This is the accessible text file for GAO report number GAO-06-658 
entitled 'Business Systems Modernization: DOD Continues to Improve 
Institutional Approach, but Further Steps Needed' which was released on 
May 15, 2006.

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office:

GAO:

Report to Congressional Committees:

May 2006:

Business Systems Modernization:

DOD Continues to Improve Institutional Approach, but Further Steps 
Needed:

GAO-06-658:

GAO Highlights: 

Highlights of GAO-06-658, a report to congressional committees.

Why GAO Did This Study: 

For decades, the Department of Defense (DOD) has not been successful in 
repeated attempts to modernize its business systems and operations. To 
assist DOD, Congress included provisions in the Fiscal Year 2005 Ronald 
W. Reagan National Defense Authorization Act that were consistent with 
GAO’s recommendations for developing a business enterprise architecture 
and associated enterprise transition plan and establishing and 
implementing effective information technology (IT) business system 
investment management structures and processes. The Act further 
requires that the Secretary of Defense submit an annual report to 
congressional defense committees on its compliance with certain 
requirements of the Act not later than March 15 of each year from 2005 
through 2009. In response to the Act’s mandate, GAO assessed the 
actions by DOD to comply with the requirements of the Act and 
determined the extent to which DOD has addressed GAO’s prior 
recommendations. 
 
What GAO Found: 

As part of DOD’s incremental strategy for developing and implementing 
its architecture, transition plan, and accountability framework for 
managing business systems, the department has taken steps over the last 
6 months to address a number of the areas that GAO previously reported 
as falling short of the Act’s requirements. However, additional steps 
are needed to fully comply with the Act and relevant guidance. For 
example: 

* The architecture identifies an enterprisewide data standard to 
support financial management and reporting functions. However, the data 
elements—such as those associated with the planning, programming, and 
budgeting business process—are not yet part of the architecture. 

* The enterprise transition plan now includes an initiative aimed at 
identifying capability gaps between the “As Is” and “To Be” 
architectural environments, and DOD continues to validate the inventory 
of ongoing IT investments that formed the basis for the prior version 
of the transition plan. However, the plan does not include, among other 
things, a complete listing of the legacy systems that will not be part 
of the target architecture, and it does not include system investment 
information for all of the department’s agencies and combatant 
commands. 

* The department’s fiscal year 2007 IT budget submission was prepared 
using a system that was reconciled with DOD’s single authoritative 
system inventory. This should improve the reliability of the budget 
submission.  

* The IT investment management structures and processes that DOD 
previously defined are being refined and implemented across the 
department. However, the investment review board that is to focus on IT 
infrastructure and information assurance investments has still not been 
established. 
 
DOD has also taken steps to address 29 prior GAO recommendations to 
strengthen the management of its business systems modernization through 
the adoption of enterprise architecture and investment management best 
practices. As a result of DOD’s actions, 16 of the recommendations have 
now been implemented and 13 are in the process of being implemented. 

Notwithstanding DOD’s incremental strategy for improving its 
institutional approach to business systems modernization and complying 
with the Act, the department has yet to create or establish milestones 
for developing an enterprise architecture program management plan that 
defines, among other things, what the increments of improvement are, 
and how and when they will be accomplished, with particular emphasis 
and clarity around the near-term increments. It is important for the 
department to develop this plan as soon as possible because without it, 
the department is less likely to accomplish intended improvements and 
the Congress does not have the means to measure progress and hold the 
department accountable for doing so.

What GAO Recommends: 

GAO is recommending that the department submit its enterprise 
architecture program management plan to defense congressional 
committees. DOD commented that GAO’s findings are fair, and it 
expressed general agreement with GAO’s recommendations. 

[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-658].

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Randolph C. Hite at (202) 
512-3439 or hiter@gao.gov. 

[End of section]

Contents:

Letter:

Results in Brief:

Background:

DOD Is Taking Steps to Address Act's Requirements and Improve Approach 
to Modernizing Business Systems:

DOD Is Implementing Our Prior Recommendations:

Conclusions:

Recommendations for Executive Action:

Agency Comments and Our Evaluation:

Appendix I: Objectives, Scope, and Methodology:

Appendix II: Prior Recommendations on DOD's Business Enterprise 
Architecture and Investment Management:

Appendix III: Comments from the Department of Defense:

Appendix IV: Summary of Several Architecture Frameworks:

Appendix V: GAO Contact and Staff Acknowledgments:

Tables:

Table 1: Roles and Responsibilities of Governance Entities:

Table 2: Business Transformation Agency Divisions:

Table 3: Core Business Missions and Associated Principal Staff 
Assistants:

Table 4: Business Enterprise Priorities:

Figures:

Figure 1: Business Transformation Agency Organization:

Figure 2: Interdependent DODAF Views of an Architecture:

Abbreviations:

ASD(NII)/CIO: Assistant Secretary of Defense (Networks and Information 
Integration)/Chief Information Officer: 
BEA: Business Enterprise Architecture: 
BTA: Business Transformation Agency: 
CA: Certification Authority: 
CIO: Chief Information Officer: 
DBSMC: Defense Business Systems Management Committee: 
DITPR: DOD Information Technology Portfolio Repository: 
DOD: Department of Defense: 
DODAF: Department of Defense Architecture Framework: 
ETP: Enterprise Transition Plan: 
FEA: Federal Enterprise Architecture: 
FEAF: Federal Enterprise Architecture Framework: 
FCP: Forward Compatible Payroll: 
IRB: Investment Review Board: 
IT: information technology: 
NCES: Net-Centric Enterprise Services: 
NSS: National Security Systems: 
OMB: Office of Management and Budget: 
SFIS: Standard Financial Information Structure: 
SNAP-IT: Select and Native Programming Data System- Information 
Technology:

United States Government Accountability Office:
Washington, DC 20548:

May 15, 2006:

Congressional Committees:

For decades, the Department of Defense (DOD) has not been successful in 
repeated attempts to modernize its timeworn business systems[Footnote 
1] and operations. In 1995, we first designated DOD's business systems 
modernization as "high risk," and we continue to designate it as such 
today.[Footnote 2] As our research on successful public and private 
sector organizations has shown, attempting a large-scale systems 
modernization program in a large organization such as DOD without, 
among other things, a well-defined enterprise architecture[Footnote 3] 
and the associated investment management controls for implementing it 
often results in systems that are duplicative, stovepiped, non- 
integrated, and unnecessarily costly to manage, maintain, and operate.

In May 2001, we made recommendations to the Secretary of Defense that 
provided the means for effectively developing and implementing an 
enterprise architecture and limiting systems investments until the 
department had a well-defined architecture and a corporate approach to 
investment control and decision making.[Footnote 4] In July 2001, the 
department initiated a business management modernization program to, 
among other things, develop a business enterprise architecture and 
establish the investment controls needed to effectively implement it. 
This effort was begun as part of the Secretary of Defense's broad 
initiative to "transform the way the department works and what it works 
on."

Between 2001 and 2005, we reported that the department's business 
management modernization program was not being effectively managed, 
concluding in 2005 that hundreds of millions of dollars had been spent 
on an architecture and investment management structures that had 
limited use.[Footnote 5]

To assist DOD in addressing these modernization management challenges, 
Congress included provisions in the Ronald W. Reagan National Defense 
Authorization Act for Fiscal Year 2005 (the Act)[Footnote 6] that were 
consistent with our recommendations for developing a business 
enterprise architecture and associated enterprise transition plan, and 
establishing and implementing effective information technology (IT) 
business system investment management structures and processes. More 
specifically, the Act required the department to, among other things, 
(1) develop a business enterprise architecture, (2) develop a 
transition plan to implement the architecture, (3) include systems 
information in its annual budget submission, (4) establish a system 
investment approval and accountability structure, (5) establish an 
investment review process, and (6) approve and certify system 
modernizations costing in excess of $1 million. The Act further 
requires that the Secretary of Defense submit an annual report to 
congressional defense committees on its compliance with certain 
requirements of the Act not later than March 15 of each year from 2005 
through 2009. Additionally, the Act directs us to submit to 
congressional defense committees--within 60 days of DOD's report 
submission--an assessment of DOD's actions taken to comply with these 
requirements.

As agreed with your offices, the objectives of our review were to (1) 
assess the actions by DOD to comply with the requirements of Section 
2222 of Title 10, U.S. Code and (2) determine the extent to which DOD 
has addressed our prior recommendations. To accomplish this, we used 
our November 2005 report[Footnote 7] as a baseline of comparison, 
focusing on the steps the department has taken to address the areas of 
noncompliance that we cited in that report.

We performed our work from January through May 2006 in accordance with 
generally accepted government auditing standards. Details on our 
objectives, scope, and methodology are contained in appendix I.

Results in Brief:

As part of DOD's incremental strategy for developing and implementing 
its architecture, transition plan, and tiered accountability framework 
for managing business systems, the department has taken steps over the 
last 6 months to further comply with the Act and otherwise improve its 
overall approach to business systems modernization. On March 15, 2006, 
DOD released a minor update to its business enterprise architecture 
(version 3.1), developed an updated enterprise transition plan, and 
issued its annual report to Congress describing steps taken to address 
the Act's requirements, among other things. The updated architecture 
and transition plan, as well as the report and related documentation, 
reflect steps taken to address a number of the areas that we previously 
reported as falling short of the Act's requirements and related 
guidance. However, additional steps are needed to fully comply with the 
Act and relevant guidance. The following illustrate steps taken thus 
far to improve management of the department's business systems 
modernization effort and where further improvement is needed.

* The latest version of the architecture continues to specify DOD's 
Standard Financial Information Structure (SFIS) as an enterprisewide 
data standard for categorizing financial information to support 
financial management and reporting functions. In addition, the 
architecture now adds greater definition on standard processes, rules, 
and data for intra-governmental ordering and billing. However, certain 
SFIS data elements, such as those relating to the planning, 
programming, and budgeting business process area, have yet to be 
defined. According to DOD, these data elements will be in the next 
version of the architecture. The latest version of the architecture 
also does not yet include a systems standards profile to facilitate 
data sharing among departmentwide business systems and promote 
interoperability with departmentwide IT infrastructure systems. 
Further, military services and defense agencies architectures have yet 
to be aligned with the departmental architecture. Once such missing 
scope and content is added, the architecture will be a more sufficient 
frame of reference to optimally guide and constrain DOD-wide system 
investment decision making.

* The enterprise transition plan now includes an initiative aimed at 
identifying capability gaps between the "As Is" and "To Be" 
architectural environments, and DOD continues to validate the inventory 
of ongoing IT investments that formed the basis for the prior version 
of the transition plan. Further, the plan provides information on 
progress on major investments over the last 6 months--including key 
accomplishments and milestones attained, and more information about the 
termination of legacy systems. However, it still does not identify, for 
example, all legacy systems that will not be part of the target 
architecture, and it does not include system investment information for 
all of the department's agencies and combatant commands. Once missing 
content is added and all planned investments are validated by 
capability gap analyses, the department will be better positioned to 
sequentially manage the migration and disposition of existing business 
processes and systems--and the introduction of new ones.

* The fiscal year 2007 IT budget submission was prepared using a system 
that has been reconciled with DOD's single authoritative system 
inventory. This should improve the completeness and reliability of the 
budget submission.

* The IT investment management structures and processes that DOD 
previously defined are being refined and implemented across the 
department. For example, DOD reports that 226 business systems, which 
represent about $3.6 billion in modernization funding, were approved by 
the Defense Business Systems Management Committee (DBSMC). Further, it 
reports that over 290 business systems have been identified for phase- 
out/elimination. The extent to which these structures and processes 
will be applied to the department's approximately 3,700 business 
systems is still evolving. Further, an investment review board required 
by the Act and DOD policy for IT infrastructure and information 
assurance investments has yet to be established.

The Act's requirements concerning the architecture, transition plan, 
budgetary disclosure, and investment management structures and 
processes are consistent with our prior recommendations. In taking 
steps to further comply with the Act, DOD has either implemented--or is 
in the process of implementing--these 29 prior recommendations. More 
specifically, the department has fully implemented 16 of the 
recommendations and is in the process of implementing the remaining 13. 
For example, the department has implemented our recommendation to issue 
a policy governing the development, implementation, and maintenance of 
an enterprise architecture. However, it has not implemented our 
recommendation to develop a plan governing the development, 
maintenance, and implementation of the enterprise architecture. Such a 
plan would, at a minimum, define what the incremental improvements will 
be, and how and when they will be accomplished. The plan would also 
include what (and when) architecture and transition plan scope and 
content--and architecture compliance criteria--will be added, with 
particular emphasis and clarity around the near-term increments. It is 
important for the department to develop this plan as soon as possible 
because without it, the department is less likely to accomplish 
intended improvements--and Congress will not have the means to measure 
progress and hold the department accountable. According to DOD 
officials, the department is committed to addressing our 
recommendations but has yet to provide any time frames.

To further assist the department in strengthening its business systems 
modernization efforts, to facilitate congressional oversight, and 
promote departmental accountability, we are recommending that the 
department submit its enterprise architecture program management plan 
to defense congressional committees.

In its written comments on a draft of this report, signed by the Deputy 
Under Secretary of Defense (Business Transformation) and reprinted in 
appendix III, the department stated that our findings are a fair 
representation of DOD's efforts to date, and while it does not agree 
with all of our points, it recognizes that even in areas of 
disagreement there is opportunity for dialog and learning. In this 
regard, the department provided additional comments in two areas.

First, DOD recognized the importance of addressing our recommendations, 
and stated that it is important that we make our recommendations 
sufficiently specific to permit reasonable implementation and that we 
provide prompt feedback on whether DOD's implementation actions are in 
line with the recommendations. We agree and will continue to work 
proactively and constructively with the department to facilitate their 
implementation.

Second, DOD stated that it partially agreed with the recommendation in 
the draft report, characterizing it as developing a departmentwide 
enterprise architecture program management plan to gain control of the 
department's IT environment. According to DOD, such a plan would far 
exceed the current scope of business systems modernization, and thus 
addressing it would require more time than our recommendation allowed. 
We agree that the business enterprise architecture should be 
departmentwide in scope and should allow the department to gain control 
of its business IT environment. However, the recommendation in our 
draft report was only aimed at developing an incremental plan that 
would show what missing scope and content would be added in each 
incremental version of the architecture and transition plan to 
eventually have an architecture and transition plan that addressed the 
full scope of the department's business IT environment and permitted 
such control to be gained. It was not intended to be interpreted as 
actually having this scope and content added to the transition plan in 
the time frame specified. To further ensure that our recommendation is 
properly interpreted and implemented, and to address DOD's concern 
about the time frame that we cited, we have slightly modified the 
recommendation.

Background:

DOD is a massive and complex organization. In fiscal year 2005, the 
department reported that its operations involved $1.3 trillion in 
assets and $1.9 trillion in liabilities; more than 2.9 million military 
and civilian personnel; and $635 billion in net cost of operations. For 
fiscal year 2006, the department received appropriations of about $403 
billion.[Footnote 8] The department comprises a wide range of 
organizations, including the military services and their respective 
major commands and functional activities; numerous defense agencies and 
field activities; and various combatant and joint operational commands, 
which are responsible for military operations for specific geographic 
regions or theaters of operations.

In support of its military operations, the department performs an 
assortment of interrelated and interdependent business functions, 
including logistics management, procurement, health care management, 
and financial management. DOD recently reported that, in order to 
support these business functions, it relies on 3,717 business systems. 
For fiscal year 2006, DOD received approximately $15.5 billion--and for 
fiscal year 2007, DOD has requested approximately $16 billion--in 
appropriated funds to operate, maintain, and modernize its business 
systems. As we have previously reported,[Footnote 9] DOD's systems 
environment is overly complex and error prone, and is characterized by 
(1) little standardization across the department; (2) multiple systems 
performing the same tasks; (3) the same data stored in multiple 
systems; and (4) the need for manual data entry into multiple systems. 
In addition, our reports[Footnote 10] have continually shown that the 
department's nonintegrated and duplicative systems contribute to fraud, 
waste, and abuse. Of the 25 areas on our governmentwide high-risk list, 
8 are DOD program areas, and the department shares responsibility for 6 
other governmentwide high-risk areas.[Footnote 11] DOD's business 
systems modernization is one of the high-risk areas, and it is an 
essential enabler to addressing many of the department's other high- 
risk areas. For example, modernized business systems are integral to 
the department's efforts to address its financial, supply chain, and 
information security management high-risk areas.

Enterprise Architecture and Information Technology Investment 
Management Are Critical to Achieving Successful Systems Modernization:

Effective use of an enterprise architecture, or a modernization 
blueprint, is a hallmark of successful public and private 
organizations. For more than a decade, we have promoted the use of 
architectures to guide and constrain systems modernization, recognizing 
them as a crucial means to this challenging goal: agency operational 
structures that are optimally defined in both the business and 
technological environments. Congress, the Office of Management and 
Budget (OMB), and the federal Chief Information Officer (CIO) Council 
have also recognized the importance of an architecture-centric approach 
to modernization. We, OMB, and the CIO Council have issued enterprise 
architecture guidance.[Footnote 12] The Clinger-Cohen Act of 
1996[Footnote 13] mandates that an agency's CIO develop, maintain, and 
facilitate the implementation of an IT architecture. Further, the E- 
Government Act of 2002[Footnote 14] requires OMB to oversee the 
development of enterprise architectures within and across agencies. In 
addition, we and OMB have issued guidance that emphasizes the need for 
system investments to be consistent with these architectures.[Footnote 
15]

A corporate approach to IT investment management is also characteristic 
of successful public and private organizations. Recognizing this, 
Congress developed and enacted the Clinger-Cohen Act of 1996,[Footnote 
16] which requires OMB to establish processes to analyze, track, and 
evaluate the risks and results of major capital investments in 
information systems made by executive agencies.[Footnote 17] In 
response to the Clinger-Cohen Act and other statutes, OMB has developed 
policy and issued guidance for planning, budgeting, acquisition, and 
management of federal capital assets.[Footnote 18] We have also issued 
guidance in this area,[Footnote 19] which defines institutional 
structures such as IRBs and associated processes, such as common 
investment criteria.

