Defense IRM:

Poor Implementation of Management Controls Has Put Migration Strategy at Risk

AIMD-98-5: Published: Oct 20, 1997. Publicly Released: Oct 20, 1997.

Additional Materials:

Contact:

Randolph C. Hite
(202) 512-6240
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO provided information on the Department of Defense's (DOD) Corporate Information Management (CIM) initiative, focusing on: (1) the number and cost of systems designated for migration, the number of legacy systems already terminated or scheduled for termination, and savings resulting from terminations of legacy systems; and (2) whether DOD's management control and oversight processes for migration systems are ensuring that the investment in CIM-related technology is economically sound and in compliance with its technical and data standards.

GAO noted that: (1) from fiscal years 1995 through 2000, DOD plans to spend at least $18 billion on migration; (2) DOD has selected 363 migration systems and has targeted 1,938 legacy systems for potential termination; (3) despite this substantial investment, DOD did not adhere to decisionmaking and oversight processes it established to ensure that the economical and technical risks associated with migration projects have been mitigated; (4) DOD's primary corporate-level control mechanism for ensuring that sound management and development practices were followed for each migration investment has not been effective; (5) DOD does not have assurance that the migration systems being developed will help achieve its technology goals and that sound business decisions were made in selecting the systems; (6) DOD's traditional acquisition oversight processes also did not support the migration effort because they have not fully ensured that economic analyses for migration projects are prepared and reviewed and that the systems comply with technical and data standards; (7) had there been more rigorous attention to established oversight procedures and sound business practices, DOD might well have avoided the migration problems GAO identified in previous reviews, which unnecessarily cost it hundreds of millions of dollars; (8) in implementing the migration strategy, DOD did not ensure that it had adequate departmentwide visibility over status, costs, and progress; (9) as a result, it could not provide accurate and reliable information, as requested, on the number and cost of systems designated for migration, and the numbers of systems terminated and scheduled to be terminated; (10) DOD has not been able to convincingly demonstrate whether the migration strategy has been successful, and it has not been able to provide the Congress with accurate and reliable information needed for decisionmaking purposes; (11) DOD has taken a positive step to turn around its information technology investment process as part of its implementation of the Clinger-Cohen Act of 1996; (12) the Secretary of Defense outlined his expectations for improvements in management processes and information resources related to information technology; and (13) these expectations incorporate some of the most important elements of the Clinger-Cohen Act and are an excellent starting point for bringing meaningful change to the current information technology management process.

Recommendations for Executive Action

  1. Status: Closed - Not Implemented

    Comments: The Department no longer has a migration system strategy, therefore, there is no longer a need for review and certification of migration system justifications.

    Recommendation: The Secretary of Defense should require the Chief Information Officer (CIO) to review these justifications and certify that they include a business case of operational alternatives for each functional area that clearly demonstrates that continued development and deployment of the migration system is the best solution for improving performance and reducing costs in the functional area it serves, when compared to other available alternatives. The alternatives analyzed should include reengineering the functional area's processes before making investments in information systems and using, when appropriate, the private sector to perform major functions now performed by government personnel and information systems.

    Agency Affected: Department of Defense

  2. Status: Closed - Not Implemented

    Comments: The Department no longer has a migration system strategy, therefore, there is no longer a need for review and certification of migration system justifications.

    Recommendation: The Secretary of Defense should require the CIO to review these justifications and certify that they include an economic analysis showing a return on investment or other results-based benefits to the Department that justify further investment in the migration system.

    Agency Affected: Department of Defense

  3. Status: Closed - Not Implemented

    Comments: The Department no longer has a migration systems strategy, therefore, there is no longer a need for review and certification of migration system justifications.

    Recommendation: The Secretary of Defense should require the CIO to review these justifications and certify that they include current compliance with applicable Defense technical standards and use standard data, or a schedule and plan for bringing the system into compliance with these standards.

