defense icon, source: [West Covina, California] Progressive Management, 2008

Defense: DOD's Business Systems

The Department of Defense’s business systems modernization: opportunities exist for optimizing business operations and systems.

Action:

The Department of Defense (DOD) needs to develop supporting component architectures and align them with its corporate architecture to complete the federated business enterprise architecture.

Progress:

DOD has defined a federated approach to its architecture and continues to make progress in developing its corporate Business Enterprise Architecture (BEA), but the architecture has yet to be federated through development of aligned subordinate architectures for each of the military departments, as GAO has recommended since 2007. In this regard, as GAO reported in May 2013, the department has made little progress in aligning its corporate and subordinate business architectures. DOD’s federated approach is intended to provide overarching governance across all business systems, functions, and activities within the department through a coherent family of distinct parent and subsidiary architectures that use a common structure and vocabulary to provide visibility across DOD’s efforts. GAO reported in May 2013 that DOD has not yet included common definitions of key terms and concepts to help ensure that these architectures will be properly linked and aligned. In its next annual report in May 2014, GAO reported that the next version of the BEA had not yet been issued and emphasized the need for the department to close previously reported gaps. Further, GAO has also reported that the department has not yet clarified in policy or guidance the roles, responsibilities, authorities, and relationships between the Deputy Chief Management Officer and military department officials responsible for the BEA and its federation, as GAO recommended in June 2012.

In August 2013, DOD formally chartered its BEA Configuration Control Board, which is made up of senior officials representing corporate and component architecture efforts, and is responsible for reviewing proposals and providing recommendations to support component architecture federation and alignment with DOD’s corporate BEA. However, as we reported in May 2014, efforts to define the department’s formal approach for federating its business architecture remain a work in progress. In addition, although there are alignments of investment information with business enterprise architecture content, such as operational activities and business rules, a number of these activities have not yet been further defined, and DOD has not demonstrated that it has developed a plan describing the steps the department will take to address this missing architecture content and align component architectures with its corporate BEA. In March 2015, the Office of the Deputy Chief Management Officer reported that it has taken additional steps to develop supporting component architectures and align them with its corporate business architecture. For example, the office reported that it has established a proof-of-concept for improving its federated architecture approach that will improve alignment between military department architecture information and the BEA. GAO has work underway to assess these efforts.

Further, in December 2013, the Office of the Secretary of Defense announced its intent to realign the oversight of business systems from the Office of the Deputy Chief Management Officer to the Office of the Chief Information Officer and the National Defense Authorization Act for Fiscal Year 2015 includes provisions that impact the roles and responsibilities of the Deputy Chief Management Officer and Chief Information Officer.DOD has not yet fully defined how it intends to execute these transitions, and the impact of these changes on the BEA remains to be seen. Until DOD completes these actions and further documents its plan for implementing these changes to oversight responsibilities for business systems, the department risks not being able to develop an architecture that covers the entire department, thus making the architecture less useful for informing investment decisions.

Action:

The Department of Defense (DOD) should leverage its federated architecture to avoid investments that provide similar but duplicative functionality in support of common DOD activities.

Progress:

DOD has taken steps to better position itself to use its federated architecture to identify duplicative investments in the future. However, the department has not demonstrated that its efforts to leverage its federated architecture have resulted in the consolidation or elimination of investments that provide similar but duplicative functionality. Specifically, DOD has made progress in establishing conditions that better support its ability to leverage its federated Business Enterprise Architecture (BEA) to help consolidate or eliminate duplicative investments or functionality. In April 2013, the Office of the Deputy Chief Management Officer issued its business system certification and approval guidance for systems that were to be certified and approved prior to the obligation of appropriated fiscal year 2014 funds. This guidance and a January 2013 memorandum issued by the Deputy Chief Management Officer called for all defense business systems to use a single architecture compliance tool for documenting their compliance with the department’s BEA.

In February 2014, DOD officials provided data from DOD’s architecture compliance tool that maps business systems to business activities across the various defense business system portfolios. Such automated mapping and analysis can support improved identification of opportunities for consolidating or eliminating duplicative investments among DOD’s billions of dollars of business system investments. For example, the information provided by the department showed that, as of February 2014, 120 systems performed activities associated with maintaining asset information, 110 systems performed activities associated with managing military health services, and 73 systems performed activities associated with receiving and accepting a purchase request. To that end, officials from two military departments—the Army and the Air Force—stated that in fiscal year 2014 they began to identify systems using these data that were potentially duplicative. These officials stated that they have taken initial steps to phase out potentially duplicative systems. However, DOD has not yet demonstrated that its existing processes have resulted in the termination of these or other potentially duplicative systems. Accordingly, we recommended in May 2014 that DOD develop guidance requiring military departments and other defense organizations to use existing BEA content to more proactively identify potential duplication and overlap. However, as of March 2015, the department has not yet demonstrated that it has fully addressed GAO’s recommendation. Nevertheless, in March 2015, the Office of the Deputy Chief Management Officer reported that it will take additional steps to proactively avoid investments that provide similar but duplicative functionality in support of common DOD activities. For example, the office reported that the Department of the Army has begun architecture-based redundancy analysis that has begun to indicate specific instances of overlap with individual Army business systems. GAO has work underway to assess these efforts.

Until DOD further leverages or improves its existing processes for identifying investments that provide similar but duplicative functionality in support of common DOD activities, it continues to risk making unnecessary investments in potentially duplicative business systems.

Action:

The Department of Defense (DOD) should work to institutionalize its business systems investment process at all levels of the organization.