Enterprise Architecture: A Brief Description:

An enterprise architecture provides a clear and comprehensive picture 
of an entity, whether it is an organization (e.g., a federal 
department) or a functional or mission area that cuts across more than 
one organization (e.g., financial management). This picture consists of 
snapshots of both the enterprise's current ("As Is") environment and 
its target ("To Be") environment. These snapshots consist of "views," 
which are one or more architecture products (e.g., models, diagrams, 
matrixes, and text) that provide logical or technical representations 
of the enterprise. The architecture also includes a transition or 
sequencing plan, which is based on an analysis of the gaps between the 
"As Is" and "To Be" environments; this plan provides a temporal roadmap 
for moving between the two environments, and incorporates such 
considerations as technology opportunities, marketplace trends, fiscal 
and budgetary constraints, institutional system development and 
acquisition capabilities, legacy and new system dependencies and life 
expectancies, and the projected value of competing investments.

The suite of products produced for a given entity's enterprise 
architecture, including its structure and content, is largely governed 
by the framework used to develop the architecture. Since the 1980s, 
various architecture frameworks have been developed. Appendix IV 
discusses these various frameworks.

The importance of developing, implementing, and maintaining an 
enterprise architecture is a basic tenet of both organizational 
transformation and systems modernization. Managed properly, an 
enterprise architecture can clarify and help optimize the 
interdependencies and relationships among an organization's business 
operations (and the underlying IT infrastructure and applications) that 
support these operations. To support effective architecture management 
in the federal government, we have issued architecture management 
guidance, as has the federal CIO Council and OMB.[Footnote 20] This 
guidance recognizes that when an enterprise architecture is employed in 
concert with other important management controls, such as portfolio- 
based capital planning and investment control practices, architectures 
can greatly increase the chances that an organization's operational and 
IT environments will be configured to optimize mission performance. Our 
experience with federal agencies has shown that investing in IT without 
defining these investments in the context of an architecture often 
results in systems that are duplicative, not well integrated, and 
unnecessarily costly to maintain and interface.[Footnote 21]

IT Investment Management: A Brief Description:

IT investment management is a process for linking IT investment 
decisions to an organization's strategic objectives and business plans. 
Generally, it includes structures (including decision-making bodies 
known as IRBs), processes for developing information on investments 
(such as costs and benefits), and practices to inform management 
decisions (such as whether a given investment is aligned with an 
enterprise architecture). The federal approach to IT investment 
management is based on establishing systematic processes for selecting, 
controlling, and evaluating investments that provides a systematic way 
for agencies to minimize risks while maximizing the returns of 
investments.[Footnote 22]

* During the selection phase, the organization (1) identifies and 
analyzes each project's risks and returns before committing significant 
funds to any project and (2) selects those IT projects that will best 
support its mission needs.

* During the control phase, the organization ensures that, as projects 
develop and investment expenditures continue, the project continues to 
meet mission needs at the expected levels of cost and risk. If the 
project is not meeting expectations or if problems arise, steps are 
quickly taken to address the deficiencies.

* During the evaluation phase, actual versus expected results are 
compared once a project has been fully implemented. This is done to (1) 
assess the project's impact on mission performance, (2) identify any 
changes or modifications to the project that may be needed, and (3) 
revise the investment management process based on lessons learned.

Consistent with our architecture management framework,[Footnote 23] our 
investment management framework[Footnote 24] recognizes the importance 
of an enterprise architecture as a critical frame of reference for 
organizations making IT investment decisions, stating that only 
investments that move the organization toward its target architecture-
-as defined by its sequencing plan--should be approved, unless a waiver 
is provided or a decision is made to modify the architecture. Moreover, 
this framework states that an organization's policies and procedures 
should describe the relationship between its architecture and its 
investment decision-making authority. Our experience has shown that 
mature and effective management of IT investments can vastly improve 
government performance and accountability, help to avoid wasteful IT 
spending, and leverage opportunities to improve delivery of services to 
the public.

DOD's Institutional Approach to Business Systems Modernization:

DOD's institutional approach to managing its business systems 
modernization efforts has changed several times since 2001. Most 
recently, in 2005, the department reassigned responsibility for 
providing executive leadership for the direction, oversight, and 
execution of its business transformation and systems modernization 
efforts to several entities. These entities include the DBSMC, which 
serves as the highest ranking governance body for business systems 
modernization activities; the Principal Staff Assistants, who serve as 
the certification authorities for business system modernizations in 
their respective core business missions; the IRBs, which form the 
review and decisionmaking bodies for business system investments in 
their respective areas of responsibility; and the Business 
Transformation Agency (BTA),[Footnote 25] which leads and coordinates 
business transformation efforts across the department. Table 1 lists 
these entities and their roles and responsibilities.

Table 1: Roles and Responsibilities of Governance Entities:

Entity: Defense Business Systems Management Committee; 
Roles and responsibilities: 
* Provides strategic direction and plans for the business mission area 
in coordination with the warfighting and enterprise information 
environment mission areas; 
* Serves as approving authority for business system modernization; 
* Approves business mission area transformation plans and coordinates 
transition planning in a documented program baseline with critical 
success factors, milestones, metrics, deliverables, and periodic 
program reviews; 
* Establishes key metrics and targets by which to track business 
transformation progress; 
* Establishes policies and approves the business mission area strategic 
plan, the transition plan for implementation for business systems 
modernization, the transformation program baseline, and the business 
enterprise architecture; 
* Executes a comprehensive communications strategy; 
Membership: Chaired by the Deputy Secretary of Defense; Vice Chair is 
the Under Secretary of Defense for Acquisition, Technology, and 
Logistics. Includes senior leadership in the Office of the Secretary of 
Defense, the military services' secretaries, and defense agencies' 
heads, such as the Assistant Secretary of Defense (Networks and 
Information Integration)/ Chief Information Officer (ASD(NII)/CIO), the 
Vice Chairman of the Joint Chiefs of Staff, and the Commanders of the 
U.S. Transportation Command and Joint Forces Command.

Entity: Principal Staff Assistants; 
Roles and responsibilities: 
* Support the DBSMC's management of enterprise business IT investments; 
* Serve as the certification authorities accountable for the obligation 
of funds for respective business system modernizations within 
designated core business missions.[A]; 
* Provide the DBSMC with recommendations for system investment 
approval; 
Membership: Officials who report directly to the Secretary or Deputy 
Secretary of Defense. These include the Under Secretaries of Defense; 
the Assistant Secretaries of Defense; the General Counsel of the 
Department of Defense; the Assistants to the Secretary of Defense; and 
the Directors of the Office of the Secretary of Defense.

Entity: Investment Review Boards; 
Roles and responsibilities: 
* Serve as the oversight and investment decision-making bodies for 
those business capabilities that support activities under their 
designated areas of responsibility; 
* Assess investments relative to their impact on end-to-end business 
process improvements supporting warfighter needs; 
* Certify that all business systems investments costing more than $1 
million are integrated and compliant with the business enterprise 
architecture; 
Membership: Includes the Deputy Secretary of Defense; the Under 
Secretary of Defense (Comptroller); Under Secretary of Defense for 
Acquisition, Technology, and Logistics; Assistant Secretary of Defense 
(Personnel and Readiness); ASD(NII)/CIO; military services; defense 
agencies; and combatant commands.

Entity: Business Transformation Agency[B]; 
Roles and responsibilities: 
* Serves as the day-to-day management entity of the business 
transformation effort at the DOD enterprise level; 
* Provides support to the executive governance bodies; 
* Integrates the work of the Principal Staff Assistants in the areas of 
business process reengineering, core business mission activities, and 
IRB matters; 
Membership: Operates under the authority, direction, and control of the 
Under Secretary of Defense for Acquisition, Technology, and Logistics-
-the vice chair of the DBSMC. The day-to-day direction, management, and 
oversight is provided cooperatively by the Deputy Under Secretary of 
Defense (Business Transformation) and the Deputy Under Secretary of 
Defense (Financial Management). 

Source: DOD.

[A] The five core business missions are described in table 3.

[B] The organizational structure of the agency is outlined in figure 1 
and the roles and responsibilities of the agency divisions are 
described in table 2.

[End of table]

The BTA, established in 2005, is organized into eight divisions, one of 
which is the office of the Defense Business Systems Acquisition 
Executive--the component acquisition executive for DOD enterprise-level 
systems and initiatives.[Footnote 26] Figure 1 outlines the 
organizational structure of the agency and table 2 shows the roles and 
responsibilities of the agency divisions.

Figure 1: Business Transformation Agency Organization:

[See PDF for image] 

Source: DOD. 

[A] This role is temporarily filled by the Deputy Under Secretary of 
Defense for Business Transformation and the Deputy Under Secretary of 
Defense for Financial Management.

[End of figure]

Table 2: Business Transformation Agency Divisions:

Office: Defense Business Systems Acquisition Executive; 
Description: 
* Develops, coordinates, and integrates projects, programs, systems, 
and initiatives that provide DOD enterprisewide business capabilities 
to the warfighter; 
* Exercises acquisition executive oversight for DOD enterprise-level 
business systems assigned by the DBSMC; 
* Serves as the milestone decision authority for specific programs as 
directed by the DBSMC, and as the DOD component acquisition executive 
for business systems; 
* Manages resources, including fiscal, personnel, and contracts for 
assigned systems and programs.

Office: Enterprise Integration; 
Description: 
* Supports the integration of enterprise-level business capabilities; 
* Ensures adoption of DOD- wide information and process standards, as 
defined in the business enterprise architecture (BEA).

Office: Transformation Planning and Performance; 
Description: 
* Maintains and updates the department's BEA and corresponding 
enterprise transition plan; 
* Monitors the performance of enterprise programs and initiatives by 
ensuring that they meet the milestones documented in the enterprise 
transition plan; 
* Includes the Milestone Assurance Team, which monitors the performance 
of enterprise-level programs and initiatives.

Office: Transformation Priorities and Requirements; 
Description: 
* Serves as the primary link to the Principal Staff Assistants within 
the Office of the Secretary of Defense as well as other DOD-level 
organizations including the US Transportation Command, the Defense 
Logistics Agency, and the Defense Finance and Accounting Service; 
* Ensures that the functional priorities and requirements of these 
organizations are reflected in both the BEA and the enterprise 
transition plan, as well as in the guidance for business systems 
investment management; 
* Comprises a mix of senior leaders from both government and industry 
that have experience in business processes and systems technology.

Office: Investment Management; 
Description: 
* Provides leadership in investment management for DOD enterprise-level 
business systems; 
* Supports and coordinates IRB processes and actions for certification; 
* Reports on IRB certification status in congressional reports and 
DBSMC meetings; 
* Updates and defines IRB data elements in the DOD Information 
Technology Portfolio Repository and conducts the systems inventory for 
OMB.

Office: Warfighter Support Office; 
Description: 
* Identifies enterprise-level business issues that directly impact the 
warfighter and works to resolve these issues via systems capability and 
process improvements; 
* Engages with joint staff and combatant commands to identify and 
communicate requirements to the agency; 
* Monitors business process and system improvement initiatives 
sponsored by the agency and ensures their progress in accordance with 
performance objectives.

Office: Information and Federation Strategy; 
Description: 
* Manages the information strategy, which encompasses integration 
efforts, strategic planning, change management, and long-term internal 
and external communications; 
* Ensures that integrated best industry practices are applied to all 
areas of strategic planning and communications for the agency.

Office: Agency Operations; 
Description: 
* Provides centralized support across the agency, such as 
administrative services, personnel and staffing, contracting, budget, 
IT, security, and training; 
* Supports the monthly DBSMC meetings; 
* Coordinates with external stakeholders; 
* Establishes and maintains a central repository for records, 
deliverables, and policies for the agency. 

Source: DOD.

[End of table]

DOD's Business Enterprise Architecture: A Brief Description:

In 2005, DOD adopted a 6-month incremental approach to developing its 
enterprise architecture as either a major release or a minor 
release.[Footnote 27] DOD released version 3.0 of the business 
enterprise architecture on September 28, 2005, describing it as the 
initial baseline. According to DOD, this version was intended to 
provide a blueprint to help ensure near-term delivery of the right 
capabilities, resources, and materiel to the warfighter. To do so, this 
version focused on six business enterprise priorities--which DOD states 
are short-term objectives to achieve immediate results, within DOD's 
five core business missions--to be addressed through identification of 
corporate business needs and analysis of capability gaps (see table 3). 
The core business missions transcend DOD's various functional areas 
(e.g., planning, budgeting, IT, procurement, and maintenance) and are 
intended to be the means through which end-to-end warfighter support is 
delivered. Responsibility for the core business missions is assigned to 
specific Principal Staff Assistants.

Table 3: Core Business Missions and Associated Principal Staff 
Assistants:

DOD core business mission: Human Resources Management; 
Description: This mission includes all human resources-related 
processes necessary to recruit, train, and prepare personnel for 
warfighter organizations. It also includes providing trained, healthy, 
and ready personnel to combatant and combat support organizations, and 
ensures timely and accurate access to compensation and benefits for all 
DOD personnel; 
Principal Staff Assistants: Under Secretary of Defense (Personnel and 
Readiness).

DOD core business mission: Weapon System Lifecycle Management; 
Description: This mission includes full life-cycle management of 
defense acquisition of weapons systems and automated information 
systems, including requirements, technology, development, production, 
and sustainment; 
Principal Staff Assistants: Under Secretary of Defense for Acquisition, 
Technology, and Logistics.

DOD core business mission: Materiel Supply and Service Management; 
Description: This mission includes the management of supply chains of 
materiel supply and services to maintain the readiness of non-deployed 
and deployed warfighters to support operations. It also includes all 
aspects associated with acquiring, storing, and transporting all 
classes of supplies; 
Principal Staff Assistants: Under Secretary of Defense for Acquisition, 
Technology, and Logistics.

DOD core business mission: Real Property and Installations Lifecycle 
Management; 
Description: This mission includes the provision of installations and 
facilities to house military forces, to store and maintain military 
equipment, and to serve as training and deployment platforms for 
dispatching warfighter units; 
Principal Staff Assistants: Under Secretary of Defense for Acquisition, 
Technology, and Logistics.

DOD core business mission: Financial Management; 
Description: This mission includes the provision of accurate and 
reliable financial information in support of the planning, programming, 
budgeting, and execution process to ensure adequate financial resources 
for warfighting mission requirements. It also includes providing 
information to reliably cost the conduct, output, and performance of 
DOD operations and missions, and the programs to support them; 
Principal Staff Assistants: Under Secretary of Defense (Comptroller). 

Source: DOD.

[End of table]

Table 4 provides descriptions of the business enterprise priorities. 
According to the department, these business enterprise priorities will 
evolve and expand in future versions of the architecture.

Table 4: Business Enterprise Priorities:

Business Enterprise Priority: Personnel Visibility; 
Description: Providing access to reliable, timely, and accurate 
personnel information for warfighter mission planning.

Business Enterprise Priority: Acquisition Visibility; 
Description: Providing transparency and access to acquisition 
information that is critical to supporting life-cycle management of the 
department's processes for delivering weapons systems and automated 
information systems.

Business Enterprise Priority: Common Supplier Engagement; 
Description: Aligning and integrating policies, processes, data, 
technology, and people to simplify and standardize the methods that DOD 
uses to interact with commercial and government suppliers.

Business Enterprise Priority: Materiel Visibility; 
Description: Improving supply chain performance.

Business Enterprise Priority: Real Property Accountability; 
Description: Acquiring access to real-time information on DOD real 
property assets.

Business Enterprise Priority: Financial Visibility; 
Description: Providing immediate access to accurate and reliable 
financial information that will enhance efficient and effective 
decision making. 

Source: DOD.

[End of table]

In addition to focusing the scope of version 3.0 of the architecture on 
these priorities within the five core business missions, the extent to 
which each priority was to be addressed, according to DOD, was limited 
to answering four key groups of questions:

* Who are our people, what are their skills, and where are they located?

* Who are our industry partners, and what is the state of our 
relationship with them?

* What assets are we providing to support the warfighter, and where are 
these assets deployed?

* How are we investing our funds to best enable the warfighting mission?

To produce a version of the architecture within this scope, DOD created 
12 of the 26 recommended products included in the DOD Architecture 
Framework--the structural guide that the department has established for 
developing an architecture[Footnote 28]--including 7 products that the 
framework designates as "essential." For example, one essential product 
is the Operational Node Connectivity Description--a graphic showing 
"operational nodes" (organizations), including a depiction of each 
node's information exchange needs.

On March 15, 2006, DOD released version 3.1 of the business enterprise 
architecture. According to program officials and our review of program 
documentation, version 3.1 is a minor release and--similar to version 
3.0--addresses enterprise-level business and strategic plans, goals, 
objectives, and strategies. Program officials also noted that version 
3.1 continues to be an outcome-based architecture that is focused on 
six business enterprise priorities within DOD's five core business 
missions, and that this version was developed following the same 
methodology and architectural framework as version 3.0. Program 
officials stated that the next release (version 4.0) will be similar to 
version 3.1, because it will also be a minor release.

Fiscal Year 2005 National Defense Authorization Act Requirements:

Congress included six provisions in the Act[Footnote 29] that are aimed 
at ensuring DOD's development of a well-defined business enterprise 
architecture and associated enterprise transition plan, as well as the 
establishment and implementation of effective investment management 
structures and processes. The requirements are as follows:

(1) Develop a business enterprise architecture that:

* includes an information infrastructure that, at a minimum, would 
enable DOD to:

- comply with all federal accounting, financial management, and 
reporting requirements;

- routinely produce timely, accurate, and reliable financial 
information for management purposes;

- integrate budget, accounting, and program information and systems; 
and:

- provide for the systematic measurement of performance, including the 
ability to produce timely, relevant, and reliable cost information;

- includes policies, procedures, data standards, and system interface 
requirements that are to be applied uniformly throughout the 
department; and:

- is consistent with OMB policies and procedures.

(2) Develop a transition plan for implementing the architecture that 
includes:

* an acquisition strategy for new systems needed to complete the 
enterprise architecture;

* a list and schedule of legacy business systems to be terminated;

* a list and strategy of modifications to legacy business systems; and:

* time-phased milestones, performance metrics, and a statement of 
financial and non-financial resource needs.

