief Information Officer. 

To support its investment review structures, DOD has also established 
investment review processes that include, among other things, the use 
of business enterprise architecture compliance procedures, common 
decision criteria, threshold criteria to ensure appropriate levels of 
review and accountability. Notwithstanding these investment review 
structures and processes, it remains uncertain to what extent DOD 
components have established similar investment review bodies and will 
adopt common investment review and decision-making processes. DOD 
components are expected to establish their own structures and 
processes. Under the department's concept of "tiered accountability," 
significant responsibility and accountability for business system 
investments is to reside with the military services and defense 
agencies. The extent to which the components establish and consistently 
implement common investment management structures and processes is 
important, because doing so is a best practice. Without such structures 
and processes, investment decisions could potentially perpetuate the 
existence of overly complex, error-prone, nonintegrated system 
environments and limit introduction of corporate solutions to long- 
standing business problems. 

Finally, our preliminary work indicates that the department is in the 
process of ensuring that defense business system 
modernizations[Footnote 28] costing greater than $1 million are 
certified and approved in accordance with the act. Specifically, the 
department has identified 210 systems with costs greater than $1 
million, thus requiring certification and approval. Of these 210, DOD 
reports that 166 were certified and approved in accordance with the act 
before September 30, 2005. This means that 44 were not, and according 
to the act, the department cannot make further obligations for any of 
these other than with funding left over from previous fiscal years, 
until they are certified and approved. 

One potential issue with regard to the department's system 
certification and approval efforts to date is whether it has identified 
all business system modernizations with costs greater than $1 million. 
Doing this requires, among other things, proper classification of 
systems as national security systems or as business systems. If a 
business system is improperly classified, it may not be reviewed, 
certified, and approved in accordance with the act. As stated earlier, 
questions persist regarding whether the department has properly 
classified all business systems as such. 

Another potential issue is whether DOD has followed the act's criteria 
for DBSMC review and approval in all of the aforementioned 166 systems. 
Specifically, it appears that the DBSMC approved the certification of 
at least six business systems in August 2005 that had been previously 
reviewed in accordance with earlier criteria;[Footnote 29] however, the 
current criteria under the act do not provide for the DBSMC to approve 
a certification based upon such previous certification. According to 
DOD officials, these six systems will go through the current review 
process no later than February 2006. In addition to these six, DOD 
officials told us that several other systems investments, which were 
certified and approved on the grounds that they were mission 
essential,[Footnote 30] will also be resubmitted for DBSMC approval. 

DOD's Business Transformation Agency Could Help Strengthen Systems 
Modernization Management and Oversight if it is Effectively 
Implemented: 

On October 7, 2005, DOD established the Business Transformation Agency 
(BTA) to advance defense-wide business transformation efforts in 
general but particularly with regard to business systems modernization. 
BTA reports directly to the vice chair of the DBMSC.[Footnote 31] Among 
other things, BTA includes an acquisition executive who is to be 
responsible for 28 DOD-wide business projects, programs, systems, and 
initiatives. In addition, the BTA is to be responsible for integrating 
and supporting the work of the Office of the Secretary of Defense (OSD) 
principal staff assistants, who include the approval authorities that 
chair the business system investment review boards. 

In our view, BTA offers potential benefits relative to the department's 
business systems modernization efforts, if the agency can be properly 
organized, resourced, and empowered to effectively execute its roles 
and responsibilities, and if it is held accountable for doing so. In 
this regard, the agency faces a number of challenges as described 
below. 

According to DOD, this agency is expected to have a functioning 
acquisition organization by November 21, 2005. While such a timeline is 
daunting in and of itself, it is particularly challenging given that 
DOD is estimating up to 12 months to establish a permanent director. 
Moreover, there are numerous key acquisition functions that would need 
to established and made operational to effectively assume 28 DOD-wide 
projects, programs, systems, and initiatives, and our experience across 
the government shows that these functions can take considerable time to 
establish. 

Among other things, the agency is to be responsible for ensuring 
consistency and continuity across the department's core business 
missions with respect to, for example, business process re-engineering 
and related business system matters. While the agency should be able to 
accomplish this relative to the DOD-wide efforts that it can control, 
it does not appear to have the requisite authority to carry out this 
responsibility relative to DOD component system investments, which it 
does not have investment control over. At best, the agency will be able 
to support the DBMSC in its efforts to ensure such consistency and 
continuity. 

