DOD Business Systems Modernization
The Department of Defense (DOD) spends billions of dollars each year to acquire modern systems that are fundamental to achieving its business transformation goals, including systems that address key areas such as personnel, financial management, healthcare, and logistics. While DOD’s capacity relative to business systems modernization continues to improve, significant challenges remain. These challenges include fully defining and establishing management controls for business systems modernization. Such controls are vital to ensuring that DOD can effectively and efficiently manage an undertaking with the size, complexity, and significance of its business systems modernization and minimize the associated risks.
DOD has demonstrated elements of leadership commitment by taking important steps to more effectively and efficiently manage its effort to modernize its business systems. For example, the department has begun to implement an improved investment management framework and processes. The department has also established the capacity to use its federated architecture to identify potentially duplicative investments. However, more needs to be done to leverage DOD’s capacity to identify potentially duplicative investments and to ensure that, among other things, systems receive appropriate levels of review as part of DOD’s improved investment management framework. In addition, the department’s business systems continue to fall short of cost, schedule, and performance expectations. Moreover, the department has not established an action plan highlighting how it plans to improve the use of its business architecture, take important steps to improve its business system investment management process, and improve its business system acquisition outcomes. Furthermore, the department’s efforts may be constrained during the transition of business system investment responsibilities from the Office of the Deputy Chief Management Officer to the new Under Secretary of Defense for Business Management and Information/Chief Information Officer, and the implementation of provisions in the Carl Levin and Howard P. “Buck” McKeon National Defense Authorization Act for Fiscal Year 2015 that impact these positions.
DOD’s business systems environment includes about 2,200 investments, which cost billions of dollars each year. Since we first designated this area as high risk in 1995, we made 284 recommendations aimed at strengthening DOD’s institutional approach to modernization and reducing the risks associated with acquiring and managing key investments. DOD has implemented 167 of these recommendations as of December 2014. For example, since 2001, we made a series of recommendations relative to developing and using a business enterprise architecture—a modernization blueprint that is intended to provide a clear and comprehensive picture of the department—and to establishing effective investment management controls to guide and constrain DOD’s multibillion-dollar business systems and services investments. Since 2002, Congress has included provisions consistent with our recommendations in DOD annual authorizing legislation.
Between 2005 and 2008, we reported that DOD had made progress toward implementing key institutional modernization management controls in response to statutory provisions and our recommendations. For example, DOD continued to update its architecture, which addressed important legislative requirements and practices that we identified as missing. Notwithstanding this progress, in May 2009 we reported that DOD’s efforts to modernize its management controls had slowed compared with previous years, leaving much to be accomplished. Since that time, DOD has continued to take steps to comply with statutory provisions and to satisfy relevant system modernization management guidance. While DOD has initiated numerous management activities aimed at modernizing its business systems environment, it has demonstrated limited results.
In this regard, our work has highlighted challenges that DOD has continued to face in leveraging the architecture to avoid investments that provide duplicative functionality in support of common activities. Our work has also highlighted DOD’s challenges with institutionalizing the business systems investment process and with ensuring that effective system acquisition management controls are implemented for each business system investment.
DOD’s Federated Business Enterprise Architecture
DOD has demonstrated progress by establishing the capacity to leverage its federated Business Enterprise Architecture to identify potentially duplicative investments; however, the department has yet to leverage this capacity to eliminate duplicative systems. In 2014, the department completed efforts to automate its business architecture compliance review process. According to officials, this automation was expected to improve the department’s efforts to identify potentially duplicative systems. In addition, the department’s Deputy Chief Management Officer demonstrated leadership commitment by requiring all business systems to be entered into the architecture compliance tool before they could be certified and approved to obligate fiscal year 2014 funds. The information produced by this requirement helps to support decision makers’ efforts to identify potentially duplicative programs. For example, as we reported in May 2014, DOD officials provided data from the department’s business architecture compliance tool showing that 120 systems performed activities associated with maintaining asset information and 110 systems were associated with managing military health services. However, DOD leadership does not require program managers or other DOD officials to use its Business Enterprise Architecture to identify and address potential duplication. Moreover, DOD leadership has not defined action plans describing how DOD will ensure that the department is using its business architecture to identify and address potentially duplicative investments. As a result, DOD is not monitoring progress demonstrated against such plans.