    Agency Affected: Department of Defense

  4. Status: Closed - Not Implemented

    Comments: The Department no longer has a migration systems strategy, therefore, there is no longer a need to establish routine procedures for reporting on the status of reviews of migration system justifications.

    Recommendation: The Secretary of Defense should require the CIO to establish routine procedures for reporting on the status of reviews of migration system justifications to the Deputy Secretary of Defense so the information can be used in the Department's planning, programming, and budgeting system. Any exception to the accomplishment of these reviews should be approved by the Deputy Secretary of Defense.

    Agency Affected: Department of Defense

  5. Status: Closed - Implemented

    Comments: On February 27, 2002, DOD issued Directive 8000.1, Management of DOD Information Resources and Information Technology, which provides direction on establishing Chief Information Officers at various levels, consistent with the Clinger-Cohen Act of 1996. Also, the Assistant Secretary of Defense issued a July 13, 2000 memorandum, providing guidance on certification of major automated information systems' compliance with the Clinger-Cohen Act of 1996, and a December 23, 1999 memorandum, requiring that the Assistant Secretary certify and report to Congress that DOD's major automated information systems are developed in accordance with the Clinger-Cohen Act of 1996.

    Recommendation: The CIO should revise Defense's policies, practices, and procedures to institutionalize the management of information systems and technology expenditures as investments and ensure that these investments provide measurable improvements in mission performance.

    Agency Affected: Department of Defense: Office of the Assistant Secretary for Command, Control, Communications, and Intelligence

  6. Status: Closed - Implemented

    Comments: DOD issued Directive 8000.1, which requires that OSD Principal Staff Assistants improve DOD operations and procedures by ensuring the application of sound business practices, exercising oversight of the evaluation and improvement of functional processes, ensuring that economic analyses are prepared and validated as required, and ensuring functional leadership throughout the systems life-cycle phases.

    Recommendation: The Secretary of Defense should direct the CIO in coordination with the Chief Financial Officer (CFO), and other appropriate Defense officials, to ensure that Defense's strategic information technology planning and investment control policies, practices, and procedures include requirements that Principal Staff Assistants document that they and the key stakeholders for their functional areas (including the services, agencies, and major commands) have: (1) conducted thorough economic and risk analyses of alternative operational approaches (business case analyses) for accomplishing the mission of the functional area; (2) examined tradeoffs among the competing proposals; and (3) prioritized the alternative proposals based on mission impact, risk, and return.

    Agency Affected: Department of Defense

  7. Status: Closed - Not Implemented

    Comments: The Department has not yet finalized and issued guidance for developing and using analyses of alternatives and economic analyses for information system decision-making.

    Recommendation: The Secretary of Defense should direct the CIO in coordination with the CFO, and other appropriate Defense officials, to finalize and issue guidance for developing and issuing analyses of alternatives and economic analyses for information system decisionmaking. Once this guidance is issued, the CIO should require that all Defense program managers and Defense managers, as appropriate, be trained in using the guidance. Also, the CIO should ensure that the guidance defines a standard return on investment definition for Defense information systems and require that this definition be used to calculate all returns on investment for information systems efforts. Additionally, the CIO should require that all major migration and other information systems under direct review by the Major Automated Information System Review Council (MAISRC), and those delegated by MAISRC to other oversight organizations for review, have their alternatives analyses and economic analyses independently verified by Defense's Program Analysis and Evaluation (PA&E) office, or another qualified independent review organization, in accordance with this guidance before major investments are authorized for system development/modernization.

    Agency Affected: Department of Defense

  8. Status: Closed - Implemented

    Comments: On May 12, 2003, DOD issued Department of Defense Instruction 5000.2, which specifies that DOD's major automated information systems will comply with the requirements of the Clinger-Cohen Act of 1996. The Clinger-Cohen Act of 1996 requires that post-implementation reviews be performed. As such, DOD has issued an instruction requiring that post-implementation reviews be performed for major automated information systems.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to require post-implementation reviews of migration and other information systems and ensure that these reviews are designed to compare actual systems' costs, benefits, risks, and returns against the original baseline estimates/projections and determine the causes of any differences between planned and actual results.