(3) Identify each business system proposed for funding in DOD's fiscal 
year budget submissions and include:

* information on each business system proposed for funding in that 
budget;

* funds for current services and for business systems modernization; 
and:

* the designated approval authority for each business system.

(4) Delegate the responsibility for business systems to designated 
approval authorities within the Office of the Secretary of Defense.

(5) Require each approval authority to establish investment review 
structures and processes, including a hierarchy of IRBs--each with 
appropriate representation from across the department. The review 
process must cover:

* review and approval of each business system by an IRB before funds 
are obligated;

* at least an annual review of every business system investment;

* use of threshold criteria to ensure an appropriate level of review 
and accountability;

* use of procedures for making architecture compliance certifications;

* use of procedures consistent with DOD guidance; and:

* incorporation of common decision criteria.

(6) Effective October 1, 2005, DOD may not obligate appropriated funds 
for a defense business system modernization with a total cost of more 
than $1 million unless the approval authority certifies that the 
business system modernization:

* complies with the business enterprise architecture;

* is necessary to achieve a critical national security capability or 
address a critical requirement in an area such as safety or security; 
or:

* is necessary to prevent a significant adverse effect on an essential 
project in consideration of alternative solutions, and the 
certification is approved by the DBSMC.

Recent Review Indicates DOD Has Begun to Address Long-standing 
Weaknesses in Institutional Approach to Business Systems Modernization:

Between May 2001 and July 2005, we have reported on DOD's efforts to 
develop an architecture and to establish and implement effective 
investment management structures and processes.[Footnote 30] These 
reports identified serious problems and concerns about the department's 
architecture program, the quality of the architecture and the 
transition plan, and the lack of an investment management structure and 
controls to implement the architecture. To address these concerns, we 
made 34 recommendations to ensure that the architecture was well- 
defined, managed, and implemented.

In response to our recommendations and requirements in the Act and as 
described in the previous section, in 2005 DOD fundamentally changed 
its institutional approach to architecture development, management, and 
implementation. Consistent with our recommendations, DOD has also 
adopted an incremental approach to developing a purpose-driven and 
standards-based enterprise architecture, and it has established a 
tiered accountability structure through a hierarchy of investment 
oversight and decision-making entities for reviewing and approving 
business system investments.

In November 2005,[Footnote 31] we reviewed DOD's efforts to satisfy the 
six requirements cited in the Act. In our report and in 
testimony,[Footnote 32] we stated that DOD had partially satisfied the 
four legislative requirements relating to architecture development, 
transition plan development, budgetary disclosure, and investment 
review; it had satisfied the provision concerning designated approval 
authorities; and it was in the process of satisfying the provision for 
certification and approval of modernizations costing in excess of $1 
million. We concluded that the department had made important progress 
in establishing the kind of fundamental management structures and 
processes that are needed to correct the long-standing and pervasive IT 
management weaknesses that have led to our designation of DOD business 
systems modernization as a high-risk program, and that this progress 
provided a foundation on which to build. However, we also concluded 
that much more remained to be accomplished to fully satisfy the Act's 
requirements and address the department's IT management weaknesses, 
particularly with regard to sufficiently developing the enterprise 
architecture and transition plan and ensuring that investment review 
and approval processes are institutionally implemented.

DOD Is Taking Steps to Address Act's Requirements and Improve Approach 
to Modernizing Business Systems:

DOD continues to take incremental steps to comply with the remaining 
five requirements of the Act and improve its business systems 
modernization approach. On March 15, 2006, DOD released a minor update 
to its business enterprise architecture (version 3.1), developed an 
updated enterprise transition plan, and issued its annual report to 
Congress describing steps taken and planned relative to the Act's 
requirements, among other things. These steps address several of the 
missing elements we previously identified relative to the legislative 
provisions concerning the architecture, transition plan, budgetary 
disclosure, investment review, and the reviews of systems costing in 
excess of $1 million. DOD officials told us that additional steps are 
intended to fully implement the Act's requirements and address our 
prior concerns. According to program officials, this continued progress 
is a reflection of DOD leadership's commitment to effective business 
systems modernization. While this progress better positions the 
department to address the business systems modernization high-risk 
area, sustained leadership is essential to further improve its 
modernization approach, fully address the Act's requirements, and 
ultimately acquire and implement modernized business systems.

DOD Continues to Address Limitations in Prior Version of Architecture:

Version 3.1 of the business enterprise architecture, according to DOD's 
most recent annual report to Congress, resolves several of the 
architecture gaps identified in the prior version and introduces 
several other minor improvements, but it does not include major content 
changes. This version reflects steps taken by DOD to address some of 
the missing elements, inconsistencies, and usability issues that we 
identified in our prior report[Footnote 33] related to the Act's 
requirements and related architecture guidance. According to DOD 
officials, they are committed to incrementally evolving the 
architecture's scope, content, internal alignment, and usability. Until 
they do, however, the architecture's utility will be limited.

With regard to complying with federal accounting, financial management, 
and reporting requirements, the architecture has much of the 
information needed to achieve compliance with the Department of the 
Treasury's United States Standard General Ledger,[Footnote 34] such as 
the data elements or attributes that are needed to facilitate 
information sharing and reconciliation with the Treasury. In addition, 
the SFIS,[Footnote 35] which includes a standard accounting 
classification structure, can allow DOD to standardize financial data 
elements necessary to support budgeting, accounting, cost management, 
and external reporting; it also incorporates many of the Standard 
General Ledger's attributes.

Further, version 3.1 provides new business rules for intra-governmental 
transactions[Footnote 36] that can be automated to enforce compliance 
with federal accounting, financial management, and reporting 
requirements. For example, version 3.1 includes the intra-governmental 
transactions business rule 
"ENT_Available_Reimbursable_Authority"[Footnote 37] to enforce 
compliance with a Generally Accepted Accounting Principle standard that 
funds to be paid can be received. Business rules are important because 
they explicitly translate important business policies and procedures 
into specific, unambiguous rules that govern what can and cannot be 
done.

However, version 3.1 does not yet address the locations where specified 
activities are to occur and where the systems are to be located. 
Program officials agreed; however, they stated that the architecture is 
not intended to include this level of detail because it is capabilities-
based rather than solutions-based, and they said that this information 
will be contained either within the department's Global Information 
Grid[Footnote 38] or in individual systems' program documentation. As 
previously reported,[Footnote 39] we do not agree that information 
pertaining to locations is only germane to the solutions-based 
architectures, and the explicit linkage between the business enterprise 
architecture and Global Information Grid is not apparent. The 
identification of operationally significant and strategic business 
locations, as well as the need for a business logistics model, is a 
generally accepted best practice for defining the business operations 
of an architecture.[Footnote 40] This is because the cost and 
performance of implemented business operations and technology solutions 
are affected by the location and therefore need to be examined, 
assessed, and decided on in an enterprise context rather than in a 
piecemeal, systems-specific fashion.

In addition, the architecture does not provide for compliance with all 
federal accounting, financial, and reporting requirements. For example, 
it does not apply the concept of tiered accountability to identify 
which laws, policies, and regulations are relevant at the enterprise 
level. Until it does, the department cannot effectively identify 
overlaps in IT spending by the components[Footnote 41] and programs for 
common functions or enterprise requirements. In addition, some business 
rules are at inconsistent levels of detail within the architecture. For 
example, some business rules are defined in high-level conceptual terms 
(e.g., "ENT_Cost_Reporting") while others are defined more specifically 
at an operational level (e.g., "ENT_DOD_Obligations_Against"). Until 
standard enterprise-level operational rules are defined and developed, 
DOD components will continue to implement operational procedures that 
are inconsistent because they are based on their own unique 
interpretations of the laws, policies, and regulations.

With regard to timely, accurate, and reliable financial information for 
management purposes, we reported in November 2005[Footnote 42] that 
SFIS had not been completed or implemented and that the architecture 
had yet to include standard definitions of key terms in the 
architecture--such as all enterprise-level terms. Since then, the 
department has completed phase I of the SFIS initiative, which is 
focused on standardizing general ledger and external financial 
reporting requirements, and has incorporated associated definitions in 
the architecture. In addition, the department continues to evolve the 
integrated dictionary and include definitions and descriptions of many 
terms used in the architecture. For example, the integrated dictionary 
in version 3.1 includes a business enterprise priority dictionary from 
which it is easy to find descriptions of business priorities such as 
"acquisition visibility," "common supplier engagement," and "financial 
visibility." Further, version 3.1 provides additional compliance based 
on modifications to intra-governmental transaction concepts (e.g., a 
standard capability for creating and routing requisitions, purchase 
orders, billings, payments, and collections) to provide enhanced 
visibility to buying and selling transactions between entities of the 
federal government. This enhanced visibility facilitates easy access to 
information about intra-governmental transactions, thereby supporting 
the requirement to routinely produce timely information.

However, additional SFIS definition efforts remain under way, and the 
department plans to further define key data elements and attributes 
that are not yet in the architecture. For example, according to program 
officials, data elements--such as those relating to the planning, 
programming, and budgeting business process area--have yet to be 
defined. According to DOD, these data elements will be in the next 
version of the architecture. Further, although the integrated 
dictionary contains definitions of many terms (e.g., business 
capabilities, data objects, and system functions), it has yet to 
contain definitions of key accounting and budget terms such as "balance 
forwarded" and "receipt balances" that are used in the description of 
the data object termed "Receipt Account Trial Balance and Ledgers." 
According to DOD's architecture framework, the integrated dictionary 
should enable the set of architecture products to stand alone, allowing 
them to be read and understood with minimum reference to outside 
resources. Program officials agreed and stated that both the SFIS and 
the integrated dictionary will evolve and be incorporated into future 
releases.

Moreover, version 3.1 does not identify and explicitly define all 
business rules that would enable the financial information to be 
verified and validated on the basis of timeliness, accuracy, and 
reliability. For example, although a United States Standard General 
Ledger transaction library[Footnote 43] was developed, its use as a 
business rule in a business process model--or an enabler to an 
operational activity to verify and validate the accuracy of transaction 
postings (or the relationships among transactions)--is not explicitly 
defined and identified in version 3.1. In addition, architectural 
elements that are identified and intended to address this requirement 
are not always well defined. For example, "review and certify financial 
statement" is identified as a process in the integrated dictionary, but 
depicted as an operational event in the process labeled "perform 
financial reporting" in the operational event-trace description 
product, which indicates when activities are to occur within 
operational processes. In addition, "perform financial reporting" is 
identified as both an event and a process in the integrated dictionary. 
Beyond these definitional ambiguities, identified business rules are 
not always allocated to specific systems in the architecture. For 
example, business rules are not allocated to the Business Enterprise 
Information Services--an enterprise-level automated reporting system 
intended to provide timely, accurate, and reliable business information 
across the department to support auditable financial statements and 
provide detailed financial information visibility for management in 
support of the warfighter; and to integrate budget, accounting, and 
program information that is widely dispersed among systems and 
organizations across the department. Such limitations constrain the 
utility and effectiveness of the architecture in guiding and 
constraining system development.

With regard to the integration of budgeting, accounting, and 
programming information and systems, we reported in November 
2005[Footnote 44] that the architecture did not include certain 
elements--such as a fully defined and implemented SFIS--and all systems 
needed to achieve integration. According to DOD, version 3.1 
incorporates 59 SFIS phase 1 data elements and 109 business rules. In 
addition, this version provides content relevant to the integration of 
intra-governmental transaction functionality for reimbursable orders, 
which is important in addressing the financial visibility and common 
supplier engagement business enterprise priorities. This functional 
integration can lead to the simplification of system and data 
integration. Nevertheless, version 3.1 does not specify all systems 
needed to achieve integration, as evidenced by instances in which the 
architecture provides "placeholders" or generic references for yet-to- 
be-defined systems (e.g., Financial Management System Entity). Program 
officials agreed and stated that these systems would be added as 
solutions are defined to address identified capability gaps.

In addition, although version 3.1 includes separate entity relationship 
diagrams for the accounting, budget, and cost functional areas, it does 
not describe the relationships of entities across the planning, 
programming, budgeting, and execution process. According to the 
architecture's overview and summary information, this overall business 
process has yet to be fully developed, including definition around the 
interdependencies that currently exist in the "As Is" planning, 
programming, budgeting, and execution process. As a result, the 
architecture does not yet support effective development of planning, 
programming, budgeting, and execution systems.

With respect to the systematic measurement of performance--including 
the ability to produce timely, relevant, and reliable cost information-
-version 3.1 adds features linking the architecture business 
capabilities to systems and initiatives in the transition plan. For 
example, the architecture indicates that the business capability termed 
"financial reporting" will be enabled by the Business Enterprise 
Information Services system. These linkages provide an alignment of 
system investments with the architecture and thus can be used to 
establish business performance measures for system investments. In 
addition, the department has developed an initial baseline of 
capability metrics in the updated transition plan, which according to 
program officials will be used to measure progress towards achieving 
capability outcomes.

However, version 3.1 still does not provide for the systematic 
measurement of performance (i.e., the means by which the department can 
measure the intended mission value to be delivered by the portfolio of 
programs in the architecture). The architecture also does not include 
standard methods to collect and evaluate performance data and SFIS data 
elements that support systematic measurement of performance have yet to 
be developed. Program officials acknowledged this missing content and 
stated that they plan to include measurements and targets in future 
releases.

In addition, version 3.1 does not describe business performance 
shortfalls to be addressed based on a capability gap analysis between 
the "As Is" and the "To Be" environments. Program officials stated that 
such performance shortfalls, such as the inability to properly 
eliminate intra-governmental transactions, are being identified through 
a variety of sources (e.g., Inspector General and DOD Performance and 
Accountability reports along with our own reports). However, they 
agreed that there is a need to synthesize and prioritize these inputs 
so that a better understanding can be obtained on the performance 
shortfalls that have to be addressed through the "To Be" solutions.

With respect to policies, procedures, data standards, and system 
interface requirements, version 3.1 requires that SFIS be established 
as an enterprisewide data standard for categorizing financial 
information along several dimensions (e.g., appropriation account, 
budget program, organizational, transactional, trading partner, and 
cost accounting) to support financial management and reporting 
functions. Further, version 3.1 adds greater definition on standard 
processes, rules, and data for intra-governmental ordering and billing.

However, as stated earlier, SFIS data elements have not been completely 
defined and continue to evolve. In addition, the architecture has yet 
to include a systems standards profile to facilitate data sharing among 
departmentwide business systems and interoperability with 
departmentwide IT infrastructure systems. Program officials 
acknowledged that the architecture does not include a systems standards 
profile and stated that they are working with the Assistant Secretary 
of Defense (Networks and Information Integration)/Chief Information 
Officer (ASD(NII)/CIO) to address this in future versions.

With regard to OMB policies and procedures, similar to version 3.0, the 
latest version does not include a depiction of the "As Is" 
architecture, which is essential to performing a gap analysis to 
identify capability and system performance shortfalls that the 
transition plan is to address. Also, it does not include either an "As 
Is" or "To Be" depiction of all business processes, such as key aspects 
of the planning, programming, budgeting, and execution processes; the 
technology infrastructure; and security architecture. In response, 
program officials stated that "As Is" environment analyses and 
definitions have occurred and are planned on in an "as needed" and 
"just enough" basis. For example, they described "As Is" analysis and 
definition that has occurred at the system level for several of the 
enterprise-level systems (e.g., DOD Real Property Information Systems), 
and work under way to further understand the interdependencies that 
exist in the current planning, programming, budgeting, and execution 
business process as an essential part of developing the "To Be" 
description of this process. While the "As Is" description is not 
included in versions 3.0 and 3.1, according to a program official, the 
"As Is" work is in fact now being used to perform a business capability 
gap analysis and guide transformation based on the current set of 
priorities. In our view, the issue is not whether each architecture 
release includes all of the elements of an "As Is" environment, but 
that the releases disclose at a minimum the "As Is" analyses that have 
and that have not been performed. It is also in our view that DOD 
should describe in the architecture releases the importance or 
irrelevance of "As Is" analyses to the systems and initiatives in the 
enterprise transition plan and the operational activities and business 
processes in the target architecture.

In addition to these areas, version 3.1 has also yet to address other 
limitations we previously reported. Specifically:

* Version 3.1 products are not yet fully integrated. For example, the 
operational event-trace description product--which indicates when 
activities are to occur within operational processes--is decomposed to 
a greater level of detail than the corresponding operational activity 
model, which shows the operational activities (or tasks) that are to 
occur and the input and output process flows among these activities. 
Program officials acknowledged this and stated that they are working to 
improve the operational activity models for several business enterprise 
priorities (e.g., Personnel Visibility and Financial Visibility). In 
particular, the updated transition plan identifies business capability 
outcome metrics for additional operational activities, such as "Manage 
Vacancy Recruiting."

* Version 3.1 is not yet adequately linked to the component 
architectures and transition plans, which is particularly important 
given the department's federated approach to developing and 
implementing the architecture. As we previously reported, a federated 
architecture is composed of a set of coherent but distinct entity 
architectures. The members of the federation collaborate to develop an 
integrated enterprise architecture that conforms to the enterprise view 
and to the overarching rules of the federation. In its March 15, 2006, 
report to Congress, the department stated that integration will be an 
ongoing goal. To accomplish this goal, program officials told us that a 
federation strategy is being developed and will be implemented in 
future versions of the architecture and transition plan. However, they 
did not have an enterprise architecture development management plan 
containing this strategy.

As we previously reported, the department has taken a 6-month 
incremental approach to developing the business enterprise architecture 
and meeting the Act's requirements. DOD officials told us that, as a 
minor release, version 3.1 was not intended to include new priorities 
or capabilities; but instead was intended to provide extension and 
"clean up" of the preceding release. They further stated that this 
approach of developing minor releases provides the department the means 
by which to balance architecture maintenance and implementation.

We support DOD taking an incremental approach to developing the 
business enterprise architecture, recognizing that adopting such an 
approach is a best practice that we have advocated. In addition, we 
believe that version 3.1 provides an improved foundation on which to 
continue to build a more complete architecture.

However, although the department agreed to develop a near-term plan it 
has not yet developed or established milestones for developing a near- 
or a long-term plan that will provide details on what will be included 
in these incremental architecture developments and what will not be 
included, with particular emphasis and clarity around the near-term 
increments. Without such a plan, the department is less likely to 
accomplish intended improvements. In addition, once the missing scope, 
content, and related shortcomings described is added, the architecture 
will be a more sufficient frame of reference to optimally guide and 
constrain DOD-wide system investment decision making.