DOD’s Business System Investment Management Process
DOD has made progress in demonstrating leadership commitment and making improvements to its business system investment management process by taking steps to define and implement important policies and procedures for managing portfolio-level investments consistent with our IT Investment Management framework and the statutory investment management and business system modernization provisions. For example, in 2014 we reported that DOD was continuing its efforts to further define and implement its defense business system governance framework—called the Integrated Business Framework. According to DOD, the framework is intended to align the department’s strategic objectives with its defense business system investments. The department uses this framework, which includes six portfolios that align to eight functional areas, to manage business operations and investments.
In addition, DOD has generally concurred with our recommendations to address improvements to its management of business systems. DOD needs to show continued leadership commitment and progress in addressing our associated recommendations as it takes steps to improve its business system investment management process. These recommendations are aimed at aligning the department’s investment management process with its budgeting process, thus ensuring that investments are certified and approved before funds are allocated, as well as ensuring that business systems receive the appropriate level of review using a tiered investment review board approach. Furthermore, DOD has not established action plans for addressing gaps in its business system investment management approach and therefore is not monitoring progress demonstrated against such plans.
DOD’s Business System Acquisition Management
DOD has taken steps to improve the department’s business systems acquisition management outcomes. For example, in March 2014 we noted that the department had made mixed progress in addressing key acquisition practices, such as risk management, requirements management, and project monitoring and control, on selected major IT acquisitions, including DOD business systems. We continue to identify examples of business systems that do not meet expectations and experience key system acquisition issues, including significant cost overruns, schedule slippages, and performance issues. For example, in March 2014 we reported the following:
- The Defense Health Agency experienced significant cost increases and schedule delays in its development of a system to support warfighters and health care providers with patient, medical logistics, and medical command and control data. Specifically, the latest life cycle estimate for this system had increased approximately 2,233 percent—from $67.7 million in November 2002 to $1.58 billion as of December 2013. In addition, the system’s full deployment date slipped by more than 6 years—from May 2009 to the first quarter of fiscal year 2016. Moreover, the agency did not have clearly defined capabilities for the system and there was not complete traceability between all of the system’s requirements and work products.
- A Navy system intended to support logistics planners and operators worldwide to manage combat logistics also had significant cost increases and schedule delays. Specifically, the latest life-cycle cost estimate for this system had increased approximately 302 percent—from $461.4 million in June 2007 to $1.86 billion in December 2013. In addition, the system’s full deployment date slipped by 6 years and is currently scheduled for the fourth quarter of 2015. Finally, this program had not always taken corrective actions to address issues in a timely manner. For example, as early as December 2008 the Navy was aware of technical complexities related to specific capabilities of the system. However, Navy officials did not decide to remove the capabilities until after it had spent about $48.4 million and 4.5 years developing them.
DOD has also begun to demonstrate leadership commitment to improve its business system acquisition outcomes by recognizing that it needs to take steps to more effectively implement key Office of Management and Budget IT reform initiatives. If implemented effectively, the department’s efforts to respond to these initiatives could help improve acquisition outcomes. However, in October 2012, we reported that DOD did not rate any of its investments as high risk on the Federal IT Dashboard—a website that allows the public to monitor the performance of major IT investments—despite significant cost, schedule, and performance issues that we and others reported. Therefore, we recommended that DOD ensure that its risk ratings reflect available investment performance assessments so that the department could better demonstrate progress made in improving investment performance. The department concurred; nonetheless, as of August 2014, the dashboard showed that for DOD’s 118 major investments, 107 were low or moderately low risk, 11 were medium risk, and zero were moderately high or high risk.
Moreover, in May 2014, we reported on the importance of IT investments delivering capabilities in smaller increments over shorter periods of time, in contrast to the way that agencies such as DOD have typically approached system development activities. However, of the 37 DOD investments we reviewed, only 1 planned to deliver functionality every 6 months and only 11 planned to deliver functionality every 12 months. Accordingly, we recommended that DOD update its incremental development policies to ensure that it complies with Office of Management and Budget guidance for requiring more frequent delivery of system functionality. The department generally concurred with our recommendations. In addition, DOD has not established an action plan for addressing needed improvements to its business system acquisition management efforts and therefore is not monitoring progress against such plans. In the absence of such a plan and policies, DOD continues to run the risk of failing to deliver major investments in a cost-effective and efficient manner.
