Defense IRM:

Alternatives Should Be Considered in Developing the New Civilian Personnel System

AIMD-99-20: Published: Jan 27, 1999. Publicly Released: Jan 27, 1999.

Additional Materials:

Contact:

Randolph C. Hite
(202) 512-6256
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed the Department of Defense's (DOD) efforts to reduce the costs associated with civilian personnel management, focusing on: (1) how DOD determines the number and locations for civilian personnel regional service centers and why is there a wide disparity in the number of regional centers among the services; (2) whether DOD is applying the investment principles of the Clinger-Cohen Act in overseeing, managing, and developing the Defense Civilian Personnel Data System (DCPDS); (3) whether DCPDS duplicates the Office of Personnel Management's (OPM) Employee Express System: (4) whether DOD leadership is aware of the extent and cost of the needed modifications to the commercial-off-the-shelf (COTS) software applications; and (5) whether DOD identified and mitigated the risks associated with the major COTS modifications.

GAO noted that: (1) DOD's current initiative can potentially improve civilian personnel operations and achieve cost savings; (2) however, because the Department has not examined other business process alternatives that could have potentially achieved even greater savings and process efficiencies, there is no assurance that this is the best alternative for civilian personnel operations; (3) before embarking on its costly initiative to improve personnel management, DOD examined two alternatives: (a) outsourcing personnel computer operations to the Department of Agriculture's Finance Center; and (b) regionalizing personnel centers; (4) DOD determined that it would take the National Finance Center about 6 years to prepare for transferring computer operations and that some new functionality built into its legacy system would be lost; (5) however, DOD did not examine several other potentially effective alternatives, including: (a) continuing to centralize all or parts of its personnel management operations to reduce duplicative layers of oversight at the components and ensure more consistent operations DOD-wide; (b) integrating its personnel and payroll management systems; (c) restructuring its regional offices to serve multiple components rather than perpetuating regional offices dedicated to only one component; (d) restructuring local personnel offices to serve multiple bases or installations (they now serve only one base or installation); and (e) outsourcing all civilian personnel operations to the private sector; (6) these alternatives are feasible and may have helped DOD to achieve even greater savings and efficiencies than the current approach; (7) in addition, the Defense Science Board determined that integrating payroll and personnel systems was a viable and cost beneficial option for military personnel; (8) the Civilian Personnel Management Service (CPMS) officials who were responsible for the personnel initiative said that they did not consider these business processing alternatives because: (a) CPMS did not have authority to require the military services and DOD agencies to adopt such approaches; (b) DOD did not allow sufficient time to rigorously examine alternatives; and (c) DOD lacked basic cost and performance data needed to study the alternatives; (9) after it decided on its approach, DOD did not follow a sound process for selecting regions; (10) DOD did not adequately consider a full range of technical options before deciding to replace its legacy system with the Oracle COTS product; and (11) after DOD acquired the Oracle system, it did not mitigate critical technical risks.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: DOD conducted a security test and evaluation to evaluate security features of DCPDS; the Air Force Information Warfare Center performed a computer security engineering assessment of the system; performed security certification visits to contractor (Lockheed Martin) sites, including the disaster recovery site; developed security policies and related documents and disseminated them to user organizations; purchased and tested a data encryption package; instituted a 24 by 7 intrusion detection reporting process for contractor and regional operations; developed a security features users guide, a security annex to the training support plan, and a set of trusted facility manuals to support security awareness and training; developed a technical and functional certification checklist for use during site visits that DOD plans to conduct periodically; and is conducting a review of all contingency plans to ensure component regional centers are prepared to respond to emergencies.

    Recommendation: Regardless of the chosen approach, the Secretary of Defense should take the following actions to mitigate technical, security, and year 2000 risks. To ensure that sensitive personnel data are adequately protected, Defense should: (1) assess its risks and determine security needs; (2) define and implement appropriate policies and related controls, including standards for encrypting data and firewalls; (3) promote security awareness at all sites maintaining the system; and (4) continually monitor and evaluate policy and effectiveness.

    Agency Affected: Department of Defense

  2. Status: Closed - Implemented

    Comments: Civilian Personnel Management Service (CPMS) drafted a charter with its system partners and signed an agreement with its interface partner, Defense Finance and Accounting Service; established a Change Control Board and a charter defining the authority and responsibilities of the board; developed a concept of operations document describing responsibilities for the maintenance, sustainment, and operation of DCPDS; awarded a contract to Lockheed Martin for system operations, sustainment, and maintenance.