As currently structured, the agency does not include support to an OSD 
principal staff assistant and approval authority--the Assistant 
Secretary of Defense for Networks Integration and Infrastructure, who 
is responsible for DOD information technology infrastructure, such as 
wide-area networks, local-area networks, telecommunications, and 
security services. In addition, the agency's relationship to the 
Defense Information Systems Agency, which is also responsible for 
certain DOD-wide system capabilities and services, is not specified. As 
the department moves forward with implementing this new agency, it will 
important for it to address these issues. 

Effective DOD Business Transformation Will Require Broader Focus than 
Recently Launched Business Systems Modernization Management Structures 
and Activities: 

For DOD to successfully transform its overall business operations, it 
will need senior level management accountability, a comprehensive and 
integrated business transformation plan that covers all of its key 
business functions; people with needed skills, knowledge, experience, 
responsibility, and authority to implement the plan; an effective 
process and related tools; and results-oriented performance measures 
that link institutional, unit, and individual performance goals and 
expectations to promote accountability for results. Over the last 3 
years, GAO has made several recommendations that if implemented 
successfully could help DOD move forward in establishing the means to 
successfully address the challenges it faces in transforming its 
business operations. For example, as the Comptroller General testified 
before this subcommittee earlier this year, DOD needs a full-time CMO 
position, created through legislation, with responsibility and 
authority for DOD's overall business transformation efforts.[Footnote 
32] The CMO must be a person with significant authority and experience 
who would report directly to the Secretary of Defense. Given the nature 
and complexity of the overall business transformation effort, and the 
need for sustained attention over a significant period of time, this 
position should be a term appointment and the person should be subject 
to a performance contract. 

The Secretary of Defense, Acting Deputy Secretary of Defense, and other 
senior leaders have clearly shown commitment to business transformation 
and addressing deficiencies in the Department's business operations. As 
I discussed earlier, DOD has taken several actions, including setting 
up the DBSMC, publishing a business enterprise transition plan and most 
recently, establishing the Business Transformation Agency. Moreover, 
DOD is examining various aspects of its business operations as part of 
the ongoing Quadrennial Defense Review. While these management 
structures and plan are positive steps, their primary focus, at this 
point, appears to be on business systems modernization. Clearly, 
maintaining effective and modern business systems is a key enabler to 
transformation. However, business transformation is much broader and 
encompasses not only the supporting systems, but also the planning, 
management, organizational structures, and processes related to all 
DOD's major business areas. Such areas include support infrastructure 
management, human capital management, financial management, weapon 
systems acquisition, contract management, planning and budgeting, and 
supply chain management. Recognizing that DOD is continuing to evolve 
its efforts to plan and organize itself to achieve business 
transformation, critical to the success of these efforts will be 
management attention and structures that focus on transformation from a 
broad perspective and a clear strategic and integrated plan that, at a 
summary level, addresses all of the department's major business areas. 
This strategic plan should contain results-oriented performance 
measures that link institutional, unit, and individual goals, measures 
and expectations, and would be instrumental in establishing investment 
priorities and guiding the department's resource decisions. 

Finally, the lynchpin to ensure successful business transformation is 
the presence of strong and sustained executive leadership with 
appropriate responsibility, authority, and accountability. The central 
authority we had envisioned to allow for strong and sustained executive 
leadership over DOD's business management reform efforts is a full- 
time, executive-level II position for a CMO, who would serve as the 
Deputy Secretary of Defense for Management. This position would divide 
and institutionalize the functions of the Deputy Secretary of Defense 
by creating a separate Deputy Secretary of Defense for Management. As 
we envision it, the CMO would feature a term of office that spans 
administrations, which would serve to underscore the importance of 
taking a professional, nonpartisan, institutional, and sustainable 
approach to the overall business transformation effort. As I understand 
it, DOD's position is that the Acting Deputy Secretary of Defense, who 
also serves as the chair of the DBSMC, has the requisite position, 
authority, and purview to perform the functions of a CMO. Under the 
Acting Deputy's leadership, DOD expects to be able to demonstrate 
progress towards achieving business reform. Comptroller General Walker 
continues to believe a CMO is necessary to provide the sustained 
leadership needed to achieve true business transformation. In light of 
DOD's position, we would encourage the Subcommittee to require DOD to 
periodically report on its efforts, including describing the specific 
goals and measures against which it is measuring its progress in 
achieving business reform. 