DOD Has Made and Intends to Make More Improvements to Transition Plan:

According to the department's most recent annual report to Congress, 
the March 15, 2006, version of its enterprise transition plan provides 
information on progress on major investments over the last 6 months-- 
including key accomplishments and milestones attained, as well as new 
information on near-term activities (i.e., within the next 6 months) at 
both the enterprise and component levels. DOD also reports that this 
latest version of the transition plan indicates which of the 
limitations and gaps that we identified in the earlier plan have been 
addressed. DOD has taken a number of steps to improve its enterprise 
transition plan and address some of the missing elements that we 
previously identified[Footnote 45] relative to the Act's requirements 
and related transition planning guidance.

With respect to the development of an acquisition strategy, the March 
2006 transition plan refines and updates the September 2005 transition 
plan. As we previously reported, the September 2005 transition plan was 
largely based on a bottom-up planning process in which ongoing programs 
were examined and categorized in the plan around business enterprise 
priorities and capabilities, including a determination as to which 
programs would be designated and managed as DOD-wide programs versus 
component programs. To improve on this plan, the department defines an 
initiative that is based on shortfalls of current business 
capabilities. For example, version 3.1 of the architecture includes an 
initiative--referred to as the intra-governmental transactions 
initiative--that was based on a current "As Is" business capability 
shortfall relative to DOD's ability to properly eliminate intra- 
governmental transactions. This shortfall was highlighted as a material 
weakness in DOD's Fiscal Year 2005 Performance and Accountability 
Report.

DOD continues to validate the inventory of ongoing IT investments that 
formed the basis for the prior version of the transition plan. 
Specifically, DOD intends future updates to the plan to continue to 
introduce the results of ongoing and planned analyses of gaps between 
its "As Is" and "To Be" architectural environments, in which capability 
and performance shortfalls are described and investments (such as 
transformation initiatives and systems) that are to address these 
shortfalls are clearly identified. In fact, DOD officials stated that 
they anticipate the scope and funding of some on-going programs in the 
plan--such as the Defense Integrated Military Human Resources System 
and the intra-governmental transactions initiative--to be revised to 
align them to achieve a desired business capability. Program officials 
stated that this evolution of the plan will be driven by (1) 
identifying gaps between the architecture requirements and currently 
planned program activities and (2) planning new systems and initiatives 
to address gaps identified in priorities, capabilities, and existing 
program activities. In particular, DOD plans to identify gaps (i.e., 
shortfalls) in the performance of its business capabilities in the next 
version of the architecture and, as transformation efforts mature, DOD 
will introduce a more top-down, capability-based approach.

With respect to the identification of legacy systems that will and will 
not be part of the "To Be" architectural environment, including 
modifications to these systems, the prior plan identified some, but not 
all, of these systems. To address this limitation, the current plan 
identifies a number of additional legacy systems that will be 
terminated and thus will not be part of the target environment. For 
example, the plan now includes a number of recently determined 
termination dates for systems such as the Cash Reconciliation System, 
Financial Reporting System, and Navy Prompt Payment Interest. 
Furthermore, in its annual report to Congress, DOD noted that the 
military services collectively have identified over 290 legacy systems 
for elimination. DOD also indicated that this number is expected to 
change over time as more systems come in for certification and 
enterprise solutions are identified and refined. Moreover, the plan now 
reflects legacy systems identified to date for enterprise and component 
priorities and, according to officials, the list will continue to 
evolve as investment decisions are made via the tiered accountability 
investment review structure. For example, the Air Force has reassessed 
the systems migrating to the target Expeditionary Combat Support 
System, and this is reported in the March 2006 plan. Program officials 
noted that this number will fluctuate as the scope of the Expeditionary 
Combat Support System changes.

The March 2006 transition plan, however, does not yet include a number 
of the elements we have previously identified.

* It does not include a complete listing of the legacy systems that 
will not be part of the target architecture. In particular, the 
termination dates for many legacy systems remain unknown, making it 
unclear whether or not they will be part of the target environment. For 
example, the plan does not provide specific dates for terminating 
legacy systems such as the Personnel Records Management System, Defense 
Departmental Reporting System, and Base Accounts Receivable System.

* The plan does not include system and budget information for 13 of its 
15 defense agencies[Footnote 46] and for 8 of its 9 combatant 
commands.[Footnote 47] Program officials told us that information for 
these defense agencies and combatant commands is not included because, 
similar to the September plan, it was focused on the largest business- 
focused organizations in DOD, which they defined as those meeting tier 
1 and tier 2 IRB certification criteria.[Footnote 48] According to the 
officials, the majority of these organizations do not have investments 
that meet the threshold criteria. Nevertheless, they appended that 
additional components will be added as appropriate when they have large 
business system investments planned. They also stated that the Defense 
Information Systems Agency's IT infrastructure investments will not be 
reflected in the enterprise transition plan because the capabilities 
that these investments are intended to deliver are reflected in the 
Global Information Grid rather than in the business enterprise 
architecture. As we previously reported,[Footnote 49] exclusion of 
Defense Information Systems Agency investments is particularly 
limiting, given that this agency and its investments provide the 
infrastructure services that business systems depend on to operate. 
Without including information on the timing and content of these 
investments, the critical relationship between infrastructure and 
systems becomes blurred in many ways. For example, it becomes unclear 
whether a new business system will be able to reuse existing 
infrastructure components or services--thereby leveraging established 
capabilities--or whether it will have to introduce duplicative 
capabilities as part of the business system investment.

* The plan does not include a complete listing of the legacy systems 
that will be part of the target architecture, nor does it include 
explicit strategies for modifying those legacy systems identified in 
the plan's system migration diagrams. In particular, the plan 
identifies those legacy systems for which some of its functionality 
will be migrated; however, it does not indicate whether or not these 
systems will still be operational in the "To Be" environment or will 
eventually be terminated. For example, although the plan identifies the 
Cargo Movement Operations System as one where the functionality will 
only be partially migrated, neither the plan nor version 3.1 of the 
architecture indicate whether this system will continue to be a part of 
the target environment.

With respect to milestones, performance metrics, and resource needs, 
the plan identifies incremental milestones and resource needs for major 
investments and performance metrics for certain investments. The plan 
also identifies progress against program milestones that were depicted 
in the September 2005 plan. For example, in an effort to improve 
visibility into personnel activities, DOD reported that, for the 
Defense Civilian Personnel Data System, it met the milestone to deploy 
a data warehouse capability to facilitate data sharing. It also 
reported that, for this system, it has set a September 2008 milestone 
for developing an implementation strategy for integrating modules 
supporting functionality that is currently provided by stand-alone 
applications. However, it does not include other important information 
needed to understand the sequencing of these business investments. In 
particular, it does not include such information as organizational, 
process, and technology improvements required to achieve identified 
milestones. In addition, if an investment is dependent on Net-Centric 
Enterprise Services (NCES)[Footnote 50] for its core services, it 
should include the above information in establishing its deployment 
milestone and detail any issue associated with the incremental 
deployment of the NCES program.

Beyond these areas, the March 2006 plan has yet to completely define 
specific business capabilities that are needed to support the business 
enterprise priorities. For example, according to DOD, the Materiel 
Visibility business enterprise priority requires additional 
capabilities related to the supply chain planning process, but neither 
these capabilities nor associated investments were in the plan. Program 
officials agreed and stated that future versions of the architecture 
and the transition plan will address the supply chain planning process, 
as well as other yet-to-be-identified process requirements (i.e., 
capability gaps).

As we previously reported, the department is taking an incremental 
approach to developing its enterprise transition plan. In doing so, the 
department's latest plan improves on the prior plan, and program 
officials stated that many of the missing elements that we identified 
will be included in future iterations of the plan. This incremental 
approach is both a best practice and is consistent with our previous 
recommendation. However, the latest plan is still missing important 
content and the department has yet to develop or establish milestones 
for developing a near-or a long-term plan that will provide details on 
what will be included in each incremental iteration of the enterprise 
transition plan, with particular emphasis and clarity focused on the 
near-term increments. Without such a plan, the department is less 
likely to accomplish intended improvements. A transition plan is to be 
an acquisition strategy that recognizes timing and technological 
dependencies among planned systems investments, as well as other 
considerations, such as market trends and return on investment. The 
plan should enable the department to affirm that the set of programs in 
the plan are the appropriate ones to fill the gap between where it is 
now architecturally and where it wants to be. In addition, the plan 
should not only define schedule milestones but also include commitments 
for system capabilities and associated outcomes. Once missing content 
is added and all planned investments are validated by capability gap 
analyses, the department will be better positioned to sequentially 
manage the migration and disposition of existing business processes and 
systems--and the introduction of new ones.

DOD Is Addressing Issues Related to Reporting Business Systems:

DOD has taken steps to meet the Act's requirements[Footnote 51] 
relative to the identification of all business systems in its IT budget 
request. In particular, program officials told us that the DOD 
Information Technology Portfolio Repository (DITPR) has been 
established as the authoritative repository for certain information 
about DOD's systems, such as system names and the responsible DOD 
components. Further, this repository is being expanded to contain 
information required for the certification, approval, and annual 
reviews of these business system investments. To ensure consistency of 
DOD's fiscal year 2007 IT budget submission with this authoritative 
inventory, DOD has reconciled (and intends to continue reconciling) 
DITPR with the database that it uses to prepare its IT budget 
submissions, referred to as Select and Native Programming Data System- 
Information Technology (SNAP-IT). According to program and military 
service officials, DOD is taking steps to ensure that each system 
investment is entered in DITPR and SNAP-IT, as appropriate, and it is 
continually reconciling the information between the two to ensure 
consistency.

To further improve the completeness and reliability of the fiscal year 
2007 IT budget request, program officials told us that business system 
investments greater than $1 million were broken out individually, but 
that more needs to be done before smaller systems--those with 
modernization funding less than $1 million over the future years' 
defense program (fiscal years 2006-2011)--are individually visible in 
the budget. DOD's steps should help ensure the completeness and 
reliability of its IT budget submissions, and increase compliance with 
the Act's requirements relative to DOD's IT budgetary disclosure.

DOD Has Efforts Under Way to Control its Business System Investments:

The Act specifies two basic requirements, effective October 1, 2005, 
for obligation of funds for business system modernizations costing more 
than $1 million. First, it requires that these modernizations be 
certified by a designated "approval authority"[Footnote 52] as meeting 
specific criteria.[Footnote 53] Second, it requires that the DBSMC 
approve each certification. The Act also states that failure to do so 
before the obligation of funds for any such modernization constitutes a 
violation of the Anti-deficiency Act.[Footnote 54] In this regard, the 
department reported in September 2005 that the DBSMC had approved 166 
business system modernizations, and in March 2006 that an additional 60 
business systems were approved by the DBSMC. According to DOD, these 
226 business systems represent about $3.6 billion in modernization 
investment funding.

A key element of the department's approach to reviewing and approving 
business systems investments is the use of what it refers to as "tiered 
accountability." DOD's tiered accountability approach involves an 
investment control process that begins at the component level and works 
its way through a hierarchy of review and approval authorities, 
depending on the size and significance of the investment. In our 
discussions with Army, Navy, and Air Force officials, they emphasized 
that the success of the process depends on them to perform a thorough 
analysis of each business system before it is submitted for higher- 
level review and approval.

According to the department's March 2006 report, the investment review 
and approval process has identified over 290 systems for phase-out/ 
elimination. Furthermore, in January 2006, the department eliminated 
further development of the Forward Compatible Payroll System (FCP). 
According to the department's fiscal year 2007 budget request selected 
capital investment report, FCP was intended to address the military pay 
problems that are generated by the existing obsolete military pay 
system. However, in reviewing the program status, it was determined 
that FCP would duplicate the functionality contained in the Defense 
Integrated Military Human Resources System. Therefore, it was 
unnecessary to continue investing in two military payroll systems. 
According to the department's fiscal year 2007 IT budget request, 
approximately $33 million was sought for fiscal year 2007 and about $31 
million was estimated for fiscal year 2008 for FCP. Eliminating this 
duplicative system will enable DOD to use this funding for other 
priorities. The funding of multiple systems that perform the same 
function is one reason the department has thousands of business 
systems. Identifying and eliminating duplicative systems helps optimize 
mission performance and accountability and supports the department's 
transformation goals.

The department's March 2006 report to congressional defense committees 
also notes that the investment review process has identified 
approximately 40 business systems for which the requested funding was 
reduced and the funding availability periods were shortened to less 
than the number of years requested. Based on information provided by 
the BTA program officials, there was a reduction of funding and the 
number of years that funding will be available for 14 Army business 
systems, 8 Air Force business systems, and 8 Navy business systems. 
More specifically, the Army's Future Combat Systems Advanced 
Collaborative Environment program requested funding of $100 million for 
fiscal years 2006 to 2011, but the amount approved was reduced to 
approximately $51 million for fiscal years 2006 to 2008. Similarly, 
Navy's Military Sealift Command Human Resources Management System 
requested funding of about $19 million for fiscal years 2006 to 2011, 
but the amount approved was approximately $2 million for the first 6 
months of fiscal year 2006. According to Navy officials, this system 
initiative will be reviewed to ascertain whether it has some of the 
same functionality as the Defense Civilian Personnel Data System. 
Funding system initiatives for shorter time periods can help reduce the 
financial risk by providing additional opportunities for monitoring a 
project's progress against established milestones and help ensure that 
the investment is properly aligned with the architecture and the 
department's overall goals and objectives.

Besides limiting funding as part of the investment review and approval 
process, this process is also resulting in conditions being place on 
system investments. These conditions identify specific actions that 
must be taken and the specific time frames attached to when the actions 
must be completed. For example, in the case of the Army's Logistics 
Modernization Program, a system initiative that we have previously 
reported on, one of the noted conditions was that the Army had to 
address the issues discussed in our report.[Footnote 55] In our May 
2004 report, we recommended that the department establish a mechanism 
that provides for tracking all business systems modernization 
conditional approvals to provide reasonable assurance that all specific 
actions are completed on time.[Footnote 56] The department's action is 
consistent with the intent of our recommendation. Further, the military 
service officials indicated that the tracking systems will be one of 
the "tools" they will use as part of the required statutory annual 
system reviews. In the case of the Army, officials noted that they had 
requested an update on the status of each condition by April 7, 2006.

Notwithstanding the above described efforts to control the department's 
business system investments, formidable challenges remain. In 
particular, military service officials told us that the review of those 
business systems that have modernization funding of less than $1 
million represents the majority of the department's reported 3,717 
business systems, and that reviews of these systems are only now being 
started on an annual basis. In April 2006, the department issued 
guidance entitled "Investment Certification and Annual Review Process 
User Guidance," which complements the department's May 2005 guidance on 
its IRB process. According to Air Force officials, the additional 
guidance is intended to help ease the administrative burden associated 
with performing the system reviews and further instill consistency 
among the DOD components. However, the extent to which the structures 
and processes will be applied to the department's 3,717 business 
systems is still evolving. Given the large number of systems involved, 
it is important that the system review and approval process be 
effectively implemented for all systems. For example, we reported in 
April 2005,[Footnote 57] that the Army, the Navy, and the Air Force 
have 193; 1,512; and 166 logistics systems, respectively. Such large 
numbers of systems indicate a real possibility for eliminating 
unnecessary duplication and avoiding unnecessary spending.

DOD Has Not Established All Required Investment Review Boards:

The Act directs that DOD establish five IRBs, each responsible and 
accountable for controlling certain business system investments to 
ensure compliance and consistency with the business enterprise 
architecture. Four of the five designated IRBs have been established, 
the exception being an IRB chaired by the ASD(NII)/CIO. According to 
the Act and the Deputy Secretary of Defense's March 19, 2005, 
memorandum, the ASD(NII)/CIO-chaired IRB is responsible and accountable 
for any business system that primarily supports IT infrastructure or 
information assurance activities. According to ASD(NII)/CIO officials, 
this IRB has not been established because the CIO does not have direct 
control and accountability over any business systems, thus making this 
IRB unnecessary. These officials further noted that if there is 
specific infrastructure that would be necessary for a given business 
system, a representative of the ASD(NII)/CIO office is a participant in 
each of the other four IRBs.

The Act's requirement that modernizations costing more than $1 million 
must be certified by a designated "approval authority" and subsequently 
approved by the DBSMC prior to funds being obligated not only applies 
to any business systems that constitute functional area applications 
but also to any infrastructure that constitutes a business system. Our 
analysis of the department's detailed fiscal year 2007 budget request 
documents disclosed approximately $47 million of infrastructure 
modernizations costing more than $1 million that are designated by DOD 
in those documents as in support of the business mission area. 
Investment in infrastructure is an integral part of both an enterprise 
architecture and transition plan, and should, therefore, be subject to 
the same investment management structures and processes as the 
application systems that they support.

DOD Is Implementing Our Prior Recommendations:

The Act's requirements concerning the architecture, transition plan, 
budgetary disclosure, and investment management structures and 
processes--as discussed earlier--are consistent with our prior 
recommendations. Over the last 5 years, we have made 34 recommendations 
to assist the department in developing a well-defined and useful 
business enterprise architecture and using it to gain control over its 
ongoing business system investments. (See app. II for details on the 
status of our recommendations.) DOD agreed with our recommendations and 
stated its commitment to implement them. Of the 34 recommendations, DOD 
had taken steps to fully implement 4 and 29 of our recommendations were 
still open as of November 2005, meaning that DOD had yet to fully 
implement them.[Footnote 58]

In its March 15, 2006, annual report to Congress, DOD restated its 
commitment to address each of the remaining 29 open recommendations. It 
also reported that it had fully implemented 23 of the open 
recommendations and was in the process of implementing 6.

In taking steps to further comply with the Act, DOD has also taken (and 
continues to take) actions to implement our open recommendations. Of 
the 29 remaining recommendations, DOD has taken steps to fully 
implement 16 and is in the process of implementing the remaining 13. 
For example, DOD has fully acted on our recommendations to:

* issue a policy that directs the development, implementation, and 
maintenance of an architecture and:

* establish a hierarchy of IRBs to gain control over ongoing IT 
investments.