In addition to these concerns, in May 2013 we reported that the office of the Deputy Chief Management Officer, which is responsible for annually reviewing and approving the expenditure of funds associated with DOD business systems, had not conducted human capital analyses and that no plans existed to analyze and address skill gaps, thus limiting the department’s capacity to lead improvement initiatives in each of these areas. In addition, in December 2013 the Secretary of Defense announced plans for transitioning the responsibility of business systems to DOD’s Chief Information Officer and the National Defense Authorization Act for Fiscal Year 2015 includes provisions that transition business system modernization roles from the Deputy Chief Management Officer to a new Under Secretary of Defense for Business Management and Information who will also serve as the Department’s Chief Information Officer. DOD has not yet fully defined how it intends to execute these transitions, and it remains to be seen how these changes will impact the use of DOD’s Business Enterprise Architecture, its business system investment management approach, and business system acquisitions.
Until DOD fully defines and consistently implements the full range of business systems modernization management controls, it may not be able to adequately ensure that its business system investments are the right solutions for addressing its business needs. Additionally, it will not be able to effectively demonstrate that its business system investments are being managed to streamline business processes, to produce expected capabilities efficiently and cost effectively, and to deliver planned benefits. We plan to continue to monitor DOD’s efforts to address these areas. To this end, we have ongoing work focusing on (1) the effectiveness of DOD’s Business Enterprise Architecture, (2) the status of DOD’s response to our prior recommendations pertaining to business systems modernization, (3) DOD’s ability to measure the impact of its modernization efforts and to demonstrate results, and (4) the extent to which selected major automated information systems are meeting planned cost and schedule milestones and performance measures.
 In a federated enterprise architecture, member architectures (e.g., Air Force, Army, and Navy) conform to an overarching corporate or parent architecture and utilize a common vocabulary. This approach aims to provide governance across all business systems, functions, and activities within the department and improve visibility across DOD’s respective efforts.
 These portfolios are documented in functional strategies, which define business outcomes, priorities, measures, and standards for a given functional area within DOD. The functional areas are acquisition; defense security enterprise; enterprise IT infrastructure; financial management; human resources management and health management; installations and environment; logistics and materiel readiness; and security cooperation.
 The dashboard aims to provide transparency for these investments to aid public monitoring of government operations. It is to do so by reporting, among other things, how agency chief information officers rate investment risk.
DOD must more fully demonstrate leadership commitment and progress in implementing critical IT modernization management controls. For example, the department needs to improve how it uses the federated business architecture, along with other related mechanisms, to identify and address potential duplication and overlap across its business systems environment. In addition, the department needs to take steps to address key portfolio management practices documented in our IT Investment Management Framework. These steps include improving the alignment of its business system certification and approval and budgeting processes and ensuring that systems receive the appropriate level of review.
DOD also needs to ensure that its business system investments are managed with the kind of acquisition management rigor and discipline embodied in relevant guidance and best practices, so that each investment will deliver expected benefits and capabilities on time and within budget. In particular, the department should ensure that its cost, schedule, and performance information reported on the Office of Management and Budget’s IT Dashboard is reliable and, over time, demonstrates improvement in achievement of cost, schedule, and performance expectations.
The department should also demonstrate that it is taking steps to improve its guidance on incrementally developing IT systems to help ensure a timely delivery of needed capabilities. Furthermore, DOD should demonstrate that plans exist for addressing these various actions and associated recommendations and that the department is monitoring progress against these plans and demonstrating progress and related outcomes. The department also needs to ensure that it has the appropriate capacity in place by conducting needed human capital analyses and implementing the future business system related roles and responsibilities of the Under Secretary of Defense for Business Management and Information/Chief Information Officer.
GAO-14-486: Published: May 12, 2014. Publicly Released: May 12, 2014.
GAO-14-361: Published: May 1, 2014. Publicly Released: May 8, 2014.
GAO-14-400T: Published: Feb 26, 2014. Publicly Released: Feb 26, 2014.
GAO-13-557: Published: May 17, 2013. Publicly Released: May 17, 2013.
GAO-13-98: Published: Oct 16, 2012. Publicly Released: Nov 15, 2012.