The Department of Defense's (DOD) acquisition of weapon systems and modernization of business systems have both been on GAO's list of high-risk areas since 1995. To assist DOD in managing software-intensive systems, Section 804 of the Bob Stump National Defense Authorization Act for Fiscal Year 2003 required the Office of the Secretary of Defense (OSD) and DOD component organizations, including the military departments, to undertake certain software and systems process improvement (SSPI) actions. As requested, GAO assessed (1) the extent to which DOD has implemented the process improvement provisions of the act, and (2) the impact of DOD's process improvement efforts. To do so, GAO analyzed relevant plans, policies, guidance, performance measures, and reports against statutory requirements and relevant guidance, and interviewed DOD officials.

OSD and the military departments have implemented a number of statutory requirements aimed at improving their processes for acquiring software-intensive systems. However, they have not satisfied all of their respective statutory requirements, or key aspects of relevant SSPI guidance. In particular, OSD has issued guidance calling for military departments and defense agencies to implement process improvement programs, revised guidance to emphasize contractor past performance in source selection decisions, and established a clearinghouse for software and system acquisition and development best practices, all of which are required by the statute. However, it has not implemented a requirement in the statute related to overseeing DOD component organization process improvement programs to ensure compliance with its guidance, and it has not satisfied a key aspect of relevant guidance pertaining to monitoring organizationwide process improvement efforts. According to OSD, process improvement is a component responsibility and thus it does not view oversight of component SSPI efforts as necessary. Without strong, central leadership over DOD's improvement efforts, OSD is not fulfilling key tenets of section 804 and relevant guidance associated with well-managed software process improvement programs, and has increased the risk that component process improvement efforts and their impacts are not being maximized. The military departments have established process improvement programs, although two did not do so within the time frame specified in the statute. Also, each has documented processes that address the four key software process areas cited in the statute, and have taken steps to ensure that key personnel have the appropriate level of software/system-related experience or training, and to develop process improvement performance metrics, as required by the statute. However, none is using these performance metrics for continuous process improvement, as provided for in the statute and relevant guidance. Also, while each has a process governing implementation of key acquisition requirements, these processes do not fully reflect the range of verification steps advocated in relevant guidance. Reasons cited for the state of the department's respective efforts include senior leadership turnover and not viewing all the statutory requirements as necessary. By not having fully implemented the statute and relevant guidance, the military departments are not positioned to maximize the potential of their process improvement efforts. Neither OSD nor the military departments have measured the impact of their collective or separate process improvement efforts. However, studies by GAO and others continue to identify system and software acquisition and development process weaknesses, as well as cost, schedule, and performance shortfalls, across a range of DOD software-intensive programs, thus suggesting that the potential value of these efforts has yet to be fully realized.

Status Legend:

Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

• In Process
• Open
• Closed - implemented
• Closed - not implemented

Recommendations for Executive Action

Recommendation: To strengthen DOD's management of its SSPI efforts, the Secretary of Defense should direct the ASD(NII)/CIO and the USD(AT&L), in concert with the military departments and defense agencies, to jointly develop a DOD-wide strategic plan, and supporting organizational component plans, for ensuring that all of the requirements in section 804 of the 2003 NDAA, as well as relevant SEI guidance, are fully implemented.

Agency Affected: Department of Defense

Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: To strengthen DOD's management of its SSPI efforts, the Secretary of Defense should direct the ASD(NII)/CIO and the USD(AT&L), in concert with the military departments and defense agencies, to jointly and periodically report to the congressional defense committees on their progress in implementing the plan and the impacts of doing so.

Agency Affected: Department of Defense

Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.