DOD is also taking steps related to, for example, our recommendations 
to develop an architecture program management plan and adopt a 
strategic approach to meeting the program's human capital needs. 
However, additional steps are needed to fully implement these 
recommendations.

* The department included a high-level, notional description of steps 
it plans to take over the next year related to architecture 
development, maintenance, and implementation. Program officials also 
described in broad terms these plans orally to us. In particular, the 
department intends to define and implement a metrics framework to 
measure results in terms of operational performance improvement, add 
scope and content to the architecture in 6-month increments, and define 
and use criteria to gauge investment compliance with the architecture. 
However, the department has yet to develop an enterprise architecture 
program management plan to describe, among other things, what the 
architecture and transition plan increments individually or 
collectively will include and not include, and how the quality and 
utility of these increments will be determined.

* Program officials told us that they have begun analyzing the 
architecture program's workforce needs and capabilities using a three- 
phase approach. Phase I--which according to DOD is complete--resulted 
in the development of a knowledge and skills model for the program's 
architecture and transition plan staff. The second phase is in 
progress--according to DOD--and involves identifying and assessing the 
knowledge and skills of the existing architecture and transition plan 
staff. According to program officials, this phase will set overall 
program needs and provide the basis for identifying gaps and 
recommendations for filling the gaps. Phase III will implement the 
recommendations. According to DOD, it has not yet established 
milestones for Phase III.

Program officials, including the Special Assistant to the Deputy Under 
Secretary of Defense (Business Transformation) and the Director of 
Transformation Planning and Performance, stated that the department is 
committed to addressing all of our open recommendations. However the 
department has yet to establish milestones for addressing all our 
recommendations. It is important that the department move swiftly in 
doing so because these recommendations are aimed at strengthening 
architecture management activities, adding missing content to 
architecture products, and controlling ongoing and planned business 
system investments. Until it does, the department will not be able to 
effectively guide and constrain its business modernization efforts and 
move away from non-integrated business systems development efforts.

Conclusions:

Since our last report, DOD has continued to make important progress in 
defining and implementing institutional management controls (i.e., 
processes, structures, and tools), but much remains to be accomplished 
relative to the National Defense Authorization Act for Fiscal Year 2005 
requirements and relevant guidance. In particular, the business 
enterprise architecture and the enterprise transition plan are still 
missing important content and the business system investment process is 
not yet fully established and institutionalized at all organizational 
levels. DOD recognizes this and has stated its commitment to 
incrementally improve its business systems modernization controls 
relative to most of these areas. It is critically important that DOD 
swiftly implement our open recommendations, including developing a well-
defined enterprise architecture program management plan, as we have 
previously noted and recommended, and the department has agreed to do 
so. However, the department has yet to develop this plan or establish 
milestones for developing it. Until it does, the likelihood of 
sustained incremental improvement to its modernization management 
controls will be diminished and the means of holding the department 
accountable for such improvement will be missing. Even with this plan 
and the associated management control improvements, however, the more 
formidable challenge facing the department is how well it can implement 
these controls over the years ahead on each and every business system 
investment. While not a guarantee, institutionalization of well-defined 
modernization management controls can go a long way in addressing this 
longer-term challenge.

Recommendations for Executive Action:

To further assist the department in institutionalizing well-defined 
business systems modernization management controls, to facilitate 
congressional oversight, and promote departmental accountability, we 
recommend that the Secretary of Defense direct the Deputy Secretary of 
Defense, as the chair of the DBSMC, to submit an enterprise 
architecture program management plan to defense congressional 
committees. At a minimum, the plan should define what the department's 
incremental improvements to the architecture and transition plan will 
be, and how and when they will be accomplished, including what (and 
when) architecture and transition plan scope and content and 
architecture compliance criteria will be added into which versions. In 
addition, the plan should include an explicit purpose and scope for 
each version of the architecture, along with milestones, resource 
needs, and performance measures for each planned version, with 
particular focus and clarity on the near-term versions.

Agency Comments and Our Evaluation:

In its written comments on a draft of this report, signed by the Deputy 
Under Secretary of Defense (Business Transformation) and reprinted in 
appendix III, the department stated that it appreciated our analysis of 
its plans and activities and our associated recommendations, adding 
that we continue to be a constructive player in the department's 
efforts to transform its business operations and that it welcomes our 
insights and looks forward to our future participation in its 
transformation efforts. The department also stated that our assessment 
and findings are a fair representation of DOD's efforts to date, and 
while it does not agree with all of our points, it recognizes that even 
in areas of disagreement there is opportunity for dialog and learning. 
In this regard, the department provided additional comments in two 
areas.

First, DOD recognized the importance of addressing our recommendations, 
and stated that it has moved aggressively over the past year to do so. 
It also stated that it is important that we make recommendations that 
are sufficiently specific to permit reasonable implementation and that 
we provide prompt feedback on whether DOD's implementation actions are 
in line with the recommendations. We agree and will continue to work 
proactively and constructively with the department to facilitate the 
implementation of the recommendations in the future.

Second, DOD stated that it partially agreed with the recommendation in 
the draft report, characterizing it as developing a departmentwide 
enterprise architecture program management plan to gain control of the 
department's IT environment. According to DOD, such a plan would far 
exceed the current scope of business systems modernization, and thus 
addressing it would require it to first explore the feasibility of such 
a departmentwide approach and more time than our recommended July 31, 
2006 date for providing the plan to defense congressional committees. 
Accordingly, DOD stated that it would issue a formal position on our 
recommendation by September 30, 2006.

We agree that the business enterprise architecture should be 
departmentwide in scope and that its content should address, and thus 
allow it to gain control of, the department's business IT environment, 
which would include both business systems and supporting IT 
infrastructure and shared services (e.g., information security). 
However, the recommendation in our draft report was not aimed at adding 
this scope and content to the architecture and transition plan by July 
31, 2006. Rather, it was aimed at developing an incremental plan that 
would show what missing scope and content would be added in each 
incremental version of the architecture and transition plan to 
eventually have an enterprise architecture that addressed the full 
scope of the department's business IT environment. The exploration 
activities that DOD identifies in its comments would thus be one aspect 
of what would be done under this incremental program management plan. 
Further, as we recommended, this plan would be much clearer and more 
precise with respect to the purpose, scope, and content of the next 
version of the architecture and transition plan, as well as the time 
frames and resources for producing it, and understandably more notional 
with respect to the later versions that perhaps require exploration 
activities and further thought.

Because the plan that we recommended is fundamental to the continued 
improvement of the architecture and transition plan and congressional 
oversight, we believe that it needs to be developed and provided to 
defense congressional committees expeditiously. However, to further 
ensure that the intent of our recommendation is properly interpreted, 
and to address DOD's concern about the time needed to address it, we 
have slightly modified the recommendation to add clarifying language 
and to exclude a date for the plan's submission to defense 
congressional committees.

We are sending copies of this report to interested congressional 
committees; the Director, Office of Management and Budget; the 
Secretary of Defense; the Deputy Secretary of Defense; the Under 
Secretary of Defense for Acquisition, Technology, and Logistics; the 
Under Secretary of Defense (Comptroller); the Assistant Secretary of 
Defense (Networks and Information Integration)/Chief Information 
Officer; the Under Secretary of Defense (Personnel and Readiness); and 
the Director, Defense Finance and Accounting Service. This report will 
also be available at no charge on our Web site at [Hyperlink, 
http://www.gao.gov].

If you or your staff have any questions on matters discussed in this 
report, please contact me at (202) 512-3439 or hiter@gao.gov, or McCoy 
Williams at (202) 512-9095 or williamsm1@gao.gov. Contact points for 
our Offices of Congressional Relations and Public Affairs may be found 
on the last page of this report. GAO staff who made major contributions 
to this report are listed in appendix V. 

Signed By:

Randolph C. Hite: 
Director: 
Information Technology Architecture and Systems Issues: 

Signed By:

McCoy Williams:
Director:
Financial Management Assurance:

List of Committees:

The Honorable John Warner: 
Chairman: 
The Honorable Carl Levin: 
Ranking Minority Member: 
Committee on Armed Services: 
United States Senate:

The Honorable Ted Stevens: 
Chairman: 
The Honorable Daniel K. Inouye: 
Ranking Minority Member: 
Subcommittee on Defense: 
Committee on Appropriations: 
United States Senate:

The Honorable Duncan L. Hunter: 
Chairman: 
The Honorable Ike Skelton: 
Ranking Minority Member: 
Committee on Armed Services: 
House of Representatives:

The Honorable C.W. Bill Young: 
Chairman: 
The Honorable John P. Murtha: 
Ranking Minority Member: 
Subcommittee on Defense: 
Committee on Appropriations: 
House of Representatives:

[End of section]

Appendix I: Objectives, Scope, and Methodology:

Our objectives were to (1) assess the actions by the Department of 
Defense (DOD) to comply with the requirements of Section 2222 of Title 
10, U.S. Code[Footnote 59] and (2) determine the extent to which DOD 
has addressed our prior recommendations.

Consistent with the Act and as agreed with the staffs of congressional 
defense committees, we used our November 2005 report (GAO-06-219) as a 
baseline and evaluated DOD's efforts relative to the remaining five 
requirements in the Act: (1) development of an enterprise architecture 
that includes an information infrastructure enabling DOD to support 
specific capabilities, such as data standards and system interface 
requirements; (2) development of a transition plan for implementing the 
enterprise architecture that includes specific elements, such as the 
acquisition strategy for new systems; (3) inclusion of business systems 
information in DOD's budget submission; (4) establishment of business 
systems investment review processes and structures; and (5) approval of 
defense business systems investments in excess of $1 million.

To determine whether the architecture addressed the requirements 
specified in the Act, we reviewed version 3.1 of the business 
enterprise architecture, which was released on March 15, 2006. This 
review included analyzing the scope and content of version 3.1 
architecture products to determine whether they addressed the missing 
elements we identified in our November 2005 report. In addition, we 
requested a traceability matrix demonstrating where in the architecture 
each of the elements was addressed and interviewed program officials to 
validate the information in this matrix. In reviewing the products, we 
focused on the changes from version 3.0 and the traceability matrix 
prepared by DOD. In addition, we interviewed key program officials, 
including the Director of Transformation Planning and Performance; 
Special Assistant to the Deputy Under Secretary of Defense (Business 
Transformation); Chief Architect; and the Enterprise Transition Plan 
Team lead, to obtain an understanding of the steps taken and planned to 
address the missing elements we previously reported and to ascertain 
the relationship between the architecture and the plan.

To determine whether the enterprise transition plan addressed the 
requirements specified in the Act, we reviewed the updated enterprise 
transition plan released on March 15, 2006, and included in DOD's March 
15, 2006, annual report to Congress. This review included determining 
whether the transition plan addressed the missing elements identified 
in our November 2005 report, such as an acquisition strategy for new 
systems and a statement of financial and non-financial resource needs. 
Specifically, we requested a traceability matrix demonstrating where in 
the transition plan each of the elements was addressed and interviewed 
program officials to validate the information in this matrix. In 
reviewing the plan, we focused on the changes from the September 30, 
2005, version and the traceability matrix prepared by DOD. We 
interviewed program officials, including the Director of Transformation 
Planning and Performance; Special Assistant to the Deputy Under 
Secretary of Defense (Business Transformation); Chief Architect; and 
the Enterprise Transition Plan Team lead to obtain an understanding of 
the steps taken and planned to address the missing elements we 
previously reported, and to ascertain the relationship between the plan 
and the architecture.

To determine whether DOD's fiscal year 2007 information technology (IT) 
budget submission was prepared in accordance with the criteria set 
forth in the Act, we reviewed and analyzed DOD's fiscal year 2007 IT 
budget request. As part of our analysis, we determined the portion of 
the budget request that related to the department's business systems 
and related infrastructure. We reviewed the accompanying budget 
exhibits and selected capital investment reports to obtain additional 
information on specific business systems.

To determine whether DOD has established investment review structures 
and processes and issued a standard set of investment review and 
decision-making criteria, we reviewed applicable policies and 
procedures issued by the department. In this regard, we interviewed 
program officials to determine whether the one investment review board 
(IRB) that we reported as not being established in our November 2005 
report had since been established, and if not, the reasons why. We also 
examined process documents to see whether they provide for key 
requirements in the Act, such as annual reviews of every investment and 
use of business enterprise architecture compliance criteria.

To determine whether the department was reviewing and approving 
business system investments exceeding $1 million, we obtained from DOD 
the list of business system investments certified by the IRBs and 
approved by the Defense Business Systems Management Committee. Because 
of time constraints, we selectively verified the information provided 
by the department with the certification and approval information in 
the budget request to identify any anomalies. We also analyzed the 
fiscal year 2006 column of the fiscal year 2007 budget request to 
ascertain the specific number of business systems earmarked for 
modernization funding in excess of $1 million. We selected systems from 
our analysis of the IT budget with DOD's list of systems to ascertain 
if the business systems were certified and approved as stipulated by 
the Act. For these selected systems, we obtained and reviewed 
documentation related to the certification and approval process as 
specified in the Act and outlined in the department's tiered 
accountability concept. Furthermore, we met with representatives from 
the Army, the Navy, and the Air Force to ascertain the specific actions 
that were taken (or planned to be taken) in order to perform the annual 
systems reviews as required by the Act.

To determine the extent to which DOD has addressed our open 
recommendations, we met with program officials, including the Director 
of Transformation Planning and Performance, Chief Architect, and the 
Enterprise Transition Plan Team lead, to obtain an understanding of the 
steps taken and planned to address our recommendations. We obtained and 
analyzed documentation that described the specific corrective actions 
taken. We reviewed program documentation, such as the March 15, 2006, 
annual report, updated transition plan, and version 3.1 of the 
architecture to determine whether DOD addressed our recommendations 
related to architecture scope and content. We used our Enterprise 
Architecture Management Maturity Framework, which describes the stages 
of management maturity, to update the status of key elements of 
architecture management best practices that DOD had not adopted. To 
make this determination, we reviewed program documentation, such as 
program policies and procedures, configuration and communications 
plans, and charters for the governance bodies; and we compared them to 
the elements in the framework. We also reviewed documentation regarding 
DOD verification and validation activities in the architecture 
development process. In addition, we reviewed the guidance establishing 
the IRBs and describing the investment management process.

We did not independently validate the reliability of the cost and 
budget figures provided by DOD, because the specific amounts were not 
relevant to our findings.

We conducted our work at DOD headquarters offices in Arlington, 
Virginia, from January through May 2006 in accordance with generally 
accepted government auditing standards.

[End of section]

Appendix II: Prior Recommendations on DOD's Business Enterprise 
Architecture and Investment Management:

GAO report information and recommendation: GAO-01-525: Information 
Technology: Architecture Needed to Guide Modernization of DOD's 
Financial Operations, May 17, 2001: (1) The Secretary of Defense 
immediately designate DOD financial management modernization a 
departmental priority and accordingly direct the Deputy Secretary of 
Defense to lead an integrated program across the department for 
modernizing and optimizing financial management operations and systems; 
Implemented?: Yes: check;  
GAO assessment: Previously implemented.

GAO report information and recommendation: GAO-01-525: Information 
Technology: Architecture Needed to Guide Modernization of DOD's 
Financial Operations, May 17, 2001: (2) The Secretary immediately issue 
a DOD policy that directs the development, implementation, and 
maintenance of an enterprise architecture (EA); 
Implemented?: Yes: check; 
GAO assessment: The Deputy Secretary of Defense issued a memorandum on 
February 7, 2005, establishing the Defense Business Systems Management 
Committee (DBSMC), whose responsibilities, among other things, include 
the approval of the business enterprise architecture (BEA) and the 
enterprise transition plan (ETP). On October 7, 2005, the Deputy 
Secretary of Defense also issued a memorandum establishing the Business 
Transformation Agency (BTA), which is responsible for maintaining and 
updating the BEA and the ETP.

GAO report information and recommendation: GAO-01-525: Information 
Technology: Architecture Needed to Guide Modernization of DOD's 
Financial Operations, May 17, 2001: (3) The Secretary immediately 
modify the Senior Financial Management Oversight Council's charter to; 
* designate the Deputy Secretary of Defense as the Council Chair and 
the Under Secretary of Defense (Comptroller) as the Council Vice-Chair; 
* empower the Council to serve as DOD's EA steering committee, giving 
it the responsibility and authority to ensure that a DOD EA is 
developed and maintained in accordance with the DOD Architecture 
Framework; 
* empower the Council to serve as DOD's financial management investment 
review board, giving it the responsibility and authority to (1) select 
and control all DOD financial management investments and (2) ensure 
that its investment decisions treat compliance with the EA as an 
explicit condition for investment approval that can be waived only if 
justified by a compelling written analysis; and; 
* expand the role of the Council's System Compliance Working Group to 
include supporting the Council in determining the compliance of each 
system investment with the enterprise architecture at key decision 
points in the system's development or acquisition life cycle; 
Implemented?: Yes: check; 
GAO assessment: In February 2005, the Deputy Secretary of Defense 
established the DBSMC, as the highest ranking governance body 
responsible for overseeing DOD business systems modernization efforts 
and; 
* designated the Deputy Secretary of Defense as the Chair and the Under 
Secretary of Defense for Acquisition, Technology, and Logistics as Vice-
Chair; 
* assigned the committee the responsibility of reviewing and approving 
all major releases of the BEA and ETP and assigned the BTA the 
responsibility for maintaining and updating the BEA in accordance with 
DOD Architecture Framework; 
* delegated, on March 19, 2005, the authority for the review, approval, 
and oversight of the planning, design, acquisition, deployment, 
operation, maintenance, and modernization of defense business systems 
to the designated approval authority for each business area; [A] and; 
* issued criteria for reviewing all business systems annually and for 
certifying business system modernizations over $1 million. The 
department's guidance recognizes that one of the key elements in 
evaluating its business system investments is the importance of being 
consistent with the BEA.

