This is the accessible text file for GAO report number GAO-05-381 
entitled 'DOD Business Systems Modernization: Billions Being Invested 
without Adequate Oversight' which was released on June 8, 2005. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to Congressional Requesters: 

April 2005: 

DOD Business Systems Modernization: 

Billions Being Invested without Adequate Oversight: 

GAO-05-381: 

GAO Highlights: 

Highlights of GAO-05-381, a report to congressional requesters: 

Why GAO Did This Study: 

Despite its significant investment in business systems, the Department 
of Defense (DOD) continues to have long-standing financial and business 
management problems that preclude the department from producing 
reliable and timely information for making decisions and for accurately 
reporting on its billions of dollars of assets. GAO was asked to (1) 
identify DOD's fiscal year 2005 estimated funding for its business 
systems and (2) determine whether DOD has effective control and 
accountability over its business systems modernization investments. 

What GAO Found: 

DOD's business and financial management weaknesses have resulted in 
billions of dollars wasted annually in a time of increasing fiscal 
constraint. These weaknesses continue despite DOD requesting over $13 
billion in fiscal year 2005--about $6 billion less than in fiscal year 
2004--to operate, maintain, and modernize its existing duplicative 
business systems. The difference is more a reclassification of systems 
rather than an actual spending reduction. Some of the reclassifications 
appeared reasonable and others were questionable due to inconsistent 
information. At the same time, DOD reported an increase in the number 
of business systems to 4,150 as of February 2005--an increase of about 
1,900 systems since April 2003. The duplicative and stovepiped nature 
of DOD's systems environment is illustrated by the numerous systems in 
the same business area. For example, DOD reported that it has over 
2,000 logistics systems--an increase of approximately 255 percent since 
April 2003. 

DOD still does not have an effective departmentwide management 
structure for controlling business systems investments. Furthermore, 
DOD is not in compliance with the National Defense Authorization Act 
for Fiscal Year 2003, which requires the DOD Comptroller to determine 
that system improvements with obligations exceeding $1 million meet the 
criteria specified in the act. Based on limited information provided by 
DOD, system improvements totaling about $243 million of obligations 
over $1 million were not reviewed by the DOD Comptroller in fiscal year 
2004. Cumulatively, based upon DOD's reported data, system improvements 
totaling about $651 million of obligations over $1 million were not 
reviewed by the DOD Comptroller before obligations were made since 
passage of the 2003 act. 

DOD Business Systems with Obligations in Excess of $1 Million for 
Modernizations Not Submitted to the DOD Comptroller (Dollars in 
Millions): 

Component: Army; 
Fiscal year 2003: $78; 
Fiscal year 2004: $40; 
Total: $118. 

Component: Navy; 
Fiscal year 2003: $62; 
Fiscal year 2004: $93; 
Total: $155. 

Component: Air Force; 
Fiscal year 2003: $53; 
Fiscal year 2004: $79; 
Total: $132. 

Component: Defense Logistics Agency; 
Fiscal year 2003: $168; 
Fiscal year 2004: $10; 
Total: $178. 

Component: TRICARE; 
Fiscal year 2003: $6; 
Fiscal year 2004: $17; 
Total: $23. 

Component: U.S. Transportation Command; 
Fiscal year 2003: $1; 
Fiscal year 2004: $1; 
Total: $2. 

Component: Defense Finance and Accounting Service; 
Fiscal year 2003: $40; 
Fiscal year 2004: $3; 
Total: $43. 

Component: Total; 
Fiscal year 2003: $408; 
Fiscal year 2004: $243; 
Total: $651. 

Source: GAO analysis of DOD reported information. 

[End of table]

The 2005 defense authorization act directed that DOD put in place a 
management structure to improve the control and accountability over 
business systems investments by placing more responsibility with the 
domains. At the same time, each military service has its own investment 
review process. Absent an integrated management structure that clearly 
defines the relationship of the domains and the military services, DOD 
will be at risk that the parochialism contributing to the current 
problems will continue. 

What GAO Recommends: 

GAO makes four recommendations to DOD: (1) review the reclassified 
systems to determine how these should be properly reported, (2) review 
the reported business systems inventory so systems are defined in 
accordance with the definition specified in the fiscal year 2005 
defense authorization act, (3) develop and implement a comprehensive 
plan that addresses GAO's previous recommendations related to the 
business enterprise architecture and the control and accountability 
over business systems investments, and (4) submit the plan to the 
congressional defense committees. 

DOD concurred with the recommendations and described efforts to address 
them. 

www.gao.gov/cgi-bin/getrpt?GAO-05-381. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Gregory Kutz at (202) 512-
9095 or Keith A. Rhodes at (202) 512-6412. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

DOD Lacks Accurate Information on the Costs and Number of Business 
Systems: 

Limited Progress Made in DOD's Efforts to Control Its Business Systems 
Investments: 

Conclusion: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendixes: 

Appendix I: Scope and Methodology: 

Appendix II: Comments from the Department of Defense: 

Appendix III: DOD Business Systems Modernizations with Obligations in 
Excess of $1 Million Approved by the DOD Comptroller in Fiscal Year 
2004: 

Appendix IV: Modernizations with Obligations in Excess of $1 Million 
Not Submitted for the Required DOD Comptroller Review: 

Appendix V: Modernizations with Obligations in Excess of $1 Million Not 
Reviewed by DOD Comptroller per July 2004 Memorandum: 

Appendix VI: GAO Contacts and Staff Acknowledgments: 

Tables: 

Table 1: Distribution of DOD's $13.3 Billion IT Budget Request for 
Fiscal Year 2005 for Business Systems and Related Infrastructure: 

Table 2: Comparison of DOD Business Systems Inventories by Domain: 

Table 3: Reported DOD Business Systems by Domain and Component: 

Table 4: Identification of Business Systems Modernizations by DOD 
Component That Did Not Have DOD Comptroller Review as Required by the 
Fiscal Year 2003 National Defense Authorization Act: 

Letter April 29, 2005: 

Congressional Requesters: 

The Department of Defense (DOD) continues to confront pervasive decades-
old financial management and business system problems. These problems 
continue despite the department spending billions of dollars annually 
to operate, maintain, and modernize its business systems.[Footnote 1] 
Additionally, our reports[Footnote 2] continue to show that the 
department's stovepiped and duplicative systems contribute to fraud, 
waste, and abuse. Of the 25 areas on GAO's governmentwide "high-risk" 
list, 8 are DOD program areas, and the department shares responsibility 
for 6 other high-risk areas that are governmentwide in scope.[Footnote 
3] These problems also preclude the department from producing reliable, 
timely, and useful information to make sound decisions and to 
accurately report on its trillions of dollars of assets and 
liabilities. 

This report is a continuation of our reviews to provide Congress 
information on DOD's continuing significant investments in its business 
systems and its control and accountability over these investments. More 
specifically, as agreed with your offices, our objectives were to (1) 
identify the amount of funding DOD requested for fiscal year 2005 to 
operate, maintain, and modernize its business systems and (2) determine 
whether DOD has effective control and accountability over its business 
systems modernizations investments. 

To determine how much DOD plans to spend on the operation, maintenance, 
and modernization of its business systems in fiscal year 2005, we 
analyzed DOD's information technology (IT) budget request and met with 
officials in the office of the DOD Chief Information Officer (CIO) and 
military service representatives to obtain an overview of how the IT 
budget request was developed. To determine the effectiveness of the 
department's efforts to control and account for its business systems 
investments, we met with officials in DOD's office of the Business 
Management Modernization Program (BMMP)[Footnote 4] and the business 
domains[Footnote 5] and reviewed available documentation. Further, we 
asked the military services and defense agencies for a list of fiscal 
year 2004 reported obligations[Footnote 6] exceeding $1 million for 
business systems modernizations, which we used in determining if the 
obligations were reviewed by the DOD Comptroller to ascertain whether 
financial systems improvements met the criteria specified in the fiscal 
year 2003 defense authorization act.[Footnote 7]

Our work was performed from August 2004 through February 2005 in 
accordance with U.S. generally accepted government auditing standards. 
Details on our scope and methodology are included in appendix I. We 
requested comments on a draft of this report from the Secretary of 
Defense or his designee. Written comments from the Under Secretary of 
Defense for Acquisition, Technology and Logistics are reprinted in 
appendix II. 

Results in Brief: 

DOD has made limited progress in putting in place the management 
structure and controls that will help eliminate its continual spending 
of billions of dollars on systems that do not address corporate 
solutions to long-standing financial and business-related problems. 
Over the past several years, we have made numerous recommendations 
aimed at improving the department's control and accountability over its 
business systems investments. DOD has made some efforts to address our 
recommendations, but has not yet implemented key corrective actions to 
fully address them. 

For fiscal year 2005, DOD requested over $13 billion to operate, 
maintain, and modernize its existing business systems environment. On 
its face, this is about $6 billion less than the $19 billion requested 
in fiscal year 2004. But we found the difference reflects more a 
reclassification of systems than a reduction in spending on business 
systems. Also, the number of business systems reported by DOD continued 
to increase--from 2,274 systems in April 2003 to 4,150 systems in 
February 2005. The duplicative and stovepiped nature of DOD's systems 
environment is illustrated by the numerous systems it has in the same 
business areas. For example, DOD reported in its BMMP systems inventory 
that it has over 2,000 logistics systems--which is an increase of 
approximately 255 percent in the reported number since April 2003. 
These systems are not integrated and thus have multiple points of data 
entry, which can result in data integrity problems. Some business 
domains advised us that not all of the reported systems are included in 
the IT budget request. This has been a continuing problem as we have 
previously reported concerns with the accuracy and reliability of DOD's 
IT budget submission.[Footnote 8] 

Regarding the reclassified spending in DOD's fiscal year 2005 budget 
request, we found that DOD reclassified 56 systems, totaling about $6 
billion, from business systems in its fiscal year 2004 budget to 
national security systems[Footnote 9] in its fiscal year 2005 budget 
request. Some of the reclassifications appeared reasonable, while for 
others it is unclear how the system should be classified. For example, 
in the case of the Transportation Coordinators' Automated Information 
for Movements System II, the program management office stated that the 
DOD CIO reclassified the system as a national security system, even 
though it had been classified as a business system since at least 
fiscal year 1999. In addition, the Navy's Enterprise Resource Planning 
(ERP)[Footnote 10]--first reported as a new program in the fiscal year 
2005 IT budget request--was incorrectly classified as a national 
security system even though its forerunners, four ERP pilot projects, 
have been classified as business systems since their inception. Navy 
ERP program officials agreed with us that the program was misclassified 
and stated that it would be changed to a business system in the fiscal 
year 2006 budget request. Incorrect reclassification of business 
systems obscures visibility over spending for these systems and can 
preclude scrutiny by Congress and the DOD business domains, including 
the fiscal year 2004 DOD Comptroller statutory review, and hinders the 
department's ability to develop a comprehensive list of its business 
systems. 

Given that DOD does not yet know how many business systems it has or 
whether all business system funding is reflected in the IT budget, it 
is not surprising that DOD continues to struggle to establish an 
effective DOD-wide management oversight structure and processes to 
control its ongoing and planned investments. In analyzing the list of 
business systems modernizations with reported obligations exceeding $1 
million provided to us by DOD, we found that the department is not in 
compliance with the fiscal year 2003 defense authorization act 
provision requiring the DOD Comptroller to review financial system 
improvements. Based upon information reported to us by the military 
services and DOD components, obligations totaling about $243 million 
were made by the military services and defense agencies for system 
modernizations in fiscal year 2004 that under DOD's definition of 
modernization and DOD's representation of functionality, constitute 
financial system improvements that were not referred to the DOD 
Comptroller for the required review. In addition, given the reliability 
problems with DOD information, there is no certainty that the 
information reported to us is complete or accurate. 

To improve the control and accountability over business systems 
investments, we have previously proposed that Congress appropriate 
funding for DOD's business systems to business domain leaders rather 
than the military services and defense agencies. While provisions in 
the fiscal year 2005 defense authorization act have given the domains 
responsibility to oversee the department's business systems 
investments, the domains have not been given the resource control 
necessary to carry out these responsibilities. Currently, DOD 
components control budget authority from multiple appropriations and 
continue to make their own parochial investment decisions with little 
or no control by the domains. The domains acknowledged that they had 
virtually no input into the fiscal year 2006 IT budget request. 

We are making four recommendations to the Secretary of Defense aimed at 
improving the department's control and accountability of business 
systems investments. In its written comments on a draft of this report, 
DOD agreed with our recommendations and briefly outlined its actions 
for addressing them. We have reprinted DOD's written comments in 
appendix II. 

Background: 

Because DOD is one of the largest and most complex organizations in the 
world, overhauling its business operations represents a huge management 
challenge. In fiscal year 2004, DOD reported that its operations 
involved $1.2 trillion in assets, $1.7 trillion in liabilities, over 
3.3 million military and civilian personnel, and over $605 billion in 
net cost of operations. For fiscal year 2005, the department received 
appropriations of about $417 billion. Execution of DOD's operations 
spans a wide range of defense organizations, including the military 
services and their respective major commands and functional activities, 
numerous large defense agencies and field activities, and various 
combatant and joint operational commands that are responsible for 
military operations for specific geographic regions or theaters of 
operation. To support DOD's operations, the department performs an 
assortment of interrelated and interdependent business processes, 
including logistics management, procurement, health care management, 
and financial management. 