    Agency Affected: Department of Defense

  9. Status: Closed - Implemented

    Comments: On July 13, 2000, the Assistant Secretary of Defense issued a memorandum on developing major automated information systems that included guidance for developing measurable performance indicators for systematically tracking progress in achieving predetermined goals.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to expedite the definition, coordination, testing, and implementation of information management performance measures in the Department and establish milestones for evaluating progress in implementing these performance measures.

    Agency Affected: Department of Defense

  10. Status: Closed - Not Implemented

    Comments: DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include schedule data necessary to track the progress of major automated information systems development/deployment. DOD has not implemented this recommendation.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the Defense Integration Support Tools (DIST) system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate schedule data necessary to track the progress of each migration system's development/deployment and each legacy system's termination.

    Agency Affected: Department of Defense

  11. Status: Closed - Not Implemented

    Comments: DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include budgeted and actual cost data for each system for which the Department maintains such data; nor an interface with other DOD systems that contain systems' budget and/or cost data. As such, DOD has not implemented this recommendation.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate budgeted and actual cost data on each system for which the Department maintains such data (an alternative to putting budget and cost data in DIST is to establish the capability to directly interface with other systems in the Under Secretary of Defense (Comptroller's) Office or other Defense organizations containing system's budget and/or cost data).

    Agency Affected: Department of Defense

  12. Status: Closed - Not Implemented

    Comments: DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include data necessary to track the progress of major automated information systems in complying with applicable Defense technical and data standards. DOD has not implemented this recommendation.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate data necessary to track the progress of each migration system in complying with applicable Defense technical and data standards, including whether each system has been independently certified to be in compliance with applicable technical and data standards.

    Agency Affected: Department of Defense

  13. Status: Closed - Not Implemented

    Comments: DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include data for tracking progress in accomplishing mission-based performance goals and information management performance goals. DOD has not implemented this recommendation.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate data for tracking progress in accomplishing the mission-based performance goals and information management performance goals for the functional areas supported by each system once these data have been identified.

    Agency Affected: Department of Defense

  14. Status: Closed - Not Implemented

    Comments: DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include information determined to be needed by the Defense Acquisition Board and PA&E. DOD has not implemented this recommendation.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate information determined to be needed for oversight by the Defense Acquisition Board, MAISRC, and PA&E.

    Agency Affected: Department of Defense

  15. Status: Closed - Not Implemented

    Comments: DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include information determined to be needed for management and oversight by the Defense CIO, the CIO Council, other Defense senior managers, and Congress. DOD has not implemented this recommendation.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate information determined to be needed for management and oversight by the Defense CIO, the CIO Council, other Defense senior managers, and the Congress.

    Agency Affected: Department of Defense

  16. Status: Closed - Not Implemented

    Comments: The Department no longer has a migration system strategy, therefore, there is no longer a need to rank migration system justifications.

    Recommendation: To ensure that DOD's continued investment in migration systems provides measurable improvements in mission-related and administrative processes, the Secretary of Defense should require the Defense components to rank development/modernization migration systems justifications and complete them on an expedited basis.

    Agency Affected: Department of Defense

  17. Status: Closed - Not Implemented

    Comments: DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. Because DOD has not established a system development tracking and reporting system, DOD has not implemented management controls and a quality assurance program to ensure that the data in the system are accurate and complete. DOD has not implemented this recommendation.

    Recommendation: The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to develop and implement management controls and a quality assurance program to ensure the DIST data's accuracy and completeness since these data are used to track and report to senior Defense managers and the Congress on the overall status of the migration initiatives and on other Defense information management initiatives.

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

Nov 19, 2014

Aug 1, 2014

Jul 23, 2014

Jul 8, 2014

Dec 5, 2013

Sep 10, 2013

Aug 22, 2013

Jun 20, 2013

Looking for more? Browse all our products here