GAO report information and recommendation: GAO-01-525: Information 
Technology: Architecture Needed to Guide Modernization of DOD's 
Financial Operations, May 17, 2001: (4) The Secretary immediately make 
the Assistant Secretary of Defense (Command, Control, Communications, & 
Intelligence), in collaboration with the Under Secretary of Defense 
(Comptroller), accountable to the Senior Financial Management Oversight 
Council for developing and maintaining a DOD enterprise architecture; 
In fulfilling this responsibility, the Assistant Secretary appoint a 
chief architect for DOD business management modernization and establish 
and adequately staff and fund an enterprise architecture program office 
that is responsible for developing and maintaining a DOD-wide EA in a 
manner that is consistent with the framework defined in the Chief 
Information Officer (CIO) Council's published guide for managing 
enterprise architectures. In particular, the Assistant Secretary should 
take appropriate steps to ensure that the Chief Architect; 
* obtains executive buy-in and support; 
* establishes architecture management structure and controls; 
* defines the architecture process and approach; 
* develops the baseline architecture, the target architecture, and the 
sequencing plan; 
* facilitates the use of the architecture to guide business management 
modernization projects and investments; and; 
* maintains the architecture; 
Implemented?: Yes: check; 
GAO assessment: The BTA, whose management and oversight is provided 
cooperatively by the Deputy Under Secretary of Defense (Business 
Transformation) and the Deputy Under Secretary of Defense (Financial 
Management) briefs the DBSMC monthly on, among other things, the status 
of the BEA. The Assistant Secretary of Defense (Networks and 
Information Integration)/DOD Chief Information Officer (ASD(NII)/CIO) 
is a member of the DBSMC; In fulfilling this responsibility, the 
department has appointed a Chief Architect under the BTA, and developed 
a position description that outlines the roles and responsibilities of 
the chief architect. In addition, in July 2001, it established a 
program office and according to program officials, the department has 
adequate staff and funding for developing and maintaining the 
architecture. Moreover, the department has taken steps to; 
* obtain executive buy-in and support, as evidence by the establishment 
of the DBSMC; 
* establish the architecture management structure and controls-
-such as establishing one division under the BTA to oversee 
architecture development and maintenance, and another to oversee the 
long-term internal and external communication activities; 
* define the process and approach for developing the current version of 
the architecture; 
* develop the target or "To Be" architecture and the transition plan, 
and intend to incorporate an "As Is" strategy in the next version of 
the architecture; 
* use the architecture to guide its business modernization projects and 
investments; and; 
* assign the BTA the responsibility for maintaining the architecture.

GAO report information and recommendation: GAO-01-525: Information 
Technology: Architecture Needed to Guide Modernization of DOD's 
Financial Operations, May 17, 2001: (5) The ASD(NII)/CIO report at 
least quarterly to the Senior Financial Management Oversight Council on 
the Chief Architect's progress in developing an EA, including the Chief 
Architect's adherence to enterprise architecture policy and guidance 
from the Office of Management and Budget (OMB), the CIO Council, and 
DOD; 
Implemented?: Yes: check; 
GAO assessment: In February 2005, the Deputy Secretary of Defense 
established the DBSMC. As mentioned earlier, the DBSMC is comprised of 
senior executives from across DOD, including the ASD(NII)/ CIO and is 
chaired by the Deputy Secretary of Defense; As stated earlier, the BTA, 
whose management and oversight is provided cooperatively by the Deputy 
Under Secretary of Defense (Business Transformation) and the Deputy 
Under Secretary of Defense (Financial Management), briefs the DBSMC 
monthly on--among other things--the status of DOD's efforts to develop, 
implement, and maintain the architecture and the transition plan, 
including adherence to relevant policies and guidance.

GAO report information and recommendation: GAO-01-525: Information 
Technology: Architecture Needed to Guide Modernization of DOD's 
Financial Operations, May 17, 2001: (6) The Senior Financial Management 
Oversight Council report to the Secretary of Defense every 6 months on 
progress in developing and implementing an EA; 
Implemented?: Yes: check; 
GAO assessment: In February 2005, the Deputy Secretary of Defense 
established the DBSMC. As mentioned earlier, the DBSMC is chaired by 
the Deputy Secretary of Defense, who is briefed monthly on the progress 
of the architecture's development and implementation. According to the 
DBSMC charter, the chair will report to the Secretary of Defense, as 
appropriate.

GAO report information and recommendation: GAO-01-525: Information 
Technology: Architecture Needed to Guide Modernization of DOD's 
Financial Operations, May 17, 2001: (7) The Secretary reports every 6 
months to the congressional defense authorizing and appropriating 
committees on progress in developing and implementing an EA; 
Implemented?: 
Yes: check; 
GAO assessment: Previously implemented.

GAO report information and recommendation: GAO-01-525: Information 
Technology: Architecture Needed to Guide Modernization of DOD's 
Financial Operations, May 17, 2001: (8) Until an enterprise 
architecture is developed and the Council is positioned to serve as 
DOD's financial management investment review board as recommended, the 
Secretary of Defense limit DOD components' financial management 
investments to the deployment of systems that have already been fully 
tested and involve no additional development or acquisition costs; stay-
in-business maintenance needed to keep existing systems operational; 
management controls needed to effectively invest in modernized systems; 
and new systems or existing system changes that are congressionally 
directed or are relatively small, cost effective, and low risk and can 
be delivered in a relatively short time frame; 
Implemented?: In Process: check; 
GAO assessment: On June 2, 2005, the Under Secretary of Defense for 
Acquisition, Technology, and Logistics set forth guidance that 
identified the processes to establish and operate IRBs for the purpose 
of reviewing all business system investments at least annually and for 
certifying business system modernizations over $1 million as required 
by the Fiscal Year 2005 National Defense Authorization Act. 
Furthermore, in April 2006, the Deputy Under Secretary of Defense 
(Business Transformation) and the Deputy Under Secretary of Defense 
(Financial Management) issued BEA compliance guidance. Since the April 
2006 guidance was issued after completion of our field work, we have 
not had the opportunity to assess the guidance to ascertain if it 
addresses the recommendation.

GAO report information and recommendation: GAO-03-458: DOD Business 
Systems Modernization: Improvements to Enterprise Architecture 
Development and Implementation Efforts Needed, February 28, 2003: (1) 
The Secretary of Defense ensure that the enterprise architecture 
executive committee members are singularly and collectively made 
explicitly accountable to the Secretary for the delivery of the 
enterprise architecture, including approval of each version of the 
architecture; 
Implemented?: Yes: check; 
GAO assessment: Previously implemented.
GAO report information and recommendation: GAO-03-458: DOD Business 
Systems Modernization: Improvements to Enterprise Architecture 
Development and Implementation Efforts Needed, February 28, 2003: (2) 
The Secretary of Defense ensure that the enterprise architecture 
program is supported by a proactive marketing and communication 
program; 
Implemented?: In Process: check;  
GAO assessment: Under the BTA, the department has established an 
Information and Federation Strategy office whose responsibilities 
include internal and external communications. In February 2006, this 
office developed a communication strategy and communications plan; 
Based on the best practices defined by the CIO Council's A Practical 
Guide to Federal Enterprise Architecture, we found that the 
communications plan adhered to some of the guidelines--such as 
identifying key audiences, purpose, scope and function and identifying 
communication tools and a number of outreach programs to be used when 
conveying the message to the targeted audiences; However, the 
department's plan and strategy does not fully adhere to the criteria 
set forth by best practices. In particular, the plan lacked an 
explanation of roles and responsibilities and does not include details 
regarding evaluation, metrics, and feedback.

GAO report information and recommendation: GAO-03-458: DOD Business 
Systems Modernization: Improvements to Enterprise Architecture 
Development and Implementation Efforts Needed, February 28, 2003: (3) 
The Secretary of Defense ensure that the quality assurance function 
includes the review of adherence to process standards and reliability 
of reported program performance, is made independent of the program 
management function, and is not performed by subject matter experts 
involved in the development of key architecture products; 
Implemented?: Yes: check; 
GAO assessment: The department has established a quality assurance 
function, which is an embedded process within the overall architecture 
development. This function includes the review of adherence to process 
standards, as appropriate, and it reports to a BTA division that is 
independent of the division responsible for developing and maintaining 
the architecture. It is also authorized to elevate issues to the Under 
Secretary of Defense for Acquisition, Technology, and Logistics.

GAO report information and recommendation: GAO-03-458: DOD Business 
Systems Modernization: Improvements to Enterprise Architecture 
Development and Implementation Efforts Needed, February 28, 2003: (4) 
The Secretary gain control over ongoing IT investments by establishing 
a hierarchy of investment review boards, each responsible and 
accountable for selecting and controlling investments that meet defined 
threshold criteria, and each composed of the appropriate level of 
executive representatives, depending on the threshold criteria, from 
across the department; 
Implemented?: Yes: check; 
GAO assessment: On March 19, 2005, the Deputy Secretary of Defense 
delegated the authority for the review, approval, and oversight of the 
planning, design, acquisition, deployment, operation, maintenance, and 
modernization of defense business systems to the designated approval 
authority for each business area. Additionally, on June 2, 2005, the 
Under Secretary of Defense for Acquisition, Technology, and Logistics 
set forth guidance that identified the processes to establish and 
operate IRBs for the purpose of reviewing all business system 
investments.

GAO report information and recommendation: GAO-03-458: DOD Business 
Systems Modernization: Improvements to Enterprise Architecture 
Development and Implementation Efforts Needed, February 28, 2003: (5) 
The Secretary gain control over ongoing IT investments by establishing 
a standard set of criteria to include (a) alignment and consistency 
with the DOD enterprise architecture and (b) our open recommendations 
governing limitations in business systems investments pending 
development of the architecture; 
Implemented?: Yes: check; 
GAO assessment: As noted above, the Under Secretary of Defense for 
Acquisition, Technology, and Logistics has issued criteria for 
reviewing all business system investments. The guidance points out that 
one of the key elements in evaluating the department's business system 
investments is the importance of being consistent with the BEA. 
Furthermore, in April 2006, the Deputy Under Secretary of Defense 
(Business Transformation) and the Deputy Under Secretary of Defense 
(Financial Management) issued BEA compliance guidance.

GAO report information and recommendation: GAO-03-458: DOD Business 
Systems Modernization: Improvements to Enterprise Architecture 
Development and Implementation Efforts Needed, February 28, 2003: (6) 
The Secretary gain control over ongoing IT investments by directing 
these boards to immediately apply these criteria in completing reviews 
of all ongoing IT investments and to not fund investments that do not 
meet these criteria unless they are otherwise justified by explicit 
criteria waivers; 
Implemented?: Yes: check;  
GAO assessment: As noted above, the Under Secretary of Defense for 
Acquisition, Technology, and Logistics has issued criteria for 
reviewing all business system investments. The guidance points out that 
one of the key elements in evaluating the department's business system 
investments is the importance of being consistent with the BEA. 
Furthermore, in April 2006, the Deputy Under Secretary of Defense 
(Business Transformation) and the Deputy Under Secretary of Defense 
(Financial Management) issued BEA compliance guidance, which the IRBs 
have been directed to use.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003:  
(1) The Secretary of Defense or his appropriate designee define and 
implement an effective investment management process to proactively 
identify, control, and obtain DOD Comptroller review and approval of 
expenditures for new and ongoing business systems investments exceeding 
$1 million while the architecture is being developed and after it is 
completed, and which includes clearly defined domain owners' roles and 
responsibilities for selecting and controlling ongoing and planned 
system investments; 
Implemented?: Yes: check; 
GAO assessment: On June 2, 2005, the Under Secretary of Defense for 
Acquisition, Technology, and Logistics set forth guidance that is to be 
used in reviewing all business system investments at least annually and 
for certifying business system modernizations over $1 million as 
required by the Fiscal Year 2005 National Defense Authorization Act. In 
its March 15, 2006, report to congressional defense committees, the 
department reported that the DBSMC had certified a total of 226 
systems, which represents about $3.6 billion in modernization funding.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003:  
(2) The Secretary of Defense or his appropriate designee implement the 
core elements in our Enterprise Architecture Framework for Assessing 
and Improving Enterprise Architecture Management that we identify in 
this report as not satisfied, including ensuring that minutes of the 
meetings of the executive body charged with directing, overseeing, and 
approving the architecture are prepared and maintained; 
Implemented?: In Process: check; 
GAO assessment: DOD has taken some actions to address the 31 elements 
identified in GAO's Enterprise Architecture Framework for assessing and 
improving enterprise architecture management. DOD has addressed 17 of 
the 31 elements. For example, the BEA is an integral component of the 
IT investment management process and the quality of the BEA products is 
measured and reported. DOD has begun to address 7 additional elements. 
For example, although the BEA plans call for developing metrics for 
measuring progress, quality, and compliance, it does not call for 
developing metrics for return on investment. DOD has yet to begin 
addressing the remaining 7 elements. For example, architecture 
descriptions have yet to address security and return on architecture 
investment is not measured and reported.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003: (3) 
The Secretary of Defense or his appropriate designee update version 1.0 
of the architecture to include the 340 Joint Financial Management 
Improvement Program requirements that our report identified as omitted 
or not fully addressed; 
Implemented?: Yes: check; 
GAO assessment: Previously implemented.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003: (4) 
The Secretary of Defense or his appropriate designee update version 1.0 
of the architecture to include the 29 key elements governing the "As 
Is" architectural content that our report identified as not being fully 
satisfied; 
Implemented?: In Process: check; 
GAO assessment: Program officials stated that "As Is" environment 
analyses and definitions have occurred--and are planned on in an "as 
needed" and "just enough" basis. For example, they described "As Is" 
analysis and definition that has occurred at the system level for 
several of the enterprise-level systems (e.g., DOD Real Property 
Information Systems), and work under way to further understand the 
interdependencies that exist in the current planning, programming, 
budgeting, and execution business process as an essential part of 
developing the "To Be" description of this process. While not included 
in versions 3.0 and 3.1, according to an official, the "As Is" work is 
in fact now being used to perform a business capability gap analysis 
and guide transformation based on the current set of priorities; 
However, DOD has yet to disclose, at a minimum, the "As Is" analyses 
that have and that have not been performed in the architecture 
releases. In addition, DOD has yet to describe in the architecture 
releases the importance and/or irrelevance of "As Is" analyses to the 
systems and initiatives in the enterprise transition plan, and the 
operational activities and business processes in the target 
architecture.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003: (5) 
The Secretary of Defense or his appropriate designee update version 1.0 
of the architecture to include the 30 key elements governing the "To 
Be" architectural content that our report identified as not being fully 
satisfied; 
Implemented?: In Process: check; 
GAO assessment: DOD issued BEA version 3.1 on March 15, 2006, which 
addressed some limitations in the prior version that we reported. 
However, version 3.1 is still missing certain scope and content. For 
example, this version continues to specify DOD's Standard Financial 
Information Structure (SFIS) as an enterprisewide data standard for 
categorizing financial information to support financial management and 
reporting functions. In addition, it adds greater definition on 
standard processes, rules, and data for intra-governmental ordering and 
billing. However, certain SFIS data elements, such as those relating to 
the planning, programming, and budgeting business process area have yet 
to be defined. In addition, the architecture has yet to include a 
systems standards profile to facilitate data sharing among 
departmentwide business systems and promote interoperability with 
departmentwide IT infrastructure systems. Further, military services 
and defense agencies architectures have yet to be aligned with this 
departmental architecture.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003: (6) 
The Secretary of Defense or his appropriate designee update version 1.0 
to ensure that "To Be" architecture artifacts are internally 
consistent, to include addressing the inconsistencies described in this 
report as well as including user instructions or guidance for easier 
architecture navigation and use; 
Implemented?: Yes: check; 
GAO assessment: Version 3.1 of the architecture provides significant 
improvements with regard to navigation and use and addresses the 
internal consistency of the architecture artifacts that we previously 
described.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003: (7) 
The Secretary of Defense or his appropriate designee update version 1.0 
of the architecture to include (a) the 3 key elements governing the 
transition plan content that our report identified as not being fully 
satisfied and (b) those system investments that will not become part of 
the "To Be" architecture, including time frames for phasing out those 
systems; 
Implemented?: In Process: check; 
GAO assessment: DOD issued an updated enterprise transition plan on 
March 15, 2006. This plan provides information on progress on major 
investments over the last 6 months, including key accomplishments and 
milestones attained. Further, the plan builds on the prior plan by 
defining an initiative aimed at identifying capability gaps between the 
"As Is" and "To Be" architectural environments, and DOD continues to 
validate the inventory of ongoing IT investments that formed the basis 
for the prior version of the transition plan. However, while the plan 
includes more information about the termination of legacy systems, it 
still does not identify, for example, all legacy systems that will not 
be part of the target architecture--and it does not include system 
investment information for all of the department's agencies and 
combatant commands.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003:  
(8) The Secretary of Defense or his appropriate designee update version 
1.0 of the architecture to address comments made by the verification 
and validation contractor; 
Implemented?: In Process: check; 
GAO assessment: According to the verification and validation 
contractor, of the 157 comments from version 3.0, 123 were deemed 
potentially in scope for version 3.1. Of these 123 comments, they 
stated that 85 were deferred to the next architecture release and 38 
were to be addressed in version 3.1. The verification and validation 
contractor is currently reviewing version 3.1 and has yet to report on 
whether the 38 comments were addressed in version 3.1.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003:  
(9) The Secretary of Defense or his appropriate designee develop a well-
defined, near-term plan for extending and evolving the architecture and 
ensure that this plan includes addressing our recommendations, defining 
roles and responsibilities of all stakeholders involved in extending 
and evolving the architecture, explaining dependencies among planned 
activities, and defining measures of activity progress; 
Implemented?: In Process: check; 
GAO assessment: The department included a high-level, notional 
description of steps it plans to take over the next year related to 
architecture development, maintenance, and implementation in its most 
recent annual report to Congress. In particular, the department intends 
to define and implement a metrics framework to measure results in terms 
of operational performance improvement, add scope and content to the 
architecture in 6-month increments, and define and use criteria to 
gauge investment compliance with the architecture. However, the 
department has yet to develop a plan to describe, among other things, 
what the architecture and transition plan increments individually or 
collectively will include and not include, with particular emphasis and 
clarity on near-term increments, the resources needed to produce the 
increments, who will be responsible for producing them, and how the 
quality and utility of these increments will be determined.

