defense icon, source: [West Covina, California] Progressive Management, 2008

Defense: DOD's Business Systems

The Department of Defense’s business systems modernization: opportunities exist for optimizing business operations and systems.

Action:

The Department of Defense (DOD) needs to develop supporting component architectures and align them with its corporate architecture to complete the federated business enterprise architecture.

Progress:

DOD has defined a federated approach to its architecture and continues to make progress in developing its corporate Business Enterprise Architecture (BEA), but the architecture has yet to be federated through development of aligned subordinate architectures for each of the military departments, as GAO has recommended since 2007. In this regard, as GAO reported in May 2013, the department has made little progress in aligning its corporate and subordinate business architectures. DOD’s federated approach is intended to provide overarching governance across all business systems, functions, and activities within the department through a coherent family of distinct parent and subsidiary architectures that use a common structure and vocabulary to provide visibility across DOD’s efforts. GAO reported in May 2013 that DOD has not yet included common definitions of key terms and concepts to help ensure that these architectures will be properly linked and aligned. In its next annual report in May 2014, GAO reported that the next version of the BEA had not yet been issued and emphasized the need for the department to close previously reported gaps. Further, GAO has also reported that the department has not yet clarified in policy or guidance the roles, responsibilities, authorities, and relationships between the Deputy Chief Management Officer and military department officials responsible for the BEA and its federation, as GAO recommended in June 2012.

In August 2013, DOD formally chartered its BEA Configuration Control Board, which is made up of senior officials representing corporate and component architecture efforts, and is responsible for reviewing proposals and providing recommendations to support component architecture federation and alignment with DOD’s corporate BEA. However, as we reported in May 2014, efforts to define the department’s formal approach for federating its business architecture remain a work in progress. In addition, although there are alignments of investment information with business enterprise architecture content, such as operational activities and business rules, a number of these activities have not yet been further defined, and DOD has not demonstrated that it has developed a plan describing the steps the department will take to address this missing architecture content and align component architectures with its corporate BEA. In March 2015, the Office of the Deputy Chief Management Officer reported that it has taken additional steps to develop supporting component architectures and align them with its corporate business architecture. For example, the office reported that it has established a proof-of-concept for improving its federated architecture approach that will improve alignment between military department architecture information and the BEA. GAO has work underway to assess these efforts.

Further, in December 2013, the Office of the Secretary of Defense announced its intent to realign the oversight of business systems from the Office of the Deputy Chief Management Officer to the Office of the Chief Information Officer and the National Defense Authorization Act for Fiscal Year 2015 includes provisions that impact the roles and responsibilities of the Deputy Chief Management Officer and Chief Information Officer.DOD has not yet fully defined how it intends to execute these transitions, and the impact of these changes on the BEA remains to be seen. Until DOD completes these actions and further documents its plan for implementing these changes to oversight responsibilities for business systems, the department risks not being able to develop an architecture that covers the entire department, thus making the architecture less useful for informing investment decisions.

Action:

The Department of Defense (DOD) should leverage its federated architecture to avoid investments that provide similar but duplicative functionality in support of common DOD activities.

Progress:

DOD has taken steps to better enable the department to leverage its federated architecture to identify duplicative investments, as GAO suggested in March 2011. However, as of December 2015, the department has not yet demonstrated that it is consistently leveraging its architecture to avoid such investments. As GAO reported in July 2015, DOD has developed guidance requiring military departments and other defense organizations to use existing business enterprise architecture content to more proactively identify duplication and overlap. In particular, the department’s April 2015 business enterprise architecture compliance guidance states that examining programs for potential duplication and overlap should occur during the problem statement requirements analysis process, which is to occur early in a program’s life cycle.

In addition, the department’s December 2014 problem statement requirements validation guidance calls for an enterprise architecture analysis to be conducted that is to determine if a capability already exists within the organization or elsewhere across DOD. If a solution already exists, the problem statement sponsor is to direct that the existing solution be reused. However, in July 2015, GAO reported that DOD portfolio managers reported limited achievement of benefits associated with using the Business Enterprise Architecture to help avoid investments that provide similar but duplicative functionality. More specifically, 71 percent of portfolio managers reported limited achievement of benefits, such as reducing the number of applications, and financial benefits, such as cost savings and cost avoidance.

Until DOD further leverages or improves its existing processes for identifying investments that provide similar but duplicative functionality in support of common DOD activities, it continues to risk making unnecessary investments in potentially duplicative business systems.

Action:

The Department of Defense (DOD) should work to institutionalize its business systems investment process at all levels of the organization.