Transformation of DOD's business systems and operations is critical to 
the department providing Congress and DOD management with accurate and 
timely information for use in the decision-making process. This effort 
is an essential part of the Secretary of Defense's broad initiative to 
"transform the way the department works and what it works on." 
Secretary Rumsfeld has estimated that successful improvements to DOD's 
business operations could save the department 5 percent of its budget a 
year, which equates to over $20 billion a year in savings. 

Pervasive Financial and Business Management Problems Affect DOD's 
Efficiency and Effectiveness: 

For several years, we have reported that DOD faces a range of financial 
management and related business process challenges that are complex, 
long-standing, pervasive, and deeply rooted in virtually all business 
operations throughout the department. As the Comptroller General 
testified in November 2004,[Footnote 11] DOD's financial management 
deficiencies, taken together, continue to represent the single largest 
obstacle to achieving an unqualified opinion on the U.S. government's 
consolidated financial statements. To date, none of the military 
services has passed the test of an independent financial audit because 
of pervasive weaknesses in internal controls and processes and 
fundamentally flawed business systems. 

In identifying improved financial performance as one of its five 
governmentwide initiatives, the President's Management Agenda 
recognized that obtaining a clean (unqualified) financial audit opinion 
is a basic prescription for any well-managed organization. At the same 
time, it recognized that without sound internal controls and accurate 
and timely financial and performance information, it is not possible to 
accomplish the President's agenda and secure the best performance and 
highest measure of accountability for the American people. The Joint 
Financial Management Improvement Program (JFMIP)[Footnote 12] 
Principals have defined certain measures, in addition to receiving an 
unqualified financial statement audit opinion, for achieving financial 
management success. These additional measures include (1) being able to 
routinely provide timely, accurate, and useful financial and 
performance information; (2) having no material internal control 
weaknesses or material noncompliance with laws and regulations; and (3) 
meeting the requirements of the Federal Financial Management 
Improvement Act of 1996 (FFMIA).[Footnote 13] DOD does not meet any of 
these conditions. In September 2004, the DOD Comptroller identified 11 
major deficiencies that would affect the department's ability to 
prepare accurate and reliable financial statements for fiscal year 
2004. Subsequently, the DOD Inspector General issued a disclaimer of 
opinion on DOD's fiscal year 2004 financial statements, citing material 
weaknesses in internal controls and noncompliance with FFMIA 
requirements. Pervasive weaknesses in DOD's financial management and 
related business processes and systems have (1) resulted in a lack of 
reliable information needed to make sound decisions and report on the 
status of DOD activities, including accountability of assets, through 
financial and other reports to Congress and DOD decision makers; (2) 
hindered its operational efficiency; (3) adversely affected mission 
performance; and (4) left the department vulnerable to fraud, waste, 
and abuse, as the following examples illustrate. 

* Mobilized Army National Guard soldiers have experienced significant 
problems getting accurate, timely, and consistent reimbursement for out-
of-pocket travel expenses. These weaknesses were more glaring in light 
of the sustained increase in mobilizations for Army National Guard 
soldiers over the last 3 years. Our case study units experienced a 
broad range of travel reimbursement problems, including disputed 
amounts for meals that remained unpaid at the end of our review and 
vouchers that were submitted five or more times before being paid. One 
of the primary causes for these problems is rooted in the paper- 
intensive process used by DOD to reimburse Army National Guard soldiers 
for their travel expenses.[Footnote 14]

* Manual processes and nonintegrated pay and personnel systems affect 
the Army's ability to generate timely active duty medical extension 
orders and ensure that soldiers are paid correctly. The current 
stovepiped, nonintegrated systems are labor-intensive and require 
extensive error-prone manual entry and reentry. The inadequate control 
resulted in some soldiers being removed from active duty status in the 
automated systems that control pay and access to benefits, including 
medical care. In addition, because these soldiers no longer had valid 
active duty orders, they did not have access to the commissary and post 
exchange--which allows soldiers and their families to purchase 
groceries and other goods at a discount. In one case we reviewed, 
during a 12-month period, while attempting to obtain care for injuries 
sustained from a helicopter crash in Afghanistan, one Special Forces 
soldier fell out of active duty status four times. During the times he 
was not recorded in the system as being on active duty, he was not paid 
and he and his family experienced delays in receiving medical 
treatment. In all, he missed payments for 10 pay periods--totaling 
$11,924.[Footnote 15]

* The processes and automated systems relied on to provide active duty 
payments to mobilized Army Reserve soldiers are so error-prone, 
cumbersome, and complex that neither DOD nor, more importantly, the 
Army Reserve soldiers themselves could be reasonably assured of timely 
and accurate payments. Specifically, at eight Army Reserve units that 
we reviewed, 332 of 348 soldiers (95 percent) experienced at least one 
problem with the active duty pay and allowances they were entitled to 
receive. Many of the soldiers experienced multiple pay problems 
associated with their active duty mobilizations. Some of the pay 
problems soldiers experienced often lingered unresolved for 
considerable lengths of time, some for over a year. Of the $375,000 in 
active duty pay and allowance problems identified in our case studies, 
the majority were overpayments. We referred one individual for criminal 
investigation because he did not mobilize with his unit, but he 
erroneously received over $36,000 in active duty pay and did not report 
this overpayment. We also identified 294 soldiers who were underpaid a 
total of about $51,000 in active duty pay and allowances.[Footnote 16]

Efforts to Modernize DOD Business Systems: 

Transformation of DOD's business systems and operations is critical to 
the department having the ability to provide Congress and DOD 
management with accurate and timely information for use in the decision-
making process. One of the key elements we have reported[Footnote 17] 
as necessary to successfully execute the transformation is establishing 
and implementing a business enterprise architecture (BEA). In this 
regard, the department has undertaken a daunting challenge to modernize 
its existing business systems environment through the development, 
maintenance, and implementation of the BEA, or modernization blueprint. 
As previously noted, the department has designated six domain owners to 
be responsible for implementing the BEA. The importance of developing, 
maintaining, and implementing an enterprise architecture is a basic 
tenet of both organizational transformation and IT management. Managed 
properly, an enterprise architecture can clarify and help optimize the 
interdependencies and relationships among an organization's business 
operations and the underlying IT infrastructure and applications that 
support these operations. Employed in concert with other important 
management controls, such as portfolio-based capital planning and 
investment control practices, architectures can greatly increase the 
chances that organizations' operational and IT environments will be 
configured to optimize mission performance. Our experience with federal 
agencies has shown that investing in IT without defining these 
investments in the context of an architecture often results in systems 
that are duplicative, not well integrated, and unnecessarily costly to 
maintain and interface.[Footnote 18]

A key element of an enterprise architecture is the development and 
implementation of a transition plan. According to relevant guidance and 
best practices, the transition plan should provide a road map for 
moving from the "As Is" to the "To Be" environment. An important step 
in the development of a well-defined transition plan is an analysis 
that compares the "As Is" and "To Be" architectures to identify 
differences. Options are explored and decisions are made regarding 
which legacy systems to retain, modify, or retire, and which new 
systems either to introduce on a temporary basis or to pursue as 
strategic solutions. Accordingly, transition plans identify legacy, 
migration, and new systems, and sequence them to show, for example, the 
phasing out and termination of systems and capabilities and the timing 
of the introduction of new systems and capabilities. Furthermore, they 
do so in light of resource constraints, such as budget, people, 
acquisition/development process maturity, and associated time frames. 

To improve DOD's control and accountability over business systems 
investments, Congress included provisions in the Ronald W. Reagan 
National Defense Authorization Act for Fiscal Year 2005.[Footnote 19] 
The act directs that a management structure be put in place that (1) 
makes domains responsible for the control and accountability over 
business systems investments, (2) requires domains to establish a 
hierarchy of investment review boards from across the department, and 
(3) directs the boards to use a standard set of investment review and 
decision-making criteria to ensure compliance and consistency with the 
BEA. The act also directs the establishment of a departmental review 
board called the Defense Business Systems Management Committee that is 
to be chaired by the Deputy Secretary of Defense. 

DOD Lacks Accurate Information on the Costs and Number of Business 
Systems: 

Until DOD has complete, reliable information on the costs and number of 
business systems operating within the department, its ability to 
effectively control the money it spends on these systems will be 
limited. DOD's fiscal year 2005 budget request for its business systems 
was $13.3 billion, which on its face is about $6 billion, or 29 
percent, less than its fiscal year 2004 budget request. We found that 
this decrease can be attributed to DOD's reclassification of some 
business systems to national security systems, not to a reduction in 
spending on its systems. While some of the reclassifications appeared 
reasonable, our analysis showed that others were questionable or 
inconsistencies exist, which hinders DOD's ability to develop a 
definitive business systems inventory. DOD CIO officials acknowledged 
that there were inconsistencies in the classifications of systems as 
either business systems or national security systems and stated that 
they were working to improve the classification criteria. 

DOD CIO officials also stated that they are working toward a single 
system repository for the department that will include information to 
be used in developing the budget. At the same time the amount of 
requested business system funding declined, the reported number of 
business systems increased by about 1,900--from 2,274 in April 2003 to 
4,150 in February 2005. Given the ever-changing numbers--for both 
funding and systems--the department continues to lack reasonable 
assurance that all business systems are included within the reported 
inventory and that all business system funding is accurately detailed 
in the budget. 

Fiscal Year 2005 Budget Request for DOD's Business Systems Environment 
Is $13.3 Billion: 

For fiscal year 2005, DOD requested approximately $28.7 
billion[Footnote 20] in IT funding to support a wide range of military 
operations as well as DOD business systems operations. Of the $28.7 
billion, our analysis showed that about $13.3 billion was for business 
applications and related infrastructure. Of the $13.3 billion, our 
analysis of the budget request disclosed that about $8.4 billion was 
for infrastructure and related costs. Business applications include 
activities that support the business functions of the department, such 
as personnel, health, travel, acquisition, finance and accounting, and 
logistics. The remaining $15.4 billion was classified as being for 
national security systems. Of that amount, our analysis ascertained 
that about $7.5 billion was for infrastructure and related costs. 

Of the $13.3 billion, $10.7 billion was for the operation and 
maintenance of the existing systems and $2.6 billion was for the 
modernization of existing systems, the development of new 
systems,[Footnote 21] or both. The Office of Management and Budget 
requires that funds requested for IT projects be classified as either 
steady state (referred to by DOD as "current services") or as 
development/modernization. Current services funds are to be for 
operating and maintaining systems at current levels (i.e., without 
major enhancements), while development/modernization funds are to be 
for developing new IT systems or making major enhancements to existing 
systems. Table 1 shows the distribution, by DOD component, of the 
reported $13.3 billion between current services and modernization 
funding. 

Table 1: Distribution of DOD's $13.3 Billion IT Budget Request for 
Fiscal Year 2005 for Business Systems and Related Infrastructure: 

Dollars in millions. 

Component: Navy; 
Current services: $3,278; 
Development/modernization: $206; 
Total: $3,484. 

Component: Air Force; 
Current services: $2,630; 
Development/modernization: $726; 
Total: $3,356. 

Component: Army; 
Current services: $1,780; 
Development/modernization: $607; 
Total: $2,387. 

Component: TRICARE Management Agency (TRICARE); 
Current services: $803; 
Development/modernization: $255; 
Total: $1,058. 

Component: Defense Logistics Agency (DLA); 
Current services: $602; 
Development/modernization: $179; 
Total: $781. 

Component: Defense Finance and Accounting Service (DFAS); 
Current services: $407; 
Development/modernization: $59; 
Total: $466. 

Component: Defense Information Systems Agency; 
Current services: $157; 
Development/modernization: $34; 
Total: $191. 

Component: Other DOD components; 
Current services: $1,074; 
Development/modernization: $566; 
Total: $1,640. 

Total; 
Current services: $10,731; 
Development/modernization: $2,632; 
Total: $13,363. 

Source: GAO analysis of DOD information. 

Note: Based on information DOD reported in its fiscal year 2005 IT 
budget request. 

[End of table]

As an example of how a component applies funding for current services 
and modernization, the budget request for the Standard Procurement 
System, which is one of the department's standard systems, will use a 
combination of current services and modernization funding. The fiscal 
year 2005 budget request for the Standard Procurement System identified 
about $56 million in total--$30 million for current services and $26 
million for development and modernization. 

Reclassification Limits Oversight of Business Systems: 

Incorrect system classification hinders the department's efforts to 
improve its control and accountability over its business systems 
investments. For instance, the incorrect reclassification of business 
systems to national security systems precludes scrutiny by the business 
domains, including the process utilized to obtain the DOD Comptroller's 
determination that authorizes the components to obligate amounts over 
$1 million for the improvement of financial management systems. Our 
comparison of the fiscal years 2004 and 2005 budget requests disclosed 
that DOD reclassified 56 systems in the fiscal year 2005 budget request 
from business systems to national security systems. The net effect of 
the reclassifications was a decrease of approximately $6 billion in the 
fiscal year 2005 budget request for business systems and related 
infrastructure. The reported amount declined from about $19 billion in 
fiscal year 2004 to over $13 billion in fiscal year 2005. 

In some cases, we found that the reclassification appeared reasonable. 
For example, in the fiscal year 2005 budget request, the Defense 
Message System was classified as a national security system. In our May 
2004 report,[Footnote 22] we noted the inconsistent classification of 
this system among the military services. The Navy classified the 
Defense Message System as a business system but the Army and Air Force 
classified it as a national security system. Similarly, the 
reclassification of the Defense Information System Network initiative 
as a national security system appeared reasonable. For example, the 
Defense Information System Network is used to provide a secure 
telecommunication network--voice, data, and video--to the President, 
the Secretary of Defense, the Joint Chiefs of Staff, and military 
personnel in the field. These two systems account for over $2.6 billion 
of the $6 billion. 

However, our analysis of the 56 systems that were reclassified as 
national security systems also identified instances for which the 
reclassification was questionable. For example, Base Level 
Communication Infrastructure--initiative number 254--for several DOD 
entities was shown as a national security system in the fiscal year 
2005 budget request. Our review of the fiscal year 2005 budget found 
that within the Air Force there were numerous other initiatives 
entitled Base Level Communication Infrastructure that were classified 
as business systems, not national security systems. The nomenclature 
describing these different initiatives was the same. Therefore, it was 
difficult to ascertain why certain initiatives were classified as 
national security systems while others, with the same name, were 
classified as business systems. The following are examples of the 
inconsistencies in the department's classification of systems. 

* The Joint Total Asset Visibility System had been classified as a 
business system since at least fiscal year 1999 and was identified as a 
business system in the department's original list of 2,274 business 
systems in April 2003 and is still being reported as a business system 
in the department's systems inventory. We found nothing in our review 
of the fiscal year 2005 budget request that warranted a change in 
classification. 

* The Transportation Coordinators' Automated Information for Movements 
System II was identified as a business system in the department's 
original inventory of business systems in April 2003 and has been shown 
as a business system in the budget request since 1999. Furthermore, 
BMMP currently reports it as one of the department's business systems. 
Yet it was reclassified as a national security system in the fiscal 
year 2005 budget request even though its functionality had not changed. 
According to the program management office, the DOD CIO classified the 
system as a national security system, but the program management office 
was informed by the DOD Comptroller that the system needed to be 
submitted to the DOD Comptroller for review in accordance with section 
1004(d) of the fiscal year 2003 defense authorization act. However, the 
section of the act relating to the DOD Comptroller review does not 
apply to national security systems. In our May 2004 report,[Footnote 
23] we noted that the Army reported that it obligated almost $22 
million for modernization of the system in fiscal year 2003 without its 
having been subject to review by the DOD Comptroller for consistency 
with DOD's BEA. 

* The Army's Global Combat Support System was reclassified as a 
national security system in the fiscal year 2005 budget, even though it 
is still being reported as a business system in the department's 
current inventory. Furthermore, BMMP officials stated that 
reclassification was incorrect and the system was submitted to the DOD 
Comptroller for review in accordance with section 1004(d) of the fiscal 
year 2003 defense authorization act. The DOD Comptroller approved 
investment in the system in August 2003 and January 2004. 

In addition, this is the first year in which the Navy ERP was listed in 
the budget and incorrectly classified as a national security system. 
Its forerunners, four pilot ERP projects, have been classified as 
business systems since their inception. DOD officials were not able to 
provide a valid explanation why the program was classified as a 
national security program. For the fiscal year 2006 budget request, the 
Navy has requested that the DOD CIO reclassify the program from a 
national security system to a business system. 

The misclassification of systems in DOD's budget hinders the 
department's ability to develop a comprehensive list of its business 
systems, thereby affecting its ability to develop a well-defined "As 
Is" component of its BEA and a viable transition plan. In addition, 
improper classification diminishes Congress's ability to effectively 
monitor and oversee the billions of dollars spent annually to maintain, 
operate, and modernize the department's business systems environment. 

DOD Is Working to Develop a Single Systems Inventory: 

DOD CIO officials acknowledged that there were inconsistencies within 
the department in the classification of a system as either a business 
system or a national security system, which hinder its ability to 
develop a single comprehensive business systems inventory. DOD CIO 
officials also stated that with the implementation of the DOD 
Information Technology Portfolio Data Repository (DITPR)--the new 
systems inventory repository--they are working to improve the criteria 
governing the classification of systems, and these criteria are being 
incorporated into the new systems inventory repository. 

As discussed in our May 2004 report,[Footnote 24] DOD has several 
databases that contain information on its systems--business and 
national security--and these databases have not been reconciled and 
therefore inconsistencies exist. We recommended that the department 
establish a single database for its inventory of business systems. 
Subsequently, on July 13, 2004, the DOD CIO directed establishment of 
the DITPR. According to BMMP officials, the department is working 
toward one database that will contain information for use in developing 
the annual budget request and will be considered the single system 
repository for the department. Additionally, all existing databases 
will be eliminated. Furthermore, the DITPR will automatically classify 
each system based on selected information entered for each. For 
example, all intelligence, science and technology, and logistics- 
warfighting systems are to be classified as national security systems. 

In addition, to help identify and properly categorize its business 
systems, we recommended in May 2004[Footnote 25] that DOD develop a 
standard definition for business systems. In July 2004, DOD established 
a definition of a system, but not specifically of a business system. 
DOD broadly defined a system as a set of information resources 
organized for the collection, storage, processing, maintenance, use, 
sharing, dissemination, disposition, display, or transmission of 
information. DOD's definition also clarifies what should not be 
reported as a system. For example, it excludes such things as 
commercial office automation packages, information assurance 
initiatives, and architecture initiatives. Additionally, DOD's 
definition is aimed at identifying all systems that would obligate $1 
million or more for modernization in any year of the department's 5- 
year defense plan. 

While DOD did not develop a specific definition of a business system, 
the fiscal year 2005 defense authorization act[Footnote 26] 
subsequently provided a definition. The act defines a defense business 
system as an information system, other than a national security system, 
operated by, for, or on behalf of the department that is used to 
support business activities, such as acquisition, financial management, 
logistics, strategic planning and budgeting, installations and 
environment, and human resources management. The act states that such 
systems are to include financial systems, mixed systems,[Footnote 27] 
financial data feeder systems, and IT and information assurance 
infrastructure. It is incumbent upon the department to ensure that the 
definition specified in the act is used consistently throughout the 
department and becomes the basis for entering information into the 
DITPR. As previously discussed, the accurate and complete 
identification of DOD's business systems is crucial for developing a 
credible "As Is" component and transition plan for the BEA and ensuring 
that obligations for modernizations are reviewed and approved as 
required by the act. Furthermore, such information is needed in order 
to provide complete and accurate data to Congress for use in monitoring 
the department's business systems investments. 

DOD Reports Significant Increase in the Number of Existing Business 
Systems: 

The department's reported number of business systems continues to 
fluctuate, and DOD does not yet have reasonable assurance that the 
currently reported number of business systems is complete. As of 
February 2005, DOD reported that its business systems inventory 
consisted of 4,150 systems, which is an increase of approximately 1,900 
reported business systems since April 2003. Table 2 presents a 
comparison of the April 2003 and February 2005 reported business 
systems inventories by domain. 

Table 2: Comparison of DOD Business Systems Inventories by Domain: 

Domain: Acquisition; 
April 2003: 143; 
February 2005: 179; 
Difference: 36. 

Domain: Financial management; 
April 2003: 752; 
February 2005: 600; 
Difference: (152). 

Domain: Human resources; 
April 2003: 665; 
February 2005: 713; 
Difference: 48. 

Domain: Installations and environment; 
April 2003: 128; 
February 2005: 473; 
Difference: 345. 

Domain: Logistics; 
April 2003: 565; 
February 2005: 2,005; 
Difference: 1,440. 

Domain: Enterprise information environment; 
April 2003: 21; 
February 2005: 40; 
Difference: 19. 

Domain: No domain[A]; 
April 2003: 0; 
February 2005: 140; 
Difference: 140. 

Domain: Total; 
April 2003: 2,274; 
February 2005: 4,150; 
Difference: 1,876. 

Source: GAO analysis. 

Note: Based on analysis of BMMP's reported inventory of business 
systems as of April 2003 and February 2005. 

[A] A specific domain was not assigned to these systems. 

[End of table]

The largest increase is due to the logistics domain increasing its 
reported inventory of business systems from 565 in April 2003 to the 
current 2,005. We reported[Footnote 28] in May 2004 that the logistics 
domain had validated about 1,900 business systems but had not yet 
entered most of them into the BMMP systems inventory. Logistics domain 
officials informed us that they completed that process and this 
increase was the result. According to the logistics domain officials, 
in making this determination, they considered an initiative as a 
business system if it (1) is used by at least 50 people, (2) costs at 
least $50,000 annually to operate, and (3) runs on a network. The 
criteria used by the logistics domain are stricter than those developed 
by the DOD CIO. As previously noted, the department needs to ensure 
that the same criteria are used by all the domains in defining business 
systems in order to ensure that it develops a complete and accurate 
inventory of its business systems. 

As shown in table 2, the reported inventory of business systems for 
most of the other domains increased, except for the financial 
management domain, whose inventory declined. Domain officials 
attributed the increases to additional data calls and working closely 
with the components to identify systems. The financial management 
domain attributed the declines to eliminating nonsystems and duplicate 
entries in the inventory. For example, its analysis showed that 
previously spreadsheets, reports, or both were incorrectly reported as 
being systems. For the current inventory, some of the domains indicated 
that they used the definition of a system that was issued by DOD's CIO 
in the July 2004 DITPR data call. 

Table 3 shows the distribution of the 4,150 business systems among the 
components and domains. 

Table 3: Reported DOD Business Systems by Domain and Component: 

Domain: Acquisition; 
Air Force: 20; 
Army: 16; 
Navy: 122; 
DFAS: 2; 
Other defense agencies: 15; 
Multiple owner: 2; 
Not determined: 2; 
Total: 179. 

Domain: Financial management; 
Air Force: 41; 
Army: 88; 
Navy: 233; 
DFAS: 93; 
Other defense agencies: 59; 
Multiple owner: 15; 
Not determined: 71; 
Total: 600. 

Domain: Human resources; 
Air Force: 84; 
Army: 332; 
Navy: 151; 
DFAS: 30; 
Other defense agencies: 65; 
Multiple owner: 26; 
Not determined: 25; 
Total: 713. 

Domain: Installations and environment; 
Air Force: 36; 
Army: 63; 
Navy: 259; 
DFAS: 1; 
Other defense agencies: 12; 
Multiple owner: 6; 
Not determined: 96; 
Total: 473. 

Domain: Logistics; 
Air Force: 166; 
Army: 193; 
Navy: 1,512; 
DFAS: 4; 
Other defense agencies: 76; 
Multiple owner: 39; 
Not determined: 15; 
Total: 2,005. 

Domain: Enterprise information environment; 
Air Force: 4; 
Army: 17; 
Navy: 10; 
DFAS: 0; 
Other defense agencies: 8; 
Multiple owner: 0; 
Not determined: 1; 
Total: 40. 

Domain: No domain; 
Air Force: 18; 
Army: 18; 
Navy: 66; 
DFAS: 13; 
Other defense agencies: 18; 
Multiple owner: 2; 
Not determined: 5; 
Total: 140. 

Domain: Total; 
Air Force: 369; 
Army: 727; 
Navy: 2,353; 
DFAS: 143; 
Other defense agencies: 253; 
Multiple owner: 90; 
Not determined: 215; 
Total: 4,150. 

Source: GAO analysis. 

Note: Based on analysis of BMMP reported business system inventory as 
of February 2005. 

[End of table]

The table shows the stovepiped, duplicative nature of DOD's business 
systems. For example, there are 713 human resources systems across all 
components whose reported funding for fiscal year 2005 includes 
approximately $223 million for modernization and over $656 million for 
operation and maintenance. According to DOD officials, the Defense 
Integrated Military Human Resources System (DIMHRS)[Footnote 29] is 
intended to totally or partially replace 113 of these systems. We were 
informed that the remaining 600 human resources systems are to be 
reviewed in the context of the BEA as it is developed. 

Furthermore, a human resources domain official acknowledged that for 
two of the systems that are to be replaced by DIMHRS--the Army's 
Electronic Military Personnel System and the Air Force Military 
Personnel Data System--continuing to spend money to modernize these 
systems was questionable. We also reported in June 2004[Footnote 30] 
that the fiscal year 2005 IT budget request did not provide sufficient 
information to identify or justify the specific current services and 
modernizations for 97 of the 113 systems. Because, as noted in table 1, 
the funding is distributed to and controlled by the military services 
and DOD components, the domains have minimal influence over system 
funding. As a result, DOD continues to fund the modernization of 
systems that it intends to totally or partially replace. As discussed 
later, the new requirements and authorities included in the fiscal year 
2005 defense authorization act are aimed at ensuring that the domains 
have a vital decision-making role in the control and accountability of 
the investments being made in the department's business systems. 

While DOD has reported that its inventory of business systems has 
increased by about 1,900, the department continues to struggle with 
developing a comprehensive inventory. As detailed in table 3, there are 
215 business systems with no component identified--although they have 
been assigned to a domain--and 140 business systems with no domain 
assigned. BMMP officials stated that they are reviewing each system and 
working with the domains to ascertain where each system should be 
placed. Without the component being identified, it would be difficult 
if not impossible to identify the DOD entity that is responsible for 
investment reviews of the systems. Furthermore, it is essential that a 
domain be identified for each system in order for the department to 
meet the requirements set forth in the fiscal year 2005 defense 
authorization act. 

In discussing the increase in the number of systems identified in DOD, 
some of the domains stated that many of the systems are not included in 
the IT budget request. They said that some of these systems were likely 
developed at the local level and financed by the operation and 
maintenance funds received at that location and therefore were not 
captured and reported as part of the department's annual IT budget 
request. Financing business systems in this manner rather than within 
the IT budget results in Congress and DOD management not being aware of 
the total amount being spent to operate, maintain, and modernize the 
department's business systems. As a result, Congress and DOD management 
do not receive complete and accurate data for use in monitoring the 
department's business systems investments. 