GAO report information and recommendation: GAO-03-1018: DOD Business 
Systems Modernization: Important Progress Made to Develop Business 
Enterprise Architecture, but Much Work Remains, September 19, 2003: 
(10) The Secretary of Defense or his appropriate designee limit the 
pilot projects to small, low-cost, low-risk prototype investments that 
are intended to provide knowledge needed to extend and evolve the 
architecture, and are not to acquire and implement production version 
system solutions or to deploy an operational system capability; 
Implemented?: In Process: check; 
GAO assessment: According to program officials, the Office of the Under 
Secretary of Defense for Business Transformation has prepared a draft 
policy on initiatives that will serve to define a pilot project in 
terms of size and scope, and detail the process for obtaining approval 
and funding.

GAO report information and recommendation: GAO-04-615: DOD Business 
Systems Modernization: Billions Continue to Be Invested with Inadequate 
Management Oversight and Accountability, May 27, 2004: (1) The 
Secretary of Defense direct the Under Secretary of Defense 
(Comptroller) and the Assistant Secretary of Defense for Networks and 
Information Integration to develop a standard definition for DOD 
components to use to identify business systems; 
Implemented?: Yes: check; 
GAO assessment: This recommendation was absorbed into GAO-05-381 
recommendation #2.

GAO report information and recommendation: GAO-04-615: DOD Business 
Systems Modernization: Billions Continue to Be Invested with Inadequate 
Management Oversight and Accountability, May 27, 2004: (2) The 
Secretary of Defense direct the Assistant Secretary of Defense for 
Networks and Information Integration to expand the existing IT Registry 
to include all business systems; 
Implemented?: Yes: check; 
GAO assessment: On July 13, 2004, the ASD(NII)/CIO directed 
establishment of the DOD Information Technology Portfolio Repository 
(DITPR). According to BTA officials, all identified business systems 
have been entered into the DITPR. As of April 2006, the department 
reported that it had 3,717 business systems.

GAO report information and recommendation: GAO-04-615: DOD Business 
Systems Modernization: Billions Continue to Be Invested with Inadequate 
Management Oversight and Accountability, May 27, 2004: (3) The 
Secretary of Defense direct the Under Secretary of Defense 
(Comptroller) to establish a mechanism that provides for tracking all 
business systems modernization conditional approvals to provide 
reasonable assurance that all specific actions are completed on time; 
Implemented?: Yes: check; 
GAO assessment: The DITPR is being used to track and monitor investment 
decisions. For example, if the DBSMC notes that a business system must 
show how it is compliant with the SFIS, that action is maintained in 
the DITPR and, on completion, the completion date is entered into DITPR.

GAO report information and recommendation: GAO-05-381: DOD Business 
Systems Modernization: Billions Being Invested without Adequate 
Oversight, April 29, 2005: (1) The Secretary of Defense direct that the 
DOD CIO, in consultation with the domains, review the 56 systems 
reclassified from business systems to national security systems to 
determine how these should be properly reported in the fiscal year 2007 
IT budget request; 
Implemented?: Yes: check; 
GAO assessment: The department has appropriately classified the 56 
systems in its fiscal year 2007 IT budget request.

GAO report information and recommendation: GAO-05-381: DOD Business 
Systems Modernization: Billions Being Invested without Adequate 
Oversight, April 29, 2005: (2) The Secretary of Defense direct that the 
Defense Business Systems Management Committee work with the investment 
review boards to review the reported business systems inventory so 
systems are defined in accordance with the definition specified in the 
Fiscal Year 2005 Defense Authorization Act; 
Implemented?: Yes: check; 
GAO assessment: The department's business systems are reported in its 
fiscal year 2007 budget request in accordance with the criteria 
specified in the Act.

GAO report information and recommendation: GAO-05-381: DOD Business 
Systems Modernization: Billions Being Invested without Adequate 
Oversight, April 29, 2005: (3) The Secretary of Defense direct that the 
DBSMC develop a comprehensive plan that addresses implementation of our 
previous recommendations related to the BEA and the control and 
accountability over business systems investments (at a minimum, the 
plan should assign responsibility and estimated time frames for 
completion); 
Implemented?: In Process: check; 
GAO assessment: DOD has documented a series of actions that address our 
recommendations. In its March 15, 2006, report to Congress, DOD stated 
that it had fully implemented our 23 open recommendations and was in 
the process of implementing 6. We agree that DOD has taken actions to 
implement our open recommendations, with 16 being implemented and 13 in 
the process of being implemented. However, while DOD included a high-
level summary in its March 15, 2006 annual report to Congress, it did 
not include information such as responsibilities, time frames, and 
actions planned to address all of the recommendations that have yet to 
be fully implemented.

GAO report information and recommendation: GAO-05-381: DOD Business 
Systems Modernization: Billions Being Invested without Adequate 
Oversight, April 29, 2005: (4) The Secretary of Defense direct that the 
comprehensive plan we recommend be incorporated into the department's 
second annual report due March 15, 2006, to defense congressional 
committees, as required by the Fiscal Year 2005 Defense Authorization 
Act to help facilitate congressional oversight; 
Implemented?: In Process: check; 
GAO assessment: In its March 15, 2006, annual report to Congress, the 
department included a high-level summary that outlines the status of 
our recommendations. However, as noted above, it did not fully satisfy 
our recommendation.

GAO report information and recommendation: GAO-05-702: DOD Business 
Systems Modernization: Long-standing Weaknesses in Enterprise 
Architecture Development Need to Be Addressed, July 22, 2005: (1) The 
Secretary of Defense should direct the Deputy Secretary of Defense, as 
the chair of DBSMC and in collaboration with DBSMC members, to 
immediately fully disclose the state of its BEA program to DOD's 
congressional authorization and appropriations committees, including 
its limited progress and results to date, as well as specific plans and 
commitments for strengthening program management and producing 
measurable results that reflect the department's capability to do so; 
Implemented?: Yes: check; 
GAO assessment: In its March 15, 2006, annual report to Congress, DOD 
disclosed the current state of the BEA program by including key 
milestones for fiscal years 2006 and 2007, accomplishments since 
September 2005, and limitations of and gaps in the architecture and 
transition plan. For example, in an effort to improve visibility into 
personnel activities, in fiscal year 2006, DOD reported that it has 
deployed a civilian personnel data warehouse to facilitate data 
sharing. In addition, the department reported that termination and 
migration dates had yet to be determined for a number of systems.

GAO report information and recommendation: GAO-05-702: DOD Business 
Systems Modernization: Long-standing Weaknesses in Enterprise 
Architecture Development Need to Be Addressed, July 22, 2005: (2) The 
Secretary of Defense should direct the Deputy Secretary of Defense, as 
the chair of the DBSMC and in collaboration with DBSMC members, to 
ensure that each of our recommendations related to the BEA management 
and content are reflected in the plans and commitments; 
Implemented?: In Process: check; 
GAO assessment: In its March 15, 2006, annual report to Congress, the 
department included a high-level summary that outlines the status of 
our recommendations. However, it did not include information such as 
responsibilities, time frames, and actions planned to address all of 
the recommendations that have yet to be fully implemented.

GAO report information and recommendation: GAO-05-702: DOD Business 
Systems Modernization: Long-standing Weaknesses in Enterprise 
Architecture Development Need to Be Addressed, July 22, 2005: (3) The 
Secretary of Defense should direct the Deputy Secretary of Defense, as 
the chair of the DBSMC and in collaboration with DBSMC members, to 
ensure that plans and commitments provide for effective BEA workforce 
planning, including assessing workforce knowledge and skills needs, 
determining existing workforce capabilities, identifying gaps, and 
filling these gaps; 
Implemented?: In Process: check; 
GAO assessment: Program officials told us that they have begun 
analyzing the architecture program's workforce needs and capabilities 
using a three-phase approach. Phase I, which according to DOD is 
complete, resulted in the development of a knowledge and skills model 
for the program's architecture and transition plan staff. The second 
phase, which according to DOD is in progress, involves identifying and 
assessing the knowledge and skills of the existing architecture and 
transition plan staff. According to program officials, this phase will 
set overall program needs and provide the basis for identifying gaps 
and recommendations for filling the gaps. Phase III will implement the 
recommendations. According to DOD, it has not yet established 
milestones for Phase III.

Source: GAO.

[A] Approval authorities include the Under Secretary of Defense for 
Acquisition, Technology, and Logistics; the Under Secretary of Defense 
(Comptroller); the Under Secretary of Defense for Personnel and 
Readiness; and the Assistant Secretary of Defense for Networks and 
Information Integration/Chief Information Officer of the Department of 
Defense. These approval authorities are responsible for the review, 
approval, and oversight of business systems and must establish 
investment review processes for systems under their cognizance.

[B] DOD defines the Global Information Grid as the globally 
interconnected, end-to-end set of information, capabilities, associated 
processes, and personnel for collecting, processing, storing, 
disseminating, and managing information on demand to warfighters, 
policy makers, and support personnel.

[C] Department of Defense Fiscal Year 2007 IT/NSS President's Budget, 
Report on Defense Business Systems Modernization FY2005 National 
Defense Authorization Act, Section 332 February 2006.

[End of table]

[End of section]

Appendix III: Comments from the Department of Defense: 

Office Of The Under Secretary Of Defense:
3000 Defense Pentagon: 
Washington, DC 20301-3000:

Acquisition Technology And Logistics:

Mr. Randolph C. Hite:
Director: 
Information Technology Architecture and Systems Issues: 
U.S. Government Accountability Office:
441 G Street, N. W. Washington, DC 20548:

Dear Mr. Hite:

This is the Department of Defense (DoD) response to the GAO draft 
report, "Business Systems Modernization: DOD Continues to Improve 
Institutional Approach, but Further Steps Needed," dated April 28, 
2006, (GAO Code 310616/GAO-06-658). 

GAO continues to be a constructive partner in the Department's efforts 
to transform internal business operations. Analysis of our plans and 
activities, as well as recommendations for refinement, provide 
important learning on best practices as we move forward. We especially 
appreciate the support and recognition for the Department's continued 
progress in laying the groundwork for success.

We believe the GAO's assessments and findings represent a fair 
representation of the Department's efforts to date. We do not agree on 
all points, yet even in areas of disagreement, we recognize the 
opportunity for dialog and learning on both sides. There are two 
points, detailed below, on which we would like to comment:

Responsiveness to addressing GAO concerns: As noted by GAO, it is 
vitally important that the Department move quickly to institutionalize 
the changes, policies and procedures that have been recently instituted 
in order to maximize the potential for overall success in transforming 
business operations. To that end, the Department moved aggressively 
over the past year to address not only GAO's recommendations, but also 
innumerable other challenges and barriers encountered along the way. 
While it is important that DoD respond to GAO's recommendations, it is 
equally important that GAO make recommendations sufficiently specific 
in scope that they can be reasonably implemented and that GAO provide 
prompt feedback on whether our efforts are in line with their concerns.

New GAO Recommendation: Regarding the GAO's new recommendation that the 
Department develop a department-wide enterprise architecture program 
management plan to gain greater control of the Department's IT 
environment, this far exceeds the scope of business systems 
modernization. The Department will explore the feasibility of a 
department-wide approach to this issue, and publish a formal position 
on this recommendation by September 30, 2006. Our response to this 
recommendation is enclosed.

The Department made important progress over the last year in reshaping 
its approach to modernizing its business operations. With the 
development of the Business Enterprise Architecture and Enterprise 
Transition Plan, we now have the important tools necessary to guide our 
transformation effort. With the implementation and institutionalization 
of the Defense Business Systems Management Committee and Investment 
Review Boards, we have brought the issues of business transformation to 
the forefront of senior leadership attention across the Department. 
Now, with the Business Transformation Agency in place, the Department's 
focus is on delivering the promise that these important tools and 
processes represent. We welcome GAO's insights and look forward to 
their participation in our future efforts.

Signed By:

Paul A. Brinkley:

Deputy Under Secretary of Defense: 
(Business Transformation):

Enclosure: 
As Stated:

Gao Draft Report - Dated April 28, 2006 GAO CODE 310616/GAO-06-658:

"Business Systems Modernization: Dod Continues To Improve Institutional 
Approach, But Further Steps Needed"

Department Of Defense Comments To The Recommendation:

Recommendation 1: The GAO recommended that the Secretary of Defense 
direct the Deputy Secretary of Defense to submit an enterprise 
architecture program management plan to defense congressional 
committees by July 31, 2006. (p. 52/GAO Draft Report):

DOD Response: Partially Concurs. The Department will need time to 
explore the feasibility of a Department-wide approach to this issue, 
and will publish a formal position on this recommendation by September 
30, 2006.

[End of section]

Appendix IV: Summary of Several Architecture Frameworks:

[End of section]

Various enterprise architecture frameworks are available for 
organizations to follow. Although these frameworks differ in their 
nomenclatures and modeling approaches, they consistently help define an 
enterprise's operations in both (1) logical terms, such as interrelated 
business processes and business rules, information needs and flows, and 
work locations and users; and (2) technical terms, such as hardware, 
software, data, communications, and security attributes and performance 
standards. The frameworks help define these perspectives for both the 
enterprise's current, or "As Is," environment and its target, or "To 
Be," environment--as well as a transition plan for moving from the "As 
Is" to the "To Be" environment.

For example, John A. Zachman developed a structure or framework for 
defining and capturing an architecture.[Footnote 60] This framework 
describes six windows or "perspectives" from which to view the 
enterprise: those of (1) the strategic planner, (2) system user, (3) 
system designer, (4) system developer, (5) subcontractor, and (6) 
system itself. Zachman also proposed six models that are associated 
with each of these perspectives; these models describe (1) how the 
entity operates, (2) what the entity uses to operate, (3) where the 
entity operates, (4) who operates the entity, (5) when entity 
operations occur, and (6) why the entity operates. Zachman's framework 
provides a conceptual schema that can be used to identify and describe 
an entity's existing and planned components and their relationships to 
one another before beginning the costly and time-consuming efforts 
associated with developing or transforming the entity.

Since Zachman introduced his framework, a number of other frameworks 
have been proposed. In August 2003, the department released version 1.0 
of the DOD Architecture Framework (DODAF).[Footnote 61] The DODAF 
defines the type and content of the architectural products, as well as 
the relationships among the products that are needed to produce a 
useful architecture. Briefly, it decomposes an architecture into three 
primary views: operational, systems, and technical standards[Footnote 
62] (see fig. 2). According to DOD, the three interdependent views are 
needed to ensure that IT systems support operational needs and that 
they are developed and implemented in an interoperable and cost- 
effective manner.

Figure 2: Interdependent DODAF Views of an Architecture:

[See PDF for image] 

Source: DOD Architecture Framework Version 1.0, Volume 1.

[End of figure]

In September 1999, the federal CIO's Council published the Federal 
Enterprise Architecture Framework (FEAF), which is intended to provide 
federal agencies with a common construct on which to base their 
respective architectures and to facilitate the coordination of common 
business processes, technology insertion, information flows, and system 
investments among federal agencies. FEAF describes an approach, 
including models and definitions, for developing and documenting 
architecture descriptions for multiorganizational functional segments 
of the federal government. Similar to most frameworks, FEAF's proposed 
models describe an entity's business, the data necessary to conduct the 
business, applications to manage the data, and technology to support 
the applications.

In addition, the OMB established the Federal Enterprise Architecture 
(FEA) Program Management Office to develop a federated enterprise 
architecture in the context of five "reference models, and a security 
and privacy profile that overlays the five models."

* The Business Reference Model is intended to describe the federal 
government's businesses, independent of the agencies that perform them. 
This model consists of four business areas: (1) services for citizens, 
(2) mode of delivery, (3) support delivery of services, and (4) 
management of government resources. It serves as the foundation for the 
Federal Enterprise Architecture. The OMB expects agencies to use this 
model as part of their capital planning and investment control 
processes to help identify opportunities to consolidate information 
technology investments across the federal government. Version 2.0 of 
this model was released in June 2003.

* The Performance Reference Model is intended to describe a set of 
performance measures for major information technology initiatives and 
their contribution to program performance. According to OMB, this model 
will help agencies produce enhanced performance information; improve 
the alignment and better articulate the contribution of inputs, such as 
technology, to outputs and outcomes; and identify improvement 
opportunities that span traditional organizational boundaries. Version 
1.0 of this model was released in September 2003.

* The Service Component Reference Model is intended to identify and 
classify information technology service (i.e., application) components 
that support federal agencies and promote the reuse of components 
across agencies. This model is intended to provide the foundation for 
the reuse of applications, application capabilities, components 
(defined as "a self-contained business process or service with 
predetermined functionality that may be exposed through a business or 
technology interface"), and business services. According to OMB, this 
model is a business-driven, functional framework that classifies 
service components with respect to how they support business or 
performance objectives. Version 1.0 of this model was released in June 
2003.

* The Data Reference Model is intended to describe, at an aggregate 
level, the types of data and information that support program and 
business line operations and the relationships among these types. This 
model is intended to help describe the types of interactions and 
information exchanges that occur across the federal government. Version 
2.0 of this model was released in November 2005.

* The Technical Reference Model is intended to describe the standards, 
specifications, and technologies that collectively support the secure 
delivery, exchange, and construction of service components. Version 1.1 
of this model was released in August 2003.

* The Security and Privacy Profile is intended to provide guidance on 
designing and deploying measures that ensure the protection of 
information resources. OMB has released version 1.0 of the profile.

[End of section]

Appendix V: GAO Contact and Staff Acknowledgments:

GAO Contact:

Randolph C. Hite, (202) 512-3439 or hiter@gao.gov:

McCoy Williams, (202) 512-9095 or williamsm1@gao.gov:

Acknowledgments:

In addition to the contacts named above, key contributors to this 
report were Darby Smith, Assistant Director; Neelaxi Lakhmani, Acting 
Assistant Director; and Susan Czachor, Francis Dymond, Eric Essig, 
Nancy Glover, Anh Le, John Martin, Mai Nguyen, Debra Rucker, and Andrea 
Smith.

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov 
Automated answering system: (800) 424-5454 or (202) 512-7470:

Congressional Relations:

Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548:

Public Affairs:

Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548:

According to DOD, major releases are to have substantially new 
architecture content that incorporates emerging enterprise priorities 
and capabilities in support of DOD enterprise systems and initiatives 
and the IRBs. Minor releases are not to contain new enterprise 
priorities or business capabilities, but instead are to provide 
extension and "clean up" of the preceding releases.