    Recommendation: Regardless of the chosen approach, the Secretary of Defense should take the following actions to mitigate technical, security, and year 2000 risks. To ensure that the system is adequately maintained and that modifications are carefully controlled, Defense should: (1) develop agreements with system partners and interface partners to define responsibility for system operations, maintenance, and security; (2) establish a configuration control board comprised of system users to assist in deciding on which changes need to be made to the system, prioritizing change requests, and ensuring that changes are correctly made; and (3) assign clear responsibility for providing technical assistance to Defense components.

    Agency Affected: Department of Defense

  3. Status: Closed - Implemented

    Comments: Civilian Personnel Management Service (CPMS) drafted a set of performance measures based on those used by Fortune 500 companies. CPMS plans to obtain comments on these measures from the Defense components and agencies, incorporate their recommendations, and begin reporting information on the measures in fiscal year 2004.

    Recommendation: Regardless of the business and system alternative selected, Defense should optimize it by collecting, analyzing, and using reliable cost and performance data and making improvements.

    Agency Affected: Department of Defense

  4. Status: Closed - Implemented

    Comments: DOD established a civilian HR systems innovation sub-committee consisting of user representatives and chaired by the Civilian Personnel Management Service (CPMS) to evaluate and recommend new COTS applications and other initiatives for consideration by the DCPDS Change Control Board. DOD assigned its technical contractor (Lockheed Martin) responsibility for continuous evaluation of software products for consideration by CPMS. DOD has conducted a functional analysis of several COTS products to enhance the capabilities of DCPDS, but has not selected any of the products for implementation.

    Recommendation: In analyzing commercially available products, the Secretary of Defense should consider the costs, benefits, and returns-on-investment of all commercially available products that support personnel management. The analysis of commercially available products should consider technical risks, including whether each one can be modified in the future at a reasonable cost. In evaluating the range of business alternatives, consideration should be given to the substantial investment that has already been made in the current approach.

    Agency Affected: Department of Defense

  5. Status: Closed - Implemented

    Comments: Defense' Civilian Personnel Management Service officials informed GAO that DOD has considered business and system alternatives and will continue to consider alternative approaches to improve DCPDS. Based on the alternatives that GAO recommended, the Departments of the Army and Navy have closed three regional centers and they provided documentation indicating these actions will improve operational efficiency and customer service and reduce operating costs by about $2.15 million a year. The officials also stated that the Army also consolidated ten regional databases into one, reducing operating costs by about $619,000 a year and created an electronic personnel folder that will result in about $20 million a year in savings.

    Recommendation: Before Defense starts to deploy the new system beyond test sites, the Secretary of Defense should rigorously evaluate all business and system alternatives to providing personnel services as envisioned by the Clinger-Cohen Act, and, using this data and the system test results, select the most cost beneficial business and system alternative and develop and implement a transition plan for that alternative. Specifically, business alternatives considered should include: (1) use of regions or local offices to serve specific agencies or services; (2) use of regions or local offices to serve multiple agencies and services; (3) centralizing all or parts of personnel management operations that currently operate at component headquarters and major commands; (4) integrating DOD's civilian personnel and payroll management systems; (5) outsourcing civilian personnel computer operations; (6) outsourcing all civilian personnel management services; and (7) acquiring other commercially available products.

    Agency Affected: Department of Defense

  6. Status: Closed - Implemented

    Comments: The remediation for the legacy DCPDS system was completed and contingency plans were completed and fully tested as of August 1999.

    Recommendation: Regardless of the chosen approach, the Secretary of Defense should take the following actions to mitigate technical, security, and year 2000 risks. To mitigate year 2000 risks, Defense should: (1) establish interface agreements that clearly specify date format changes, timeframes for these changes, and processes for resolving conflicts; (2) refine business continuity and contingency plans to ensure that they consider risks posed by external systems and infrastructure; assess the costs and benefits of alternative contingency strategies; and describe resources, staff roles, procedures and timetables needed for implementation of the plan; and (3) test contingency plans to ensure that they are capable of providing the desired level of support to the agency's core business processes and can be implemented within a specified period of time.

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

Sep 16, 2016

Sep 8, 2016

Aug 18, 2016

Aug 3, 2016

Jul 15, 2016

Jul 14, 2016

Jul 13, 2016

Jun 30, 2016

Apr 19, 2016

Looking for more? Browse all our products here