In addition, according to Army officials, as part of its efforts to 
develop the Army's enterprise architecture, the Army has identified 
about 3,000 systems, and it believes some of these systems should be 
categorized as business systems. At this time, the Army is uncertain 
how many should be classified as business systems. As shown in table 3, 
the BMMP inventory of Army business systems totaled 727 systems as of 
February 2005. Army officials did not specify the anticipated time 
frame for completing their analysis of these systems. 

Limited Progress Made in DOD's Efforts to Control Its Business Systems 
Investments: 

Given that DOD does not know how many business systems it has or how 
much is spent on them, it is not surprising that the department 
continues to lack effective management oversight and control over 
business systems investments. Since February 2003, the domains have 
been given the responsibility to oversee the department's business 
systems investments, yet the billions of dollars spent each year 
continue to be spread among the military services and defense agencies, 
enabling the numerous DOD components to continue to develop stovepiped, 
parochial solutions to the department's long-standing financial 
management and business operation challenges. Furthermore, the 
department has testified[Footnote 31] that it does not know whether it 
was in compliance with the fiscal year 2003 defense authorization act, 
which provides that obligations in excess of $1 million for systems 
improvements may not be made unless the DOD Comptroller determines that 
the improvements are consistent with the criteria specified in the 
act.[Footnote 32] In this regard, based upon data reported to us by the 
military services and DOD components, obligations totaling about $243 
million were made for systems modernizations in fiscal year 2004 that 
were not referred to the DOD Comptroller for the required review. 

Further, while the fiscal year 2005 national defense authorization act 
directs that the domains are to have increasing oversight of the 
department's business systems investments, each of the military 
services has established its own management oversight structures. Thus, 
DOD does not yet have a comprehensive strategy in place that delineates 
the specific roles and responsibilities of the domains and military 
services. Absent an integrated strategy, the domains' and military 
services' efforts may be duplicative, resulting in the wasteful use of 
resources and hindering the overall transformation of the department's 
business systems and related operations. 

Management Oversight Structure and Guidance Not Finalized: 

DOD has not yet finalized guidance that clearly defines the roles and 
responsibilities of domains or assigns explicit authority for 
fulfilling these roles and responsibilities. It also has not 
established common investment criteria for system reviews or conducted 
a comprehensive review of its ongoing business systems investments. 
Over the past several years, we have made numerous 
recommendations[Footnote 33] aimed at improving the department's 
control and accountability over its business systems investments. Many 
of the actions that DOD planned to take remained incomplete as of 
February 2005. 

DOD officials acknowledged that the following actions have not been 
completed: 

* The March 2004 IT portfolio management policy memorandum signed by 
the Deputy Secretary of Defense provides the basic structure of the 
roles and responsibilities of the domains. In order for the guidance to 
be institutionalized within the department, DOD planned to issue a 
formal DOD directive to specify the roles and responsibilities of the 
domains and how they are to be involved in the overall business systems 
investment management process. As of February 2005, the DOD guidance 
had not been finalized, and DOD CIO officials did not have a time frame 
for its issuance. 

* The domains are still working on developing standard and consistent 
criteria for performing system reviews. The BMMP program director 
recently acknowledged that the differing criteria are being used in the 
system review process. Although the domains have used draft guidance 
listing 27 critical questions[Footnote 34] since July 2004, this DOD 
guidance has not been finalized, and a time frame for approval has not 
been provided. 

* The domains have not completed a comprehensive system review of their 
ongoing IT investments. As discussed previously, the reported business 
systems inventory has increased from 2,274 systems in April 2003 to 
over 4,000 systems in February 2005. A target date for completing these 
reviews has not been determined. We have previously reported that best 
practices recommend that an organization review ongoing investments 
periodically to ensure that they are consistent with its architectural 
development efforts. 

In a July 16, 2004, memorandum, the DOD Comptroller reiterated the 
importance of having all business systems modernizations with 
obligations exceeding $1 million approved. The memorandum expanded the 
congressional requirements for DOD Comptroller certification to all 
business systems and required business domains to submit a fiscal year 
2005 system certification schedule to BMMP officials. Later, in 
November 2004, the DOD Comptroller testified[Footnote 35] that the 
department had started to take actions that would position it to meet 
the new, similar review requirements of the fiscal year 2005 act. The 
DOD Comptroller's testimony noted that the department had already 
identified 132 business systems that represent 78 percent of fiscal 
year 2005 modernization funding. These systems are scheduled to be 
reviewed during the current fiscal year. However, as noted earlier, DOD 
has not yet established specific criteria for investment reviews. Such 
criteria would include elements to implement the definition of what 
constitutes a business system modernization that would be subject to 
the provisions in the fiscal year 2005 defense authorization act. While 
the act provides a general definition for a business system 
modernization,[Footnote 36] it is critical for DOD to issue specific 
implementation guidance and criteria to explicitly define business 
systems modernizations to ensure that the DOD components and the 
domains use clear, consistent guidance in performing the system 
reviews. 

DOD Lacks Reasonable Assurance That It Is in Compliance with Statutory 
Investment Management Controls: 

We found that DOD is not in compliance with the fiscal year 2003 
defense authorization act, which requires that all financial system 
improvements with obligations exceeding $1 million be reviewed by the 
DOD Comptroller. Based upon the reported obligational data provided to 
us by the military services and the defense agencies for fiscal year 
2004, we identified 30 modernizations with obligations totaling about 
$243 million that were not submitted for the required review. As 
previously noted, DOD defines a modernization as an enhancement to 
existing systems or the development of new systems. For purposes of 
this report, we treat modernizations as defined by DOD the same as 
"system improvements" as that term is similarly defined in the fiscal 
year 2003 defense authorization act. Additionally, the 2003 act defines 
financial systems to include "budgetary, accounting, finance, 
enterprise resource planning or mixed information system." We reviewed 
DOD's representation of the functions performed by these systems made 
in the department's fiscal years 2004 and 2005 budget requests. 

DOD has acknowledged that it does not have a mechanism to identify 
systems that should be reviewed in accordance with the statutory 
requirements. Because DOD lacks a systematic means to identify the 
systems that were subject to the requirements of the fiscal year 2003 
defense authorization act, there is no certainty that the information 
provided to us accurately identified all systems improvements with 
obligations greater than $1 million during the fiscal year. 

BMMP officials stated that the domains were responsible for working 
with the components to make sure that business systems with obligations 
for modernizations greater than $1 million were submitted for review as 
required. There was also general agreement among the domains and BMMP 
officials that systems owners were responsible for initiating the $1 
million review process. In essence, compliance was achieved via the 
"honor system," which relied on systems owners coming forward and 
requesting approval. However, the approach did not work. During fiscal 
year 2004, the number of systems reviewed was small when compared to 
the potential number of systems that appeared to meet the obligation 
threshold identified in the fiscal year 2004 budget request. We 
analyzed the DOD IT budget request for fiscal year 2004 and identified 
over 200 systems in the budget that could involve modernizations with 
obligations of funds that exceed the $1 million threshold. However, 
BMMP officials confirmed that only 46 systems were reviewed, of which 
38 were approved as of September 30, 2004. The remaining 8 systems were 
either withdrawn by the component/domain or were returned to the 
component/domain because the system package submitted for review lacked 
some of the required supporting documentation, such as the review by 
the Office of Program Analysis and Evaluation, if necessary. 

Moreover, although the modernizations of 38 business systems were 
reviewed and approved by the DOD Comptroller as required, this does not 
necessarily mean these were prudent resource investments or integrated 
solutions to DOD's long-standing problems. Although the criteria for 
the DOD Comptroller review included compliance with the BEA, we have 
previously reported[Footnote 37] that the BEA did not include many of 
the elements of a well-defined architecture. For example, DOD does not 
have a comprehensive system inventory of its "As Is" environment and 
has not developed a transition plan to identify those systems that 
would not be part of the architecture. Further, the real value of a BEA 
is that it provides the necessary context for guiding and constraining 
systems investments in a way that promotes interoperability and 
minimizes overlap and duplication. Without it, expensive rework is 
likely to be needed to achieve these outcomes. 

In an attempt to substantiate that financial system improvements with 
over $1 million in obligations were reviewed by the DOD Comptroller, as 
provided for in the fiscal year 2003 act, we requested that DOD 
activities provide us with a list of obligations (by system) greater 
than $1 million for modernizations for fiscal year 2004. We compared 
the reported obligational data to the system approval data reported to 
us by BMMP officials. Based upon this comparison and as shown in table 
4, 30 business systems with obligations totaling about $243 million in 
fiscal year 2004 for modernizations were not reviewed by the DOD 
Comptroller. 

Table 4: Identification of Business Systems Modernizations by DOD 
Component That Did Not Have DOD Comptroller Review as Required by the 
Fiscal Year 2003 National Defense Authorization Act: 

Dollars in millions. 

Army; 
Number of systems not reviewed: 2; 
Fiscal year 2004 obligations: $40.5. 

Navy; 
Number of systems not reviewed: 10; 
Fiscal year 2004 obligations: $92.8. 

Air Force; 
Number of systems not reviewed: 11; 
Fiscal year 2004 obligations: $79.1. 

DLA; 
Number of systems not reviewed: 3; 
Fiscal year 2004 obligations: $9.8. 

U.S. Transportation Command (TRANSCOM); 
Number of systems not reviewed: 1; 
Fiscal year 2004 obligations: $1.1. 

DFAS; 
Number of systems not reviewed: 1; 
Fiscal year 2004 obligations: $2.6. 

TRICARE; 
Number of systems not reviewed: 2; 
Fiscal year 2004 obligations: $16.6. 

Total; 
Number of systems not reviewed: 30; 
Fiscal year 2004 obligations: $242.5. 

Source: GAO analysis of DOD reported information. 

[End of table]

Examples of DOD business systems modernizations with obligations in 
excess of $1 million included in table 4 that were not submitted to the 
DOD Comptroller include the following. 

* The Navy obligated about $57 million for the Navy Tactical Command 
Support System in fiscal year 2004. We previously reported[Footnote 38] 
that for fiscal year 2003, the Navy obligated about $22 million for 
this system without submitting it to the DOD Comptroller for review. 

* DFAS obligated about $3 million in fiscal year 2004 for the DFAS 
Corporate Database/DFAS Corporate Warehouse (DCD/DCW). In fiscal year 
2003, DFAS obligated approximately $19 million for DCD/DCW without 
submitting it to the DOD Comptroller for review. Additionally, we 
reported in May 2004[Footnote 39] that DFAS had yet to complete an 
economic analysis justifying that continued investment in DCD/DCW would 
result in tangible improvements in the department's operations. The 
department has acknowledged that DCD/DCW will not result in tangible 
savings to DOD. Continued investment is being based upon intangible 
savings of man-hours reductions by DFAS. 

* The Air Force obligated about $25 million for the Integrated 
Maintenance Data System in fiscal year 2004. We previously 
reported[Footnote 40] that for fiscal year 2003, the Air Force 
obligated over $9 million for this system without it being submitted to 
the DOD Comptroller for review. 

* The Army obligated over $34 million for its Logistics Modernization 
Program in fiscal year 2004. In fiscal year 2003, the Army obligated 
over $52 million without the prerequisite review being performed by the 
DOD Comptroller. 

* DLA obligated about $5 million for the Defense Medical Logistics 
Standard Support program in fiscal year 2004. We previously 
reported[Footnote 41] that DLA obligated about $5 million in fiscal 
year 2003 for this program. 

The 2003 act placed limitations on the legal authority of individual 
program and government contracting officials to obligate funds in 
support of the financial systems improvements for which they are 
responsible, but DOD did not proactively manage investments to avoid 
violations of the limitations and did not review investments in any 
meaningful way to enforce these statutory limitations. 

Appendix III provides a list of obligations exceeding $1 million for 
business systems modernizations for fiscal year 2004 that were reviewed 
and approved by the DOD Comptroller as required by the 2003 act. 
Appendix IV provides a list of the individual systems not submitted to 
the DOD Comptroller and the related amount of the reported obligations 
for fiscal year 2004, as required by the 2003 act. It should be noted 
that since passage of the fiscal year 2003 defense authorization act in 
December 2002 through the end of fiscal year 2004, based upon 
information reported to us, the military services and defense 
components obligated about $651 million for business systems 
modernizations without the required review by the DOD Comptroller. 
While this amount is significant, it is not complete or accurate 
because it does not include any fiscal year 2005 obligations that 
occurred prior to the enactment of the fiscal year 2005 defense 
authorization act on October 28, 2004. 

Additionally, our analysis also identified another 50 business systems 
with obligations totaling over $258 million that were not submitted for 
review as directed by the DOD Comptroller's July 16, 2004, memorandum. 
The memorandum expanded the criteria set forth in the 2003 act to 
include the modernization of all nonfinancial business systems that 
support the operations of the business domains. Appendix V provides a 
list of the business systems not submitted for review in accordance 
with the July 2004 guidance and the related amount of obligation for 
each system. 

In an attempt to achieve compliance with the requirement of the 2003 
act and the DOD Comptroller's July 2004 memorandum, as of January 2005, 
the DOD Comptroller identified 48 business systems that had both fiscal 
year 2004 and 2005 budgets each greater than $1 million in 
modernization funding, but had not been reviewed and approved by the 
DOD Comptroller. For the 48 business systems, the DOD Comptroller 
withheld[Footnote 42] a funding amount equal to 50 percent of the 
systems' fiscal year 2005 modernization funding, which amounts to over 
$192 million. We discussed the withheld amounts with BMMP officials, 
who told us they anticipated that virtually all of the systems would 
come off of the "withhold" list by the end of the fiscal year. 
According to BMMP officials, a system will be removed from the withhold 
list as soon as the system owner, in conjunction with the domains, has 
a business system certification package approved by the DOD 
Comptroller, thereby showing compliance with the DOD Comptroller's July 
2004 memorandum. 