FOOTNOTES

[1] Business systems are information systems that include financial and 
non-financial systems and support DOD's business operations, such as 
civilian personnel, finance, health, logistics, military personnel, 
procurement, and transportation. See 10 U.S.C. § 2222 (j) (2).

[2] GAO, High-Risk Program, GAO-06-497T (Washington, D.C.: Mar. 15, 
2006).

[3] An enterprise architecture, or modernization blueprint, provides a 
clear and comprehensive picture of an entity, whether it is an 
organization (e.g., federal department or agency) or a functional or 
mission area that cuts across more than one organization (e.g., 
financial management). This picture consists of snapshots of the 
enterprise's current "As Is" operational and technological environment 
and its target or "To Be" environment, as well as a capital investment 
roadmap for transitioning from the current to the target environment. 
These snapshots further consist of "views," which are basically one or 
more architecture products that provide conceptual or logical 
representations of the enterprise.

[4] GAO, Information Technology: Architecture Needed to Guide 
Modernization of DOD's Financial Operations, GAO-01-525 (Washington, 
D.C.: May 17, 2001).

[5] See, for example, GAO-01-525; DOD Business Systems Modernization: 
Improvements to Enterprise Architecture Development and Implementation 
Efforts Needed, GAO-03-458 (Washington, D.C.: Feb. 28, 2003); 
Information Technology: Observations on Department of Defense's Draft 
Enterprise Architecture, GAO-03-571R (Washington, D.C.: Mar. 28, 2003); 
Business Systems Modernization: Summary of GAO's Assessment of the 
Department of Defense's Initial Business Enterprise Architecture, GAO-
03-877R (Washington, D.C.: July 7, 2003); DOD Business Systems 
Modernization: Important Progress Made to Develop Business Enterprise 
Architecture, but Much Work Remains, GAO-03-1018 (Washington, D.C.: 
Sept. 19, 2003); DOD Business Systems Modernization: Limited Progress 
in Development of Business Enterprise Architecture and Oversight of 
Information Technology Investments, GAO-04-731R (Washington, D.C.: May 
17, 2004); DOD Business Systems Modernization: Billions Being Invested 
without Adequate Oversight, GAO-05-381 (Washington, D.C.: April 29, 
2005); DOD Business Systems Modernization: Long-standing Weaknesses in 
Enterprise Architecture Development Need to Be Addressed, GAO-05-702 
(Washington, D.C.: July 22, 2005).

[6] Ronald W. Reagan National Defense Authorization Act for Fiscal Year 
2005, Pub. L. No. 108-375, § 332, 118 Stat. 1811, 1851-1856 (Oct. 28, 
2004) (codified in part at 10 U.S.C. § 2222).

[7] GAO, DOD Business Systems Modernization: Important Progress Made in 
Establishing Foundational Architecture Products and Investment 
Management Practices, but Much Work Remains, GAO-06-219 (Washington, 
D.C.: Nov. 23, 2005).

[8] This amount does not include an additional $50 billion for military 
operations in Iraq and Afghanistan.

[9] GAO, DOD Business Systems Modernization: Important Progress Made in 
Establishing Foundational Architecture Products and Investment 
Management Practices, but Much Work Remains, GAO-06-219 (Washington, 
D.C.: Nov. 23, 2005).

[10] See, for example, GAO, Defense Inventory: Opportunities Exist to 
Improve Spare Parts Support Aboard Deployed Navy Ships, GAO-03-887 
(Washington, D.C.: Aug. 29, 2003); Military Pay: Army National Guard 
Personnel Mobilized to Active Duty Experienced Significant Pay 
Problems, GAO-04-89 (Washington, D.C.: Nov. 13, 2003); and DOD Travel 
Cards: Control Weaknesses Resulted in Millions of Dollars of Improper 
Payments, GAO-04-576 (Washington, D.C.: June 9, 2004).

[11] GAO-06-497T. The eight specific DOD high-risk areas are: (1) 
approach to business transformation, (2) business systems 
modernization, (3) contract management, (4) financial management, (5) 
personnel security clearance, (6) supply chain management, (7) support 
infrastructure management, and (8) weapon systems acquisition. The six 
governmentwide high-risk areas are (1) disability programs, (2) 
interagency contracting, (3) information systems and critical 
infrastructure, (4) information sharing for homeland security, (5) 
human capital, and (6) real property.

[12] CIO Council, A Practical Guide to Federal Enterprise Architecture, 
Version 1.0 (Feb. 2001).

[13] The Clinger-Cohen Act of 1996, 40 U.S.C. § 11312 and 11315(b)(2).

[14] The E-Government Act of 2002, Public Law 107-347 (Dec. 17, 2002).

[15] OMB Capital Programming Guide, Version 1.0 (July 1997) and GAO, 
Information Technology Investment Management: A Framework for Assessing 
and Improving Process Maturity, GAO-04-394G (Washington, D.C.: March 
2004).

[16] The Clinger-Cohen Act of 1996, 40 U.S.C. sections 11101-11704. 
This Act expanded the responsibilities of OMB and the agencies that had 
been set under the Paperwork Reduction Act with regard to IT 
management. See 44 U.S.C. 3504(a)(1)(B)(vi) (OMB); 44 U.S.C. 3506(h)(5) 
(agencies).

[17] We have made recommendations to improve OMB's process for 
monitoring high-risk IT investments; see GAO, Information Technology: 
OMB Can Make More Effective Use of Its Investment Reviews, GAO-05-276 
(Washington, D.C.: April 15, 2005).

[18] This policy is set forth and guidance is provided in OMB Circular 
No. A-11 (Nov. 2, 2005) (section 300), and in OMB's Capital Programming 
Guide, which directs agencies to develop, implement, and use a capital 
programming process to build their capital asset portfolios.

[19] GAO-04-394G. 

[20] GAO, Information Technology: A Framework for Assessing and 
Improving Enterprise Architecture Management (Version 1.1), GAO-03-584G 
(Washington, D.C.: April 2003); and A Practical Guide to Federal 
Enterprise Architecture, Version 1.0.

[21] See, for example, GAO, Homeland Security: Efforts Under Way to 
Develop Enterprise Architecture, but Much Work Remains, GAO-04-777 
(Washington, D.C.: Aug. 6, 2004); DOD Business Systems Modernization: 
Limited Progress in Development of Business Enterprise Architecture and 
Oversight of Information Technology Investments, GAO-04- 731R 
(Washington, D.C.: May 17, 2004); Information Technology: Architecture 
Needed to Guide NASA's Financial Management Modernization, GAO-04-43 
(Washington, D.C.: Nov. 21, 2003); DOD Business Systems Modernization: 
Important Progress Made to Develop Business Enterprise Architecture, 
but Much Work Remains, GAO-03-1018 (Washington, D.C.: Sept. 19, 2003); 
Business Systems Modernization: Summary of GAO's Assessment of the 
Department of Defense's Initial Business Enterprise Architecture, GAO-
03-877R (Washington, D.C.: July 7, 2003); Information Technology: DLA 
Should Strengthen Business Systems Modernization Architecture and 
Investment Activities, GAO-01-631 (Washington, D.C.: June 29, 2001); 
and Information Technology: INS Needs to Better Manage the Development 
of Its Enterprise Architecture, GAO/AIMD-00-212 (Washington, D.C.: Aug. 
1, 2000).

[22] GAO, Executive Guide: Improving Mission Performance Through 
Strategic Information Management and Technology, GAO/AIMD-94-115 
(Washington, D.C.: May 1994); Office of Management and Budget, 
Evaluating Information Technology Investments, A Practical Guide 
(Washington, D.C.: Nov. 1995); GAO, Assessing Risks and Returns: A 
Guide for Evaluating Federal Agencies' IT Investment Decision-making, 
GAO/AIMD-10.1.13 (Washington, D.C.: Feb. 1997); and GAO-04-394G. 

[23] GAO-03-584G.

[24] GAO-04-394G.

[25] The Business Management Modernization Program's mission for 
advancing departmentwide business transformation efforts, particularly 
with regard to business systems modernization, has been absorbed into 
the BTA.

[26] An enterprise-level system supports cross-organizational 
requirements, rather than a single group or component within an agency 
or organization. A DOD-wide system refers to a system for all of DOD. 
For example, the Defense Civilian Personnel Data System is the system 
that standardizes civilian human resource processes and promotes 
efficiency of service delivery for all DOD civilian personnel. An 
enterprise-level initiative refers to an initiative of an enterprise, 
rather than a group or component within an agency or organization. At 
DOD, an enterprise-level initiative can be an enterprise system, 
program, project, activity, or a family of enterprise systems.

[27] According to DOD, major releases are to have substantially new 
architecture content that incorporates emerging enterprise priorities 
and capabilities in support of DOD enterprise systems and initiatives 
and the IRBs. Minor releases are not to contain new enterprise 
priorities or business capabilities, but instead are to provide 
extension and “clean up” of the preceding releases.

[28] DOD, Department of Defense Architecture Framework, Version 1.0, 
Volume 1 (Aug. 2003) and Volume 2 (Feb. 2004).

[29] Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005, Pub. L. No. 108-375, § 332, 118 Stat. 1811, 1851-1856 (Oct. 
28, 2004) (codified in part at 10 U.S.C. § 2222).

[30] GAO, Information Technology: Architecture Needed to Guide 
Modernization of DOD's Financial Operations, GAO-01-525 (Washington, 
D.C.: May 17, 2001); DOD Business Systems Modernization: Improvements 
to Enterprise Architecture Development and Implementation Efforts 
Needed, GAO-03-458 (Washington, D.C.: Feb. 28, 2003); Information 
Technology: Observations on Department of Defense's Draft Enterprise 
Architecture, GAO-03-571R (Washington, D.C.: Mar. 28, 2003); Business 
Systems Modernization: Summary of GAO's Assessment of the Department of 
Defense's Initial Business Enterprise Architecture, GAO-03-877R 
(Washington, D.C.: July 7, 2003); DOD Business Systems Modernization: 
Important Progress Made to Develop Business Enterprise Architecture, 
but Much Work Remains, GAO-03-1018 (Washington, D.C.: Sept. 19, 2003); 
DOD Business Systems Modernization: Limited Progress in Development of 
Business Enterprise Architecture and Oversight of Information 
Technology Investments, GAO-04-731R (Washington, D.C.: May 17, 2004); 
DOD Business Systems Modernization: Billions Being Invested without 
Adequate Oversight, GAO-05-381 (Washington, D.C.: April 29, 2005); DOD 
Business Systems Modernization: Long-standing Weaknesses in Enterprise 
Architecture Development Need to Be Addressed, GAO-05-702 (Washington, 
D.C.: July 22, 2005).

[31] GAO-06-219.

[32] GAO-06-219; and Defense Management: Foundational Steps Being Taken 
to Manage DOD Business Systems Modernization, but Much Remains to be 
Accomplished to Effect True Business Transformation, GAO-06-234T 
(Washington, D.C.: Nov. 9, 2005).

[33] GAO-06-219.

[34] The United States Standard General Ledger provides a uniform chart 
of accounts and technical guidance used in standardizing federal agency 
accounting.

[35] SFIS is the department's common financial business language.

[36] Intra-governmental transactions involve sales, services, or 
transfers between two entities of the federal government.

[37] The ENT designation represents all business enterprise priorities.

[38] DOD defines the Global Information Grid as the globally 
interconnected, end-to-end set of information, capabilities, associated 
processes, and personnel for collecting, processing, storing, 
disseminating, and managing information on demand to warfighters, 
policy makers, and support personnel.

[39] GAO-06-219.

[40] See, for example, J. A. Zachman, "A Framework for Information 
Systems Architecture," IBM Systems Journal 26, no. 3 (1987); Paula 
Hagan, "Relating Elements of the Zachman Framework, Spewak's Enterprise 
Architecture Planning, and DOD Products" (June 18, 2002); and B. Craig 
Meyers and Patricia Oberndorf, "Managing Software Acquisition Open 
Systems and COTS Products" (Addison-Wesley, 2001).

[41] DOD "components" include the military services, combatant 
commands, defense agencies, and DOD field activities. 

[42] GAO-06-219.

[43] This is a library of DOD standard accounting transactions that 
result from specific business events (e.g., ordering depot-level repair 
parts). It can be used as a baseline to institutionalize the United 
States Standard General Ledger across components; and along with SFIS, 
it provides a standard for DOD to update existing (and deploy new) 
business systems.

[44] GAO-06-219.

[45] GAO-06-219.

[46] DOD included system and budget information for the Defense 
Financial and Accounting Service and Defense Logistics Agency in the 
transition plan. DOD did not include this information for the following 
defense agencies: (1) Ballistic Missile Defense Organization, (2) 
Defense Advanced Research Projects Agency, (3) Defense Commissary 
Agency, (4) Defense Contract Audit Agency, (5) Defense Contract 
Management Agency, (6) Defense Information Systems Agency, (7) Defense 
Intelligence Agency, (8) Defense Legal Services Agency, (9) Defense 
Security Cooperation Agency, (10) Defense Security Service, (11) 
Defense Threat Reduction Agency, (12) National Imagery and Mapping 
Agency, and (13) National Security Agency.

[47] DOD included system and budget information for the Transportation 
Command in the transition plan. DOD did not include this information 
for the (1) Central Command, (2) Joint Forces Command, (3) Pacific 
Command, (4) Southern Command, (5) Space Command, (6) Special 
Operations Command, (7) European Command, and (8) Strategic Command.

[48] As defined in the department's Investment Review Process Overview 
and Concept of Operations for Investment Review Boards, tier 1 systems 
include all systems that are classified as a "major automated 
information system" or a "major defense acquisition program." A major 
automated information system is a program or initiative that is so 
designated by the ASD(NII)/CIO or that is estimated to require program 
costs in any single year in excess of $32 million (fiscal year 2000 
constant dollars), total program costs in excess of $126 million 
(fiscal year 2000 constant dollars), or total life-cycle costs in 
excess of $378 million (fiscal year 2000 constant dollars). A major 
defense acquisition program is so designated by the Secretary of 
Defense, or it is a program estimated by the Secretary of Defense to 
require an eventual total expenditure for research, development, test, 
and evaluation of more than $300 million (fiscal year 1990 constant 
dollars) or an eventual total expenditure for procurement of more than 
$1.8 billion (fiscal year 1990 constant dollars). Tier 2 systems 
include those with modernization efforts of $10 million or greater but 
that are not designated as a major automated information system or a 
major defense acquisition program, or programs that have been 
designated as IRB interest programs because of their impact on DOD 
transformation objectives. The tier system includes another tier in 
addition to these two: tier 3 systems are modernization efforts that 
have anticipated costs greater than $1 million but less than $10 
million.

[49] GAO-06-219.

[50] NCES is intended to provide capabilities that are key to enabling 
ubiquitous access to reliable decision-quality information. NCES 
capabilities can be packaged into four product lines: service-oriented 
architecture foundation (e.g., security and information assurance), 
collaboration (e.g., application sharing), content discovery and 
delivery (e.g., delivering information across the enterprise), and 
portal (e.g., user-defined Web-based presentation).

[51] The Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005 specifies information that the department is to incorporate 
in its budget request for fiscal year 2006 and each fiscal year 
thereafter. Specifically, the Act states that each budget request must 
include information on (1) each defense business system for which 
funding is being requested; (2) all funds, by appropriation, for each 
such business system, including funds by appropriation specifically for 
current services (operation and maintenance) and systems modernization; 
and (3) the designated approval authority for each business system.

[52] Approval authorities, including the Under Secretary of Defense for 
Acquisition, Technology, and Logistics; the Under Secretary of Defense 
(Comptroller); the Under Secretary of Defense for Personnel and 
Readiness; the Assistant Secretary of Defense for Networks and 
Information Integration/Chief Information Officer of the Department of 
Defense; and the Deputy Secretary of Defense or an Under Secretary of 
Defense, as designated by the Secretary of Defense, are responsible for 
the review, approval, and oversight of business systems and must 
establish investment review processes for systems under their 
cognizance.

[53] A key condition identified in the Act includes certification by 
designated approval authorities that the defense business system 
modernization is (1) in compliance with the enterprise architecture; 
(2) necessary to achieve critical national security capability or 
address a critical requirement in an area such as safety or security; 
or (3) necessary to prevent a significant adverse effect on a project 
that is needed to achieve an essential capability, taking into 
consideration the alternative solutions for preventing such an adverse 
effect.

[54] 31 U.S.C. § 1341(a) (1) (A); see 10 U.S.C. § 2222(b).

[55] GAO-04-615 and Army Depot Maintenance: Ineffective Oversight of 
Depot Maintenance Operations and System Implementation Efforts, GAO-05-
441 (Washington, D.C.: June 30, 2005).

[56] GAO-04-615.

[57] GAO-05-381.

[58] One of our recommendations was absorbed into another 
recommendation, which resulted in a total of 29 remaining open 
recommendations.

[59] Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005, Public Law 108-375, § 332, 118 Stat. 1811, 1851-1856 (Oct. 
28, 2004) (codified in part at 10 U.S.C. § 2222).

[60] J.A. Zachman, "A Framework for Information Systems Architecture," 
IBM Systems Journal 26, no. 3 (1987). 

[61] DOD, Department of Defense Architecture Framework, Version 1.0, 
Volume 1 (Aug. 2003) and Volume 2 (Feb. 2004).

[62] There are some overarching aspects of architecture that relate to 
all three of the views. These overarching aspects--such as goals, 
mission statements, and concepts of operations--are captured in the All-
view products.

GAO's Mission:

The Government Accountability Office, the investigative arm of 
Congress, exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony:

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics.

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading.

Order by Mail or Phone:

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:

U.S. Government Accountability Office

441 G Street NW, Room LM

Washington, D.C. 20548:

To order by Phone:

Voice: (202) 512-6000:

TDD: (202) 512-2537:

Fax: (202) 512-6061:

To Report Fraud, Waste, and Abuse in Federal Programs:

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470:

Public Affairs:

Jeff Nelligan, managing director,

NelliganJ@gao.gov

(202) 512-4800

U.S. Government Accountability Office,

441 G Street NW, Room 7149

Washington, D.C. 20548: