defense icon, source: [West Covina, California] Progressive Management, 2008

Defense: DOD's Business Systems

Opportunities exist for the Department of Defense to optimize business operations and systems.

Action:

The Department of Defense (DOD) needs to develop supporting component architectures and align them with its corporate architecture to complete the federated business enterprise architecture.

Progress:

DOD has taken steps to federate its business enterprise architecture (BEA), as GAO has recommended since 2007. Specifically, DOD has defined a federated approach to its architecture and initiated an effort to improve the architecture. DOD’s federated approach is intended to provide overarching governance across all business systems, functions, and activities within the department through a coherent family of distinct parent and subsidiary architectures that use a common structure and vocabulary to provide visibility across DOD’s efforts. In August 2013, DOD formally chartered its Business Enterprise Architecture Configuration Control Board, which is made up of senior officials representing corporate and component architecture efforts, and is responsible for reviewing proposals and providing recommendations to support component architecture federation and alignment with DOD’s corporate BEA. In addition, in January 2017, the department issued a plan to improve the usefulness of the architecture. However the department’s effort to complete its federated business architecture remains a work in progress. For example as of March 1, 2017, the department had not demonstrated that it had delivered the ability to conduct process and system reviews within and across domains, which is a capability that its plan reported would be delivered by January 5, 2017. In addition, as of March 1, 2017, the department had not yet established policy that clarified the roles, responsibilities, authorities, and relationships between the Deputy Chief Management Officer and military department officials responsible for the BEA and its federation or provided details of an overarching taxonomy to be used across the enterprise, as GAO recommended in June 2012.

As a result of the department’s mixed progress, as of March 1, 2017, the architecture had not yet been federated through development of aligned subordinate architectures for each of the military departments. Until DOD completes the actions discussed above, the department risks not being able to develop an architecture that covers the entire department, thus making the architecture less useful for informing investment decisions.

Implementing Entity:

Department of Defense

Action:

The Department of Defense (DOD) should leverage its federated architecture to avoid investments that provide similar but duplicative functionality in support of common DOD activities.

Progress:

DOD has taken steps to better enable the department to leverage its federated architecture to identify duplicative investments, as GAO suggested in March 2011. For example, GAO reported in July 2015 that DOD had developed guidance requiring military departments and other defense organizations to use existing business enterprise architecture content to more proactively identify duplication and overlap. In particular, the department’s April 2015 business enterprise architecture compliance guidance stated that examining programs for potential duplication and overlap should occur during the problem statement requirements analysis process, which is to occur early in a program’s life cycle. This was in addition to the department’s December 2014 problem statement requirements validation guidance, which called for an enterprise architecture analysis to be conducted that is to determine if a capability already exists within the organization or elsewhere across DOD. The guidance stated that if a solution already exists, the problem statement sponsor is to direct that the existing solution be reused. In November 2016, the department provided examples of systems that had been assessed for potential duplication and overlap based on their associated business activities.  In addition, in January 2017, the department issued a plan to improve the usefulness of the architecture by delivering three major capabilities, including the ability to conduct process and system reviews within and across domains.

Nevertheless, while the department has taken steps to improve its ability to leverage its federated architecture to avoid investments that provide similar but duplicative functionality in support of common DOD activities, more remains to be accomplished. For example, in July 2015, GAO pointed out that 71 percent of business system portfolio managers GAO surveyed had reported that the business enterprise architecture (BEA) had limited or no success in helping to reduce the number of business system applications. Further, as of March 1, 2017, the department had not yet demonstrated that it has delivered planned capabilities to improve the usefulness of the architecture or was actively using its federated BEA to eliminate duplicative systems.

Until DOD further leverages or improves its existing processes for identifying investments that provide similar but duplicative functionality in support of common DOD activities, it will continue to risk making unnecessary investments in potentially duplicative business systems.

Implementing Entity:

Department of Defense

Action:

The Department of Defense (DOD) should work to institutionalize its business systems investment process at all levels of the organization.

Progress:

As of March 1, 2017, DOD had made mixed progress in defining and institutionalizing its business systems investment process at all levels of the organization, as outlined in GAO’s information technology investment management framework (GAO-04-394G) and requirements set out in 10 U.S.C. § 2222 (as amended by the National Defense Authorization Act for Fiscal Year 2012), the Clinger-Cohen Act (40 U.S.C. 11313), and relevant guidance. In July 2015, GAO reported that the department had updated its certification and approval guidance to allow the department to make better informed decisions about system certifications and to inform recommendations on the resources provided to defense business systems as part of the Planning, Programming, Budgeting, and Execution process. For example, according to the department’s certification and approval guidance, dated February 2015, Organizational Execution Plans are to include information about certification requests for the upcoming fiscal year as well as over the course of the Future Years Defense Program. All of this information is to be considered when making certification and approval decisions. Further, the guidance states that the chair of the Defense Business Council is to make programming and budgeting recommendations to the Office of Cost Assessment and Program Evaluation and the DOD Comptroller. More recently, in February 2017, the department issued guidance which defines tiered business system categories and associated certification decision authorities.

Although the department included key investment management updates in its February 2015 certification and approval guidance, these updates did not fully meet GAO’s previous recommendations. For example, as GAO reported in July 2015, the guidance did not specify a process for conducting an assessment or call for the use of actual versus expected performance data and predetermined thresholds. In addition, the guidance did not call for documents provided to the Defense Business Council to include critical information for conducting assessments, such as information about system scalability to support additional users or new features in the future and cost in relationship to return on investment. As of March 1, 2017, the department had not issued an update to its February 2015 certification and approval guidance.

In addition, the National Defense Authorization Act for Fiscal Year 2017 includes provisions that might affect how the department manages its business systems. For example, the act establishes a Chief Management Officer and the accompanying conference report calls for the department to develop a plan by June 2017 to implement a more optimized organizational structure and processes to support information management and cyber operations, including the policy, direction, oversight, and acquisition functions associated with, among other things, business systems.  

Until the department documents this plan and takes additional steps to implement GAO’s portfolio of recommendations aimed at improving its business system investment management efforts, it will continue to be at an increased risk of failing to identify and address important issues associated with its large-scale and costly systems.

Implementing Entity:

Department of Defense

Action:

The Department of Defense (DOD) must ensure that effective system acquisition management controls are implemented on each business system investment.

Progress:

As of February 2017, DOD had taken steps to help ensure effective system acquisition management controls are implemented for its business system investments, as GAO suggested in March 2011. However, the department continues to face challenges ensuring that effective system acquisition and management controls are implemented and reported on for each business system investment, and that systems consistently deliver benefits and capabilities on time and within budget. For example, in GAO’s series of reports on DOD major automated information systems, GAO pointed out that the department has had mixed success in addressing key acquisition practices, such as risk and requirements management. In February 2017, the department issued an instruction on business system requirements and acquisition, which defines roles and responsibilities for developing and validating requirements and for risk management. However, according to officials from the offices of the Deputy Chief Management Officer and the Under Secretary of Defense for Acquisition, Technology and, Logistics, guidance to implement the instruction is still being developed.

GAO has also continued to identify examples of business systems that do not meet expectations and experience significant cost overruns, schedule slippages, and performance issues. For example, in March 2016, GAO reported that the projected cost of the Air Force system that provides financial capabilities, such as cost accounting and collections, had increased about 9 percent from the program’s first February 2012 estimate (from approximately $1.43 billion to $1.56 billion). Program officials attributed the cost increase, in part, to program scope growth and the addition of software upgrade enhancements. GAO also reported that this system experienced a 1-year slippage in its full deployment decision date. Program officials attributed this slippage to findings identified in the system’s initial operational test and evaluation report. In addition, the system did not meet five of its nine key performance indicators. In November 2016, DOD officials stated that the system was not deployed as planned and was undergoing a critical change. As of March 1, 2017, DOD had not demonstrated that updated milestones had been established.  

The National Defense Authorization Act for Fiscal Year 2017 includes provisions that might affect how the department manages its business systems. For example, the act establishes a Chief Management Officer and the accompanying conference report calls for the department to develop a plan by June 2017 to implement a more optimized organizational structure and processes to support information management and cyber operations, including the policy, direction, oversight, and acquisition functions associated with, among other things, business systems.  

Until DOD documents this plan and ensures that effective system acquisition management controls are implemented for each business system investment, it continues to risk that billions of dollars will not be invested effectively to deliver intended benefits.

Implementing Entity:

Department of Defense
  • portrait of
    • Carol C. Harris
    • Director, Information Technology
    • harriscc@gao.gov
    • (202) 512-4456