DOD's process of withholding funding is focused on meeting 
documentation requirements related to compliance with the BEA, rather 
than on the control of business systems investments. The "withhold" 
process ultimately will have very little impact on DOD's control and 
accountability over its business systems investment. The department 
continues to perpetuate the proliferation of duplicative, 
nonintegrated, and stovepiped business systems by spending billions of 
dollars annually on the modernization of systems for which DOD lacks 
reasonable assurance that the investment will add value to DOD's 
operations. To gain more control and accountability over such business 
systems funding, we have previously recommended[Footnote 43] that the 
funding be vested with the "owners" of the various functional areas or 
domains. We believe it is critical that funds for DOD business systems 
be appropriated to the domain owners in order to prevent the continued 
parochial approach to systems investment that exists today. While the 
department has stated that the domains would be involved in the fiscal 
year 2006 budget review process, as previously noted, we found this not 
to be the case. Unless the domains control the funding, it will be 
difficult for them to meet the requirements of the Ronald W. Reagan 
National Defense Authorization Act for Fiscal Year 2005,[Footnote 44] 
including control and accountability over business systems investments. 

Congress Acts to Improve DOD's Control and Accountability over Business 
Systems Investments: 

The statutory requirements enacted as part of the Ronald W. Reagan 
National Defense Authorization Act for Fiscal Year 2005 are aimed at 
improving the department's business systems management practices. The 
act directs DOD to put in place a definite management structure that is 
responsible for the control and accountability over business systems 
investments by establishing a hierarchy of investment review boards 
from across the department and directs that the boards use a standard 
set of investment review and decision-making criteria to ensure 
compliance and consistency with the BEA. 

More specifically, the act does the following: 

* Directs DOD to establish specific management oversight and 
accountability with the "owners" of the various functional areas or 
domains. The legislation defined the scope of the various business 
areas (e.g., acquisition, logistics, and finance and accounting) and 
directed the establishment of functional approval authority and 
responsibility for management of the portfolio of business systems with 
the relevant under secretary of defense for the departmental domains 
and the Assistant Secretary of Defense for Networks and Information 
Integration and the CIO for the department. 

* Stipulates that no later than March 15, 2005, the responsible 
approval authorities, or domains, establish a hierarchy of investment 
review boards with DOD-wide representation, including the military 
services and defense agencies. The boards are responsible for reviewing 
and approving investments to develop, operate, maintain, and modernize 
business systems for their respective business areas, including 
ensuring that investments are consistent with DOD's BEA.[Footnote 45]

* Directs the Secretary of Defense to establish the Defense Business 
Systems Management Committee with representation including the Deputy 
Secretary of Defense, the designated approval authorities, and 
secretaries of the military services and heads of the defense agencies. 
The Deputy Secretary of Defense is the chairman of the committee with 
one of the designated approval authorities serving as the vice- 
chairman. 

* Directs that effective October 1, 2005, funds may not be obligated 
for a defense business systems modernization that will have a total 
cost in excess of $1 million unless the conditions specified in the act 
are met.[Footnote 46] The Defense Business Systems Management Committee 
must agree with the designated approval authorities'[Footnote 47] 
certification before funds can be obligated. More important, the 
obligation of funds without the requisite approval by the Defense 
Business Systems Management Committee is deemed a violation of the Anti-
Deficiency Act.[Footnote 48]

* Requires that no later than March 15 of each year from 2005 through 
2009, the Secretary of Defense shall submit a report to Congress that 
describes how DOD plans to comply with the requirements of the act. 

* Stipulates that all budget requests, starting with the budget request 
for fiscal year 2006, include supporting information that (1) 
identifies each defense business system for which funding is proposed 
in that budget; (2) identifies all current services and modernization 
funds, by appropriation, for each business system; (3) identifies the 
designated approval authority for each business system; and (4) 
describes the required certification for each business system. 

While the success of BMMP and improved control and accountability of 
business systems investments are critical aspects of the department's 
transformation efforts, equally important is the department's ability 
to develop and implement business systems that provide the promised 
capabilities on time and within budget. As we have previously reported, 
the department has not demonstrated the ability to achieve these 
goals.[Footnote 49] Given that the domains have been designated as 
being responsible for reviewing and approving business systems 
investments, each of the domains' investment review boards needs to 
provide effective management oversight of each system project's 
performance and progress toward predefined cost and schedule 
expectations as well as each project's anticipated benefits and risk 
exposure. Further, each investment review board should also employ 
early warning systems that enable it to take corrective action at the 
first sign of cost, schedule, or performance slippages. Effective 
project oversight requires having regular reviews of the project's 
performance against stated expectations and ensuring that corrective 
actions for each underperforming project are documented, agreed to, 
implemented, and tracked until the desired outcome is achieved. We have 
previously recommended[Footnote 50] that until DOD assesses its current 
systems, investment should be limited to: 

* deployment of systems that have already been fully tested and involve 
no additional development or acquisition cost;

* stay-in-business maintenance needed to keep existing systems 
operational;

* management controls needed to effectively invest in modernized 
systems; and: 

* new systems or existing system changes that are congressionally 
directed or are relatively small, cost-effective, and low risk and can 
be delivered in a relatively short time frame. 

DOD also has not acted upon this recommendation and continues to invest 
billions of dollars without effective oversight and control. With the 
fiscal year 2005 act placing more responsibility on the domains, the 
implementation of the above four limitations would be one means of 
obtaining improved control over business systems investments. 

We have previously reported[Footnote 51] that best practices recommend 
that to achieve successful transformation, an organization must change 
its culture so that it is more results-oriented, customer-focused, and 
collaborative in nature. To transform its culture, an effective 
performance management system can be a strategic tool to drive internal 
changes and achieve desired results by using specific key practices to 
create a clear link between individual performance and organizational 
success. An effective performance management system pertaining to DOD's 
business systems would help the department determine the effectiveness 
of the domains and components in carrying out their responsibilities 
for the control and accountability of business systems investments. 

Although the requirements of the fiscal year 2005 defense authorization 
act establish a management structure, each of the military services has 
established its own business systems investment review process. At this 
point, it is uncertain how they will be integrated with the roles and 
responsibilities that are to be exercised by the domains. Given the 
size and complexity of the business systems and related operations 
transformation endeavor, it is critical that the military services and 
domains are fully integrated into one cohesive business system 
investment management strategy. However, it is not clear what specific 
role the military services will play. If the military services' efforts 
are simply viewed as one more level of review, that would be 
counterproductive to the overall transformation goals and objectives. 
Absent guidance that clearly articulates the relationship and the 
related roles and responsibilities of the domains and military 
services, each will continue to have stovepiped approaches to business 
systems investment management that result in more duplicative efforts. 
As a result, the department will continue to lack an overall 
comprehensive corporate process for ensuring that the billions of 
dollars spent on business systems are being spent efficiently and 
economically. 

Conclusion: 

DOD's difficulty in simply identifying all of its business systems and 
the money spent on them illustrates the enormity and complexity of 
transforming the department's business operations. Since April 2003, 
the reported inventory has increased by about 1,900 systems. Also, the 
department is not aware of which DOD component controls all the systems 
nor have all the systems been assigned to a domain. Given these 
circumstances, the department has made limited progress in achieving 
effective management control and accountability over the billions of 
dollars invested annually in its business systems. The department 
continues to lack reasonable assurance that the billions of dollars 
spent annually on its business systems represent an efficient use of 
resources. Because DOD lacks a well-defined BEA and transition plan, 
billions of dollars continue to be at risk of being spent on systems 
that are duplicative, are not interoperable, cost more to maintain than 
necessary, and do not optimize mission performance and accountability. 

While the fiscal year 2005 defense authorization act provides a 
management structure to improve the control and accountability over the 
department's business systems investments, the appropriate policies and 
procedures still must be developed, implemented, and institutionalized 
to allow the department to make informed systems investment decisions. 
An integrated, comprehensive strategy will be critical to help ensure 
the domains and military services do not proceed independently of one 
another. By doing less, DOD will continue to waste billions of dollars 
by perpetuating today's legacy business systems environment. 

Recommendations for Executive Action: 

To improve the department's control and accountability of business 
systems investments, we are making the following four recommendations. 
We recommend that the Secretary of Defense direct that the: 

* DOD CIO, in consultation with the domains, review the 56 systems 
reclassified from business systems to national security systems to 
determine how these should be properly reported in the fiscal year 2007 
IT budget request;

* Defense Business Systems Management Committee work with the domain 
investment review boards to review the reported BMMP business systems 
inventory so systems are defined in accordance with the definition 
specified in the fiscal year 2005 defense authorization act;

* Defense Business Systems Management Committee develop a comprehensive 
plan that addresses implementation of our previous recommendations 
related to the BEA and the control and accountability over business 
systems investments (at a minimum, the plan should assign 
responsibility and estimated time frames for completion); and: 

* comprehensive plan we recommend above be incorporated into the 
department's second annual report due March 15, 2006, to the defense 
congressional committees, as required by the fiscal year 2005 defense 
authorization act, to help facilitate congressional oversight. 

Agency Comments and Our Evaluation: 

We received written comments on a draft of this report from the Under 
Secretary of Defense for Acquisition, Technology and Logistics, which 
are reprinted in appendix II. DOD concurred with our recommendations 
and identified actions it planned to take to improve the department's 
control and accountability of business systems investments. For 
example, the Under Secretary of Defense for Acquisition, Technology and 
Logistics, stated that the department will conduct a review of the 56 
systems reclassified from business to national security systems to 
determine the proper classification of these systems in the IT budget 
requests. In addition, the Under Secretary of Defense for Acquisition, 
Technology and Logistics, noted that on March 17, 2005, the department 
designated the DITPR as the database for all DOD business systems and 
that the DITPR has the capability to identify all reported BMMP 
business systems in accordance with the definition specified in the 
fiscal year 2005 defense authorization act. The Under Secretary of 
Defense for Acquisition, Technology and Logistics, also stated that the 
department is developing a plan and timeline to address our previous 
recommendations and that this plan will be included in the department's 
report due March 15, 2006, to the defense congressional committees. 

In addition to the actions taken in response to our recommendations, 
DOD implemented several other key steps after we provided a draft of 
the report to the department for comment. Specifically, the department 
acted to address certain provisions and requirements of the fiscal year 
2005 defense authorization act. On March 19, 2005, the Deputy Secretary 
of Defense delegated the authority for the review, approval, and 
oversight of the planning, design, acquisition, development, operation, 
maintenance, and modernization of defense business systems to the 
designated approval authority for each business area.[Footnote 52] 
Additionally on March 24, 2005, the Deputy Secretary of Defense 
directed the transfer of program management, oversight, and support 
responsibilities regarding DOD business transformation efforts from the 
Office of the Under Secretary of Defense, Comptroller, to the Office of 
the Under Secretary of Defense for Acquisition, Technology and 
Logistics. According to the directive, this transfer of functions and 
responsibilities will allow the Office of the Under Secretary of 
Defense for Acquisition, Technology and Logistics to establish the 
level of activity necessary to support and coordinate activities of the 
newly established Defense Business Systems Management Committee. As 
required by the act, the Defense Business Systems Management Committee, 
with representation including the Deputy Secretary of Defense, the 
designated approval authorities, and secretaries of the military 
services and heads of the defense agencies, is the highest ranking 
governance body responsible for overseeing DOD business systems 
modernization efforts. 

While these actions are important in establishing the administrative 
framework for implementing management reform, we continue to believe 
that a new executive position is needed to provide the strong and 
sustained leadership to guide these efforts. We have testified on the 
need for a chief management official (CMO) on numerous 
occasions,[Footnote 53] including our most recent testimony on April 
13, 2005.[Footnote 54] The CMO would serve as the Deputy Secretary of 
Defense for Management and oversee the department's business 
transformation efforts. The day-to-day demands placed on the Secretary 
of Defense, the Deputy Secretary, and others make it difficult for 
these leaders to maintain the oversight, focus, and momentum needed to 
resolve the weaknesses in DOD's overall business operations. This is 
particularly evident given the demands that the Iraq and Afghanistan 
postwar reconstruction activities and the continuing war on terrorism 
have placed on current leaders. Furthermore, the breadth and complexity 
of the problems and the hierarchical nature of the department preclude 
the under secretaries from asserting the necessary authority to resolve 
these long-standing issues while continuing to fulfill their other 
responsibilities. A CMO could provide the sustained and focused 
leadership that these other top officials are unable to provide. On 
April 14, 2005, a bill was introduced in the Senate that requires the 
establishment of a CMO that would be appointed by the President and 
confirmed by the Senate, for a set term of 7 years.[Footnote 55]

As agreed with your offices, unless you announce the contents of this 
report earlier, we will not distribute it until 30 days after its 
issuance date. At that time, we will send copies to the Chairmen and 
Ranking Minority Members, Senate Committee on Armed Services; Senate 
Committee on Homeland Security and Governmental Affairs; Subcommittee 
on Defense, Senate Committee on Appropriations; House Committee on 
Armed Services; Subcommittee on Defense, House Committee on 
Appropriations; and Ranking Minority Member, House Committee on 
Government Reform. We will also send copies to the Under Secretary of 
Defense (Comptroller); the Under Secretary of Defense (Acquisition, 
Technology and Logistics); the Under Secretary of Defense (Personnel 
and Readiness); the Assistant Secretary of Defense (Networks and 
Information Integration); and the Director, Office of Management and 
Budget. Copies of this report will be made available to others upon 
request. In addition, the report will be available at no charge on the 
GAO Web site at [Hyperlink, http://www.gao.gov]. If you or your staff 
have any questions on matters discussed in this report, please: 

contact Gregory D. Kutz at (202) 512-9095 or [Hyperlink, kutzg@gao.gov] 
or Keith A. Rhodes at (202) 512-6412 or [Hyperlink, rhodesk@gao.gov]. 
GAO contacts and key contributors to this report are listed in appendix 
VI. 

Signed by: 

Gregory D. Kutz: 
Director: 
Financial Management and Assurance: 

Signed by: 

Keith A. Rhodes: 
Chief Technologist: 
Applied Research and Methodology: 
Center for Engineering and Technology: 

List of Requesters: 

The Honorable Tom Davis: 
Chairman: 
Committee on Government Reform: 
House of Representatives: 

The Honorable Christopher Shays: 
Chairman: 
Subcommittee on National Security, Emerging Threats and International 
Relations: 
Committee on Government Reform: 
House of Representatives: 

The Honorable Todd R. Platts: 
Chairman: 
Subcommittee on Government Management, Finance, and Accountability: 
Committee on Government Reform: 
House of Representatives: 

The Honorable Adam H. Putnam: 
House of Representatives: 

[End of section]

Appendixes: 

Appendix I: Scope and Methodology: 

We reviewed the Department of Defense's (DOD) approximately $28.7 
billion fiscal year 2005 information technology (IT) budget request to 
determine what portion of the budget relates to DOD business systems. 
We reviewed the budget to determine, of the approximately $13.3 billion 
related to the department's business systems, the amount allocated for 
operation, maintenance, and development/modernization. We also met with 
the domains to obtain an understanding of the process followed in 
determining the specific number of business systems applicable to each 
respective domain. 

In addition, we compared the fiscal year 2004 and 2005 IT budget 
requests to determine the systems that were reclassified from business 
systems to national security systems. We analyzed the 56 system 
reclassifications by using information in the budget requests, the 
Business Management Modernization Program (BMMP) systems inventory, and 
the list of business systems modernizations with obligations approved 
by the DOD Comptroller to determine if they were reasonable and 
consistent. For certain systems that had inconsistent information, we 
inquired of system program and BMMP officials about the appropriateness 
of the reclassifications. 

To determine the effectiveness of DOD's control and accountability over 
its business systems investments, we met with DOD officials to obtain 
an update on the status of our prior recommendations. We also met with 
appropriate officials in the DOD Comptroller and DOD Chief Information 
Officer (CIO) offices to discuss the status of various draft policies 
and guidance that are aimed at improving the department's control and 
accountability over business systems investments. We also reviewed and 
analyzed the DOD budget request for fiscal year 2004 to identify the 
business systems investments that could be subject to the requirements 
of the Bob Stump National Defense Authorization Act for Fiscal Year 
2003,[Footnote 56] which requires the DOD Comptroller to review all 
financial system improvements with obligations exceeding $1 million and 
determine whether each improvement is in accordance with criteria 
specified in the act. To assess DOD's compliance with the act, we 
obtained and reviewed obligational data on modernizations in excess of 
$1 million for business systems for fiscal year 2004. We compared the 
obligational data provided by the military services and defense 
agencies with information obtained from BMMP officials to determine if 
the modernizations were reviewed by the DOD Comptroller as stipulated 
in the fiscal year 2003 act. We did not review the accuracy and 
reliability of the obligational data reported by DOD. Given the 
department's previously reported problems related to financial 
management, we have no assurance that the data provided were complete, 
but the obligational data reported by DOD are the only data available 
that can be used for determining the specific amount of modernization 
funding spent on each business system. 

To augment our document reviews and analyses, we interviewed officials 
from various DOD organizations, including the Office of the Under 
Secretary of Defense (Comptroller); the DOD CIO; and the Office of the 
Under Secretary of Defense (Acquisition, Technology and Logistics). We 
conducted our work from August 2004 through February 2005 in accordance 
with U.S. generally accepted government auditing standards. 

We requested comments on a draft of this report from the Secretary of 
Defense or his designee. We received written comments on a draft of the 
report from the Under Secretary of Defense for Acquisition, Technology 
and Logistics, which are reprinted in appendix II. 

[End of section]

Appendix II: Comments from the Department of Defense: 

THE UNDER SECRETARY OF DEFENSE:
ACQUISITION, TECHNOLOGY AND LOGISTICS:
3010 DEFENSE PENTAGON: 
WASHINGTON, DC 20301-3010:

APR 15 2005:

Mr. Gregory D. Kutz:
Director, Financial Management and Assurance: 
U.S. Government Accountability Office: 
Washington, DC 20548:

Dear Mr. Kutz:

Enclosed is the Department of Defense (DoD) response to the Government 
Accountability Office (GAO) Draft Report, GAO-05-381, "DoD Business 
Systems Modernization: Billions Being Invested Without Adequate 
Oversight," dated March 16, 2005. This report is based upon the GAO 
review of the state of business system governance in November of 2004. 
The Department concurs with all four of the GAO's executive 
recommendations and has initiated specific actions to address each one. 
Our comments on the recommendations are enclosed.

The Business Transformation effort of the Department of Defense, and 
the activities of the Business Management Modernization Program (BMMP) 
have been restructured to accelerate the transformation effort, 
establish effective oversight of department-wide system modernization 
investments, and ensure continued senior leadership engagement in the 
transformation effort. The focus of the BMMP is to drive greater 
innovation and higher levels of efficiency throughout the Business 
Mission Area of the Department. This will be achieved by implementing 
DoD enterprise-level capabilities to accelerate broader, Department- 
wide improvements in business processes while continuously improving 
our financial management discipline and financial transparency.

To ensure program discipline is applied to achieving these objectives, 
I am designating the BMMP an ACAT ID Special Interest Acquisition 
Program. In February, the Department established a Defense Business 
Systems Management Committee, chaired by the Deputy Secretary of 
Defense to oversee and approve all investments in business systems 
modernization. The Deputy designated me as the Vice Chair in the 
enclosed memorandum. In March, the Deputy Secretary of Defense gave me 
responsibility for the Department's business transformation efforts 
(see enclosure). The Comptroller and I have jointly designated two 
senior leaders with industry experience in business transformation to 
directly manage the transformation program. The 2005 Annual Report to 
the Congressional Defense Committees, "Status of the Department of 
Defense's Business Management Modernization Program, " dated March 15, 
2005, provides further details regarding the status and realignment of 
our transformation effort.

I look forward to continued engagement and discussion with the GAO as 
we continue our effort to transform the business operations of the 
Department.

Sincerely,

Signed by: 

Michael W. Wynne: 

Enclosures: As stated:

GAO Draft Report - Dated March 16, 2005 GAO CODE 192141/GAO-05-381:

"DoD Business Systems Modernization: Billions Being Invested Without 
Adequate Oversight"

DEPARTMENT OF DEFENSE COMMENTS TO THE RECOMMENDATIONS:

RECOMMENDATION 1: The GAO recommended that the Secretary of Defense 
direct that the DOD Chief Information Officer, in consultation with the 
domains, review the 56 systems reclassified from business systems to 
national security systems, to determine how these should be properly 
reported in the Fiscal Year 2007 Information Technology budget request. 
(p. 44/GAO Draft Report):

DOD RESPONSE: Concur. The DoD Chief Information Officer will conduct a 
review of the 56 systems that were reclassified from Business Systems 
to National Security Systems to determine if they were correctly 
reported and to address how to properly reflect these systems in future 
year Information Technology budget request.

RECOMMENDATION 2: The GAO recommended that the Secretary of Defense 
direct that the Defense Business Systems Management Committee work with 
the domain investment review boards to review the reported Business 
Management Modernization Program (BMMP) business systems inventory so 
systems are defined in accordance with the definition specified in the 
Fiscal Year 2005 National Defense Authorization Act. (p. 44/GAO Draft 
Report):

DOD RESPONSE: Concur. On March 17, 2005, the DoD Deputy Chief 
Information Officer (DCIO) designated the DoD Information Technology 
Portfolio Registry (DITPR) as the interim solution Enterprise Shared 
Space for IT Portfolio Management data for all DoD business IT systems 
and, further, directed that the DoD Information Technology Registry be 
consolidated with DITPR by October 31, 2005. DITPR has the capability 
to identify all reported BMMP business systems in accordance with the 
definition specified in the FY 2005 Defense Authorization Act. 
Additionally, DITPR will also have the capability to store all other 
reported IT and National Security Systems.

RECOMMENDATION 3: The GAO recommended that the Secretary of Defense 
direct that the Defense Business Systems Management Committee to 
develop a comprehensive plan that addresses implementation of our 
previous recommendations related to the BEA and the control and 
accountability over business system investments. At a minimum, the plan 
should assign responsibility and estimated timeframes for completion.

DOD RESPONSE: Concur. Transformation leadership is developing a plan 
and timeline for closing out all of GAO's open recommendations. BMMP 
staff has met with GAO staff to confirm steps needed to bring each 
recommendation to closure.

RECOMMENDATION 4: The GAO recommended that the Secretary of Defense 
direct that the comprehensive plan we recommend above be incorporated 
into the Department's second annual report due March 15, 2006 to the 
defense congressional committees, as required by the fiscal year 2005 
defense authorization act, to help facilitate congressional oversight.

DOD RESPONSE: Concur. We will include plans to address GAO's 
recommendations in our next report to Congress.

THE DEPUTY SECRETARY OF DEFENSE:
WASHINGTON, D.C. 20301:

MAR 24 2005:

MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS: 
CHAIRMAN OF THE JOINT CHIEFS OF STAFF: 
UNDER SECRETARIES OF DEFENSE:
ASSISTANT SECRETARIES OF DEFENSE:
GENERAL COUNSEL OF THE DEPARTMENT OF DEFENSE: 
INSPECTOR GENERAL OF THE DEPARTMENT OF DEFENSE: 
DIRECTOR, OPERATIONAL TEST AND EVALUATION: 
ASSISTANTS TO THE SECRETARY OF DEFENSE: 
DIRECTOR, ADMINISTRATION AND MANAGEMENT: 
DIRECTOR, PROGRAM ANALYSIS AND EVALUATION: 
DIRECTOR, NET ASSESSMENT:
DIRECTOR, FORCE TRANSFORMATION: 
DIRECTORS OF THE DEFENSE AGENCIES: 
DIRECTORS OF THE DOD FIELD ACTIVITIES:

SUBJECT: Implementation Guidance on the Realignment of the Department 
of Defense (DoD) Business Transformation Program Management Office:

Effective today, I am directing the transfer of program management, 
oversight and support responsibilities regarding DoD business 
transformation efforts from the Office of the Under Secretary of 
Defense Comptroller (OUSD(C)) to the Office of the Under Secretary of 
Defense for Acquisition, Technology and Logistics (OUSD(AT&L)). This 
transfer is necessary to support the newly established Defense Business 
Systems Management Committee (DBSMC). The Under Secretary of Defense 
for Acquisition, Technology and Logistics (USD(AT&L)) serves as the 
Vice Chair of the DBSMC. Transferring these functions and 
responsibilities will allow the USD(AT&L) to establish the level of 
activity necessary to support and coordinate DBSMC activities. This 
transfer also addresses the provisions and requirements set forth in 
Public Law 108-375, Section 332 of the National Defense Authorization 
Act for Fiscal Year 2005.

Consistent with this direction, I authorize the realignment of two 
civilian manpower authorizations and two Senior Executive Service 
resources from OUSD(C) to the OUSD(AT&L) for this essential business 
transformation program. All funds programmed and budgeted for the 
Business Modernization and Systems Integration (BMSI) Office will 
remain in the Office of the Secretary of Defense account, but shall be 
reclassified as AT&L. In addition, the BMSI is renamed the 
Transformation Support Office.

The Under Secretary of Defense (Comptroller) and Director of 
Administration and Management, in coordination with the USD(AT&L) shall 
expedite the actions necessary to implement this direction.

Signed by: 

Paul Wolfowitz: 

[End of section]

Appendix III: DOD Business Systems Modernizations with Obligations in 
Excess of $1 Million Approved by the DOD Comptroller in Fiscal Year 
2004: 

Name of system: Defense Travel System; 
Approval date: October 2003. 

Name of system: Standard Procurement System; 
Approval date: October 2003. 

Name of system: DFAS Operational Data Store; 
Approval date: October 2003 and September 2004. 

Name of system: Composite Health Care System II; 
Approval date: November 2003. 

Name of system: General Accounting and Finance System Reengineered; 
Approval date: November 2003 and January 2004. 

Name of system: Air Force Reserve Travel System; 
Approval date: December 2003. 

Name of system: DFAS Automated Time, Attendance and Production System; 
Approval date: December 2003. 

Name of system: DFAS Defense Joint Military Pay System--Active 
Component; 
Approval date: December 2003. 

Name of system: DFAS Defense Joint Military Pay System--Reserve 
Component; 
Approval date: December 2003. 

Name of system: DFAS Defense Military Pay Office; 
Approval date: December 2003. 

Name of system: DFAS Defense Retiree and Annuitant Pay System; 
Approval date: December 2003. 

Name of system: DFAS Marine Corps Total Force System; 
Approval date: December 2003. 

Name of system: MyPay; 
Approval date: December 2003. 

Name of system: Forward Compatible Payroll System; 
Approval date: January 2004. 

Name of system: Defense Civilian Pay System; 
Approval date: January 2004. 

Name of system: Milpay Systems Transition Program; 
Approval date: January 2004. 

Name of system: Defense Departmental Reporting System; 
Approval date: January 2004. 

Name of system: Global Combat Support System - Army; 
Approval date: January 2004. 

Name of system: Navy Enterprise Resource Planning; 
Approval date: February 2004 and July 2004. 

Name of system: Intra-Governmental Transaction System; 
Approval date: March 2004. 

Name of system: Fuels Automated System; 
Approval date: April 2004. 

Name of system: Advanced Planning and Scheduling; 
Approval date: April 2004. 

Name of system: On Line Vehicle Interactive Maintenance System; 
Approval date: April 2004. 

Name of system: Navy Cash; 
Approval date: April 2004. 

Name of system: Defense Personal Property System; 
Approval date: May 2004. 

Name of system: Navy Standard Integrated Personnel System; 
Approval date: June 2004. 

Name of system: Commissary Advanced Resale Transaction System; 
Approval date: June 2004. 

Name of system: Ebiz; 
Approval date: July 2004. 

Name of system: Business Systems Modernization; 
Approval date: July 2004. 

Name of system: Global Combat Service Support - Marine Corps; 
Approval date: July 2004. 

Name of system: Deployable Disbursing System; 
Approval date: July 2004. 

Name of system: Common Food Management System; 
Approval date: August 2004. 

Name of system: Air Force Reserve Order Writing System; 
Approval date: September 2004. 

Name of system: DFAS Defense Cash Accountability System; 
Approval date: September 2004. 

Name of system: DFARS Transformation Integrated System; 
Approval date: September 2004. 

Name of system: Air Force Job Order Cost Accounting System II; 
Approval date: September 2004. 

Name of system: DISA Wide Area Work Flow; 
Approval date: September 2004. 

Name of system: Air Force Financial Information Resource System; 
Approval date: September 2004. 

Source: GAO analysis of DOD reported information. 

[End of table]

[End of section]

Appendix IV: Modernizations with Obligations in Excess of $1 Million 
Not Submitted for the Required DOD Comptroller Review: 

Dollars in millions. 

Component: Army; 
Name of system: Logistics Modernization Program; 
Amount: $34.4. 

Component: Army; 
Name of system: Defense Civilian Personnel Data System-Sustainment; 
Amount: $6.1. 

Subtotal Army; 
Amount: $40.5. 

Component: Navy; 
Name of system: Navy Tactical Command Support System; 
Amount: $56.5. 

Component: Navy; 
Name of system: Automated Teller Machines-At- Sea; 
Amount: $13.7. 

Component: Navy; 
Name of system: Electronic Data Interchange; 
Amount: $7.3. 

Component: Navy; 
Name of system: Conventional Ammunition Integrated Information System; 
Amount: $3.9. 

Component: Navy; 
Name of system: Shipyard Management Information Systems-Financials; 
Amount: $3.6. 

Component: Navy; 
Name of system: SPAWAR Financial Management - ERP; 
Amount: $2.7. 

Component: Navy; 
Name of system: Material Financial Control System; 
Amount: $1.5. 

Component: Navy; 
Name of system: NAVSEA Regional Fleet Maintenance ERP Pilot; 
Amount: $1.4. 

Component: Navy; 
Name of system: Regional Maintenance Automated Information System; 
Amount: $1.1. 

Component: Navy; 
Name of system: Material Management Systems; 
Amount: $1.1. 

Subtotal Navy; 
Amount: $92.8. 

Component: Air Force; 
Name of system: Integrated Maintenance Data System; 
Amount: $24.9. 

Component: Air Force; 
Name of system: Stock Control System; 
Amount: $5.2. 

Component: Air Force; 
Name of system: Integrated Logistics System - Supply; 
Amount: $8.7. 

Component: Air Force; 
Name of system: Depot Maintenance Accounting and Production System; 
Amount: $6.8. 

Component: Air Force; 
Name of system: Financial Inventory Accounting & Billing System; 
Amount: $3.2. 

Component: Air Force; 
Name of system: Regionalization of Civilian Personnel Support; 
Amount: $7.3. 

Component: Air Force; 
Name of system: Job Order Production Master System; 
Amount: $4.6. 

Component: Air Force; 
Name of system: Fuels Automated Management System Sustainment - Air 
Force; 
Amount: $8.4. 

Component: Air Force; 
Name of system: Purchase Request Process System; 
Amount: $2.7. 

Component: Air Force; 
Name of system: Inventory Tracking System; 
Amount: $4.7. 

Component: Air Force; 
Name of system: Automated Budget Analysis/Centralized User System; 
Amount: $2.6. 

Subtotal Air Force; 
Amount: $79.1. 

Component: DFAS; 
Name of system: DFAS Corporate Database/DFAS Corporate Warehouse; 
Amount: $2.6. 

Component: DFAS; 
Subtotal DFAS; 
Amount: $2.6. 

Component: DLA; 
Name of system: Defense Medical Logistics Standard Support; 
Amount: $4.9. 

Component: DLA; 
Name of system: Subsistence Total Order and Receipt Electronic System; 
Amount: $1.4. 

Component: DLA; 
Name of system: Distribution Standard System; 
Amount: $3.5. 

Component: DLA; 
Subtotal DLA; 
Amount: $9.8. 

Component: TRANSCOM; 
Name of system: Transportation Financial Management System; 
Amount: $1.1. 

Component: TRANSCOM; 
Subtotal TRANSCOM; 
Amount: $1.1. 

Component: TRICARE; 
Name of system: Defense Medical Logistics Standard System; 
Amount: $9.6. 

Component: TRICARE; 
Name of system: Patient Accounting System; 
Amount: $7.0. 

Component: TRICARE; 
Subtotal TRICARE; 
Amount: $16.6. 

Total; 
Amount: $242.5. 

Source: GAO analysis of DOD reported information. 

[End of table]

[End of section]

Appendix V: Modernizations with Obligations in Excess of $1 Million Not 
Reviewed by DOD Comptroller per July 2004 Memorandum: 

Dollars in millions. 

Component: Army; 
Name of system: Personnel Electronic Records Management System; 
Amount: $5.3. 

Component: Army; 
Name of system: Personnel Transformation; 
Amount: $3.7. 

Component: Army; 
Name of system: US MEPCOM Integrated Resource System; 
Amount: $4.7. 

Component: Army; 
Name of system: Electronic Military Personnel System; 
Amount: $8.7. 

Component: Army; 
Name of system: Installation Support Modules; 
Amount: $1.1. 

Component: Army; 
Name of system: US Army Accessions Command Integrated Automation 
Architecture; 
Amount: $15.5. 

Component: Army; 
Name of system: Enterprise Human Resources System; 
Amount: $1.6. 

Subtotal Army; 
Amount: $40.6. 

Component: Navy; 
Name of system: Target Location Design and Hand-Off System; 
Amount: $33.2. 

Component: Navy; 
Name of system: Electronic Military Personnel Record System; 
Amount: $8.2. 

Component: Navy; 
Name of system: One Touch Support; 
Amount: $4.1. 

Component: Navy; 
Name of system: Joint Engineer Data Management Information Control 
System; 
Amount: $12.1. 

Component: Navy; 
Name of system: MSC Afloat Personnel Management Center; 
Amount: $2.2. 

Component: Navy; 
Name of system: Automation Identification Technology; 
Amount: $15.5. 

Component: Navy; 
Name of system: NAVAIR Logistics Data Analysis; 
Amount: $5.9. 

Component: Navy; 
Name of system: Predictive Response Center; 
Amount: $3.3. 

Component: Navy; 
Name of system: Condition-Based Maintenance System; 
Amount: $10.7. 

Component: Navy; 
Name of system: Human Resources Development Portfolio; 
Amount: $2.0. 

Component: Navy; 
Name of system: Configuration Management Information System; 
Amount: $3.2. 

Component: Navy; 
Name of system: Mounted Cooperative Target ID System; 
Amount: $1.8. 

Component: Navy; 
Name of system: Total Fleet Support System; 
Amount: $1.6. 

Component: Navy; 
Name of system: Surface Warfare Management Information Systems; 
Amount: $1.3. 

Component: Navy; 
Name of system: InforM-21; 
Amount: $1.2. 

Subtotal Navy; 
Amount: $106.3. 

Component: Air Force; 
Name of system: Reliability and Maintainability Information System; 
Amount: $4.8. 

Component: Air Force; 
Name of system: Air Force Military Personnel Data System; 
Amount: $4.2. 

Component: Air Force; 
Name of system: Education and Training Technology Applications Program; 
Amount: $1.7. 

Component: Air Force; 
Name of system: Cadet Administrative Management Information System; 
Amount: $1.2. 

Component: Air Force; 
Name of system: Air Force Recruiter Information Support System; 
Amount: $2.6. 

Component: Air Force; 
Name of system: Joint Personnel Adjudication System; 
Amount: $4.1. 

Component: Air Force; 
Name of system: Programming Depot Maintenance Scheduling System; 
Amount: $3.1. 

Component: Air Force; 
Name of system: Maintenance Repair and Overhaul; 
Amount: $2.6. 

Component: Air Force; 
Name of system: MA MRO Business System Modernization; 
Amount: $6.6. 

Component: Air Force; 
Name of system: Center of Parts Activity; 
Amount: $1.2. 

Component: Air Force; 
Name of system: Air Force Knowledge Services; 
Amount: $7.4. 

Component: Air Force; 
Name of system: Enhanced Technical Information Management System; 
Amount: $7.2. 

Component: Air Force; 
Name of system: Enterprise Knowledge Management/Knowledge Kinetics; 
Amount: $1.3. 

Component: Air Force; 
Name of system: AFRL Business Support Consolidated Information; 
Amount: $24.1. 

Component: Air Force; 
Name of system: Cadet Education; 
Amount: $1.4. 

Component: Air Force; 
Name of system: Exchangeables Production System; 
Amount: $1.3. 

Subtotal Air Force; 
Amount: $74.8. 

Component: TRANSCOM; 
Name of system: Joint Flow and Analysis System for Transportation; 
Amount: $1.6. 

Component: TRANSCOM; 
Name of system: Core Automated Maintenance System; 
Amount: $2.8. 

Component: TRANSCOM; 
Name of system: Global Air Transportation Execution System; 
Amount: $6.3. 

Component: TRANSCOM; 
Name of system: Integrated Booking System; 
Amount: $2.2. 

Component: TRANSCOM; 
Name of system: Intelligent Road/Rail Information Server; 
Amount: $2.3. 

Component: TRANSCOM; 
Name of system: Worldwide Port System; 
Amount: $3.2. 

Subtotal TRANSCOM; 
Amount: $18.4. 

Component: TRICARE; 
Name of system: Centralized Credentials and Quality Assurance System; 
Amount: $3.8. 

Component: TRICARE; 
Name of system: Defense Blood Standard System; 
Amount: $1.6. 

Component: TRICARE; 
Name of system: Defense Medical Human Resource System Internet; 
Amount: $3.4. 

Component: TRICARE; 
Name of system: Enterprise Wide Scheduling and Registration; 
Amount: $3.1. 

Component: TRICARE; 
Name of system: TRICARE Online; 
Amount: $1.6. 

Subtotal TRICARE; 
Amount: $13.5. 

Component: AFIS; 
Name of system: Network Support - Armed Forces Information Services; 
Amount: $4.9. 

Subtotal AFIS; 
Amount: $4.9. 

Total; 
Amount: $258.5. 

Source: GAO analysis of DOD reported information. 

[End of table]

[End of section]

Appendix VI: GAO Contacts and Staff Acknowledgments: 

GAO Contacts: 

Darby Smith, (202) 512-7803; 
J. Christopher Martin, (202) 512-9481: 

Acknowledgments: 

Staff members who made key contributions to this report were Beatrice 
Alff, Francine DelVecchio, Francis Dymond, Lauren Fassler, Kristi 
Karls, Mai Nguyen, Philip Reiff, and Bernard Trescavage. 

(192141): 

FOOTNOTES

[1] Business systems include those that are used to support civilian 
and military personnel, finance, logistics, procurement, and 
transportation. 

[2] See, for example, GAO, Defense Inventory: Opportunities Exist to 
Improve Spare Parts Support Aboard Deployed Navy Ships, GAO-03-887 
(Washington, D.C.: Aug. 29, 2003); Military Pay: Army National Guard 
Personnel Mobilized to Active Duty Experienced Significant Pay 
Problems, GAO-04-89 (Washington, D.C.: Nov. 13, 2003); and DOD Travel 
Cards: Control Weaknesses Resulted in Millions of Dollars of Improper 
Payments, GAO-04-576 (Washington, D.C.: June 9, 2004). 

[3] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: 
Jan. 2005). The eight specific DOD high-risk areas are (1) approach to 
business transformation, (2) business systems modernization, (3) 
contract management, (4) financial management, (5) personnel security 
clearance program, (6) supply chain management, (7) support 
infrastructure management, and (8) weapon systems acquisition. The six 
governmentwide high-risk areas are (1) disability programs, (2) 
interagency contracting, (3) information systems and critical 
infrastructure, (4) information sharing for homeland security, (5) 
human capital, and (6) real property. 

[4] BMMP is the department's business transformation initiative 
encompassing defense policies, processes, people, and systems that 
guide, perform, or support all aspects of business management, 
including development and implementation of the business enterprise 
architecture. 