In closing, the department as made important progress in the last 6 
months in establishing the kind of business systems modernization 
management capabilities that our research and evaluations show are 
essential to a successful modernization program--namely, an 
architecture, a transition plan, and system investment decision-making 
structures and processes. But more needs to be done to complete each of 
these areas, and most importantly, to ensure that they are reflected in 
how each and every business system investment is managed. While the new 
business transformation agency can help get this done, much remains to 
be accomplished before this agency is functioning as intended. Beyond 
systems modernization, overall business transformation remains a major 
challenge. The creation of a CMO position, and the development of a 
strategic transformation plan to integrate and guide the department's 
people, process, and technology change initiatives, would go a long way 
in helping the department meet this challenge. 

Mr. Chairman and Members of the Subcommittee, this concludes my 
prepared statement. I would be happy to answer any questions you may 
have at this time. 

FOOTNOTES 

[1] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C. 
January 2005). 

[2] S.780, 109TH Cong., 1st Sess. introduced in the U.S. Senate on 
April 15, 2005, would create a statutory Chief Management Officer. 

[3] The E-Government Act of 2002, Pub. L. No. 107-347, § 101(a), 116 
Stat. 2899, 2903-05, (Dec. 17, 2002), Sec 44 U.S.C. § 3602 (e), (f). 

[4] See, for example, GAO, Homeland Security: Efforts Under Way to 
Develop Enterprise Architecture, but Much Work Remains, GAO-04-777 
(Washington, D.C. Aug. 6, 2004); DOD Business Systems Modernization: 
Limited Progress in Development of Business Enterprise Architecture and 
Oversight of Information Technology Investments, GAO-04-731R 
(Washington, D.C. May 17, 2004); and Information Technology: 
Architecture Needed to Guide NASA's Financial Management Modernization, 
GAO-04-43 (Washington, D.C. Nov. 21, 2003). 

[5] The Clinger-Cohen Act of 1996, 40 U.S.C. sections 11101-11704. This 
act expanded the responsibilities of OMB and the agencies that had been 
set under the Paperwork Reduction Act, which requires that agencies 
engage in capital planning and performance and results-based 
management. 44 U.S.C. § 3504(a)(1)(B)(vi) (OMB); 44 U.S.C. § 3506(h)(5) 
(agencies) 

[6] We have made recommendations to improve OMB's process for 
monitoring high-risk IT investments; see GAO, Information Technology: 
OMB Can Make More Effective Use of Its Investment Reviews, GAO-05-276 
(Washington, D.C. Apr. 15, 2005). 

[7] This policy is set forth and guidance is provided in OMB Circular 
No. A-11 (section 300) and in OMB's Capital Programming Guide, which 
directs agencies to develop, implement, and use a capital programming 
process to build their capital asset portfolios. 

[8] GAO, Information Technology Investment Management: A Framework for 
Assessing and Improving Process Maturity, GAO-04-394G (Washington, D.C. 
March 2004). 

[9] GAO, Information Technology: Architecture Needed to Guide 
Modernization of DOD's Financial Operations, GAO-01-525 (Washington, 
D.C. May 17, 2001);DOD Business Systems Modernization: Improvements to 
Enterprise Architecture Development and Implementation Efforts Needed, 
GAO-03-458 (Washington, D.C. Feb. 28, 2003); Information Technology: 
Observations on Department of Defense's Draft Enterprise Architecture, 
GAO-03-571R (Washington, D.C. Mar. 28, 2003); Business Systems 
Modernization: Summary of GAO's Assessment of the Department of 
Defense's Initial Business Enterprise Architecture, GAO-03-877R 
(Washington, D.C. July 7, 2003); DOD Business Systems Modernization: 
Important Progress Made to Develop Business Enterprise Architecture, 
but Much Work Remains, GAO-03-1018 (Washington, D.C. Sept. 19, 2003); 
DOD Business Systems Modernization: Limited Progress in Development of 
Business Enterprise Architecture and Oversight of Information 
Technology Investments, GAO-04-731R (Washington, D.C. May 17, 2004). 

[10] GAO, DOD Business Systems Modernization: Billions Being Invested 
without Adequate Oversight, GAO-05-381 (Washington, D.C. Apr. 29, 
2005); DOD Business Systems Modernization: Long-standing Weaknesses in 
Enterprise Architecture Development Need to Be Addressed, GAO-05-702 
(Washington, D.C. July 22, 2005). 

[11] Bob Stump National Defense Authorization Act for Fiscal Year 2003, 
Pub. L. No. 107-314, § 1004, 116 Stat. 2458, 2629-2631 (Dec. 2, 2002). 

[12] See GAO, Defense Management: Key Elements Needed to Successfully 
Transform DOD Business Operations, GAO-05-629T (Washington, D.C. Apr. 
28, 2005). 

[13] Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005, Pub. L. No. 108-375, § 332, 118 Stat. 1811, 1851-1856 (Oct. 
28, 2004) (codified in part at 10 U.S.C. § 2222). 

[14] Approval authorities include the Under Secretary of Defense for 
Acquisition, Technology, and Logistics; the Under Secretary of Defense 
(Comptroller); the Under Secretary of Defense for Personnel and 
Readiness; and the Assistant Secretary of Defense for Networks and 
Information Integration/Chief Information Officer of the Department of 
Defense. These approval authorities are responsible for the review, 
approval, and oversight of business systems and must establish 
investment review processes for systems under their cognizance. 

[15] Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005, Pub. L. No. 108-375, § 332, 118 Stat. 1811, 1851-1856 (Oct. 
28, 2004) (codified in part at 10 U.S.C. § 2222). 

[16] The Department of Defense Architecture Framework recommends that 
the architecture include 23 of the 26 possible architecture products to 
meet the department's stated intention to use the architecture as the 
basis for departmentwide business and systems modernization. 

[17] DOD, Department of Defense Architecture Framework, Version 1.0, 
Volume 1 (August 2003) and Volume 2 (February 2004). 

[18] JFMIP was a joint and cooperative undertaking of the Department of 
the Treasury, GAO, the Office of Management and Budget (OMB), and the 
Office of Personnel Management (OPM), working in cooperation with each 
other and other federal agencies to improve financial management 
practices in the federal government. Leadership and program guidance 
were provided by the four Principals of JFMIP--the Secretary of the 
Treasury, the Comptroller General of the United States, and the 
Directors of OMB and OPM. Although JFMIP ceased to exist as a stand- 
alone organization as of December 1, 2004, the JFMIP Principals will 
continue to meet at their discretion. 

[19] The United States Standard General Ledger provides a uniform Chart 
of Accounts and technical guidance to be used in standardizing federal 
agency accounting. 

[20] DOD components include the military services, defense agencies, 
and field activities. 

[21] DOD, Expeditionary Combat Support System Sources Sought Synopsis 
(May 10, 2004). 

[22] For example, for DOD's military personnel and pay system, the 
Defense Integrated Military Human Resources System (DIMHRS), the plan 
cites a goal of reducing manual workarounds for military pay by 9 
percent. 

[23] GAO, DOD Business Systems Modernization: Billions Continue to Be 
Invested with Inadequate Management Oversight and Accountability, GAO- 
04-615 (Washington, D.C. May 27, 2004). 

[24] National security systems are intelligence systems, cryptologic 
activities related to national security, military command and control 
systems, and equipment that is an integral part of a weapon or weapons 
system or is critical to the direct fulfillment of military or 
intelligence missions. 

[25] GAO-05-381. 

[26] GAO-04-615. 

[27] See 10 U.S.C. § 186. 

[28] The term 'defense business system modernization' is defined in 10 
U.S.C. § 2222(j) (3) as "(A) the acquisition or development of a new 
defense business system; or (B) any significant modification or 
enhancement of an existing defense business system (other than 
necessary to maintain current services)." 

[29] The six systems were reviewed under the criteria set forth in the 
fiscal year 2003 defense authorization act. 

[30] See 10 U.S.C. § 2222 (a)(1)(C). 

[31] The vice chair of the DBSMC is the Under Secretary of Defense for 
Acquisition, Technology and Logistics. 

[32] S.780, 109TH Cong., 1st Sess. introduced in the U.S. Senate on 
April 15, 2005, would create a statutory Chief Management Officer.