Progress:

As of December 2015, DOD has made mixed progress in defining and implementing investment management policies and procedures outlined in GAO’s information technology investment management framework (GAO-04-394G) and requirements set out in 10 U.S.C. 2222 (as amended by the National Defense Authorization Act for Fiscal Year 2012), the Clinger-Cohen Act (40 U.S.C. 11313) and relevant guidance. GAO suggested this action in March 2011. In July 2015, GAO reported that the department had updated its certification and approval guidance in February 2015 to allow the department to make better informed decisions about system certifications and to inform recommendations on the resources provided to defense business systems as part of the Planning, Programming, Budgeting, and Execution process. For example, according to the department’s February 2015 certification and approval guidance, Organizational Execution Plans are to include information about certification requests for the upcoming fiscal year as well as over the course of the Future Years Defense Program. All of this information is to be considered when making certification and approval decisions. Further, the guidance states that the chair of the Defense Business Council is to make programming and budgeting recommendations to the Office of Cost Assessment and Program Evaluation and the DOD Comptroller.

However, although the department included key investment management updates in its February 2015 certification and approval guidance, these updates do not fully meet GAO’s previous recommendations. For example, as GAO reported in July 2015, the guidance does not specify a process for conducting an assessment or call for the use of actual versus expected performance data and predetermined thresholds. In addition, the guidance does not call for documents provided to the Defense Business Council to include critical information for conducting assessments, such as information about system scalability to support additional users or new features in the future and cost in relationship to return on investment. Further, as of December 2015, DOD has not issued updated certification and approval guidance. DOD officials noted that the National Defense Authorization Act (NDAA) for Fiscal Year 2016 included changes to the planning, programming, acquisition, and control of defense business systems. According to these officials, the department is in the process of evaluating how to implement the new requirements and has plans to issue an update to its February 2015 certification and approval guidance in fiscal year 2016.

DOD has also taken steps to re-engineer certain business processes supported by its defense business systems. Specifically, GAO recommended in June 2012 that the department begin to report on the status and results of its re-engineering efforts to ensure oversight and promote department accountability. However, as of July 2015, the department had not yet demonstrated that it had fully addressed this recommendation. Specifically, the department’s 2015 Congressional Report on Defense Business Operations included some information about DOD’s business process re-engineering efforts, but the report did not include, among other things, the department’s determination of the number of systems that have undergone material process changes, the number of interfaces eliminated as part of these efforts (i.e., by program, by name), and the status of its end-to-end business process re-engineering efforts. While the department’s annual report included information about specific efforts, including the results of re-engineering certain processes, the Office of the Deputy Chief Management Officer (DCMO) has not yet reported on measures such as those called for by GAO’s recommendation. According to officials from the Office of the DCMO, its annual report was not intended to provide the level of detail requested by this recommendation. Further, these officials stated that the Office of the DCMO does not perform business process re-engineering assessments. Rather, the pre-certification authorities have the responsibility to perform business process re-engineering. In addition, the NDAA for Fiscal Year 2016 removed the department’s requirement to issue an annual report on defense business systems. Nevertheless, the department has not demonstrated that it has reported on the results of business process re-engineering efforts as called for by GAO’s recommendation in either its annual report or in any other report to Congress. Reporting on the results of business process re-engineering efforts is an important step for the department to be able to facilitate congressional oversight and promote departmental accountability.

Until it takes these actions, the department and its stakeholders will likely not know the extent to which DOD is selecting and controlling investments in a manner that best supports the department’s mission needs, and they will likely not know whether business process re-engineering is effectively streamlining and improving business processes needed to transform the department as intended.

Action:

The Department of Defense (DOD) must ensure that effective system acquisition management controls are implemented on each business system investment.

Progress:

As of January 2016, DOD has taken steps to help ensure effective system acquisition management controls are implemented for its business system investments, as GAO suggested in March 2011. However, ensuring that effective system acquisition and management controls are implemented and reported on for each business system investment and that systems consistently deliver benefits and capabilities on time and within budget continues to remain a challenge. For example, in February 2015, GAO reported that more needed to be done to establish acquisition program baselines within 2 years of a program’s start date. For instance, an Army program intended to, among other things, provide active Army, National Guard, and Army Reserve tactical units worldwide with the ability to track supplies, spare parts, and organizational equipment took 4 years and 9 months and spent $398 million before establishing a program baseline.

GAO continues to identify large-scale, software-intensive system acquisitions that fall short of cost, schedule, and performance expectations. For example, as of October 2015, the latest life-cycle cost estimate for the first increment of an Air Force system that provides financial capabilities, such as cost accounting and collections, had increased about 9 percent from the program’s first February 2012 estimate (from approximately $1.43 billion up to $1.56 billion). Program officials attributed the cost increase, in part, to program scope growth and the addition of software upgrade enhancements. This system also experienced a 1-year slippage in its full deployment decision date—currently scheduled for February 2016. Program officials attributed this delay to the timing in preparation for the full deployment decision. In addition, the system did not meet four of its nine key performance indicators. Until DOD effectively implements controls for its major business system investments and takes action to prevent known weaknesses as early as possible in the acquisition process, there is a risk that billions of dollars will not be invested effectively to deliver intended benefits.

  • portrait of
    • Carol R. Cha
    • Director, Information Technology
    • chac@gao.gov
    • (202) 512-4456