[5] The six domains and the respective domain leaders for fiscal year 
2004 were (1) acquisition--Under Secretary of Defense (Acquisition, 
Technology and Logistics); (2) financial management--Under Secretary of 
Defense (Comptroller/Chief Financial Officer); (3) human resources 
management--Under Secretary of Defense (Personnel and Readiness); (4) 
installations and environment--Under Secretary of Defense (Acquisition, 
Technology and Logistics); (5) logistics--Under Secretary of Defense 
(Acquisition, Technology and Logistics); and (6) enterprise information 
environment--Assistant Secretary of Defense (Networks and Information 
Integration)/Chief Information Officer. In September 2004, the 
accounting and finance domain and the strategic planning and budgeting 
domain were combined into one domain and renamed the financial 
management domain. 

[6] We did not independently determine if the list of obligations for 
system modernization reported to us was complete and accurate. 

[7] Subsection 1004(d) of the Bob Stump National Defense Authorization 
Act for Fiscal Year 2003, Pub. L. No. 107-314, 116 Stat. 2458, 2630 
(Dec. 2, 2002), provides that any amount in excess of $1 million may be 
obligated for financial system improvements before approval of DOD's 
enterprise architecture and a supporting transition plan only if the 
DOD Comptroller makes a determination that the improvement is necessary 
for (1) critical national security capability or critical safety and 
security requirements or (2) prevention of significant adverse effect 
on a project that is needed to achieve an essential capability. The act 
further provides that after the architecture is approved, the DOD 
Comptroller must determine before making obligations that exceed $1 
million for system improvements that such improvements are consistent 
with the enterprise architecture and the transition plan. The provision 
was repealed on October 28, 2004, by the Ronald W. Reagan National 
Defense Authorization Act for Fiscal Year 2005, Pub. L. No. 108-375,  
332, 118 Stat. 1811, 1851 (Oct. 28, 2004) (codified, in part, at 10 
U.S.C.  185, 2222), which enacted a new similar $1 million limitation 
on obligations for business systems modernizations. The act notes that 
failure to comply with the new provision after September 30, 2005, will 
result in a violation of 31 U.S.C.  1341(a)(1)(A), the Anti-Deficiency 
Act. 

[8] GAO, Information Technology: Improvements Needed in the Reliability 
of Defense Budget Submissions, GAO-04-115 (Washington, D.C.: Dec. 19, 
2003). 

[9] These systems are intelligence systems, cryptologic activities 
related to national security, military command and control systems, and 
equipment that is an integral part of a weapon or weapons system or is 
critical to the direct fulfillment of military or intelligence 
missions. 

[10] ERP products consist of multiple, integrated functional modules 
that do different tasks, such as track payroll, keep a standard general 
ledger, manage supply chains, and organize customer data. 

[11] GAO, Department of Defense: Further Actions Are Needed to 
Effectively Address DOD Business Management Problems and Overcome Key 
Business Transformation Challenges, GAO-05-140T (Washington, D.C.: Nov. 
18, 2004). 

[12] JFMIP was a joint and cooperative undertaking of the Department of 
the Treasury, GAO, the Office of Management and Budget (OMB), and the 
Office of Personnel Management (OPM), working in cooperation with each 
other and other federal agencies to improve financial management 
practices in the federal government. Leadership and program guidance 
were provided by the four Principals of JFMIP--the Comptroller General 
of the United States, the Secretary of the Treasury, and the Directors 
of OMB and OPM. Although JFMIP ceased to exist as a stand-alone 
organization as of December 1, 2004, the JFMIP Principals will continue 
to meet at their discretion. 

[13] FFMIA, Pub. L. No. 104-208, div. A,  101(f), title VIII, 110 
Stat. 3009, 3009-389 (Sept. 30, 1996), requires the 24 major 
departments and agencies covered by the Chief Financial Officers Act of 
1990, Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990) (31 U.S.C.  
901(b), as amended), to implement and maintain financial management 
systems that comply substantially with (1) federal financial management 
systems requirements, (2) applicable federal accounting standards, and 
(3) the U.S. Standard General Ledger at the transaction level. 

[14] GAO, Army National Guard: Inefficient, Error-Prone Process Results 
in Travel Reimbursement Problems for Mobilized Soldiers, GAO-05-79 
(Washington, D.C.: Jan. 31, 2005). 

[15] GAO, Military Pay: Gaps in Pay and Benefits Create Financial 
Hardships for Injured Army National Guard and Reserve Soldiers, GAO-05- 
125 (Washington, D.C.: Feb. 17, 2005). 

[16] GAO, Military Pay: Army Reserve Soldiers Mobilized to Active Duty 
Experienced Significant Pay Problems, GAO-04-911 (Washington, D.C.: 
Aug. 20, 2004). 

[17] GAO, Department of Defense: Status of Financial Management 
Weaknesses and Progress Toward Reform, GAO-03-931T (Washington, D.C.: 
June 25, 2003). 

[18] GAO, DOD Business Systems Modernization: Important Progress Made 
to Develop Business Enterprise Architecture, but Much Work Remains, GAO-
03-1018 (Washington, D.C.: Sept. 19, 2003). 

[19] Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005, Pub. L. No. 108-375,  332, 118 Stat. 1811, 1851 (Oct. 28, 
2004) (codified, in part, at 10 U.S.C.  186, 2222). 

[20] DOD categorizes its funding request as follows: business systems-
-$5 billion; national security systems--$7.8 billion; shared 
infrastructure and information assurance activities--$14.8 billion; and 
related technical activities--$1.1 billion. 

[21] According to the department's definition in its Financial 
Management Regulation, development/modernization/enhancement include 
(1) new applications and infrastructure capabilities that are planned 
and under development; (2) any change or modification to existing 
applications and infrastructure capabilities which is intended to 
result in improved capabilities or performance of the activity, 
including (a) all modifications to existing operational software (other 
than corrective software maintenance) and (b) expansion of capabilities 
to new users; (3) changes mandated by Congress or the Office of the 
Secretary of Defense; and (4) personnel costs for project management. 

[22] GAO, DOD Business Systems Modernization: Billions Continue to Be 
Invested with Inadequate Management Oversight and Accountability, GAO- 
04-615 (Washington, D.C.: May 27, 2004). 

[23] GAO-04-615. 

[24] GAO-04-615. 

[25] GAO-04-615. 

[26] Pub. L. No. 108-375,  332, 118 Stat. 1811, 1854 (Oct. 28, 2004) 
(codified at 10 U.S.C.  2222(j)(2)). 

[27] A mixed system is an information system that supports both 
financial and nonfinancial functions of the federal government or 
components. 

[28] GAO-04-615. 

[29] DIMHRS is a major IT program that is to provide integrated 
personnel and pay system for all components of the military services. 

[30] GAO, Budget Justification Issue Paper on Fiscal Year 2005 IT 
Budget Request for Systems That Are to Be Replaced by DOD's Planned 
Defense Integrated Military Human Resources System (Personnel/Pay) 
(Washington, D.C.: June 25, 2004). 

[31] Hearing on Department of Defense Business Transformation Before 
the Subcommittee on Terrorism, Unconventional Threats and Capabilities, 
House Armed Services Committee, 108TH Cong. (Mar. 31, 2004) (statement 
by Deputy Chief Financial Officer, Department of Defense, JoAnn 
Boutelle). 

[32] Bob Stump National Defense Authorization Act for Fiscal Year 2003, 
Pub. L. No. 107-314,  1004(d), 116 Stat. 2458, 2629 (Dec. 2, 2002). 

[33] GAO, DOD Business Systems Modernization: Improvements to 
Enterprise Architecture Development and Implementation Efforts Needed, 
GAO-03-458 (Washington, D.C.: Feb. 28, 2003); GAO-03-1018; and GAO-04- 
615. 

[34] These questions must be completed by the system owner for each 
business system submitted to the DOD Comptroller for review. The 
questions include, but are not limited to, the following for each 
system: name; purpose; scope; program overview; system owner/program 
manager; milestone decision authority; domain(s); system capabilities; 
program schedules and dependencies; system interfaces; economic 
justification; cost; and whether system is compliant/consistent with 
the Clinger-Cohen Act of 1996 (Pub. L. No. 104-106, div. E, 110 Stat. 
679 (Feb. 10, 1996)), FFMIA, and the BEA. 

[35] Status of Financial Management Reform Within the Department of 
Defense and the Individual Services: Hearing Before the Subcommittee on 
Readiness and Management Support, Senate Armed Services Committee, 
108th Cong. (Nov. 18, 2004) (statement by Under Secretary of Defense 
(Comptroller) Tina Westby Jonas). 

[36] The act defines a defense business system modernization as (1) the 
acquisition or development of a new defense business system or (2) any 
significant modification or enhancement of an existing defense business 
system (other than those necessary to maintain current services). 

[37] GAO-03-1018 and GAO, DOD Business Systems Modernization: Limited 
Progress in Development of Business Enterprise Architecture and 
Oversight of Information Technology Investments, GAO-04-731R 
(Washington, D.C.: May 17, 2004). 

[38] GAO-04-615. 

[39] GAO-04-731R. 

[40] GAO-04-615. 

[41] GAO-04-731R. 

[42] Withheld funds are those funds appropriated to programs that DOD 
temporarily holds back for some period during the funds' periods of 
availability before releasing them to programs. Prior to being released 
for execution, funds may be withheld by the Office of the Secretary of 
Defense for a variety of reasons without obtaining congressional 
approval. While funds are withheld, the funds are still designated for 
the program but not yet released to that program. Withheld funds are 
eventually either released to the designated programs or reprogrammed 
for other uses. 

[43] GAO-04-615. 

[44] Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005, Pub. L. No. 108-375,  332, 118 Stat. 1811, 1851-56 (Oct. 
28, 2004) (codified, in part, at 10 U.S.C.  186, 2222). 

[45] The act requires the use of procedures for ensuring consistency 
with the guidance issued by the Secretary of Defense and the Defense 
Business Systems Management Committee and incorporation of common 
decision criteria, including standards, requirements, and priorities 
that result in the integration of defense business systems. 

[46] A key condition identified in the act includes certification by 
designated approval authorities that the defense business system 
modernization is (1) in compliance with the enterprise architecture; 
(2) necessary to achieve critical national security capability or 
address a critical requirement in an area such as safety or security; 
or (3) necessary to prevent a significant adverse effect on a project 
that is needed to achieve an essential capability, taking into 
consideration the alternative solutions for preventing such an adverse 
effect. Furthermore, the act's definition of a business system 
modernization is broader than specified in the fiscal year 2003 defense 
authorization act. 

[47] Approval authorities, including the Under Secretary of Defense for 
Acquisition, Technology and Logistics; the Under Secretary of Defense 
(Comptroller); the Under Secretary of Defense for Personnel and 
Readiness; the Assistant Secretary of Defense for Networks and 
Information Integration/Chief Information Officer of the Department of 
Defense; and the Deputy Secretary of Defense or an Under Secretary of 
Defense, as designated by the Secretary of Defense, are responsible for 
the review, approval, and oversight of business systems and must 
establish investment review processes for systems under their 
cognizance. 

[48] 31 U.S.C.  1341(a)(1)(A); see 10 U.S.C  2222(b). 

[49] See, for example, GAO, DOD Systems Modernization: Continued 
Investment in the Standard Procurement System Has Not Been Justified, 
GAO-01-682 (Washington, D.C.: July 31, 2001); DOD Business Systems 
Modernization: Continued Investment in Key Accounting Systems Needs to 
Be Justified, GAO-03-465 (Washington, D.C.: Mar. 28, 2003); and GAO- 04-
615. 

[50] GAO, Information Technology: Architecture Needed to Guide 
Modernization of DOD's Financial Operations, GAO-01-525 (Washington, 
D.C.: May 17, 2001). 

[51] GAO, Results-Oriented Cultures: Creating a Clear Linkage between 
Individual Performance and Organizational Success, GAO-03-488 
(Washington, D.C.: Mar. 14, 2003). 

[52] Approval authorities include the Under Secretary of Defense for 
Acquisition, Technology and Logistics; the Under Secretary of Defense 
(Comptroller); the Under Secretary of Defense for Personnel and 
Readiness; and the Assistant Secretary of Defense for Networks and 
Information Integration/Chief Information Officer of the Department of 
Defense. These approval authorities are responsible for the review, 
approval, and oversight of business systems and must establish 
investment review processes for systems under their cognizance. 

[53] GAO, Department of Defense: Long-standing Problems Continue to 
Impede Financial and Business Management Transformation, GAO-04-907T 
(Washington, D.C.: July 7, 2004); Department of Defense: Financial and 
Business Management Transformation Hindered by Long-standing Problems, 
GAO-04-941T, (Washington, D.C.: July 8, 2004); and Department of 
Defense: Further Actions Are Needed to Effectively Address Business 
Management Problems and Overcome Key Business Transformation 
Challenges, GAO-05-140T (Washington, D.C.: Nov. 18, 2004). 

[54] GAO, DOD's High-Risk Areas: Successful Business Transformation 
Requires Sound Strategic Planning and Sustained Leadership, GAO-05-520T 
(Washington, D.C.: Apr. 13, 2005). 

[55] S. 780, 109TH Cong. (2005). 

[56] Bob Stump National Defense Authorization Act for Fiscal Year 2003, 
Pub. L. No. 107-314,  1004, 116 Stat. 2458, 2630 (Dec. 2, 2002). 

GAO's Mission: 

The Government Accountability Office, the investigative arm of 
Congress, exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics. 

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading. 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office

441 G Street NW, Room LM

Washington, D.C. 20548: 

To order by Phone: 

Voice: (202) 512-6000: 

TDD: (202) 512-2537: 

Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470: 

Public Affairs: 

Jeff Nelligan, managing director,

NelliganJ@gao.gov

(202) 512-4800

U.S. Government Accountability Office,

441 G Street NW, Room 7149

Washington, D.C. 20548: