Defense Business Systems:

Further Refinements Needed to Guide the Investment Management Process

GAO-14-486: Published: May 12, 2014. Publicly Released: May 12, 2014.

Additional Materials:

Contact:

Carol R. Cha
(202) 512-4456
chac@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Department of Defense (DOD) has developed a portfolio-based investment management process for its defense business systems, certified and approved a majority of its defense business systems, made key improvements to the data used to manage its business investments, and updated its transition plan to assist its efforts in complying with key provisions of section 332 of the Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005 (NDAA or “the act”), as amended (10 U.S.C. § 2222). However, the department continues to face challenges in fully complying with the act's requirements, modernizing its business systems environment, and addressing GAO's prior recommendations (see table).

Table: Status of DOD's Actions Related to the Act's Requirements

Act's requirements

Status of related DOD actions

Establish an investment approval and accountability structure, along with an investment review process

DOD has developed a defense business system investment management framework that reflects key aspects of capital planning and investment control best practices. However, this process is not currently aligned with DOD's budget process and does not call for the department-wide investment review board to focus its attention on more costly, complex, or risky systems, while delegating detailed reviews of other systems to lower organizational levels.

Certify that any business system program costing more than $1 million complies with the business enterprise architecture and has undertaken appropriate business process reengineering

DOD certified about $6.4 billion in fiscal year 2014 expenditures for 1,173 defense business systems and has improved the information it collects about business system certifications. However, while most systems were certified as complying with the act's requirements, reviews supporting these certifications need to be improved, as GAO has previously recommended. In addition, reviewing systems at differing organizational levels based on cost, complexity, risk, or other specified criteria may help address these issues.

Develop a business enterprise architecture

DOD has efforts under way to improve the content of its business enterprise architecture. However, the department's guidance does not require components to proactively use the information collected as part of this process to reduce duplication and overlap of business systems.

Develop an enterprise transition plan

DOD's enterprise transition plan and related documentation include most of information required by the act, such as milestone information, fiscal year 2014 resource needs, and termination dates for legacy systems. Continued effort to address GAO's prior recommendations in this area will help to better inform oversight of the department's business systems investments.

Source: GAO analysis of DOD data.

Department officials cited various reasons for the shortfalls noted above. For example, they stated that aligning the investment review process with the budgeting process takes time to coordinate. They also noted that different systems are reviewed with different levels of scrutiny based on various factors, but those factors are not documented in existing guidance. Continued progress in improving its investment management approach will allow DOD to more effectively manage the billions of dollars the department invests annually in modernizing its business systems.

Why GAO Did This Study

GAO designated DOD's multibillion-dollar business systems modernization program as high risk in 1995, and since then has provided a series of recommendations aimed at strengthening DOD's institutional approach to modernizing its business systems investments. Section 332 of the Fiscal Year 2005 NDAA requires the department to take specific actions relative to its modernization efforts and GAO to assess actions taken by DOD to comply with section 332 of the act. In evaluating DOD's compliance, GAO analyzed, among other things, investment management policies and procedures, certification actions for business system investments, and the latest versions of the department's business enterprise architecture and enterprise transition plan.

What GAO Recommends

GAO is making three recommendations to help improve the department's business system investment management process and business enterprise architecture. DOD concurred with two recommendations and partially concurred with the third—to define criteria for reviewing business systems at appropriate levels in the department. In particular, DOD noted that systems are reviewed within components before being reviewed by the executive-level investment review board. However, until DOD ensures that investments are reviewed at an appropriate level based on defined criteria such as cost, scope, complexity, and risk, the department is at an increased risk of failing to identify and address important issues associated with large-scale and costly systems.

For more information, contact Carol R. Cha at (202) 512-4456 or chac@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help ensure that the department's business systems modernization program is fully compliant with the act and is more effectively implemented, the Secretary of Defense should direct the appropriate DOD management entity to define by when and how the department plans to align its business system certification and approval process with its Planning, Programming, Budgeting, and Execution process.

    Agency Affected: Department of Defense

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help ensure that the department's business systems modernization program is fully compliant with the act and is more effectively implemented, the Secretary of Defense should direct the appropriate DOD management entity to define criteria for reviewing defense business systems at an appropriate level in the department based on factors such as complexity, scope, cost, and risk, in support of the certification and approval process.

    Agency Affected: Department of Defense

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help ensure that the department's business systems modernization program is fully compliant with the act and is more effectively implemented, the Secretary of Defense should direct the appropriate DOD management entity to develop guidance requiring military departments and other defense organizations to use existing business enterprise architecture content to more proactively identify potential duplication and overlap.

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

Jun 10, 2014

May 22, 2014

May 12, 2014

May 8, 2014

May 7, 2014

Apr 2, 2014

Feb 26, 2014

Feb 12, 2014

Looking for more? Browse all our products here