Progress:

DOD has made mixed progress in defining and implementing investment management policies and procedures outlined in GAO’s information technology investment management framework and requirements set out in 10 U.S.C. 2222 (as revised by the National Defense Authorization Act for Fiscal Year 2012), the Clinger-Cohen Act (40 U.S.C. 11313 and relevant guidance). In May 2014, GAO reported that DOD had developed a portfolio-based investment management framework—called the Integrated Business Framework— in April 2013 that reflects key aspects of capital planning and investment control best practices. Importantly, by using the portfolio approach, this framework better positions DOD to compare investments based on factors such as schedule, benefits, and risk, as GAO recommended in May 2013. However, GAO reported in May 2014 that the department had not developed plans to align the budget and investment management process, which would help ensure that systems included in the budget also meet the department’s mission needs and requirements. In addition, the framework does not call for the development of review boards at multiple levels within the department. This type of tiered review-board approach would allow less complex, costly, and risky systems to be reviewed at the component level while more complex, costly, and risky systems could be reviewed by the executive-level investment review board. The department has subsequently revised its business system investment review guidance and reported in March 2015 that it has taken additional steps to improve alignment between the budget and investment management processes. GAO has ongoing work to determine the extent to which the department’s updated guidance addresses GAO’s recommendations.

In addition, the department issued investment management guidance in April 2013 and April 2014 that includes key investment management practices, but its investment management process is still maturing. For example, the April 2013 investment management guidance contained additional requirements for capturing the cost of defense business systems and for strengthening the business enterprise architecture compliance process. In addition, the April 2014 guidance specifies the associated assessments that are to be conducted when reviewing and evaluating component-level organizational execution plans in order to make a portfolio-based investment decision. While this new approach may provide DOD with greater visibility into systems throughout the department and the ability to make tradeoffs among portfolios of investments, it is still maturing, and does not specify a process for conducting an assessment or require the use of actual versus expected performance data and predetermined thresholds, as GAO recommended in May 2013.  In March 2015, the Office of the Chief Management Officer reported taking additional steps to mature its investment management process. For example, the office reported that the military departments now have a greater role in the certification and approval process. GAO has ongoing work to determine the extent to which these additional steps address GAO’s recommendations. As DOD continues to mature its investment management process, ensuring that criteria and procedures for portfolio-level management are fully established and that all information needed to conduct portfolio evaluations is provided in key documents is important for selecting and controlling investments in a manner that best supports the department’s mission needs.

As part of its investment review and certification process, DOD has also taken steps to reengineer certain business processes supported by its defense business systems. However, the department has not demonstrated that it has begun to measure results from these efforts, leaving it uncertain to what extent they have improved the efficiency of the underlying business processes. Specifically, GAO recommended in June 2012 that the department begin to report on the status and results of its reengineering efforts to ensure oversight and promote department accountability. However, as of December 2014, the department had not yet demonstrated that it had fully addressed this recommendation. As GAO reported in May 2014, the department’s March 2014 report to Congress stated that the department validated a sample of business process reengineering assessments and provided a summary of the results of the validations. However, this report did not include key information, such as the number of systems that have undergone material process changes and the status of end-to-end business process reengineering efforts. Until it takes these actions, the department and its stakeholders will not know the extent to which business process reengineering is effectively streamlining and improving business processes needed to transform the department as intended.

Action:

The Department of Defense (DOD) must ensure that effective system acquisition management controls are implemented on each business system investment.

Progress:

DOD continues to face challenges in ensuring effective system acquisition management controls are implemented for its business system investments, as GAO suggested in March 2011. In February 2012, GAO reported that DOD had taken steps to increase acquisition oversight. For example, in December 2012, DOD cancelled a system intended to provide Air Force with a single integrated logistics system when the program failed to achieve deployment within 5 years of obligating funds. However, ensuring that effective system acquisition and management controls are implemented and reported on for each business system investment continues to remain a formidable challenge. In this regard, GAO continues to identify large-scale, software-intensive system acquisitions that fall short of cost, schedule, and performance expectations. Specifically the following are examples of investments that have recently experienced key system acquisition issues, including significant cost overruns, schedule slippages, and performance issues: 

  • A Marine Corps logistics system experienced a 302 percent increase in its cost estimate, from the program’s first acquisition program baseline estimate of approximately $461.4 million in 2007 to about $1.86 billion in December 2013. Program officials attributed the cost increase to technical challenges associated with development and extending the period of contractor maintenance to allow additional time for transferring post-deployment system support to the government. This system also experienced a 6-year slippage in its full deployment date due to technical challenges in developing the second release of the system. Due to these technical challenges, the department decided to remove certain capabilities, and thus it did not fully meet the performance targets.
  • The system intended to maintain electronic health care information in areas of military operations also experienced a schedule slippage and cost increase. Specifically, this system experienced a 2,233 percent increase from its initial estimate of $67.7 million in 2002 to about $1.58 billion in December 2013. According to program officials, these cost estimates were a result of additional capabilities and operations and maintenance costs. In addition, this program is estimated to be delivered in 2016—more than 6 years later than the May 2009 delivery date originally estimated. According to program officials, both the cost increases and schedule delays were due, in part, to the addition of new warfighter requirements and capabilities.

Until DOD effectively monitors and reports on the status of its major business system investments and takes action to prevent known weaknesses as early as possible in the acquisition process, there is a risk that billions of dollars will not be invested effectively to deliver intended benefits.

  • portrait of
    • Carol R. Cha
    • Director, Information Technology
    • chac@gao.gov
    • (202) 512-4456